JP6274678B2 - Reliable service interaction - Google Patents

Description

  The subject matter described herein relates generally to the field of electronic devices, and more particularly to systems and methods for implementing trusted service interactions using electronic devices.

  Malicious software (malware) may be used to steal personal information, including payment credentials, for use by unauthorized individuals. As an example, a malware may steal a user's secret input by impersonating a display or snooping input to the display module. Once the payment credentials are obtained, the malware or its user may conduct fraudulent transactions on behalf of the user. This threat has an impact on the proportion of the population that does not attempt to do online activities because it can endanger information. This reduces the efficiency that can be gained through online commerce and limits the amount of goods and services purchased by the individuals involved, which can limit online commerce growth.

  Existing solutions to these problems are limited in usability and / or security due to the fact that they are hosted within the operating system of the electronic device, which has always been a vulnerability issue or externally Requires a hardware device to install, which limits the ease of use for consumers. Accordingly, systems and techniques for providing a secure computing environment for electronic transactions may find utility.

The detailed description is described with reference to the accompanying figures.
1 is a schematic diagram of an example electronic device that may be adapted to include an infrastructure for trusted service interaction, according to some embodiments. FIG. FIG. 3 is a high-level schematic diagram of an example architecture for trusted service interaction, according to some embodiments. 6 is a flowchart illustrating operations in a method for implementing trusted service interactions, according to some embodiments. FIG. 3 is a schematic diagram of an electronic device adapted to implement trusted service interaction according to some embodiments.

  Described herein are exemplary systems and methods for implementing trusted service interactions with electronic devices. In the following description, numerous specific details are set forth in order to provide a thorough understanding of various embodiments. However, one of ordinary skill in the art appreciates that various embodiments can be practiced without the specific details. In other instances, well-known methods, procedures, components, and circuits have not been illustrated or described in detail so as not to obscure the specific embodiments.

  FIG. 1 is a schematic diagram of an example system 100 that may be adapted to implement trusted service interactions, according to some embodiments. In one embodiment, the system 100 includes an electronic device 108 and a display 102 including a screen 104, one or more speakers 106, a keyboard 110, one or more other I / O devices 112, and a mouse 114. A plurality of attached input / output devices. Other I / O devices 112 include touch screens, voice activated input devices, trackballs, positioning devices, accelerometers / gyroscopes, and other devices that allow the system 100 to receive input from the user. May be included.

  In various embodiments, electronic device 108 may be implemented as a personal computer, laptop computer, personal digital assistant, mobile phone, entertainment device, or another computing device. The electronic device 108 includes system hardware 120 and memory 130, which may be implemented as random access memory and / or read only memory. File store 180 may be communicatively coupled to computing device 108. The file store 180 may be internal to the computing device 108, such as one or more hard drives, CD-ROM drives, DVD-ROM drives, or other types of storage devices. The file store 180 may be external to the computer 108, such as one or more external hard drives, a networked storage, or a separate storage network such as a cloud storage network.

  The system hardware 120 may include one or more processors 122, a graphics processor 124, a network interface 126, and a bus structure 128. In one embodiment, the processor 122 may be implemented as an Intel® Core 2 Duo® processor commercially available from Intel Corporation of Santa Clara, California. As used herein, the term “processor” refers to a microprocessor, microcontroller, complex instruction set computing (CISC) microprocessor, reduced instruction set (RISC) microprocessor, very long instruction word (VLIW) microprocessor. It refers to any type of computing element, such as but not limited to a processor, or any other type of processor or processing circuit.

  Graphics processor 124 may function as an adjunct processor that manages graphics operations and / or video operations. Graphics processor 124 may be integrated within the packaging of processor 122 or on the motherboard of computing system 100, or may be coupled through an expansion slot on the motherboard.

