Method and apparatus for on-demand isolated I/O channels for secure applications
First Claim
Patent Images
1. A system for providing input/output channels to a secure application, comprising:
- one or more processors;
one or more input/output (I/O) devices, said devices in communication with at least one of said processors; and
memory, connected to said one or more processors and including computer-readable instructions which, when executed by one of said processors, cause the processor to create a computing platform having;
one or more untrusted operating systems;
a trusted computing base;
a trusted I/O kernel; and
a communications channel between said untrusted operating system and said trusted I/O kernel;
wherein a secure application is executed on top of the trusted I/O kernel;
wherein the untrusted operating system configures an I/O device for use by the secure application and releases the configured I/O device to the trusted I/O kernel;
wherein the trusted I/O kernel verifies the configuration of the released I/O device and assigns the I/O device to the secure application; and
wherein the trusted I/O kernel provides channel isolation between the secure application and the I/O device.
1 Assignment
0 Petitions
Accused Products
Abstract
A computing platform for on-demand I/O channels, which enable secure application to dynamically connect to diverse peripheral devices of untrusted commodity OSes.
-
Citations
17 Claims
-
1. A system for providing input/output channels to a secure application, comprising:
-
one or more processors; one or more input/output (I/O) devices, said devices in communication with at least one of said processors; and memory, connected to said one or more processors and including computer-readable instructions which, when executed by one of said processors, cause the processor to create a computing platform having; one or more untrusted operating systems; a trusted computing base; a trusted I/O kernel; and a communications channel between said untrusted operating system and said trusted I/O kernel; wherein a secure application is executed on top of the trusted I/O kernel; wherein the untrusted operating system configures an I/O device for use by the secure application and releases the configured I/O device to the trusted I/O kernel; wherein the trusted I/O kernel verifies the configuration of the released I/O device and assigns the I/O device to the secure application; and wherein the trusted I/O kernel provides channel isolation between the secure application and the I/O device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
Specification