Claims
- 1. A computer program product for providing a secure, integrated device with dynamically selectable capabilities, the computer program product embodied on one or more computer-usable media and comprising:
computer-readable program code means for operating a security core which provides security functions; and computer-readable program code means for securely operably connecting one or more components to the security core, such that the security core can vouch for authenticity of each securely operably connected component,
wherein the security core and the operably connected components thereby comprise the secure integrated device.
- 2. The computer program product according to claim 1, wherein selected ones of the operable connections are made using one or more buses of the secure integrated device.
- 3. The computer program product according to claim 1, wherein selected ones of the operable connections are made using a wireless connection between respective ones of the components and the security core.
- 4. The computer program product according to claim 3, wherein the tireless connections use Secure Sockets Layer (SSL) data encryption or an equivalent which provides mutual authentication of both endpoints, negotiation of a time-limited key agreement with secure passage of a selected encryption key, and periodic renegotiation of the time-limited key agreement with a new encryption key.
- 5. The computer program product according to claim 1, wherein selected ones of the secure operable connections are provided when the security core is manufactured.
- 6. The computer program product according to claim 1, wherein the components comprise one or more of (1) input/output components and (2) application processing components.
- 7. The computer program product according to claim 1, wherein the computer-readable program code means for securely operably connecting further comprises computer-readable program code means for authenticating the operably connected component to the security core.
- 8. The computer program product according to claim 7, wherein the computer-readable program code means for authenticating provides a unique identifier of the operably connected component to the security core.
- 9. The computer program product according to claim 1, wherein the computer-readable program code means for securely operably connecting is activated by a hardware reset of the component, and wherein the hardware reset is activated by operably connecting of the component.
- 10. The computer program product according to claim 7, wherein the computer-readable program code means for authenticating is activated during execution of computer-readable program code stored on the component, and wherein the execution of the stored computer-readable program code is activated by a hardware reset of the component.
- 11. The computer program product according to claim 7, wherein the computer-readable program code means for authenticating is securely stored on the component.
- 12. The computer program product according to claim 7, further comprising computer-readable program code means for authenticating the security core to the operably connected component.
- 13. The computer program product according to claim 7, wherein the computer-readable program code means for authenticating the operably connected component further comprises computer-readable program code means for using public key cryptography.
- 14. The computer program product according to claim 12, wherein the computer-readable program code means for authenticating the security core further comprises computer-readable program code means for using public key cryptography.
- 15. The computer program product according to claim 1, wherein the secure integrated device is a pervasive computing device.
- 16. The computer program product according to claim 1, wherein one or more cryptographic keys are securely stored in each component, and wherein at least one of the securely stored keys is used by the computer-readable program code means for securely operably connecting each component.
- 17. The computer program product according to claim 1, wherein one or more cryptographic keys are securely stored in the secure integrated device.
- 18. The computer program product according to claim 1, further comprising computer-readable program code means for authenticating a user of the secure integrated device.
- 19. The computer program product according to claim 1, further comprising computer-readable program code means for securely performing a transaction using the secure integrated device.
- 20. The computer program product according to claim 19, further comprising:
computer-readable program code means for detecting whether all components participating in the securely performed transaction remain operably connected to the secure integrated device during the securely performed transaction; and computer-readable program code means for aborting the securely performed transaction if one or more of the participating components fails to remain operably connected to the secure integrated device during the securely performed transaction.
- 21. The computer program product according to claim 19, further comprising:
computer-readable program code means for detecting whether all components participating in the securely performed transaction remain operably connected to the secure integrated device during the securely performed transaction; and computer-readable program code means for marking the securely performed transaction as not secure if one or more of the participating components fails to remain operably connected to the secure integrated device during the securely performed transaction.
- 22. The computer program product according to claim 19, wherein the computer-readable program code means for securely performing a transaction further comprises computer-readable program code means for digitally notarizing, by the security core, an output data stream created by a selected one of the operably connected components of the secure integrated device.