  In one embodiment, the network interface 126 is a wired interface, such as an Ethernet interface (see, eg, the Institute of Electrical and Electronics Engineers / IEEE 802.3-2002), or an interface compliant with IEEE 802.11a, b, or g. (For example, the IEEE standard for IT communication and information exchange between LAN / MAN systems-Part 2: wireless LAN medium access control (MAC) and physical layer (PHY) specification amendments 4, more in 2.4 GHz band It may be a wireless interface such as a high data rate extension, see 802.11G-2003). Another example of a wireless interface is the General Packet Radio Service (GPRS) interface (eg, Guidelines for GPRS Handset Requirements, Global System for Wireless Communications / GSM Association, 3.0.1 Edition, 2002 12 See the moon).

  Bus structure 128 connects the various components of system hardware 128. In one embodiment, the bus structure 128 includes a memory bus, peripheral bus, or external bus, and / or an 11-bit bus, industry standard architecture (ISA), microchannel architecture (MSA), extended ISA (EISA), intelligent drive electronics. (IDE), VESA local bus (VLB), peripheral component interconnect (PCI), universal serial bus (USB), advanced graphics port (AGP), Personal Computer Memory Card International Association (PCMCIA) bus, and small computer system interface (SCSI) one or more of several types of bus structures among local buses using various available bus architectures including, but not limited to: It may be.

  Memory 130 may include an operating system 140 for managing the operation of computing device 108. In one embodiment, the operating system 140 includes a hardware interface module 154 that provides an interface to the system hardware 120. Further, the operating system 140 may include a file system 150 that manages files used in the operation of the computing device 108 and a process control subsystem 152 that manages the processes that execute on the computing device 108.

  The operating system 140 may include (or manage) one or more communication interfaces that operate with the system hardware 120 and may send and receive data packets and / or data streams from remote resources. The operating system 140 may further include a system call interface module 142 that provides an interface between the operating system 140 and one or more application modules that reside in the memory 130. The operating system 140 may be implemented as a UNIX® operating system or any derivative thereof (eg, Linux®, Solaris, etc.), a Windows® operating system, or other operating system. May be.

  In some embodiments, the system 100 may comprise a low power embedded processor, referred to herein as a trusted execution complex 170. The trusted execution complex 170 may be implemented as a separate integrated circuit located on the system 100 motherboard. In the embodiment illustrated in FIG. 1, the trusted execution complex 170 includes a processor 172, a memory module 174, an authentication module 176, an I / O module 178, and a secure sprite generator 179. In some embodiments, the memory module 164 may comprise a persistent flash memory module, and the authentication module 174 may be implemented as a logical instruction encoded in a persistent memory module, such as firmware or software. The I / O module 178 may comprise a serial I / O module or a parallel I / O module. Since the trusted execution complex 170 is physically separate from the main processor 122 and the operating system 140, the trusted execution complex 170 is secured in a secure state, ie, attack by hackers, so that it cannot be tampered with. May have.

  In some embodiments, the trusted execution complex is to ensure trusted service interaction for one or more transactions between the host electronic device and a remote computing device, such as an online commerce site. Can be used. FIG. 2 is a high-level schematic diagram of an exemplary architecture for trusted service interaction, according to some embodiments. Referring to FIG. 2, host device 210 may be characterized as having an untrusted execution complex and a trusted execution complex. When host device 210 is implemented as system 100, the trusted execution complex can be implemented by trusted execution complex 170, while the untrusted execution complex is implemented by main processor 122 and operating system 140 of system 100. obtain. In some embodiments, the trusted execution complex can be implemented in a secure portion of the main processor 122.

  As illustrated in FIG. 2, the remote entity that initiates the transaction is identified as a transaction system in FIG. 2, implemented as an electronic commerce website or the like, and can be coupled to the host device via the communication network 240. In use, the owner or operator of the electronic device 108 may access the trading system 250 using the browser 220 or other application software over the network and initiate a secure transaction on the system 250. it can.

  The authentication module 176 implements procedures to ensure reliable service interaction, either alone or in combination with the authentication plug-in 222, the input / output module 178, and the secure sprite generator 179 via the dialog box 280. Can do.

  Having described various structured systems for implementing trusted service interactions, see FIG. 3, which is a flowchart illustrating operations in a method for implementing trusted service interactions, according to some embodiments. The operation mode of the system will be described. In some embodiments, the operations illustrated in the flowchart of FIG. 3 may be implemented by the authentication module 176 of the trusted execution complex 170 alone or in combination with other modules.

