| 摘要 |
A trusted device includes a secure interface and a host interface, the secure interface being isolated from the host interface by an isolated environment. A trusted source provisions the trusted device via the secure interface to include private information, such as private user information and cryptographic data. When the trusted device is connected to an untrusted host device via the host interface, the untrusted host device transmits a request regarding the private information to a write file of the host interface. A processor of the isolated environment retrieves the request and generates an output, such as an encrypted output, that is responsive to the request from the untrusted host device. The trusted device transmits the output to a read file of the host interface, thus making the output available to the untrusted host device via the host interface. The untrusted host device then receives the output via the host interface. |
| 主权项 |
1. A computer-implemented method to generate a secure output based on restricted information, comprising:
receiving, by a trusted computing device associated with a separate host computing device, restricted information, wherein the trusted computing device is preconfigured to include an isolated environment and a host computing device interface comprising a write file and a read file, the isolated environment being not directly accessible to the host computing device, and the restricted information being stored in a secure storage of the isolated environment; receiving, by the write file of the trusted computing device and from the host computing device, a write-file entry, wherein the write-file entry comprises an indication of the restricted information that is responsive to the write-file entry; and processing, by the trusted computing device and in the isolated environment of the trusted computing device, the write-file entry, wherein processing the write-file data comprises:
identifying, based on the indication of the restricted information that is responsive to the write-file entry, at least a portion of the restricted information that is responsive to the write-file entry, andgenerating a secure output to the read file of the trusted computing device based on the identified restricted information, wherein the secure output is available to the host computing device in the read file of the trusted computing device. |
