Protecting access to hardware devices through use of a secure processor

US 9,832,199 B2
Filed: 09/25/2015
Issued: 11/28/2017
Est. Priority Date: 09/25/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of protecting access to hardware devices through use of a secure processor, the method comprising:

receiving, by a security computer, a request from a requesting computer for access to a hardware device on a network, wherein access to the hardware device is established by an application;

in response to receiving the request, encrypting, by a first secure processor within the security computer, the request to generate an encrypted request, wherein the encrypted request is generated within a core of the first secure processor, and wherein the first secure processor protects a secure application that is used to process the request from other software on the first secure processor;

transmitting, from the security computer to the hardware device, the encrypted request, wherein the encrypted request comprises an address and identification of the requesting computer;

receiving, by the security computer, an encrypted acknowledgement of the encrypted request, wherein the encrypted acknowledgement was generated by a processor associated with the hardware device;

in response to receiving the encrypted acknowledgement, decrypting the encrypted acknowledgement and creating, by the security computer, a communication session between the requesting computer and the hardware device; and

controlling, by the first secure processor, access to the hardware device by the requesting computer by requiring the requesting computer to provide an encrypted private key needed by the first secure processor to access an operating system that is required to execute the application that accesses the hardware device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method, system, and/or computer program product protects access to hardware devices through use of a secure processor. A security computer receives a request from a requesting computer for access to a hardware device on a network. A secure processor within the security computer encrypts the request to generate an encrypted request, which is generated within a core of the secure processor. The secure processor protects a secure application that is used to process the request from other software on the secure processor. The security computer transmits the encrypted request to the hardware device, and then receives an encrypted acknowledgement of the encrypted request from a processor associated with the hardware device. The security computer then creates a communication session between the requesting computer and the hardware device.

Citations

17 Claims

1. A computer-implemented method of protecting access to hardware devices through use of a secure processor, the method comprising:
- receiving, by a security computer, a request from a requesting computer for access to a hardware device on a network, wherein access to the hardware device is established by an application;
  
  in response to receiving the request, encrypting, by a first secure processor within the security computer, the request to generate an encrypted request, wherein the encrypted request is generated within a core of the first secure processor, and wherein the first secure processor protects a secure application that is used to process the request from other software on the first secure processor;
  
  transmitting, from the security computer to the hardware device, the encrypted request, wherein the encrypted request comprises an address and identification of the requesting computer;
  
  receiving, by the security computer, an encrypted acknowledgement of the encrypted request, wherein the encrypted acknowledgement was generated by a processor associated with the hardware device;
  
  in response to receiving the encrypted acknowledgement, decrypting the encrypted acknowledgement and creating, by the security computer, a communication session between the requesting computer and the hardware device; and
  
  controlling, by the first secure processor, access to the hardware device by the requesting computer by requiring the requesting computer to provide an encrypted private key needed by the first secure processor to access an operating system that is required to execute the application that accesses the hardware device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, wherein the hardware device is a legacy hardware sensor, and wherein the computer-implemented method further comprises:
    - accessing, by the security computer, a legacy sensor access system with the encrypted request, wherein the legacy sensor access system comprises a second secure processor, wherein the second secure processor decrypts the encrypted request to open a port between the legacy hardware sensor and the security computer.
  - 3. The computer-implemented method of claim 1, wherein the hardware device is a legacy mechanical actuator, and wherein the computer-implemented method further comprises:
    - accessing, by the security computer, a legacy actuator access system with the encrypted request, wherein the legacy actuator access system comprises a second secure processor, wherein the second secure processor decrypts the encrypted request to open a port between the legacy mechanical actuator and the security computer.
  - 4. The computer-implemented method of claim 1, wherein the processor associated with the hardware device is a second secure processor.
  - 5. The computer-implemented method of claim 1, wherein the hardware device is a cloud of hardware resources.
  - 6. The computer-implemented method of claim 1, wherein the hardware device is a cloud of computing devices.

