Secure host communications

US 9,948,668 B2
Filed: 12/02/2016
Issued: 04/17/2018
Est. Priority Date: 12/31/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method to communicate securely between devices, comprising:

receiving, by a first computing device associated with a first host computing device, a first communication from a first user, the first communication received through a secure interface of the first computing device, wherein the secure interface is isolated from a host interface of the first computing device;

encrypting, by the first computing device and in a first isolated environment of the first computing device, the received first communication, wherein the first isolated environment is not directly accessible to the first host computing device; and

communicating, by the first computing device, the encrypted first communication to a first read file of the host interface of the first computing device, wherein the encrypted first communication is available to the first host computing device in the first read file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A trusted device includes a secure interface and a host interface, the secure interface being isolated from the host interface by an isolated environment. A user provides a communication to the trusted device via the secure interface. A processor of the isolated environment encrypts the communication and transmits the encrypted communication to a read file of the host interface. A host device connected to the trusted device via the host interface receives the encrypted communication. The host device transmits the encrypted communication to a second host device that is connected to a second trusted device via a second host interface. The second host device transmits the encrypted communication to a write file of the second host interface. A processor in an isolated environment of the second trusted device decrypts the communication and provides the decrypted communication to a second user via a secure interface of the second trusted device.

55 Citations

20 Claims

1. A computer-implemented method to communicate securely between devices, comprising:
- receiving, by a first computing device associated with a first host computing device, a first communication from a first user, the first communication received through a secure interface of the first computing device, wherein the secure interface is isolated from a host interface of the first computing device;
  
  encrypting, by the first computing device and in a first isolated environment of the first computing device, the received first communication, wherein the first isolated environment is not directly accessible to the first host computing device; and
  
  communicating, by the first computing device, the encrypted first communication to a first read file of the host interface of the first computing device, wherein the encrypted first communication is available to the first host computing device in the first read file.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, further comprising:
    - receiving, by a second computing device associated with a second host computing device, the encrypted first communication, wherein the encrypted first communication is received in a write file of a host interface of the second computing device and wherein the second host computing device is separate from the first host computing device;
      
      decrypting, by the second computing device, the encrypted first communication of the first user received in the write, wherein the encrypted first communication is decrypted in a second isolated environment of the second computing device, the second isolated environment being not directly accessible to the host interface of the second computing device; and
      
      communicating, by the second computing device, the decrypted first communication to a second user, wherein the decrypted first communication is transmitted to the second user through a secure interface of the second computing device, the secure interface of the second computing device being isolated from the host interface of the second computing device.
  - 3. The computer-implemented method of claim 2, wherein the first isolated environment of the first computing device comprises a first secure storage and the second isolated environment of the second computing device comprises a second secure storage.
  - 4. The computer-implemented method of claim 3, further comprising exchanging, between the first computing device and the second computing device, cryptographic data, wherein the cryptographic data is stored in the first secure storage and the second secure storage.
  - 5. The computed-implemented method of claim 4, wherein the first computing device and the second computing device are proximate to each other and the exchange of cryptographic data is a wireless exchange.
  - 6. The computed-implemented method of claim 5, wherein in the wireless exchange is a virtual private network (VPN) exchange, a wireless personal area network (PAN) exchange, or a near field communication (NFC) exchange.
  - 7. The computer-implemented method of claim 2, wherein the association of the first computing device with the first host device or the association of the second computing device with the second host device comprises a wireless connection.

8. A computer program product, comprising:
- a non-transitory computer-readable storage device having computer-executable program instructions embodied thereon that when executed by a computer cause the computer to communicate securely between devices, the computer-executable program instructions comprising;
  
  computer-executable program instructions to receive, by a first computing device associated with a first host computing device, a first communication from a first user, the first communication received through a secure interface of the first computing device, wherein the secure interface is isolated from a host interface of the first computing device;
  
  computer-executable program instructions to encrypt, by the first computing device and in a first isolated environment of the first computing device, the received first communication, wherein the first isolated environment is not directly accessible to the first host computing device; and
  
  computer-executable program instructions to communicate, by the first computing device, the encrypted first communication to a first read file of the host interface of the first computing device, wherein the encrypted first communication is available to the first host computing device in the first read file.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, wherein the computer-executable program instructions further comprise:
    - computer-executable program instructions to receive, by a second computing device associated with a second host computing device, the encrypted first communication, wherein the encrypted first communication is received in a write file of a host interface of the second computing device and wherein the second host computing device is separate from the first host computing device;
      
      computer-executable program instructions to decrypt, by the second computing device, the encrypted first communication of the first user received in the write, wherein the encrypted first communication is decrypted in a second isolated environment of the second computing device, the second isolated environment being not directly accessible to the host interface of the second computing device; and
      
      computer-executable program instructions to communicate, by the second computing device, the decrypted first communication to a second user, wherein the decrypted first communication is transmitted to the second user through a secure interface of the second computing device, the secure interface of the second computing device being isolated from the host interface of the second computing device.
  - 10. The computer program product of claim 9, wherein the first isolated environment of the first computing device comprises a first secure storage and the second isolated environment of the second computing device comprises a second secure storage.
  - 11. The computer program product of claim 10, wherein the computer-executable program instructions further comprise computer-executable program instructions to exchange, between the first computing device and the second computing device, cryptographic data, wherein the cryptographic data is stored in the first secure storage and the second secure storage.
  - 12. The computer program product of claim 11, wherein the first computing device and the second computing device are proximate to each other and the exchange of cryptographic data is a wireless exchange.
  - 13. The computer program product of claim 12, wherein in the wireless exchange is a virtual private network (VPN) exchange, a wireless personal area network (PAN) exchange, or a near field communication (NFC) exchange.
  - 14. The computer program product of claim 9, wherein the association of the first computing device with the first host device or the association of the second computing device with the second host device comprises a wireless connection.

15. A system to communicate securely between devices, comprising:
- a storage device; and
  
  a processor communicatively coupled to the storage device, wherein the processor executes application code instructions that are stored in the storage device to cause the system to;
  
  receive, by a first computing device associated with a first host computing device, a first communication from a first user, the first communication received through a secure interface of the first computing device, wherein the secure interface is isolated from a host interface of the first computing device;
  
  encrypt, by the first computing device and in a first isolated environment of the first computing device, the received first communication , wherein the first isolated environment is not directly accessible to the first host computing device; and
  
  communicate, by the first computing device, the encrypted first communication to a first read file of the host interface of the first computing device, wherein the encrypted first communication is available to the first host computing device in the first read file.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the processor further executes application code instructions that are stored in the storage device to cause the system to:
    - receive, by a second computing device associated with a second host computing device, the encrypted first communication, wherein the encrypted first communication is received in a write file of a host interface of the second computing device and wherein the second host computing device is separate from the first host computing device;
      
      decrypt, by the second computing device, the encrypted first communication of the first user received in the write, wherein the encrypted first communication is decrypted in a second isolated environment of the second computing device, the second isolated environment being not directly accessible to the host interface of the second computing device; and
      
      communicate, by the second computing device, the decrypted first communication to a second user, wherein the decrypted first communication is transmitted to the second user through a secure interface of the second computing device, the secure interface of the second computing device being isolated from the host interface of the second computing device.
  - 17. The system of claim 16, wherein the first isolated environment of the first computing device comprises a first secure storage and the second isolated environment of the second computing device comprises a second secure storage.
  - 18. The system of claim 17, wherein the processor further executes application code instructions that are stored in the storage device to cause the system to exchange, between the first computing device and the second computing device, cryptographic data, wherein the cryptographic data is stored in the first secure storage and the second secure storage.
  - 19. The system of claim 18, wherein the first computing device and the second computing device are proximate to each other and the exchange of cryptographic data is a wireless exchange.
  - 20. The system of claim 19, wherein in the wireless exchange is a virtual private network (VPN) exchange, a wireless personal area network (PAN) exchange, or a near field communication (NFC) exchange.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google LLC (Alphabet Inc.)
Inventors
Rizzo, Dominic, Zatko, Peiter Charles
Primary Examiner(s)
Shayanfar, Ali

Application Number

US15/368,553
Publication Number

US 20170085589A1
Time in Patent Office

501 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/74   operating in dual or compar...

G06F 21/79   in semiconductor storage me...

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/0492   by using a location-limited...

H04L 63/1433   Vulnerability analysis

H04L 9/3234   involving additional secure...

Secure host communications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Secure host communications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others