Secure island computing system and method

US 9,443,110 B2
Filed: 05/29/2013
Issued: 09/13/2016
Est. Priority Date: 09/29/2011
Status: Active Grant

First Claim

Patent Images

1. A method for generating an-bit result comprising:

receiving, by a secure containment device (SCD), a request to generate the n-bit result, wherein the request is sent from an application executing on a host system using a first input/output (I/O) interface and wherein the request comprises a n-bit generator input;

disabling, by the SCD, the first I/O interface after receiving the request from the host system;

after disabling all the I/O interfaces between the host system and the SCD;

obtaining, by the SCD, a user credential from a user by the SCD, wherein the user credential is input by the user using a user interface on the SCD;

generating, by the SCD, a secrets file name and a secrets file encryption key using the user credentials and the n-bit generator input;

obtaining, by the SCD, a secrets file from secure storage using the secrets file name, wherein the secrets file is obtained from the secure storage using a second I/O interface between the SCD and the secure storage;

decrypting, by the SCD, the secrets file using the secrets file encryption key to obtain a decrypted secrets file;

generating, using a n-bit generator on the SCD, the n-bit result using the decrypted secrets file;

enabling, by the SCD, at least the first I/O interface after the n-bit result is generated; and

providing by the SCD, after enabling the first I/O interface, then-bit result to the application using the first I/O interface.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for generating an n-bit result includes a secured containment device (SCD) receiving a request to generate the n-bit result. The request includes an n-bit generator input and a master secret identifier. The request is sent from an application executing on a host system using an input/output (I/O) interface. The SCD disables all I/O interfaces on the SCD between the host system and the SCD. After disabling all the I/O interfaces on the SCD between the host system and the SCD, the SCD provides the n-bit generator input and the master secret identifier to a secured hardware token over a second I/O interface, receives the n-bit result from the secured hardware token over the second I/O interface, enables at least the first I/O interface after the n-bit result is generated, and provides, after enabling the first I/O interface, the n-bit result to the application using the first I/O interface.

Citations

14 Claims

1. A method for generating an-bit result comprising:
- receiving, by a secure containment device (SCD), a request to generate the n-bit result, wherein the request is sent from an application executing on a host system using a first input/output (I/O) interface and wherein the request comprises a n-bit generator input;
  
  disabling, by the SCD, the first I/O interface after receiving the request from the host system;
  
  after disabling all the I/O interfaces between the host system and the SCD;
  
  obtaining, by the SCD, a user credential from a user by the SCD, wherein the user credential is input by the user using a user interface on the SCD;
  
  generating, by the SCD, a secrets file name and a secrets file encryption key using the user credentials and the n-bit generator input;
  
  obtaining, by the SCD, a secrets file from secure storage using the secrets file name, wherein the secrets file is obtained from the secure storage using a second I/O interface between the SCD and the secure storage;
  
  decrypting, by the SCD, the secrets file using the secrets file encryption key to obtain a decrypted secrets file;
  
  generating, using a n-bit generator on the SCD, the n-bit result using the decrypted secrets file;
  
  enabling, by the SCD, at least the first I/O interface after the n-bit result is generated; and
  
  providing by the SCD, after enabling the first I/O interface, then-bit result to the application using the first I/O interface.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - determining, by the SCD, that the SCD is connected to the secure storage over the second I/O interface.
  - 3. The method of claim 1, wherein the user interface on the SCD is one selected from a group consisting of a twelve digit keypad, a touch screen, and a QWERTY keyboard.
  - 4. The method of claim 1, wherein the second I/O interface is disabled when the first I/O interface is enabled.

5. A non-transitory computer readable medium comprising instructions, which when executed perform a method, the method comprising:
- receiving, by a secure containment device (SCD), a request to generate the n-bit result, wherein the request is sent from an application executing on a host system using a first input/output (I/O) interface and wherein the request comprises a n-bit generator input;
  
  disabling, by the SCD, the first I/O interface after receiving the request from the host system;
  
  after disabling all the I/O interfaces between the host system and the SCD;
  
  obtaining, by the SCD, a user credential from a user by the SCD, wherein the user credential is input by the user using a user interface on the SCD;
  
  generating, by the SCD, a secrets file name and a secrets file encryption key using the user credentials and the n-bit generator input;
  
  obtaining, by the SCD, a secrets file from secure storage using the secrets file name, wherein the secrets file is obtained from the secure storage using a second I/O interface between the SCD and the secure storage;
  
  decrypting, by the SCD, the secrets file using the secrets file encryption key to obtain a decrypted secrets file;
  
  generating, using a n-bit generator on the SCD, the n-bit result using the decrypted secrets file;
  
  enabling, by the SCD, at least the first I/O interface after the n-bit result is generated; and
  
  providing by the SCD, after enabling the first I/O interface, the n-bit result to the application using the first I/O interface.

6. A secure containment device (SCD), comprising:
- a first input/out (I/O) interface connected to a host system;
  
  a second I/O interface connected to a secure storage;
  
  a user interface;
  
  a processor;
  
  a memory comprising instructions, that when executed by the processor perform a method, the method comprising;
  
  receiving a request to generate the n-bit result, wherein the request is sent from an application executing on the host system using the first I/O interface and wherein the request comprises a n-bit generator input;
  
  disabling, by the SCD, the first I/O interface;
  
  after disabling the first I/O interface between the host system and the SCD;
  
  obtaining a user credential and a n-bit generator input by the SCD from a user, wherein the user credential is input by the user using a user interface on the SCD;
  
  generating a secrets file name and a secrets file encryption key using the user credentials and the n-bit generator input;
  
  obtaining a secrets file from the secure storage using the secrets file name, wherein the secrets file is obtained from the secure storage using the second I/O interface;
  
  decrypting the secrets file using the secrets file encryption key to obtain a decrypted secrets file;
  
  generating the n-bit result using the decrypted secrets file;
  
  enabling the first I/O interface after the n-bit result is generated; and
  
  providing, after enabling the first I/O interface, the n-bit result to the application using the first I/O interface.

7. A method for decrypting a file, comprising:
- receiving, by a secure island device (SID), an encrypted file from a host system using an input/output (I/O) interface and wherein a request comprises a n-bit generator input;
  
  disabling, by the SID, all interfaces on the SID;
  
  after disabling all the I/O interfaces on the SID;
  
  obtaining a user credential from a user by the SID, wherein the user credential is input by the user using a user interface on the SCD;
  
  generating a secrets file name and a secrets file encryption key using the user credentials and the n-bit generator input;
  
  obtaining a secrets file from secure storage, wherein the secrets file is obtained from the secure storage on the SID;
  
  decrypting the secrets file using the secrets file encryption key to obtain a decrypted secrets file;
  
  generating the decryption key using the decrypted secrets file and the n-bit generator;
  
  decrypting the encrypted file using the decryption key to obtain a decrypted file;
  
  presenting the decrypted file to the user on a user interface of the SID;
  
  removing all secure information from the SID; and
  
  enabling, after removing all secure information from the SID, the I/O interface.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising:
    - after disabling all the I/O interfaces between the host system and the SID;
      
      generating a file on the SID;
      
      encrypting the file on the SID to obtain an encrypted file; and
      
      after enabling the I/O interface, providing the encrypted file to the application on the host system using the I/O interface.
  - 9. The method of claim 8, further comprising:
    - after disabling all the I/O interfaces between the host system and the SID;
      
      generating a file on the SID;
      
      encrypting the filed on the SID using a second decryption key generated by the SID, to obtain an encrypted file; and
      
      after enabling the I/O interface, providing the encrypted file to the application on the host system using the I/O interface.
  - 10. The method of claim 8, wherein the secure information comprises all copies of the decrypted file located in volatile and non-volatile memory on the SID.
  - 11. The method of claim 10, wherein the secure information further comprises all copies of the secrets file name, the secrets file encryption key, the user credentials, and the n-bit generator input located in the volatile and non-volatile memory of the SID.
  - 12. The method of claim 7, wherein the SID is a tablet.

13. A non-transitory computer readable medium comprising instructions, which when executed perform a method, the method comprising:
- receiving, by a secure island device (SID), an encrypted file from a host system using an input/output (I/O) interface and wherein a request comprises a n-bit generator input;
  
  disabling, by the SID, all interfaces on the SID;
  
  after disabling all the I/O interfaces on the SID;
  
  obtaining a user credential from a user by the SID, wherein the user credential is input by the user using a user interface on the SCD;
  
  generating a secrets file name and a secrets file encryption key using the user credentials and the n-bit generator input;
  
  obtaining a secrets file from secure storage, wherein the secrets file is obtained from the secure storage on the SID;
  
  decrypting the secrets file using the secrets file encryption key to obtain a decrypted secrets file;
  
  generating the decryption key using the decrypted secrets file and the n-bit generator;
  
  decrypting the encrypted file using the decryption key to obtain a decrypted file;
  
  presenting the decrypted file to the user on a user interface of the SID;
  
  removing all secure information from the SID; and
  
  enabling, after removing all secure information from the SID, the I/O interface.

14. A secure island device (SID), comprising:
- an input/out (I/O) interface connected to a host system;
  
  a secure storage;
  
  a user interface;
  
  a processor;
  
  memory comprising instructions, when executed by the processor perform a method, the method comprising;
  
  receiving, by the secure island device (SID), an encrypted file from a host system using the input/output (I/O) interface and wherein a request comprises a n-bit generator input;
  
  disabling, by the SID, all interfaces on the SID;
  
  after disabling all the I/O interfaces on the SID;
  
  obtaining a user credential from a user by the SID, wherein the user credential is input by the user using a user interface on the SCD;
  
  generating a secrets file name and a secrets file encryption key using the user credentials and the n-bit generator input;
  
  obtaining a secrets file from the secure storage, wherein the secrets file is obtained from the secure storage on the SID;
  
  decrypting the secrets file using the secrets file encryption key to obtain a decrypted secrets file;
  
  generating the decryption key using the decrypted secrets file and the n-bit generator;
  
  decrypting the encrypted file using the decryption key to obtain a decrypted file;
  
  presenting the decrypted file to the user on a user interface of the SID;
  
  removing all secure information from the SID; and
  
  enabling, after removing all secure information from the SID, the I/O interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PACid Technologies, LLC
Original Assignee
PACid Technologies, LLC
Inventors
Fielder, Guy
Primary Examiner(s)
Khoshnoodi, Nadia

Application Number

US13/904,707
Publication Number

US 20130262882A1
Time in Patent Office

1,203 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/78   to assure secure storage of...

G06F 2212/1052   Security improvement

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

Secure island computing system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Secure island computing system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links