Secure host interactions
First Claim
1. A computer-implemented method to generate a secure output based on restricted information, comprising:
- receiving, by a trusted computing device associated with a separate host computing device, restricted information, wherein the trusted computing device is preconfigured to include an isolated environment and a host computing device interface comprising a write file and a read file, the isolated environment being not directly accessible to the host computing device other than via the write file and the read file, and the restricted information being stored in a secure storage of the isolated environment;
receiving, by the write file of the trusted computing device and from the host computing device, a write-file entry, wherein the write-file entry comprises an indication of the restricted information that is responsive to the write-file entry; and
processing, by the trusted computing device and in the isolated environment of the trusted computing device, the write-file entry, wherein processing the write-file entry comprises;
identifying, based on the indication of the restricted information that is responsive to the write-file entry, at least a portion of the restricted information that is responsive to the write-file entry; and
generating a secure output to the read file of the trusted computing device based on the identified restricted information, wherein the secure output is available to the host computing device in the read file of the trusted computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
A trusted device includes a secure interface and a host interface, the secure interface being isolated from the host interface by an isolated environment. A trusted source provisions the trusted device via the secure interface to include private information, such as private user information and cryptographic data. When the trusted device is connected to an untrusted host device via the host interface, the untrusted host device transmits a request regarding the private information to a write file of the host interface. A processor of the isolated environment retrieves the request and generates an output, such as an encrypted output, that is responsive to the request from the untrusted host device. The trusted device transmits the output to a read file of the host interface, thus making the output available to the untrusted host device via the host interface. The untrusted host device then receives the output via the host interface.
47 Citations
20 Claims
-
1. A computer-implemented method to generate a secure output based on restricted information, comprising:
-
receiving, by a trusted computing device associated with a separate host computing device, restricted information, wherein the trusted computing device is preconfigured to include an isolated environment and a host computing device interface comprising a write file and a read file, the isolated environment being not directly accessible to the host computing device other than via the write file and the read file, and the restricted information being stored in a secure storage of the isolated environment; receiving, by the write file of the trusted computing device and from the host computing device, a write-file entry, wherein the write-file entry comprises an indication of the restricted information that is responsive to the write-file entry; and processing, by the trusted computing device and in the isolated environment of the trusted computing device, the write-file entry, wherein processing the write-file entry comprises; identifying, based on the indication of the restricted information that is responsive to the write-file entry, at least a portion of the restricted information that is responsive to the write-file entry; and generating a secure output to the read file of the trusted computing device based on the identified restricted information, wherein the secure output is available to the host computing device in the read file of the trusted computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system to generate a secure output based on restricted information, comprising:
-
a storage device; a processor communicatively coupled to the storage device, wherein the processor executes application code instructions that are stored in the storage device to cause the system to; receive, by a trusted computing device associated with a separate host computing device, restricted information, wherein the trusted computing device is preconfigured to include a isolated environment and a host computing device interface comprising a write file and a read file, the isolated environment being not directly accessible to the host computing device other than via the write file and the read file, and the restricted information being stored in a secure storage of the isolated environment; receive, from the host computing device, a write-file entry into the write file of the trusted computing device, wherein the write-file entry comprises an indication of the restricted information that is responsive to the write-file entry; and process, by the trusted computing device and in the isolated environment of the trusted computing device, the write-file entry, wherein processing the write-file entry comprises; identifying, based on the indication of the restricted information that is responsive to the write-file entry, at least a portion of the restricted information that is responsive to the write-file entry, and generating an output to the read file of the trusted computing device based on the identified restricted information, wherein the output is available to the host computing device in the read file of the trusted computing device. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer program product, comprising:
a non-transitory computer-readable storage device having computer-executable program instructions embodied thereon that when executed by a computer cause the computer to securely interact with a separate host computing device, the computer-executable program instructions comprising; computer program instructions to receive, by a trusted computing device associated with the host computing device, restricted information, wherein the trusted computing device is preconfigured to include an isolated environment and a host computing device interface comprising a write file and a read file, the isolated environment being not directly accessible to the host computing device other than via the write file and the read file, and the restricted information being stored in a secure storage of the isolated environment; computer program instructions to receive, from the host computing device, a write-file entry into the write file of the trusted computing device, wherein the write-file entry comprises an indication of the restricted information that is responsive to the write-file entry; and computer program instructions to process, by the trusted computing device and in the isolated environment of the trusted computing device, the write-file entry, wherein processing the write file entry comprises; computer program instructions to identify, based on the indication of the restricted information that is responsive to the write-file entry, at least a portion of the restricted information that is responsive to the write-file entry, and computer program instructions to generate a secure output to the read file of the trusted computing device based on the identified restricted information, wherein the secure output is available to the host computing device in the read file of the trusted computing device. - View Dependent Claims (17, 18, 19, 20)
Specification