Secure computer architectures, systems, and applications
First Claim
Patent Images
1. A computing device, comprising:
- a trusted environment comprising;
a trusted processor; and
a trusted memory for storing executable instructions, the trusted processor executing the instructions to provide a trusted computing environment that performs computing functions that could expose the computing device to a security risk; and
a legacy environment comprising;
a secondary processor that is physically separated from the trusted processor; and
a secondary memory for storing executable instructions, the secondary processor executing the instructions to provide a legacy computing environment that manages computing functions exposed to unsecure environments;
further comprising a network interface that is dedicated for the trusted environment, the network interface being inaccessible to the legacy environment; and
comprising I/O devices, wherein each of the I/O devices comprises dedicated connections for the trusted environment, wherein at least a portion of the I/O devices which do not pose a security risk to a computing system are coupled with the legacy environment;
wherein the legacy environment executes safe applications to generate output in a structured form, further wherein the trusted environment comprises a content insertion module that is executed by the trusted processor to insert trusted data into the structured form;
wherein content downloaded from a network is stored and executed only in the legacy environment, the downloaded content being inaccessible by the trusted environment; and
wherein authentication data for the computing device is stored in the trusted environment and cannot be accessed by the legacy environment.
0 Assignments
0 Petitions
Accused Products
Abstract
Secure computer architectures, systems, and applications are provided herein. An exemplary computing system may include a trusted environment having a trusted processor and memory that provides a trusted computing environment that performs computing functions that could expose the computing device to a security risk, and a legacy environment having a secondary processor and memory for providing a legacy computing environment that manages computing functions exposed to unsecure environments.
30 Citations
23 Claims
-
1. A computing device, comprising:
-
a trusted environment comprising; a trusted processor; and a trusted memory for storing executable instructions, the trusted processor executing the instructions to provide a trusted computing environment that performs computing functions that could expose the computing device to a security risk; and a legacy environment comprising; a secondary processor that is physically separated from the trusted processor; and a secondary memory for storing executable instructions, the secondary processor executing the instructions to provide a legacy computing environment that manages computing functions exposed to unsecure environments; further comprising a network interface that is dedicated for the trusted environment, the network interface being inaccessible to the legacy environment; and
comprising I/O devices, wherein each of the I/O devices comprises dedicated connections for the trusted environment, wherein at least a portion of the I/O devices which do not pose a security risk to a computing system are coupled with the legacy environment;
wherein the legacy environment executes safe applications to generate output in a structured form, further wherein the trusted environment comprises a content insertion module that is executed by the trusted processor to insert trusted data into the structured form;wherein content downloaded from a network is stored and executed only in the legacy environment, the downloaded content being inaccessible by the trusted environment; and wherein authentication data for the computing device is stored in the trusted environment and cannot be accessed by the legacy environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computing device, comprising:
-
a plurality of input and output devices; a memory for storing executable instructions, the memory comprising a trusted portion and a legacy portion; a first processor, the first processor executing instructions in the trusted portion of the memory to provide a first computing environment that manages operations of the plurality of input and output devices to protect sensitive information of the computing device; a network interface for communicating with devices external to the computing device; and a second processor, the second processor executing the instructions in the legacy portion of the memory to provide a second computing environment that communicates with the devices external to the computing device using the network interface, wherein operations of second computing environment are controlled and managed by the first computing environment; wherein the first computing environment comprises a sensitive information module that is executed by the first processor to detect requests for passwords from either the first computing environment, the second computing environment, or a network device; wherein the first and the second computing environments cooperate to provide encrypted data by the first computing environment providing data that is to be encrypted while the first computing environment applies an encryption algorithm to the data provided by the second computing environment, the encryption algorithm being inaccessible to the second computing environment; and wherein location or position information of the computing device is accessible only to the first computing environment. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method for providing secure computing operations on a computing device, the method comprising:
-
executing a legacy computing environment by a legacy processor executing instructions stored in a legacy memory, the legacy computing environment being utilized to facilitate complex computing functions of a computing system or computing operations that expose the computing system to security risks that are external to the computing device; and executing a trusted computing environment by a trusted processor executing instructions stored in a trusted memory, the trusted computing environment being utilized to process input and output operations of the computing device and monitor the legacy computing environment; further comprising executing a first portion of an application in the trusted computing environment and executing a second portion of the application in the legacy computing environment; combining an output of the first portion of the application executed in the trusted computing environment with an output of the second portion of the application executed in the trusted computing environment; and executing a third portion of the application in another legacy computing environment. - View Dependent Claims (20, 21, 22)
-
-
23. A computing device, comprising:
-
a trusted environment comprising; a trusted processor; and a trusted memory for storing executable instructions, the trusted memory storing passwords for a user; a legacy environment comprising; a secondary processor that is physically separated from the trusted processor; and a secondary memory for storing executable instructions, the secondary processor executing the instructions to provide a legacy computing environment that utilizes applications or network resources that require one or more of the passwords for authenticating the user; and wherein the trusted environment provides one or more passwords in response to a request, in such a way that the one or more passwords provided by the trusted environment are not exposed to the legacy environment;
further comprising a network interface that is dedicated for the trusted environment, the network interface being inaccessible to the legacy environment; and
comprising I/O devices, wherein each of the I/O devices comprises dedicated connections for the trusted environment, wherein at least a portion of the I/O devices which do not pose a security risk to a computing system are coupled with the legacy environment;
wherein the legacy environment executes safe applications to generate output in a structured form, further wherein the trusted environment comprises a content insertion module that is executed by the trusted processor to insert trusted data into the structured form;
wherein content downloaded from a network is stored and executed only in the legacy environment, the downloaded content being inaccessible by the trusted environment.
-
Specification