System and method for securing data from a remote input device
First Claim
Patent Images
1. A method for secure handling of input data comprising:
- generating a private key within a first hardware security module that is integrated into an input device;
generating a public key corresponding to the private key;
exporting the public key to an external device;
exchanging a temporary cryptographic key with a second hardware security module of the external device to establish a secure communication channel on a communication link between the first hardware security module and the external device;
receiving an encrypted symmetric key via the secure communication channel;
decrypting the encrypted symmetric key using the private key;
receiving, at the first hardware security module, the input data from the input device;
encrypting, using the exchanged temporary cryptographic key, the input data within the first hardware security module before the input data leaves a hardware boundary of the input device; and
transmitting the encrypted input data to the external device over the secure communication channel.
6 Assignments
0 Petitions
Accused Products
Abstract
An input device with an integrated security module communicates with a processing component over an insecure medium. The insecure medium may be a wireless network, software stack, or the like. According to one embodiment, the security module is integrated into an existing chip of the input device. Data generated by the input device is encoded and/or authenticated by the security module prior its transmission to the processing device. The processing device receives the input data and processes it within its own security boundary for providing selected services or information to a user or application associated with the input device.
140 Citations
20 Claims
-
1. A method for secure handling of input data comprising:
-
generating a private key within a first hardware security module that is integrated into an input device; generating a public key corresponding to the private key; exporting the public key to an external device; exchanging a temporary cryptographic key with a second hardware security module of the external device to establish a secure communication channel on a communication link between the first hardware security module and the external device; receiving an encrypted symmetric key via the secure communication channel; decrypting the encrypted symmetric key using the private key; receiving, at the first hardware security module, the input data from the input device; encrypting, using the exchanged temporary cryptographic key, the input data within the first hardware security module before the input data leaves a hardware boundary of the input device; and transmitting the encrypted input data to the external device over the secure communication channel. - View Dependent Claims (2, 3, 20)
-
-
4. A first hardware security module for a secure data processing system, the first hardware security module comprising:
-
a key generator configured to; generate a private key, and generate a public key corresponding to the private key; a memory configured to store the private key; and a controller configured to; export the public key to an external device, exchange a temporary cryptographic key with a second hardware security module of the external device to establish a secure communication link with the external device, receive an encrypted symmetric key via the secure communication link, decrypt the encrypted symmetric key using the private key, and encrypt, using the exchanged temporary cryptographic key, received input data within the first hardware security module. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A security device, the security device comprising:
-
an input device configured to receive data; and a first hardware security module integrated onto the input device, the first hardware security module comprising; a key generator configured to; generate a private key, and generate a public key corresponding to the private key; a memory configured to store the private key; and a controller configured to; export the public key to an external device, exchange a temporary cryptographic key with a second hardware security module of the external device to establish a secure communication link with the external device, receive an encrypted symmetric key via the secure communication link, decrypt the encrypted symmetric key using the private key, encrypt, using the exchanged temporary cryptographic key, the data, and send the data to the external device via the secure communication link. - View Dependent Claims (17, 18, 19)
-
Specification