  As an overview, in some embodiments, an electronic device may initiate a service request to a remote service, such as an Internet commerce service from an untrusted execution complex, eg, an application executing in a browser. In response to the service request, the remote service can provide the credentials to the electronic device. In response to receiving credentials from the remote service, the plug-in module 222 can invoke the authentication service from the authentication module 176 in the trusted execution complex. In some embodiments, the authentication service may implement operations for managing a communication session with a remote service.

  Referring to FIG. 3, at operation 305, a browser executing on the electronic device initiates a request for a remote service. Again, by way of example, the remote service can be an electronic commerce site or the like, and the request can be a request to access a secure service provided by the site. At operation 310, the request is received at a remote service from a user of the electronic device. In some embodiments, the request may include an identifier that uniquely identifies the requesting device and / or application, and the request may also be uniquely identified. For example, the identifier may include a time stamp that identifies when the request was generated.

  In response to the request, at operation 315, the remote service attaches a certificate, such as a private key or infrastructure key, to the response to the service request, and at operation 320, the remote service sends a response to the browser that initiated the request. Send. In operation 325, the browser receives a response. Authentication plug-in 222 detects that the response includes a certificate, and in response initiates a request to authentication module 176 to initiate and manage a secure communication session with the remote service. Transfer the response (operation 320).

  At operation 330, the authentication module 176 at the secure controller receives the request and associated certificate from the remote service, and at operation 335, the authentication module 176 at the secure controller authenticates the certificate. In some embodiments, the authentication module 176 can authenticate the certificate using the remote verification system 260.

  Once the certificate is verified, at operation 340, the secure sprite generator 179 generates a secure dialog box 280 on the display of the electronic device. At operation 345, input / output module 178 locks dialog box 280 such that input / output operations implemented in the bitmap of dialog box 280 are visible only to trusted execution complexes. When dialog box 280 is locked, input / output operations implemented in dialog box 280 are not visible to untrusted execution complexes.

  Referring briefly to FIG. 2, in some embodiments, the dialog box 280 may include a first window 282 for entry of a username and a second window 284 for entry of a password. Further, the dialog box 280 may include an input mechanism such as a keyboard 286 on the display. The user may enter his username and / or password using keyboard 286.

  Referring back to FIG. 3, at operation 350, the authentication module 176 at the secure controller receives authentication input from the user via the dialog box 280. In operations 355 and 360, a secure communication connection is established between the secure controller authentication module 176 and the remote service. In some embodiments, establishing a secure connection may involve a handshake procedure for exchanging cryptographic keys. Alternatively, virtual private network (VPN) tunneling may be established between the remote service and the authentication module 176.

  At operation 365, authentication module 176 forwards the credentials (ie, username and password combination) received via dialog box 280 to the remote service, which authenticates the credentials at operation 370.

  At operations 375 and 380, the secure controller and remote service perform a secure communication session. In some embodiments, a secure communication session is a malware or other application where the inputs and outputs in the secure communication session are only visible to the trusted execution complex and thus run in the untrusted execution complex Can be done via the dialog box 280 generated by the secure sprite generator 179 so that it cannot be snooped by.

  When the communication session ends, the authentication module 176 at the secure controller can release and close the dialog box 280 (operation 385), returning display control to the untrusted execution complex.

  As noted above, in some embodiments, the electronic device may be implemented as a computer system. FIG. 4 is a schematic diagram of a computer system 400 according to some embodiments. Computer system 400 includes a computing device 402 and a power adapter 404 (eg, for supplying power to computing device 402). The computing device 402 is any suitable computing device, such as a laptop (or notebook) computer, a personal digital assistant, a desktop computing device (eg, a workstation or desktop computer), and a rack mount computing device. obtain.