- 23. The computer program product according to claim 22, wherein the computer-readable program code means for digitally notarizing further comprises:
computer-readable program code means for authenticating the selected operably connected component to the security core; computer-readable program code means for computing, by the security core, a hash value over the output data stream; computer-readable program code means for hashing, by the security core, a combination of (1) the hash value and (2) the unique identifier of the selected operably connected component, thereby creating a hashed data block; computer-readable program code means for digitally signing, by the security core, the hashed data block using a private key of the security core; and computer-readable program code means for providing the digitally signed hashed data block along with the combination as the digital notarization of the output data stream.
- 24. The computer program product according to claim 23, wherein the computer-readable program code means for authenticating further comprises computer-readable program code means for using a unique identifier of the selected operably connected component, where the unique identifier is digitally signed by the selected operably connected component using a first private key associated with the selected operably connected component.
- 25. The computer program product according to claim 22, wherein the computer-readable program code means for digitally notarizing further comprises:
computer-readable program code means for authenticating the selected operably connected component to the security core; computer-readable program code means for computing, by the security core, a hash value over each of a plurality of segments of the output data stream, wherein a boundary between segments is determined by an elapsed time value; computer-readable program code means for hashing, by the security core, a combination of (1) the hash value for each segment and (2) the unique identifier of the selected operably connected component, thereby creating a hashed data block for each segment; computer-readable program code means for digitally signing, by the security core, the hashed data block for each segment using a private key of the security core; and computer-readable program code means for providing the digitally signed hashed data block for each segment along with the combination for each segment as the digital notarization of the segments which comprise the output data stream.
- 26. The computer program product according to claim 25, wherein the computer-readable program code means for authenticating further comprises computer-readable program code means for using a unique identifier of the selected operably connected component, where the unique identifier is digitally signed by the selected operably connected component using a first private key associated with the selected operably connected component.
- 27. The computer program product according to claim 25, wherein authenticity of selected ones of the digitally notarized segments of the output data stream may be separately verified using a public key of the security core.
- 28. The computer program product according to claim 23 or claim 25, further comprising:
computer-readable program code means for authenticating a user of the secure integrated device; and computer-readable program code means for including an identification of the authenticated user in the combination.
- 29. The computer program product according to claim 23 or claim 25, wherein the private key of the security core is securely stored in the secure integrated device.
- 30. The computer program product according to claim 23, further comprising computer-readable program code means for verifying authenticity of the output data stream by a receiver of the output data stream and the digitally signed hashed data block, using a public key of the security core, and for concluding that the output data stream is authentic if the verification succeeds.
- 31. The computer program product according to claim 30, wherein the computer-readable program code means for verifying authenticity further comprises obtaining the public key from a digital certificate of the security core.
- 32. The computer program product according to claim 30, wherein the computer-readable program code means for verifying authenticity further comprises concluding that the output data stream has not been tampered with if the verification succeeds.
- 33. The computer program product according to claim 1, further comprising computer-readable program code means for dynamically revising functionality in a selected one of the securely operably connected components of the secure integrated device by securely applying a firmware update to the selected one, such that the security core can continue to vouch for the authenticity of the selected one.
- 34. The computer program product according to claim 1, wherein capabilities of the secure integrated device are dynamically revised by subsequent operation of the computer-readable program code means for securely operably connecting, the subsequent operation being activated upon operably connecting a new component to the security core, wherein the new component authenticates itself to the security core, with a result of the authentication being that the capabilities of the secure integrated device are thereby augmented with capabilities of the new component.
- 35. The computer program product according to claim 1, wherein the security core is located on a selected one of the operably connected components, and wherein the security core and the selected one are connected to a common bus.
- 36. The computer program product according to claim 1, wherein a second security core is located on a selected one of the operably connected components, and wherein the security core and the second security core operate in combination.
- 37. A computer program product for improving security of transactions in portable devices, the computer program product embodied on one or more computer-usable media and comprising:
computer-readable program code means for providing security function in a security core of a portable device; computer-readable program code means for operably connecting one or more components to the security core, wherein each component provides input/output capabilities or application processing capabilities; and computer-readable program code means for verifying authenticity of each operably connected component, such that the security core can vouch for transactions created by the operably connected components while the operably connected components remain operably connected.
- 38. The computer program product according to claim 37, wherein the computer-readable program code means for verifying authenticity further comprises computer-readable program code means for performing a security handshake between the security core and the operably connected component upon activation of the computer-readable program code means for operably connecting.
