Secure host interactions

US 9,760,727 B2
Filed: 12/31/2014
Issued: 09/12/2017
Est. Priority Date: 12/31/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method to generate a secure output based on restricted information, comprising:

receiving, by a trusted computing device associated with a separate host computing device, restricted information, wherein the trusted computing device is preconfigured to include an isolated environment and a host computing device interface comprising a write file and a read file, the isolated environment being not directly accessible to the host computing device other than via the write file and the read file, and the restricted information being stored in a secure storage of the isolated environment;

receiving, by the write file of the trusted computing device and from the host computing device, a write-file entry, wherein the write-file entry comprises an indication of the restricted information that is responsive to the write-file entry; and

processing, by the trusted computing device and in the isolated environment of the trusted computing device, the write-file entry, wherein processing the write-file entry comprises;

identifying, based on the indication of the restricted information that is responsive to the write-file entry, at least a portion of the restricted information that is responsive to the write-file entry; and

generating a secure output to the read file of the trusted computing device based on the identified restricted information, wherein the secure output is available to the host computing device in the read file of the trusted computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A trusted device includes a secure interface and a host interface, the secure interface being isolated from the host interface by an isolated environment. A trusted source provisions the trusted device via the secure interface to include private information, such as private user information and cryptographic data. When the trusted device is connected to an untrusted host device via the host interface, the untrusted host device transmits a request regarding the private information to a write file of the host interface. A processor of the isolated environment retrieves the request and generates an output, such as an encrypted output, that is responsive to the request from the untrusted host device. The trusted device transmits the output to a read file of the host interface, thus making the output available to the untrusted host device via the host interface. The untrusted host device then receives the output via the host interface.

47 Citations

20 Claims

1. A computer-implemented method to generate a secure output based on restricted information, comprising:
- receiving, by a trusted computing device associated with a separate host computing device, restricted information, wherein the trusted computing device is preconfigured to include an isolated environment and a host computing device interface comprising a write file and a read file, the isolated environment being not directly accessible to the host computing device other than via the write file and the read file, and the restricted information being stored in a secure storage of the isolated environment;
  
  receiving, by the write file of the trusted computing device and from the host computing device, a write-file entry, wherein the write-file entry comprises an indication of the restricted information that is responsive to the write-file entry; and
  
  processing, by the trusted computing device and in the isolated environment of the trusted computing device, the write-file entry, wherein processing the write-file entry comprises;
  
  identifying, based on the indication of the restricted information that is responsive to the write-file entry, at least a portion of the restricted information that is responsive to the write-file entry; and
  
  generating a secure output to the read file of the trusted computing device based on the identified restricted information, wherein the secure output is available to the host computing device in the read file of the trusted computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, further comprising receiving, by the isolated environment of the trusted computing device and through a secure interface of the trusted computing device that is isolated from the host interface of the trusted computing device, the restricted information.
  - 3. The computer-implemented method of claim 1, wherein the restricted information is associated with a user.
  - 4. The computer-implemented method of claim 1, further comprising transmitting, through a secure interface of the trusted computing device, a request for a user to authorize the processing of the write-file entry.
  - 5. The computer-implemented method of claim 4, further comprising receiving, by the trusted computing device and in response to the request for the user to authorize the processing of the write-file entry, a user input into the secure interface of the trusted computing device, wherein the user input authorizes the processing of the write-file entry.
  - 6. The computer-implemented method of claim 5, wherein the user input comprises a security code associated with the user.
  - 7. The computer-implemented method of claim 1, wherein the restricted information comprises cryptographic data.
  - 8. The computer-implemented method of claim 1, wherein the restricted information comprises financial information of the user.