  The power source is from one or more power sources among one or more battery packs, alternating current (AC) outlets (e.g., via an adapter such as a transformer and / or power adapter 404), an automotive power source, an aircraft power source, etc. It can be provided to various components of computing device 402 (eg, via computing device power supply 406). In some embodiments, the power adapter 404 can transform a power output (eg, an AC outlet voltage of about 110 VAC to 240 VAC) to a direct current (DC) voltage in the range of about 7 VDC to 12.6 VDC. Therefore, the power adapter 404 may be an AC / DC adapter.

  Computing device 402 may also include one or more central processing units (CPUs) 408. In some embodiments, the CPU 408 uses a Pentium® II processor family, a Pentium® III processor, a Pentium® IV, commercially available from Intel® Corporation of Santa Clara, Calif. It may be one or more processors of a Pentium® family of processors, a core 2 duo processor, or an atom processor. Alternatively, other CPUs such as Intel's Itanium (R), XEON (TM), and Celeron (R) processors may be used. One or more processors from other manufacturers may also be used. Furthermore, the processor may have a single-core or multi-core design.

  The chipset 412 may be combined with or integrated with the CPU 408. Chipset 412 may include a memory control hub (MCH) 414. The MCH 414 may include a memory controller 416 that is coupled to the main system memory 418. Main system memory 418 stores data or sequences of instructions executed by CPU 408 or other devices included in system 400. In some embodiments, main system memory 418 includes random access memory (RAM), but main system memory 418 uses other memory types such as dynamic RAM (DRAM) and synchronous DRAM (SDRAM). May be implemented. Additional devices may also be coupled to the bus 410, such as multiple CPUs and / or multiple system memories.

  The MCH 414 may also include a graphics interface 420 coupled to the graphics accelerator 422. In some embodiments, the graphics interface 420 is coupled to the graphics accelerator 422 via an accelerated graphics port (AGP). In some embodiments, a display (such as a flat panel display) 440 converts a digital representation of an image stored in a storage device, such as a video memory or system memory, into a display signal that is interpreted and displayed by the display. It may be coupled to the graphics interface 420 via a signal converter. The display 440 signal generated by the display device may be interpreted by the display and passed through various control devices before being displayed on the display.

  Hub interface 424 couples MCH 414 to a platform control hub (PCH) 426. PCH 426 provides an interface to input / output (I / O) devices coupled to computer system 400. PCH 426 may be coupled to a peripheral component interconnect (PCI) bus. Accordingly, the PCH 426 includes a PCI bridge 428 that provides an interface to the PCI bus 430. The PCI bridge 428 provides a data bus between the CPU 408 and peripheral devices. In addition, other types of I / O interconnect topologies may be used, such as the PCI Express ™ architecture marketed by Intel® Corporation of Santa Clara, California.

  The PCI bus 430 may be coupled to the audio device 432 and one or more disk drives 434. Other devices may be coupled to the PCI bus 430. Further, the CPU 408 and the MCH 414 may be combined to form a single chip. Further, in other embodiments, graphics accelerator 422 may be included within MCH 414.

  Further, in various embodiments, other peripheral devices coupled to PCH 426 include integrated drive electronics (IDE) or small computer system interface (SCSI) hard drive, universal serial bus (USB) port, keyboard, Examples include a mouse, a parallel port, a serial port, a floppy disk drive, and a digital output support (eg, digital video interface (DVI)). Accordingly, the computing device 402 may include volatile and / or nonvolatile memory.

  Thus, described herein are architectures and associated methods for implementing trusted service interactions in electronic devices. In some embodiments, the architecture uses hardware functionality embedded in the electronic device platform to establish secure communication between the remote service and the trusted execution complex. The execution complex can be implemented in a trusted execution complex that presents a secure dialog box in which at least a portion of the secure communication session can be executed. In some embodiments, the trusted execution complex may be implemented in a remote device, such as a dongle.

  The term “logical instructions” as referred to herein relates to expressions that can be understood by one or more machines for performing one or more logical operations. For example, logical instructions may include instructions that can be interpreted by a processor compiler for performing one or more operations on one or more data objects. However, this is merely an example of machine-readable instructions and embodiments are not limited in this respect.

