Appliqué providing a secure deployment environment (SDE) for a wireless communications device

摘要

A security appliqué provides a secure deployment environment (SDE) for a wireless communications device. The Security appliqué isolates the security features, requirements, and information security boundaries such that no hardware modifications are required to a wireless communications device. Rather, a security module thin client is provided to the wireless communications device to provide the Secure Deployment Environment (SDE). The wireless communications device is coupled to the security appliqué via the standard connection interface. Through the standard connection interface, the security appliqué provides the SDE for the wireless communications device without implementing modifications to the wireless communications device.

主权项

1. A secure system, comprising:
a wireless communications device; a security appliqué to provide a secure deployment environment (SDE) to manage security operations including a hardware sleeve including the communications device situated therein: the sleeve including:
an interface for connecting to the communications device;a hardware processor, coupled to the interface, the processor to determine an operating system of the communications device, to execute the same operating system as the operating system of the communications device, and to provide a secure deployment environment (SDE) to manage security operations for the communications device without implementing modifications to the communications device;a programmable crypto application device, coupled to the processor, to implement the security operations managed by the processor;a secure sandbox to implement a secure environment for running an application, the secure sandbox including a virtual network computing (VNC) to present an application running on the VNC server for display on the wireless communications device and to allow a user to interact with the application using a touchscreen or keypad of the wireless communications device;a network router, communicatively connected between the secure sandbox and the interface, the network router for providing the data from the VNC server to the interface for routing to the communications device; anda hardware trust anchor (HTA) to protect a virtual environment provided by the wireless communications device from threats by firmly grounding the virtual environment to the programmable crypto application device, wherein the HTA further provides a mechanism for asserting fidelity of the underlying platform provided by the programmable crypto application device and informs the user of the current trust-state; the communications device coupled to the sleeve via the connection interface, the wireless communication device including a thin client application for interfacing with the security appliqué, the thin client including a VNC client and an intrusion detection module, the VNC client operable to provide access to the application through the VNC server and present a remote desktop on the communications device, the intrusion detection module to protect the thin client form malware; wherein the security appliqué provides the SDE for the wireless communications device without implementing modifications to the wireless communications device, wherein the security appliqué communicates with the wireless communications device using the standard connection interface, wherein the security appliqué includes a processor to determine an operating system of the communications device and to execute the same operating system as the operating system of the communications device on the security appliqué.