- 39. The computer program product according to claim 38, wherein the computer-readable program code means for performing uses Secure Sockets Layer encryption to encrypt data or an equivalent which provides mutual authentication of both endpoints, negotiation of a time-limited key agreement with secure passage of a selected encryption key, and periodic renegotiation of the time-limited key agreement with a new encryption key.
- 40. The computer program product according to claim 38, wherein each operably connected component has associated therewith a digital certificate, a private cryptographic key and a cryptographically-associated public key, and a unique device identifier that is used to identify data originating from the operably connected component.
- 41. A system for providing a secure, integrated device with dynamically selectable capabilities, comprising:
a security core which provides security functions; one or more components; means for operating the security core; and means for securely operably connecting the components to the security core, such that the security core can vouch for authenticity of each securely operably connected component,
wherein the security core and the operably connected components thereby comprise the secure integrated device.
- 42. The system according to claim 41, wherein selected ones of the operable connections are made using one or more buses of the secure integrated device.
- 43. The system according to claim 41, wherein selected ones of the operable connections are made using a wireless connection between respective ones of the components and the security core.
- 44. The system according to claim 43, wherein the wireless connections use Secure Sockets Layer (SSL) data encryption or an equivalent which provides mutual authentication of both endpoints, negotiation of a time-limited key agreement with secure passage of a selected encryption key, and periodic renegotiation of the time-limited key agreement with a new encryption key.
- 45. The system according to claim 41, wherein selected ones of the secure operable connections are provided when the security core is manufactured.
- 46. The system according to claim 41, wherein the components comprise one or more of (1) input/output components and (2) application processing components.
- 47. The system according to claim 41, wherein the means for securely operably connecting further comprises means for authenticating the operably connected component to the security core.
- 48. The system according to claim 47, wherein the means for authenticating provides a unique identifier of the operably connected component to the security core.
- 49. The system according to claim 41, wherein the means for securely operably connecting is activated by a hardware reset of the component, and wherein the hardware reset is activated by operably connecting of the component.
- 50. The system according to claim 47, wherein the means for authenticating is activated during execution of instructions stored on the component, and wherein the execution of the stored instructions is activated by a hardware reset of the component.
- 51. The system according to claim 47, wherein the means for authenticating are securely stored on the component.
- 52. The system according to claim 47, further comprising means for authenticating the security core to the operably connected component.
- 53. The system according to claim 47, wherein the means for authenticating the operably connected component further comprises means for using public key cryptography.
- 54. The system according to claim 52, wherein the means for authenticating the security core further comprises means for using public key cryptography.
- 55. The system according to claim 41, wherein the secure integrated device is a pervasive computing device.
- 56. The system according to claim 41, wherein one or more cryptographic keys are securely stored in each component, and wherein at least one of the securely stored keys is used by the means for securely operably connecting each component.
- 57. The system according to claim 41, wherein one or more cryptographic keys are securely stored in the secure integrated device.
- 58. The system according to claim 41, further comprising means for authenticating a user of the secure integrated device.
- 59. The system according to claim 41, further comprising means for securely performing a transaction using the secure integrated device.
- 60. The system according to claim 59, further comprising:
means for detecting whether the components remain operably connected to the secure integrated device during the securely performed transaction; and means for aborting the securely performed transaction if one or more of the components fails to remain operably connected to the secure integrated device during the securely performed transaction.
- 61. The system according to claim 59, further comprising:
means for detecting whether all components remain operably connected to the secure integrated device during the securely performed transaction; and means for marking the securely performed transaction as not secure if one or more of the components fails to remain operably connected to the secure integrated device during the securely performed transaction.
- 62. The system according to claim 59, wherein the means for securely performing a transaction further comprises means for digitally notarizing, by the security core, an output data stream created by a selected one of the operably connected components of the secure integrated device.
- 63. The system according to claim 62, wherein the means for digitally notarizing further comprises:
means for authenticating the selected operably connected component to the security core; means for computing, by the security core, a hash value over the output data stream; means for hashing, by the security core, a combination of (1) the hash value and (2) the unique identifier of the selected operably connected component, thereby creating a hashed data block; means for digitally signing, by the security core, the hashed data block using a private key of the security core; and means for providing the digitally signed hashed data block along with the combination as the digital notarization of the output data stream.