  The term “computer-readable medium” as referred to herein relates to media capable of maintaining expressions which are understandable by one or more machines. For example, a computer readable medium may comprise one or more storage devices for storing computer readable instructions or computer readable data. Such a storage device may comprise a storage medium such as, for example, an optical, magnetic, or semiconductor storage medium. However, this is merely an example of a computer readable medium and embodiments are not limited in this respect.

  The term “logic” as referred to herein relates to a structure for performing one or more logical operations. For example, the logic may comprise circuitry that provides one or more output signals based on one or more input signals. Such circuitry may comprise a finite state machine that receives the digital input and provides a digital output, or a circuit that provides one or more analog output signals in response to the one or more analog input signals. Such circuits can be provided in application specific integrated circuits (ASICs) or field programmable gate arrays (FPGAs). The logic may also include machine-readable instructions stored in memory in combination with processing circuitry to execute such machine-readable instructions. However, these are merely examples of structures that can provide logic, and embodiments are not limited in this respect.

  Some of the methods described herein may be performed as logical instructions on a computer-readable medium. When executed on a processor, the logic instructions program the processor as a dedicated machine that implements the methods described. When configured with logical instructions to perform the methods described herein, the processor forms a structure for performing the described methods. Alternatively, the methods described herein may be reduced to logic such as in a field programmable gate array (FPGA) or application specific integrated circuit (ASIC).

  In this specification and in the claims, the terms “coupled” and “connected” may be used with their derivatives. In certain embodiments, “connected” may be used to indicate that two or more elements are in direct physical or electrical contact with each other. “Coupled” may mean that two or more elements are in direct physical or electrical contact. However, “coupled” may also mean that two or more elements may not be in direct contact with each other, but may still cooperate or interact with each other.

  In this specification, references to "one embodiment" or "some embodiments" indicate that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one implementation. means. When the phrase “in one embodiment” appears in various places in the specification, all of it may or may not refer to the same embodiment.

