Trusted security zone access to peripheral devices

US 9,268,959 B2
Filed: 01/06/2014
Issued: 02/23/2016
Est. Priority Date: 07/24/2012
Status: Active Grant

First Claim

Patent Images

1. A universal serial bus (USB) drive, comprising:

a memory, wherein the memory contains at least some confidential information;

a processor coupled to the memory;

a universal serial bus connector coupled to the processor; and

an application stored in the memory that, when executed by the processor,receives, from a sender of a request, a command to execute the application in a trusted security zone of the processor, wherein the sender of the request commands at least one of another peripheral device or a user interface device to not access a data bus coupled to the USB drive and to execute an idling program to idle active applications or programs while the application is executing in the trusted security zone of the processor,receives, from the sender of the request, a request for confirmation that the application is executing in the trusted security zone of the processor,when a confirmation that the application is executing in the trusted security zone of the processor is received by the sender of the request, receives a command to access a trusted security portion of the memory,determines that the request to access the trusted security zone portion of the memory received by the universal serial bus connector is directed to the at least some confidential information,satisfies the request to access the trusted security zone portion of memory when a message is received by the universal serial bus connector from the sender of the request to access the trusted security zone portion of memory, wherein the message indicates that the sender of the request is executing in a trusted security zone, anddoes not satisfy the request to access the trusted security zone portion of memory when the message is not received by the universal serial bus connector from the sender of the request.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of trusted data communication. The method comprises executing a data communication application in a trusted security zone of a processor, wherein the processor is a component of a computer, commanding a controller of a peripheral device to execute a control application in a trusted security zone of the controller, wherein the controller is a component of the computer, commanding at least one of another peripheral device or a user interface device to not access a data bus of the computer, verifying that the controller is executing the control application in the trusted security zone of the controller, sending data from the processor to the controller over the data bus of the computer, and the controller one of transmitting the data sent by the processor on an external communication link, reading a memory storage disk, or writing to a memory storage disk.

Citations

19 Claims

1. A universal serial bus (USB) drive, comprising:
- a memory, wherein the memory contains at least some confidential information;
  
  a processor coupled to the memory;
  
  a universal serial bus connector coupled to the processor; and
  
  an application stored in the memory that, when executed by the processor,receives, from a sender of a request, a command to execute the application in a trusted security zone of the processor, wherein the sender of the request commands at least one of another peripheral device or a user interface device to not access a data bus coupled to the USB drive and to execute an idling program to idle active applications or programs while the application is executing in the trusted security zone of the processor,receives, from the sender of the request, a request for confirmation that the application is executing in the trusted security zone of the processor,when a confirmation that the application is executing in the trusted security zone of the processor is received by the sender of the request, receives a command to access a trusted security portion of the memory,determines that the request to access the trusted security zone portion of the memory received by the universal serial bus connector is directed to the at least some confidential information,satisfies the request to access the trusted security zone portion of memory when a message is received by the universal serial bus connector from the sender of the request to access the trusted security zone portion of memory, wherein the message indicates that the sender of the request is executing in a trusted security zone, anddoes not satisfy the request to access the trusted security zone portion of memory when the message is not received by the universal serial bus connector from the sender of the request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The universal serial bus drive of claim 1, wherein the at least some confidential information comprises at least one of a credit card number, a credit card authentication number, a financial account number, a financial account authentication number, a social security number, or a telephone number.
  - 3. The universal serial bus drive of claim 1, wherein the at least some confidential information is stored in the trusted security zone portion of the memory.
  - 4. The universal serial bus drive of claim 1, wherein the application executes in the trusted security zone of the processor based on the request.
  - 5. The universal serial bus drive of claim 4, wherein the request indicates that the request is to be processed by the trusted security zone of the processor.
  - 6. The universal serial bus drive of claim 1, wherein the application sends a request to the sender of the request for access for the sender to execute in the trusted security zone of the sender.
  - 7. The universal serial bus drive of claim 1, wherein the trusted security zone is hardware implemented.
  - 8. The universal serial bus drive of claim 1, wherein the application executes in a normal security zone of the processor.

9. A method of accessing a memory disk drive, comprising:
- transmitting, by a sender of a request to a disk controller of a memory disk drive, a command to execute a trusted routine in a trusted security zone of the disk controller;
  
  transmitting, by the sender of the request, a command to at least one of another peripheral device or a user interface device to not access a data bus coupled to the disk controller and to execute an idling program to idle active applications or programs while the disk controller executes the trusted routine in the trusted security zone of the disk controller;
  
  transmitting to the disk controller a request for confirmation that the trusted routine is executing in the trusted security zone of the disk controller; and
  
  when a confirmation that the trusted routine is executing in the trusted security zone of the disk controller is received by the sender of the request, transmitting to the disk controller a command to access a trusted security zone portion of the memory disk drive.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 10. The method of claim 9, wherein a server computer transmits the command to the memory disk drive to execute in the trusted security zone of the disk controller.
  - 11. The method of claim 9, wherein the confirmation comprises a trust token.
  - 12. The method of claim 9, wherein the memory disk drive is installed in one of a desk top computer, a laptop computer, or a notebook computer.
  - 13. The method of claim 9, wherein the memory disk drive further comprises a normal security portion.
  - 14. The method of claim 9, wherein the trusted security zone of the disk controller comprises a separate physical portion of the disk controller.
  - 15. The method of claim 9, wherein the trusted security zone of the disk controller comprises a virtual processor portion of the disk controller.
  - 16. The method of claim 9, wherein after data is transmitted to the disk controller, the disk controller is returned to executing in a normal security zone of the disk controller.
  - 17. The method of claim 9, wherein the at least one of the another peripheral device or the user interface does not read from or write to a data bus while executing the idling program.
  - 18. The method of claim 17, wherein the at least one of the another peripheral device or the user interface is not a party to a trusted communication between the disk controller and the memory disk drive.
  - 19. The method of claim 17, wherein after data is transmitted to the disk controller, the disk controller and the at least one of the another peripheral device or the user interface are returned to executing in a normal security zone of their respective processors.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Paczkowski, Lyle W., Parsel, William M., Persson, Carl J., Schlesener, Matthew C.
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
BELL, KALISH K

Application Number

US14/148,714
Publication Number

US 20150169885A1
Time in Patent Office

778 Days
Field of Search

726/2, 726/16, 726/22, 726/26, 726/27
US Class Current

1/1
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/74   operating in dual or compar...

G06F 21/85   interconnection devices, e....

Trusted security zone access to peripheral devices

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted security zone access to peripheral devices

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links