- 64. The system according to claim 63, wherein the means for authenticating further comprises means for using a unique identifier of the selected operably connected component, where the unique identifier is digitally signed by the selected operably connected component using a first private key associated with the selected operably connected component.
- 65. The system according to claim 62, wherein the means for digitally notarizing further comprises:
means for authenticating the selected operably connected component to the security core; means for computing, by the security core, a hash value over each of a plurality of segments of the output data stream, wherein a boundary between segments is determined by an elapsed time value; means for hashing, by the security core, a combination of (1) the hash value for each segment and (2) the unique identifier of the selected operably connected component, thereby creating a hashed data block for each segment; means for digitally signing, by the security core, the hashed data block for each segment using a private key of the security core; and means for providing the digitally signed hashed data block for each segment along with the combination for each segment as the digital notarization of the segments which comprise the output data stream.
- 66. The system according to claim 65, wherein the means for authenticating further comprises means for using a unique identifier of the selected operably connected component, where the unique identifier is digitally signed by the selected operably connected component using a first private key associated with the selected operably connected component.
- 67. The system according to claim 65, wherein authenticity of selected ones of the digitally notarized segments of the output data stream may be separately verified using a public key of the security core.
- 68. The system according to claim 63, further comprising:
means for authenticating a user of the secure integrated device; and means for including an identification of the authenticated user in the combination.
- 69. The system according to claim 65, wherein the private key of the security core is securely stored in the secure integrated device.
- 70. The system according to claim 65, further comprising means for verifying authenticity of the segments of the output data stream by a receiver of the segments of the output data stream and the digitally signed hashed data blocks for the segments, using a public key of the security core, and for concluding that each segment of the output data stream is authentic if the verification succeeds.
- 71. The system according to claim 70, wherein the means for verifying authenticity further comprises obtaining the public key from a digital certificate of the security core.
- 72. The system according to claim 70, wherein the means for verifying authenticity further comprises concluding that the output data stream has not been tampered with if the verification succeeds.
- 73. The system according to claim 41, further comprising:
means for dynamically revising functionality in a selected one of the securely operably connected components of the secure integrated device by securely applying a firmware update to the selected one; and means for requiring the selected one to re-authenticate itself to the security core, such that the security core can continue to vouch for the authenticity of the selected one.
- 74. The system according to claim 41, wherein capabilities of the secure integrated device are dynamically revised by subsequent operation of the means for securely operably connecting, the subsequent operation being activated upon operably connecting a new component to the security core, wherein the new component authenticates itself to the security core, with a result of the authentication being that the capabilities of the secure integrated device are thereby augmented with capabilities of the new component.
- 75. The system according to claim 41, wherein the security core is located on a selected one of the operably connected components, and wherein the security core and the selected one are connected to a common bus.
- 76. The system according to claim 41, wherein a second security core is located on a selected one of the operably connected components, and wherein the security core and the second security core each provide security functions for one or more components of the secure integrated device.
- 77. A system for improving security of transactions in portable devices, comprising:
means for providing security function in a security core of a portable device; means for operably connecting one or more components to the security core, wherein each component provides input/output capabilities or application processing capabilities; and means for verifying authenticity of each operably connected component, such that the security core can vouch for transactions created by the operably connected components while the operably connected components remain operably connected.
- 78. The system according to claim 77, wherein the means for verifying authenticity further comprises means for performing a security handshake between the security core and the operably connected component upon activation of the means for operably connecting.
- 79. The system according to claim 78, wherein the means for performing uses Secure Sockets Layer encryption to encrypt data or an equivalent which provides mutual authentication of both endpoints, negotiation of a time-limited key agreement with secure passage of a selected encryption key, and periodic renegotiation of the time-limited key agreement with a new encryption key.
- 80. The system according to claim 78, wherein each operably connected component has associated therewith a digital certificate, a private cryptographic key and a cryptographically-associated public key, and a unique device identifier that is used to identify data originating from the operably connected component.