Although embodiments are described in language specific to structural features and / or methodological operations, it is to be understood that the claimed subject matter may not be limited to the specific features or operations described. Rather, the specific features and acts are disclosed as sample forms of implementing the claimed subject matter.
[Item 1]
A secure controller for an electronic device,
Receiving a request for a secure communication session with a remote service from an application executing on the untrusted execution complex of the electronic device;
Verifying security credentials received from the remote service;
Establishing a secure communication connection between the secure controller and the remote service;
Establish a secure user interface,
Collect one or more authentication credentials from the user via the secure user interface;
Transferring the one or more authentication credentials to the remote service;
A secure controller comprising logic for executing a secure communication session with the remote service.
[Item 2]
The logic further includes:
Receiving a security certificate from the remote service;
Item 2. The secure controller according to item 1, wherein the security certificate is verified.
[Item 3]
The logic further includes:
Receiving an authentication challenge from the remote service;
Receiving a response to the authentication challenge from the user;
Item 3. The secure controller according to item 1 or 2, wherein the response to the remote service is transferred via the secure communication connection.
[Item 4]
The logic further includes:
Define a dialog box in the area of the display device coupled to the secure controller,
Lock the dialog box such that multiple input / output operations performed in the dialog box are only visible to the secure controller;
Receive user input from the input mechanism,
Item 4. The secure controller of any one of items 1-3, wherein the user input is transferred to the remote service via the secure communication connection.
[Item 5]
A request for trusted input from the user is received from an application executing on a processor coupled to the secure controller;
Item 5. The secure controller of any of items 1-4, wherein the request includes an identifier that uniquely identifies the application and the request.
[Item 6]
The logic further includes:
Establishing a secure channel between the secure controller and the application executing on the processor coupled to the secure controller;
Item 6. The secure controller of item 5, wherein the user input is transmitted from the secure controller to the application via the secure channel.
[Item 7]
The logic for establishing a secure channel between the secure controller and the application executing on the processor coupled to the secure controller verifies the identifier and the request using the application 7. The secure controller of item 6, including logic to do.
[Item 8]
An electronic device,
Display,
A processor for implementing an untrusted computing environment;
Receiving a request for a secure communication session with a remote service from an application executing on the untrusted execution complex of the electronic device;
Verifying security credentials received from the remote service;
Establishing a secure communication connection between the secure controller and the remote service;
Establish a secure user interface,
Collect one or more authentication credentials from the user via the secure user interface;
Transferring the one or more authentication credentials to the remote service;
An electronic device comprising: a secure controller including logic for executing a secure communication session with the remote service.
[Item 9]
The logic further includes:
Receiving a security certificate from the remote service;
Item 9. The electronic device according to Item 8, wherein the security certificate is verified.
[Item 10]
The logic further includes:
Receiving an authentication challenge from the remote service;
Receiving a response to the authentication challenge from the user;
Item 10. The electronic device according to Item 8 or 9, wherein the response is transferred to the remote service via the secure communication connection.
[Item 11]
The logic further includes:
Define a dialog box in the area of the display device coupled to the secure controller,
Locking the dialog box such that multiple input / output operations performed in the dialog box are only visible to the secure controller;
Receive user input from the input mechanism,
11. An electronic device according to any one of items 8 to 10, wherein the user input is transferred to the remote service via the secure communication connection.
[Item 12]
A request for trusted input from the user is received from an application executing on a processor coupled to the secure controller;
12. The electronic device according to any one of items 8 to 11, wherein the request includes an identifier that uniquely identifies the application and the request.
[Item 13]
The logic further includes:
Establishing a secure channel between the secure controller and the application executing on the processor coupled to the secure controller;
13. The electronic device of item 12, wherein user input is transmitted from the secure controller to the application via the secure channel.
[Item 14]
The logic for establishing a secure channel between the secure controller and the application executing on the processor coupled to the secure controller verifies the identifier and the request using the application Item 14. The electronic device according to Item 13, which includes logic to perform.
[Item 15]
Receiving a request for a secure communication session with a remote service from an application executing on an untrusted execution complex of an electronic device to a secure controller;
Verifying the security credentials received from the remote service;
Establishing a secure communication connection between the secure controller and the remote service;
Procedures to establish a secure user interface;
Collecting one or more authentication credentials from the user via the secure user interface;
Transferring the one or more authentication credentials to the remote service;
A program for executing a secure communication session with the remote service.
[Item 16]
Receiving a security certificate from the remote service to the secure controller;
16. The program according to item 15, wherein the program further executes a procedure for verifying the security certificate.
[Item 17]
Receiving an authentication challenge from the remote service to the secure controller;
Receiving a response to the authentication challenge from a user;
The program according to item 15 or 16, further comprising: a step of transferring the response to the remote service via the secure communication connection.
[Item 18]
Defining a dialog box in the area of the display device coupled to the secure controller to the secure controller;
Locking the dialog box such that multiple input / output operations performed in the dialog box are only visible to the secure controller;
Receiving user input from the input mechanism;
18. The program according to any one of items 15 to 17, further executing a procedure for transferring the user input to the remote service via the secure communication connection.
[Item 19]
A request for trusted input from the user is received from an application executing on a processor coupled to the secure controller;
The program according to item 18, wherein the request includes an identifier for uniquely identifying the application and the request.
[Item 20]
Establishing a secure channel between the secure controller and the application executing on the processor coupled to the secure controller;
The program according to item 19, further comprising: a step of transmitting the user input from the secure controller to the application via the secure channel.
[Item 21]
Establishing a secure channel between the secure controller and the application executing on the processor coupled to the secure controller comprises verifying the identifier and the request using the application; The program according to item 20, including.

