SECURE COMPUTER ARCHITECTURES, SYSTEMS, AND APPLICATIONS

US 20140096226A1
Filed: 09/27/2013
Published: 04/03/2014
Est. Priority Date: 10/02/2012
Status: Active Grant

First Claim

Patent Images

1. A computing device, comprising:

a trusted environment comprising;

a trusted processor; and

a trusted memory for storing executable instructions, the trusted processor executing the instructions to provide a trusted computing environment that performs computing functions that could expose the computing device to a security risk; and

a legacy environment comprising;

a secondary processor that is physically separated from the trusted processor; and

a secondary memory for storing executable instructions, the secondary processor executing the instructions to provide a legacy computing environment that manages computing functions exposed to unsecure environments.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure computer architectures, systems, and applications are provided herein. An exemplary computing system may include a trusted environment having a trusted processor and memory that provides a trusted computing environment that performs computing functions that could expose the computing device to a security risk, and a legacy environment having a secondary processor and memory for providing a legacy computing environment that manages computing functions exposed to unsecure environments.

39 Citations

View as Search Results

34 Claims

1. A computing device, comprising:
- a trusted environment comprising;
  
  a trusted processor; and
  
  a trusted memory for storing executable instructions, the trusted processor executing the instructions to provide a trusted computing environment that performs computing functions that could expose the computing device to a security risk; and
  
  a legacy environment comprising;
  
  a secondary processor that is physically separated from the trusted processor; and
  
  a secondary memory for storing executable instructions, the secondary processor executing the instructions to provide a legacy computing environment that manages computing functions exposed to unsecure environments.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The computing device according to claim 1, wherein the trusted processor executes the instructions to monitor input or output operations executed within the legacy environment.
  - 3. The computing device according to claim 2, wherein the trusted processor utilizes a gated channel to control computing functions of the legacy environment.
  - 4. The computing device according to claim 3, wherein the trusted computing environment monitors input and output operations of the legacy environment.
  - 5. The computing device according to claim 1, wherein applications of the computing device that utilize sensitive information are only executed from within the trusted environment.
  - 6. The computing device according to claim 1, further comprising a network interface that is dedicated for the trusted environment, the network interface being inaccessible to the legacy environment.
  - 7. The computing device according to claim 1, wherein the trusted processor further executes the instructions to monitor network traffic of the legacy environment.
  - 8. The computing device according to claim 1, wherein the legacy environment executes safe applications to generate output in a structured form, further wherein the trusted environment comprises a content insertion module that is executed by the trusted processor to insert trusted data into the structured form.
  - 9. The computing device according to claim 1, wherein content downloaded from a network is stored and executed only in the legacy environment, the downloaded content being inaccessible by the trusted environment.
  - 10. The computing device according to claim 1, wherein authentication data for the computing device is stored in the trusted environment and cannot be accessed by the legacy environment.
  - 11. The computing device according to claim 1, further comprising I/O devices, wherein each of the I/O devices comprises dedicated connections for the trusted environment, wherein at least a portion of the I/O devices which do not pose a security risk to the computing system are coupled with the legacy environment.
  - 12. The computing device according to claim 1, wherein the trusted environment is embodied on a physical device that selectively couples with the computing device.
  - 13. The computing device according to claim 1, further comprising a plurality of legacy environments.
  - 14. The computing device according to claim 1, wherein the computing device is configured to separately execute portions of a computing operation using both the trusted environment and the legacy environment, wherein the trusted environment executes portions of the computing operation that could expose the computing device to a security risk while the legacy environment executes portions of the computing operation that are computing resource intensive and less likely to pose a security risk.
  - 15. The computing device according to claim 1, further comprising a set of gated channels used by the legacy environment to communicate with external device, the trusted environment controlling the gated channels to monitor data transmitted into and out of the legacy environment.
  - 16. The computing device according to claim 15, wherein the trusted environment is coupled with and manages input data from any of:
    - a keyboard, a mouse, a tablet, a touchscreen, a camera, a microphone, a biometric input device, a scanner, a GPS device, a joystick and a sensor.
  - 17. The computing device according to claim 15, wherein the trusted environment is coupled with and manages output data from any of:
    - a display, a speaker, and an actuator.
  - 18. The computing device according to claim 1, wherein the trusted memory stores sensitive data that includes any of firewall settings, directories, email addresses, usernames, passwords, authentication tokens, account numbers, favorites lists, encryption schemas, and personally identifiable information, further wherein the sensitive data is inaccessible to the legacy environment.