7. A computer program product for protecting access to hardware devices through use of a secure processor, the computer program product comprising a non-transitory computer readable storage medium having program code embodied therewith, the program code readable and executable by one or more processors to perform a method comprising:
- receiving, by a security computer, a request from a requesting computer for access to a hardware device on a network, wherein access to the hardware device is established by an application;
  
  in response to receiving the request, encrypting, by a first secure processor within the security computer, the request to generate an encrypted request, wherein the encrypted request is generated within a core of the first secure processor, and wherein the first secure processor protects a secure application that is used to process the request from other software on the first secure processor;
  
  transmitting, from the security computer to the hardware device, the encrypted request, wherein the encrypted request comprises an address and identification of the requesting computer;
  
  receiving, by the security computer, an encrypted acknowledgement of the encrypted request, wherein the encrypted acknowledgement was generated by a processor associated with the hardware device;
  
  in response to receiving the encrypted acknowledgement, decrypting the encrypted acknowledgement and creating, by the security computer, a communication session between the requesting computer and the hardware device; and
  
  controlling, by the first secure processor, access to the hardware device by the requesting computer by requiring the requesting computer to provide an encrypted private key needed by the first secure processor to access an operating system that is required to execute the application that accesses the hardware device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product of claim 7, wherein the hardware device is a legacy hardware sensor, and wherein the method further comprises:
    - accessing, by the security computer, a legacy sensor access system with the encrypted request, wherein the legacy sensor access system comprises a second secure processor, wherein the second secure processor decrypts the encrypted request to open a port between the legacy hardware sensor and the security computer.
  - 9. The computer program product of claim 7, wherein the hardware device is a legacy mechanical actuator, and wherein the method further comprises:
    - accessing, by the security computer, a legacy actuator access system with the encrypted request, wherein the legacy actuator access system comprises a second secure processor, wherein the second secure processor decrypts the encrypted request to open a port between the legacy mechanical actuator and the security computer.
  - 10. The computer program product of claim 7, wherein the processor associated with the hardware device is a second secure processor.
  - 11. The computer program product of claim 7, wherein the hardware device is a cloud of hardware resources.
  - 12. The computer program product of claim 7, wherein the hardware device is a cloud of computing devices.

13. A computer system comprising:
- a processor, a computer readable memory, and a computer readable storage medium;
  
  first program instructions to receive, by a security computer, a request from a requesting computer for access to a hardware device on a network, wherein access to the hardware device is established by an application;
  
  second program instructions to, in response to receiving the request, encrypt, by a first secure processor within the security computer, the request to generate an encrypted request, wherein the encrypted request is generated within a core of the first secure processor, and wherein the first secure processor protects a secure application that is used to process the request from other software on the first secure processor;
  
  third program instructions to transmit, from the security computer to the hardware device, the encrypted request, wherein the encrypted request comprises an address and identification of the requesting computer;
  
  fourth program instructions to receive, by the security computer, an encrypted acknowledgement of the encrypted request, wherein the encrypted acknowledgement was generated by a processor associated with the hardware device;
  
  fifth program instructions to, in response to receiving the encrypted acknowledgement, decrypt the encrypted acknowledgement and to create, by the security computer, a communication session between the requesting computer and the hardware device; and
  
  sixth program instructions to control, by the first secure processor, access to the hardware device by the requesting computer by requiring the requesting computer to provide an encrypted private key needed by the first secure processor to access an operating system that is required to execute the application that accesses the hardware device; and
  
  whereinthe first, second, third, fourth, fifth, and sixth program instructions are stored on the non-transitory computer readable storage medium and executed by the processor via the computer readable memory.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer system of claim 13, wherein the hardware device is a legacy hardware sensor, and wherein the computer system further comprises:
    - seventh program instructions to access, by the security computer, a legacy sensor access system with the encrypted request, wherein the legacy sensor access system comprises a second secure processor, wherein the second secure processor decrypts the encrypted request to open a port between the legacy hardware sensor and the security computer; and
      
      wherein the seventh program instructions are stored on the non-transitory computer readable storage medium and executed by the processor via the computer readable memory.
  - 15. The computer system of claim 13, wherein the hardware device is a legacy mechanical actuator, and wherein the computer system further comprises:
    - seventh program instructions to access, by the security computer, a legacy actuator access system with the encrypted request, wherein the legacy actuator access system comprises a second secure processor, wherein the second secure processor decrypts the encrypted request to open a port between the legacy mechanical actuator and the security computer; and
      
      wherein the seventh program instructions are stored on the non-transitory computer readable storage medium and executed by the processor via the computer readable memory.
  - 16. The computer system of claim 13, wherein the processor associated with the hardware device is a second secure processor.
  - 17. The computer system of claim 13, wherein the hardware device is a cloud of computing devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Boivie, Richard H., Friedlander, Robert R., Kraemer, James R., Linton, Jeb R.
Primary Examiner(s)
Cribbs, Malcolm

Application Number

US14/865,504
Publication Number

US 20170093853A1
Time in Patent Office

795 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/606   by securing the transmissio...

G06F 21/72   in cryptographic circuits

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

Protecting access to hardware devices through use of a secure processor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting access to hardware devices through use of a secure processor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links