9. A system to generate a secure output based on restricted information, comprising:
- a storage device;
  
  a processor communicatively coupled to the storage device, wherein the processor executes application code instructions that are stored in the storage device to cause the system to;
  
  receive, by a trusted computing device associated with a separate host computing device, restricted information, wherein the trusted computing device is preconfigured to include a isolated environment and a host computing device interface comprising a write file and a read file, the isolated environment being not directly accessible to the host computing device other than via the write file and the read file, and the restricted information being stored in a secure storage of the isolated environment;
  
  receive, from the host computing device, a write-file entry into the write file of the trusted computing device, wherein the write-file entry comprises an indication of the restricted information that is responsive to the write-file entry; and
  
  process, by the trusted computing device and in the isolated environment of the trusted computing device, the write-file entry, wherein processing the write-file entry comprises;
  
  identifying, based on the indication of the restricted information that is responsive to the write-file entry, at least a portion of the restricted information that is responsive to the write-file entry, andgenerating an output to the read file of the trusted computing device based on the identified restricted information, wherein the output is available to the host computing device in the read file of the trusted computing device.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the output is a secure output.
  - 11. The system of claim 10, wherein the secure output is an encrypted output.
  - 12. The system of claim 9, further comprising transmitting, by the trusted computing device, a request for a user to authorize the processing of the write-file entry.
  - 13. The system of claim 12, further comprising receiving, by the trusted computing device and in response to the request for the user to authorize the processing of the write-file entry, a user input into a secure interface of the trusted computing device, wherein the user input authorizes the processing of the write-file entry.
  - 14. The system of claim 13, wherein the user input comprises a security code associated with the user.
  - 15. The system of claim 9, wherein the restricted information comprises an event log entry and wherein the write-file entry comprises a request to receive the event log entry.

16. A computer program product, comprising:
- a non-transitory computer-readable storage device having computer-executable program instructions embodied thereon that when executed by a computer cause the computer to securely interact with a separate host computing device, the computer-executable program instructions comprising;
  
  computer program instructions to receive, by a trusted computing device associated with the host computing device, restricted information, wherein the trusted computing device is preconfigured to include an isolated environment and a host computing device interface comprising a write file and a read file, the isolated environment being not directly accessible to the host computing device other than via the write file and the read file, and the restricted information being stored in a secure storage of the isolated environment;
  
  computer program instructions to receive, from the host computing device, a write-file entry into the write file of the trusted computing device, wherein the write-file entry comprises an indication of the restricted information that is responsive to the write-file entry; and
  
  computer program instructions to process, by the trusted computing device and in the isolated environment of the trusted computing device, the write-file entry, wherein processing the write file entry comprises;
  
  computer program instructions to identify, based on the indication of the restricted information that is responsive to the write-file entry, at least a portion of the restricted information that is responsive to the write-file entry, andcomputer program instructions to generate a secure output to the read file of the trusted computing device based on the identified restricted information, wherein the secure output is available to the host computing device in the read file of the trusted computing device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16, further comprising computer instructions to receive, by the isolated environment of the trusted computing device and through a secure interface of the trusted computing device that is isolated from the host interface of the trusted computing device, the restricted information.
  - 18. The computer program product of claim 16, wherein the write-file entry comprises an encrypted communication.
  - 19. The computer program product of claim 17, wherein the restricted information comprise cryptographic data for decrypting the write-file entry.
  - 20. The computer program product of claim 16, further comprising computer program instructions to:
    - transmit, by the trusted computing device, a request for a user to authorize the processing of the write-file entry;
      
      receive, by the trusted computing device, in response to transmitting the request for the user to authorize the processing of the write-file entry, a user input into a secure interface of the trusted computing device, wherein the user input authorizes the processing of the write-file entry; and
      
      transmit, in response to the authorization to process the write-file entry, the secure output to the read file of the trusted computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Zatko, Peiter Charles, Rizzo, Dominic
Primary Examiner(s)
Shayanfar, Ali

Application Number

US14/587,896
Publication Number

US 20160188896A1
Time in Patent Office

986 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 21/74   operating in dual or compar...

G06F 21/79   in semiconductor storage me...

Secure host interactions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Secure host interactions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others