Trusted content distribution system
First Claim
1. A method for providing for a user a secure connection between a first electronic device and a second electronic device over a communication network that may be insecure and that connects the first and second electronic devices, the secure connection being used for exchanging data while executing an application, comprising the steps of:
- providing a first electronic device that comprises;
memory, storing user identification information;
a human machine interface associated with the first electronic device; and
at least one communication port;
said first electronic device being a zero client,providing a second electronic device configured to store, control,and execute all applications running while the first and second electronic devices are connected, and storage of all data used with the applications, and administrating the secure connection;
providing a third electronic device comprising;
memory, storing user identification information; and
an initialization module;
connecting the first electronic device with the third electronic device via the communication port;
initializing and managing by said third electronic device operation of the first electronic device for setting-up a secure connection over said communication network with the second electronic device by a trusted boot process that boots an operating system in a random access memory of the first electronic device;
managing every interface of the first electronic device and the secure connection from the second electronic device, the managing comprising administrating the secure connection by the second electronic device by receiving over the secured connection the user identification information and based thereon authenticate the user, the administrating including allowing or denying access to data and/or applications stored on the second electronic device based on the security settings of the authenticated user, andexecuting the application on the second electronic device while exchanging the data over the secure connection for presentation to the user via the human machine interface of the first electronic device.
1 Assignment
0 Petitions
Accused Products
Abstract
A trusted content distribution system is described comprising a trustworthy enduser device and a network management infrastructure, the enduser device being adapted for communications between the enduser device and the networked infrastructure via a secure tunnel; the end user device comprising a host processor and memory; secure non-volatile memory for storing an operating system, a trusted boot process executed by the host processor to boot the end user device into a known state, means for communicating with a visualization device.
-
Citations
15 Claims
-
1. A method for providing for a user a secure connection between a first electronic device and a second electronic device over a communication network that may be insecure and that connects the first and second electronic devices, the secure connection being used for exchanging data while executing an application, comprising the steps of:
-
providing a first electronic device that comprises; memory, storing user identification information; a human machine interface associated with the first electronic device; and at least one communication port; said first electronic device being a zero client, providing a second electronic device configured to store, control, and execute all applications running while the first and second electronic devices are connected, and storage of all data used with the applications, and administrating the secure connection; providing a third electronic device comprising; memory, storing user identification information; and an initialization module; connecting the first electronic device with the third electronic device via the communication port; initializing and managing by said third electronic device operation of the first electronic device for setting-up a secure connection over said communication network with the second electronic device by a trusted boot process that boots an operating system in a random access memory of the first electronic device; managing every interface of the first electronic device and the secure connection from the second electronic device, the managing comprising administrating the secure connection by the second electronic device by receiving over the secured connection the user identification information and based thereon authenticate the user, the administrating including allowing or denying access to data and/or applications stored on the second electronic device based on the security settings of the authenticated user, and executing the application on the second electronic device while exchanging the data over the secure connection for presentation to the user via the human machine interface of the first electronic device. - View Dependent Claims (2, 3)
-
-
3. The method of claim 1, after establishing the secure connection, further comprising the step of:
executing the application under the control of the second electronic device while exchanging the content over the secure connection for presentation to the user via the human machine interface of the first electronic device.
-
4. A trusted content distribution system for providing for a user a secure connection between a first electronic device and a second electronic device over a communication network that connects the first and second electronic
devices, the secure connection being used for exchanging data, said first electronic device comprising: -
memory, storing user identification information; a human machine interface associated with the first electronic device; and at least one communication port; said first electronic device being a zero client, whereby said second electronic device is configured to store and execute all applications running while the first and second electronic devices are connected, store all data used with the applications, and administer the secure connection; and whereby a third electronic device is used, the third electronic device comprising; memory, storing user identification information; and an initialization module; whereby the at least one communication port is configured to connect the first electronic device with the third electronic device; the system further comprising; means for initializing and managing by said third electronic device the operation of the first electronic device for setting-up a secure connection over said communication network with the second electronic device, the means for initializing being a trusted boot process that boots an operating system in a random access memory of the first electronic device; means for managing every interface of the first electronic device and the secure connection from the second electronic device, the managing comprising administrating the secure connection by the second electronic device by receiving over the secure connection the user identification information and based thereon authenticate the user, the administrating including allowing or denying access to data and/or applications stored on the second electronic device based on the security settings of the authenticated user; and means for executing the application on the second electronic device while exchanging the data over the secure connection for presentation to the user via the human machine interface of the first electronic device. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A bootable user specific electronic device comprising:
-
memory, storing user identification information;
a communications port and an initialization module;the user specific electronic device having means for initializing and managing operation of a further electronic device for setting-up a secure connection over a communication network with a third electronic device for trusted content distribution using a secure connection between the further electronic device and the third electronic device, the secure connection being used for exchanging data, the means for initializing being a trusted boot process that boots an operating system in a random access memory of the first electronic device, said further electronic device being a zero client device and comprising; a human machine interface associated with the further electronic device;
the communications port being configured to connect the user specific electronic device to the further electronic device, the initialization module being configured to install an operating system on the further electronic device that allows managing of every interface of the further electronic device from the third electronic device via the secure connection, the managing comprising administrating the secure connection by the third electronic device by receiving over the secure connection the user identification information and based thereon authenticate the user, the administrating includes allowing or denying access to data and/or applications stored on the user specific electronic device based on the security settings of the authenticated user, andexecuting the application on the third electronic device while exchanging the data over the secure connection for presentation to the user via the human machine interface of the further electronic device.
-
Specification