Secure communication architecture including video sniffer
First Claim
1. A computing system comprising:
- an input apparatus configured to receive an input from a user;
a display configured to display the input;
a bus configured to communicate the input to the display;
a processing unit configured to process data and commands received via the bus;
an input capture module isolated from a less secure part of the computing system, the isolation configured to prevent corruption of the input capture module by computing instructions received from outside of the input capture module, wherein the isolation of the input capture module from the less secure part of the computing system is achieved by limiting external control of the secure input module to no more than setting of one or more flags, the input capture module comprising;
storage configured to store an encryption key or certificate such that the encryption key or certificate cannot be read from outside the input capture module,means for receiving image data resulting from the input apparatus, andlogic configured to encrypt or certify the data resulting from the input apparatus, the encryption or certification using the encryption key or certificate and occurring within the input capture module; and
communication logic configured to communicate an output of the logic to a communication network.
1 Assignment
0 Petitions
Accused Products
Abstract
Secure communication of user inputs is achieved by isolating part of an endpoint device such that certificates and encryption keys are protected from corruption by malware. Further, the communication is passed through a trusted data relay that is configured to decrypt and/or certify the user inputs encrypted by the isolated part of the endpoint device. The trusted data relay can determine that the user inputs were encrypted or certified by the protected certificates and encryption keys, thus authenticating their origin within the endpoint device. The trusted data relay then forwards the inputs to an intended destination. In some embodiments, the isolated part of the endpoint device is configured to detect input created by auto-completion logic and/or spell checking logic.
-
Citations
30 Claims
-
1. A computing system comprising:
-
an input apparatus configured to receive an input from a user; a display configured to display the input; a bus configured to communicate the input to the display; a processing unit configured to process data and commands received via the bus; an input capture module isolated from a less secure part of the computing system, the isolation configured to prevent corruption of the input capture module by computing instructions received from outside of the input capture module, wherein the isolation of the input capture module from the less secure part of the computing system is achieved by limiting external control of the secure input module to no more than setting of one or more flags, the input capture module comprising; storage configured to store an encryption key or certificate such that the encryption key or certificate cannot be read from outside the input capture module, means for receiving image data resulting from the input apparatus, and logic configured to encrypt or certify the data resulting from the input apparatus, the encryption or certification using the encryption key or certificate and occurring within the input capture module; and communication logic configured to communicate an output of the logic to a communication network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 30)
-
-
14. A computing system comprising:
-
an input apparatus configured to receive an input from a user; a display configured to display the input; a processing unit configured to process commands received from the user; an input capture module isolated from a less secure part of the computing system, the isolation configured to prevent corruption of the input capture module by computing instructions from outside of the input capture module, wherein the isolation of the input capture module from the less secure part of the computing system is achieved by limiting external control of the secure input module to no more than setting of one or more flags, the input capture module comprising;
storage configured to store a one or more encryption keys and/or certificates, means for capturing image data sent to the display, andlogic configured to encrypt or certify the captured data, the encryption or certification using the one or more encryption keys and/or certificates and occurring within the input capture module; and communication logic configured to communicate the encrypted or certified data to a communication network. - View Dependent Claims (15, 16, 17)
-
-
18. A secure communication system comprising:
-
an endpoint system including an input capture module isolated from a less secure part of the endpoint system, the isolation configured to prevent corruption of the input capture module by computing instructions from outside of the input capture module, wherein the isolation of the input capture module from the less secure part of the endpoint system is achieved by limiting external control of the secure input module to no more than setting of one or more flags, the input capture module comprising; storage configured to store a one or more encryption keys and/or certificates, means for capturing image data sent to the display, and logic configured to at least partially encrypt or certify the captured data, the encryption or certification using the one or more encryption keys and/or certificates and occurring within the input capture module; an input configured to receive at the least partially encrypted or certified data from the endpoint system, the at least partially encrypted or certified data including an identifier of the endpoint system, an image and a user input; a key storage including decryption keys or certification signatures stored in association with identifiers of endpoint systems; decryption/authentication logic configured to decrypt or authenticate the at least partially encrypted or certified data to a secure output, using a decryption or authentication key retrieved from the key storage, the retrieval using the identifier of the endpoint system; image recognition logic configured to generate a reference image using the user input and to compare the reference image to the image included in the at least partially encrypted or certified data, and to authenticate the user input based on a match in the comparison; and a remote service connector configured to forward the secure output to a remote computing system. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
Specification