Claims (22)

A controller for an electronic device,
A computer readable memory;
Logic including at least partially hardware logic, and
The logic is
Define a dialog box to display in the area of the display device coupled to the controller,
Lock the dialog box so that multiple input / output operations performed in the dialog box are visible to the controller and not visible to untrusted execution complexes communicatively coupled to the controller. ,
Receiving one or more authentication credentials based on user input to the dialog box;
A controller that establishes a secure communication session with a remote service using the one or more authentication credentials. Logic that at least partially includes hardware logic,
Establishing a secure user interface on the display;
Collect one or more authentication credentials from the user via the secure user interface;
The one or more authentication credentials further comprises logic for transferring to the remote service, according to claim 1 controller. The logic further includes:
Receiving a security certificate from the remote service;
Verifying the security certificate, controller of claim 1 or 2. The logic further includes:
Receiving an authentication challenge from the remote service;
Receiving a response to the authentication challenge from the user;
Via said secure communication connection, and transfers the response to the remote service, according to any one of claims 1 to 3 Controller. The logic further receives a request for trusted user input from an application executing on a processor coupled to the controller;
Wherein the request, the include applications and identifier that uniquely identifies the request, the controller according to any one of claims 1-4. The logic further includes:
Establishing a secure channel between the application running on the processor coupled to the controller and the controller;
The controller of claim 5 , wherein the user input is sent from the controller to the application via the secure channel. Logic for establishing a secure channel between the application and the controller running on said processor coupled to said controller includes logic to verify the identifier and the request using the application, according to claim 6 Controller described in. An electronic device,
Display,
A processor for implementing an untrusted computing environment;
A controller,
Define a dialog box to display in the area of the display device coupled to the controller,
Lock the dialog box so that multiple input / output operations performed in the dialog box are visible to the controller and not visible to untrusted execution complexes communicatively coupled to the controller. ,
Receiving one or more authentication credentials based on user input to the dialog box;
An electronic device comprising logic that establishes a secure communication session with a remote service using the one or more authentication credentials. The logic further includes:
Establishing a secure user interface on the display;
Collect one or more authentication credentials from the user via the secure user interface;
The electronic device of claim 8 , wherein the electronic device forwards the one or more authentication credentials to the remote service. The logic further includes:
Receiving a security certificate from the remote service;
The electronic device according to claim 8 or 9 , wherein the security certificate is verified. The logic further includes:
Receiving an authentication challenge from the remote service;
Receiving a response to the authentication challenge from the user;
11. The electronic device according to any one of claims 8 to 10 , wherein the response is transferred to the remote service via the secure communication connection. The logic further receives a request for trusted user input from an application executing on a processor coupled to the controller;
The electronic device according to claim 8 , wherein the request includes an identifier that uniquely identifies the application and the request. The logic further includes:
Establishing a secure channel between the application running on the processor coupled to the controller and the controller;
The electronic device of claim 12 , wherein the user input is transmitted from the controller to the application via the secure channel. Logic for establishing a secure channel between the application and the controller running on said processor coupled to said controller includes logic to verify the identifier and the request using the application, according to claim 13 The electronic device according to. Defining a dialog box for display in an area of a display device coupled to the controller on the controller;
Lock the dialog box so that multiple input / output operations performed in the dialog box are visible to the controller and not visible to untrusted execution complexes communicatively coupled to the controller. Procedure and
Receiving one or more authentication credentials based on user input to the dialog box;
A program for executing a procedure for establishing a secure communication session with a remote service using the one or more authentication credentials. In the controller,
Establishing a secure user interface on the display;
Collecting one or more authentication credentials from a user via the secure user interface;
The program according to claim 15 , further comprising: a step of transferring the one or more authentication credentials to the remote service. Receiving a security certificate from the remote service in the controller;
The program according to claim 15 or 16 , for further executing the procedure of verifying the security certificate. In the controller,
Receiving an authentication challenge from the remote service;
Receiving a response to the authentication challenge from a user;
The program according to any one of claims 15 to 17 , further executing a procedure for transferring the response to the remote service via the secure communication connection. Causing the controller to further execute a procedure for receiving a request for trusted user input from an application executing on a processor coupled to the controller;
The program according to any one of claims 15 to 18 , wherein the request includes an identifier for uniquely identifying the application and the request. In the controller,
Establishing a secure channel between the controller running on the processor coupled to the controller and the controller;
The program according to claim 19 , further comprising: a step of transmitting the user input from the controller to the application via the secure channel. The program according to claim 20 , further causing the controller to execute a procedure of verifying the identifier and the request using the application. The computer-readable recording medium which stored the program as described in any one of Claims 15-21 .

Images