Secure desktop applications for an open computing platform

摘要

Example secure desktop applications for an open computing platform are disclosed. An example secure desktop method for a computing platform disclosed herein comprises establishing a secure communication connection between a secure desktop provided by the computing platform and a trusted entity, the secure communication connection being accessible to a trusted application authenticated with the secure desktop, the secure communication connection being inaccessible to an untrusted application not authenticated with the secure desktop, and securing data that is stored by the secure desktop in local storage associated with the computing platform, the stored data being accessible to the trusted application and inaccessible to the untrusted application.

主权项

1. A method for a computing platform, the method comprising:
establishing a secure communication connection between a secure desktop provided by the computing platform and a trusted entity using a first set of encryption keys, the secure communication connection being accessible to a trusted application authenticated with the secure desktop, the secure communication connection being inaccessible to an untrusted application not authenticated with the secure desktop; securing data that is stored by the secure desktop in local storage associated with the computing platform using a second set of encryption keys, the stored data being accessible to the trusted application and inaccessible to the untrusted application; in response to detecting that the secure communication connection has been terminated, revoking the first set of encryption keys and determining whether the secure desktop has been configured to support off-line data access; and in response to (1) detecting that the secure communication connection has been terminated and (2) determining that the secure desktop has been configured to support off-line access, waiting to revoke the second set of encryption keys until expiration of at least a first configurable time period beginning after detecting that the secure communication connection has been terminated to permit off-line access to the data that is stored by the secure desktop in the local storage.