- 81. A method of providing a secure, integrated device with dynamically selectable capabilities, comprising step of:
operating a security core which provides security functions; and securely operably connecting one or more components to the security core, such that the security core can vouch for authenticity of each securely operably connected component,
wherein the security core and the operably connected components thereby comprise the secure integrated device.
- 82. The method according to claim 81, wherein selected ones of the operable connections are made using one or more buses of the secure integrated device.
- 83. The method according to claim 81, wherein selected ones of the operable connections are made using a wireless connection between respective ones of the components and the security core.
- 84. The method according to claim 83, wherein the wireless connections use Secure Sockets Layer (SSL) data encryption or an equivalent which provides mutual authentication of both endpoints, negotiation of a time-limited key agreement with secure passage of a selected encryption key, and periodic renegotiation of the time-limited key agreement with a new encryption key.
- 85. The method according to claim 81, wherein selected ones of the secure operable connections are provided when the security core is manufactured.
- 86. The method according to claim 81, wherein the components comprise one or more of (1) input/output components and (2) application processing components.
- 87. The method according to claim 81, wherein the step of securely operably connecting further comprises the step of authenticating the operably connected component to the security core.
- 88. The method according to claim 87, wherein the step of authenticating provides a unique identifier of the operably connected component to the security core.
- 89. The method according to claim 81, wherein the step of securely operably connecting is activated by a hardware reset of the component, and wherein the hardware reset is activated by operably connecting of the component.
- 90. The method according to claim 87, wherein the step of authenticating is activated during execution of instructions stored on the component, and wherein the execution of the stored instructions is activated by a hardware reset of the component.
- 91. The method according to claim 87, wherein instructions for performing the authenticating step are securely stored on the component.
- 92. The method according to claim 87, further comprising the step of authenticating the security core to the operably connected component.
- 93. The method according to claim 87, wherein the step of authenticating the operably connected component further comprises using public key cryptography.
- 94. The method according to claim 92, wherein the step of authenticating the security core further comprises using public key cryptography.
- 95. The method according to claim 81, wherein the secure integrated device is a pervasive computing device.
- 96. The method according to claim 81, wherein one or more cryptographic keys are securely stored in each component, and wherein at least one of the securely stored keys is used by the step of securely operably connecting each component.
- 97. The method according to claim 81, wherein one or more cryptographic keys are securely stored in the secure integrated device.
- 98. The method according to claim 81, further comprising the step of authenticating a user of the secure integrated device.
- 99. The method according to claim 81, further comprising the step of securely performing a transaction using the secure integrated device.
- 100. The method according to claim 99, further comprising the steps of:
detecting whether the components remain operably connected to the secure integrated device during the securely performed transaction; and aborting the securely performed transaction if one or more of the components fails to remain operably connected to the secure integrated device during the securely performed transaction.
- 101. The method according to claim 99, further comprising steps of:
detecting whether all components remain operably connected to the secure integrated device during the securely performed transaction; and marking the securely performed transaction as not secure if one or more of the components fails to remain operably connected to the secure integrated device during the securely performed transaction.
- 102. The method according to claim 99, wherein the step of securely performing a transaction further comprises the step of digitally notarizing, by the security core, an output data stream created by a selected one of the operably connected components of the secure integrated device.
- 103. The method according to claim 102, wherein the step of digitally notarizing further comprises the steps of:
authenticating the selected operably connected component to the security core; computing, by the security core, a hash value over the output data stream; S5 hashing, by the security core, a combination of (1) the hash value and (2) the unique identifier of the selected operably connected component, thereby creating a hashed data block; digitally signing, by the security core, the hashed data block using a private key of the security core; and providing the digitally signed hashed data block along with the combination as the digital notarization of the output data stream.
- 104. The method according to claim 103, wherein the step of authenticating further comprises using a unique identifier of the selected operably connected component, where the unique identifier is digitally signed by the selected operably connected component using a first private key associated with the selected operably connected component.
