Secure communication architecture
First Claim
1. A computing system comprising:
- an input apparatus configured to receive an input from a user;
a display configured to display the input;
a bus configured to communicate the input to the display;
a processing unit configured to process data and commands received via the bus;
an input capture module including physical isolation from a less secure part of the computing system, the physical isolation being achieved by limiting external control of the input capture module to no more than setting of one or more flags and being configured to prevent corruption of the input capture module by computing instructions received from outside of the input capture module, the input capture module comprising;
storage configured to store an encryption key or certificate such that the encryption key or certificate cannot be read from outside the input capture module,a data input in communication with the input apparatus, the input module being disposed between the input apparatus and the less secure part of the computing system such that input at the input apparatus goes through the capture module prior to being received by the less secure part, andlogic configured to encrypt or certify the data resulting from the input apparatus, the encryption or certification using the encryption key or certificate and occurring within the input capture module; and
communication logic configured to communicate an output of the logic to a communication network.
1 Assignment
0 Petitions
Accused Products
Abstract
Secure communication of user inputs is achieved by isolating part of an endpoint device such that certificates and encryption keys are protected from corruption by malware. Further, the communication is passed through a trusted data relay that is configured to decrypt and/or certify the user inputs encrypted by the isolated part of the endpoint device. The trusted data relay can determine that the user inputs were encrypted or certified by the protected certificates and encryption keys, thus authenticating their origin within the endpoint device. The trusted data relay then forwards the inputs to an intended destination. In some embodiments, the isolated part of the endpoint device is configured to detect input created by auto-completion logic and/or spell checking logic.
13 Citations
26 Claims
-
1. A computing system comprising:
-
an input apparatus configured to receive an input from a user; a display configured to display the input; a bus configured to communicate the input to the display; a processing unit configured to process data and commands received via the bus; an input capture module including physical isolation from a less secure part of the computing system, the physical isolation being achieved by limiting external control of the input capture module to no more than setting of one or more flags and being configured to prevent corruption of the input capture module by computing instructions received from outside of the input capture module, the input capture module comprising; storage configured to store an encryption key or certificate such that the encryption key or certificate cannot be read from outside the input capture module, a data input in communication with the input apparatus, the input module being disposed between the input apparatus and the less secure part of the computing system such that input at the input apparatus goes through the capture module prior to being received by the less secure part, and logic configured to encrypt or certify the data resulting from the input apparatus, the encryption or certification using the encryption key or certificate and occurring within the input capture module; and communication logic configured to communicate an output of the logic to a communication network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computing system comprising:
-
an input apparatus configured to receive an input from a user; a display configured to display the input; a processing unit configured to process commands received from the user; an input capture module including physical isolation from a less secure part of the computing system, the physical isolation being achieved by limiting external control of the input capture module to setting of one or more flags and being configured to prevent corruption of the input capture module by computing instructions from outside of the input capture module, the input capture module comprising; storage configured to store a plurality of encryption keys and/or certificates, means for capturing data from the less secure part of the computing system, a flag input configured to select from among the plurality of encryption keys and/ or certificates, the flag input being a member of the one or more flags, and logic configured to encrypt or certify the captured data, the encryption or certification using the selected encryption key or certificate and occurring within the input capture module; and communication logic configured to communicate the encrypted or certified data to a communication network. - View Dependent Claims (25, 26)
-
Specification