19. A computing device, comprising:
- a plurality of input and output devices;
  
  a memory for storing executable instructions, the memory comprising a trusted portion and a legacy portion;
  
  a first processor, the first processor executing instructions in the trusted portion of the memory to provide a first computing environment that manages operations of the plurality of input and output devices to protect sensitive information of the computing device;
  
  a network interface for communicating with devices external to the computing device; and
  
  a second processor, the second processor executing the instructions in the legacy portion of the memory to provide a second computing environment that communicates with the devices external to the computing device using the network interface, wherein operations of second computing environment are controlled and managed by the first computing environment.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The computing device according to claim 19, wherein the first computing environment includes a trusted web browser and the second computing environment includes a legacy web browser, wherein the trusted web browser and the legacy web browser are configured to cooperate together when accessing a network to prevent malware attacks.
  - 21. The computing device according to claim 19, wherein the first computing environment monitors at least a portion of the computing operations performed by the second computing environment.
  - 22. The computing device according to claim 19, further comprising a firewall application that is executed by the first processor to secure network access for the computing device.
  - 23. The computing device according to claim 19, wherein the first computing environment comprises a sensitive information module that is executed by the first processor to detect requests for passwords from either the first computing environment, the second computing environment, or a network device.
  - 24. The computing device according to claim 19, wherein the first computing environment is configured to manage email addresses for the computing device.
  - 25. The computing device according to claim 19, wherein the first and second computing environments cooperate to provide encrypted data by the first computing environment providing data that is to be encrypted while the first computing environment applies an encryption algorithm to the data provided by the second computing environment, the encryption algorithm being inaccessible to the second computing environment.
  - 26. The computing device according to claim 19, wherein location or position information of the computing device is accessible only to the first computing environment.

27. A method for providing secure computing operations on a computing device, the method comprising:
- executing a legacy computing environment by a legacy processor executing instructed stored in a legacy memory, the legacy computing environment being utilized to facilitate complex computing functions of the computing system or computing operations that expose the computing system to security risks that are external to the computing device; and
  
  executing a trusted computing environment by a trusted processor executing instructed stored in a trusted memory, the trusted computing environment being utilized to process input and output operations of the computing device and monitor the legacy computing environment.
- View Dependent Claims (28, 29, 30, 31, 32, 33)
- - 28. The method according to claim 27, further comprising executing a trusted browser application within the trusted computing environment.
  - 29. The method according to claim 27, further comprising transmitting sensitive information only via a network interface associated with the trusted environment.
  - 30. The method according to claim 27, further comprising executing a first portion of an application in the trusted computing environment and executing a second portion of the application in the legacy computing environment.
  - 31. The method according to claim 30, further comprising combining an output of the first portion of the application executed in the trusted computing environment with an output of the second portion of the application executed in the trusted computing environment.
  - 32. The method according to claim 31, further comprising executing a third portion of the application in another legacy computing environment.
  - 33. The method according to claim 27, further comprising storing sensitive information for a user in the trusted computing environment in such a way that the sensitive information cannot be accessed by the legacy computing environment.

34. A computing device, comprising:
- a trusted environment comprising;
  
  a trusted processor; and
  
  a trusted memory for storing executable instructions, the trusted processor storing passwords for a user;
  
  a legacy environment comprising;
  
  a secondary processor that is physically separated from the trusted processor; and
  
  a secondary memory for storing executable instructions, the secondary processor executing the instructions to provide a legacy computing environment that utilizes applications or network resources that require one or more of the passwords for authenticating the user; and
  
  wherein the trusted environment provides one or more passwords in response to a request, in such a way that the one or more passwords provided by the trusted environment are not exposed to the legacy environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mordecai Barkan
Original Assignee
Mordecai Barkan
Inventors
Barkan, Mordecai

Granted Patent

US 9,092,628 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/71   to assure secure computing ...

G06F 21/85   interconnection devices, e....

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2153   Using hardware token as a s...

H04L 63/0471   applying encryption by an i...

H04L 63/0853   using an additional device,...

H04L 63/1441   Countermeasures against mal...

SECURE COMPUTER ARCHITECTURES, SYSTEMS, AND APPLICATIONS

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE COMPUTER ARCHITECTURES, SYSTEMS, AND APPLICATIONS

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links