- 105. The method according to claim 102, wherein the digitally notarizing step further comprises the steps of:
authenticating the selected operably connected component to the security core; computing, by the security core, a hash value over each of a plurality of segments of the output data stream, wherein a boundary between segments is determined by an elapsed time value; hashing, by the security core, a combination of (1) the hash value for each segment and (2) the unique identifier of the selected operably connected component, thereby creating a hashed data block for each segment; digitally signing, by the security core, the hashed data block for each segment using a private key of the security core; and providing the digitally signed hashed data block for each segment along with the combination for each segment as the digital notarization of the segments which comprise the output data stream.
- 106. The method according to claim 105, wherein the authenticating step further comprises using a unique identifier of the selected operably connected component, where the unique identifier is digitally signed by the selected operably connected component using a first private key associated with the selected operably connected component.
- 107. The method according to claim 105, wherein authenticity of selected ones of the digitally notarized segments of the output data stream may be separately verified using a public key of the security core.
- 108. The method according to claim 105, further comprising the steps of:
authenticating a user of the secure integrated device; and including an identification of the authenticated user in the combination.
- 109. The method according to claim 103, wherein the private key of the security core is securely stored in the secure integrated device.
- 110. The method according to claim 105, further comprising the step of verifying authenticity of the segments of the output data stream by a receiver of the segments of the output data stream and the digitally signed hashed data blocks for the segments, using a public key of the security core, and concluding that each segment of the output data stream is authentic if the verification succeeds.
- 111. The method according to claim 110, where in the step of verifying authenticity further comprises obtaining the public key from a digital certificate of the security core.
- 112. The method according to claim 110, wherein the step of verifying authenticity further comprises concluding that the output data stream has not been tampered with if the verification succeeds.
- 113. The method according to claim 81, further comprising the steps of:
dynamically revising functionality in a selected one of the securely operably connected components of the secure integrated device by securely applying a firmware update to the selected one; and requiring the selected one to re-authenticate itself to the security core, such that the security core can continue to vouch for the authenticity of the selected one.
- 114. The method according to claim 81, wherein capabilities of the secure integrated device are dynamically revised by subsequent operation of the securely operably connecting step, the subsequent operation being activated upon operably connecting a new component to the security core, wherein the new component authenticates itself to the security core, with a result of the authentication being that the capabilities of the secure integrated device are thereby augmented with capabilities of the new component.
- 115. The method according to claim 81, wherein the security core is located on a selected one of the operably connected components, and wherein the security core and the selected one are connected to a common bus.
- 116. The method according to claim 81, wherein a second security core is located on a selected one of the operably connected components, and wherein the security core and the second security core each provide security functions for one or more components of the secure integrated device.
- 117. A method of improving security of transactions in portable devices, comprising steps of providing security function in a security core of a portable device;
operably connecting one or more components to the security core, wherein each component provides input/output capabilities or application processing capabilities; and verifying authenticity of each operably connected component, such that the security core can vouch for transactions created by the operably connected components while the operably connected components remain operably connected.
- 118. The method according to claim 117, wherein the verifying authenticity step further comprises the step of performing a security handshake between the security core and the operably connected component upon activation of the step of operably connecting.
- 119. The method according to claim 118, wherein the performing step uses Secure Sockets Layer encryption to encrypt data or an equivalent which provides mutual authentication of both endpoints, negotiation of a time-limited key agreement with secure passage of a selected encryption key, and periodic renegotiation of the time-limited key agreement with a new encryption key.
- 120. The method according to claim 118, wherein each operably connected component has associated therewith a digital certificate, a private cryptographic key and a cryptographically-associated public key, and a unique device identifier that is used to identify data originating from the operably connected component.
RELATED INVENTIONS
[0001] The present invention is related to the following commonly-assigned U.S. Patents, all of which were filed concurrently herewith: U.S. ______ (Ser. No. 09/______), entitled “Smart Card with Integrated Biometric Sensor”; U.S. ______ (Ser. No. 09/______) entitled “Technique for Continuous User Authentication”; U.S. ______ (Ser. No. 09/______), entitled “Technique for Establishing Provable Chain of Evidence”; U.S. ______ (Ser. No. 09/______),entitled “Technique for Improved Audio Compression”; and U.S. ______ (Ser. No. 09/______), entitled “Technique for Digitally Notarizing a Collection of Data Streams”.