Trusted data relay
First Claim
1. A secure communication system comprising:
- an input apparatus configured to receive at least partially encrypted data from an endpoint device, the at least partially encrypted data including an identifier of the endpoint device;
a key storage including decryption keys stored in association with device identifiers;
decryption/authentication logic configured to decrypt the at least partially encrypted data to a decrypted output, using a decryption key retrieved from the key storage, the retrieval using the identifier of the endpoint device;
a remote service connector configured to forward the decrypted output to a remote computing system, and to receive a communication from the remote computing system, the received communication being in response to the forwarded decrypted output; and
an endpoint connector configured to forward the received communication from the remote computing system to a less secure part of the endpoint device.
1 Assignment
0 Petitions
Accused Products
Abstract
Secure communication of user inputs is achieved by isolating part of an endpoint device such that certificates and encryption keys are protected from corruption by malware. Further, the communication is passed through a trusted data relay that is configured to decrypt and/or certify the user inputs encrypted by the isolated part of the endpoint device. The trusted data relay can determine that the user inputs were encrypted or certified by the protected certificates and encryption keys, thus authenticating their origin within the endpoint device. The trusted data relay then forwards the inputs to an intended destination. In some embodiments, the isolated part of the endpoint device is configured to detect input created by auto-completion logic and/or spell checking logic.
-
Citations
22 Claims
-
1. A secure communication system comprising:
-
an input apparatus configured to receive at least partially encrypted data from an endpoint device, the at least partially encrypted data including an identifier of the endpoint device; a key storage including decryption keys stored in association with device identifiers; decryption/authentication logic configured to decrypt the at least partially encrypted data to a decrypted output, using a decryption key retrieved from the key storage, the retrieval using the identifier of the endpoint device; a remote service connector configured to forward the decrypted output to a remote computing system, and to receive a communication from the remote computing system, the received communication being in response to the forwarded decrypted output; and an endpoint connector configured to forward the received communication from the remote computing system to a less secure part of the endpoint device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A secure communication system comprising:
-
a first I/O configured in hardware and configured to receive at least partially encrypted or at least partially certified data from a secure portion of a computing system, the at least partially encrypted or certified data including an identifier of the computing device and including a user input to the computing system; a storage including decryption keys or certification data stored in association with device identifiers; encryption/authentication logic configured to decrypt or authenticate the at least partially encrypted or certified data using a decryption key or certification data retrieved from the storage, the retrieval using the identifier of the computing system; and a second I/O configured in hardware and configured to forward the decrypted output to a remote computing system. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification