Secure island computing system and method
First Claim
1. A method for generating an-bit result comprising:
- receiving, by a secure containment device (SCD), a request to generate the n-bit result, wherein the request is sent from an application executing on a host system using a first input/output (I/O) interface and wherein the request comprises a n-bit generator input;
disabling, by the SCD, the first I/O interface after receiving the request from the host system;
after disabling all the I/O interfaces between the host system and the SCD;
obtaining, by the SCD, a user credential from a user by the SCD, wherein the user credential is input by the user using a user interface on the SCD;
generating, by the SCD, a secrets file name and a secrets file encryption key using the user credentials and the n-bit generator input;
obtaining, by the SCD, a secrets file from secure storage using the secrets file name, wherein the secrets file is obtained from the secure storage using a second I/O interface between the SCD and the secure storage;
decrypting, by the SCD, the secrets file using the secrets file encryption key to obtain a decrypted secrets file;
generating, using a n-bit generator on the SCD, the n-bit result using the decrypted secrets file;
enabling, by the SCD, at least the first I/O interface after the n-bit result is generated; and
providing by the SCD, after enabling the first I/O interface, then-bit result to the application using the first I/O interface.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for generating an n-bit result includes a secured containment device (SCD) receiving a request to generate the n-bit result. The request includes an n-bit generator input and a master secret identifier. The request is sent from an application executing on a host system using an input/output (I/O) interface. The SCD disables all I/O interfaces on the SCD between the host system and the SCD. After disabling all the I/O interfaces on the SCD between the host system and the SCD, the SCD provides the n-bit generator input and the master secret identifier to a secured hardware token over a second I/O interface, receives the n-bit result from the secured hardware token over the second I/O interface, enables at least the first I/O interface after the n-bit result is generated, and provides, after enabling the first I/O interface, the n-bit result to the application using the first I/O interface.
-
Citations
14 Claims
-
1. A method for generating an-bit result comprising:
-
receiving, by a secure containment device (SCD), a request to generate the n-bit result, wherein the request is sent from an application executing on a host system using a first input/output (I/O) interface and wherein the request comprises a n-bit generator input; disabling, by the SCD, the first I/O interface after receiving the request from the host system; after disabling all the I/O interfaces between the host system and the SCD; obtaining, by the SCD, a user credential from a user by the SCD, wherein the user credential is input by the user using a user interface on the SCD; generating, by the SCD, a secrets file name and a secrets file encryption key using the user credentials and the n-bit generator input; obtaining, by the SCD, a secrets file from secure storage using the secrets file name, wherein the secrets file is obtained from the secure storage using a second I/O interface between the SCD and the secure storage; decrypting, by the SCD, the secrets file using the secrets file encryption key to obtain a decrypted secrets file; generating, using a n-bit generator on the SCD, the n-bit result using the decrypted secrets file; enabling, by the SCD, at least the first I/O interface after the n-bit result is generated; and providing by the SCD, after enabling the first I/O interface, then-bit result to the application using the first I/O interface. - View Dependent Claims (2, 3, 4)
-
-
5. A non-transitory computer readable medium comprising instructions, which when executed perform a method, the method comprising:
-
receiving, by a secure containment device (SCD), a request to generate the n-bit result, wherein the request is sent from an application executing on a host system using a first input/output (I/O) interface and wherein the request comprises a n-bit generator input; disabling, by the SCD, the first I/O interface after receiving the request from the host system; after disabling all the I/O interfaces between the host system and the SCD; obtaining, by the SCD, a user credential from a user by the SCD, wherein the user credential is input by the user using a user interface on the SCD; generating, by the SCD, a secrets file name and a secrets file encryption key using the user credentials and the n-bit generator input; obtaining, by the SCD, a secrets file from secure storage using the secrets file name, wherein the secrets file is obtained from the secure storage using a second I/O interface between the SCD and the secure storage; decrypting, by the SCD, the secrets file using the secrets file encryption key to obtain a decrypted secrets file; generating, using a n-bit generator on the SCD, the n-bit result using the decrypted secrets file; enabling, by the SCD, at least the first I/O interface after the n-bit result is generated; and providing by the SCD, after enabling the first I/O interface, the n-bit result to the application using the first I/O interface.
-
-
6. A secure containment device (SCD), comprising:
-
a first input/out (I/O) interface connected to a host system; a second I/O interface connected to a secure storage; a user interface; a processor; a memory comprising instructions, that when executed by the processor perform a method, the method comprising; receiving a request to generate the n-bit result, wherein the request is sent from an application executing on the host system using the first I/O interface and wherein the request comprises a n-bit generator input; disabling, by the SCD, the first I/O interface; after disabling the first I/O interface between the host system and the SCD; obtaining a user credential and a n-bit generator input by the SCD from a user, wherein the user credential is input by the user using a user interface on the SCD; generating a secrets file name and a secrets file encryption key using the user credentials and the n-bit generator input; obtaining a secrets file from the secure storage using the secrets file name, wherein the secrets file is obtained from the secure storage using the second I/O interface; decrypting the secrets file using the secrets file encryption key to obtain a decrypted secrets file; generating the n-bit result using the decrypted secrets file; enabling the first I/O interface after the n-bit result is generated; and providing, after enabling the first I/O interface, the n-bit result to the application using the first I/O interface.
-
-
7. A method for decrypting a file, comprising:
- receiving, by a secure island device (SID), an encrypted file from a host system using an input/output (I/O) interface and wherein a request comprises a n-bit generator input;
disabling, by the SID, all interfaces on the SID;
after disabling all the I/O interfaces on the SID;
obtaining a user credential from a user by the SID, wherein the user credential is input by the user using a user interface on the SCD;
generating a secrets file name and a secrets file encryption key using the user credentials and the n-bit generator input;
obtaining a secrets file from secure storage, wherein the secrets file is obtained from the secure storage on the SID;
decrypting the secrets file using the secrets file encryption key to obtain a decrypted secrets file;
generating the decryption key using the decrypted secrets file and the n-bit generator;
decrypting the encrypted file using the decryption key to obtain a decrypted file;
presenting the decrypted file to the user on a user interface of the SID;
removing all secure information from the SID; and
enabling, after removing all secure information from the SID, the I/O interface. - View Dependent Claims (8, 9, 10, 11, 12)
- receiving, by a secure island device (SID), an encrypted file from a host system using an input/output (I/O) interface and wherein a request comprises a n-bit generator input;
-
13. A non-transitory computer readable medium comprising instructions, which when executed perform a method, the method comprising:
- receiving, by a secure island device (SID), an encrypted file from a host system using an input/output (I/O) interface and wherein a request comprises a n-bit generator input;
disabling, by the SID, all interfaces on the SID;
after disabling all the I/O interfaces on the SID;
obtaining a user credential from a user by the SID, wherein the user credential is input by the user using a user interface on the SCD;
generating a secrets file name and a secrets file encryption key using the user credentials and the n-bit generator input;
obtaining a secrets file from secure storage, wherein the secrets file is obtained from the secure storage on the SID;
decrypting the secrets file using the secrets file encryption key to obtain a decrypted secrets file;
generating the decryption key using the decrypted secrets file and the n-bit generator;
decrypting the encrypted file using the decryption key to obtain a decrypted file;
presenting the decrypted file to the user on a user interface of the SID;
removing all secure information from the SID; and
enabling, after removing all secure information from the SID, the I/O interface.
- receiving, by a secure island device (SID), an encrypted file from a host system using an input/output (I/O) interface and wherein a request comprises a n-bit generator input;
-
14. A secure island device (SID), comprising:
- an input/out (I/O) interface connected to a host system;
a secure storage;
a user interface;
a processor;
memory comprising instructions, when executed by the processor perform a method, the method comprising;
receiving, by the secure island device (SID), an encrypted file from a host system using the input/output (I/O) interface and wherein a request comprises a n-bit generator input;
disabling, by the SID, all interfaces on the SID;
after disabling all the I/O interfaces on the SID;
obtaining a user credential from a user by the SID, wherein the user credential is input by the user using a user interface on the SCD;
generating a secrets file name and a secrets file encryption key using the user credentials and the n-bit generator input;
obtaining a secrets file from the secure storage, wherein the secrets file is obtained from the secure storage on the SID;
decrypting the secrets file using the secrets file encryption key to obtain a decrypted secrets file;
generating the decryption key using the decrypted secrets file and the n-bit generator;
decrypting the encrypted file using the decryption key to obtain a decrypted file;
presenting the decrypted file to the user on a user interface of the SID;
removing all secure information from the SID; and
enabling, after removing all secure information from the SID, the I/O interface.
- an input/out (I/O) interface connected to a host system;
Specification