Replies to post #5338 on Wave Systems Corp. (fka WAVXQ)

[greg s]

re: What makes you think that the security co-processor has to be a separate entity from the main processor?

If it was an Intel CPU, I can assure you the IP for the security engine will be owned and controlled by Intel Corp., if (and that is a very big "if") the security functionality were to be included in the main processor.

[Dabears4]

Zeev,
My take on those patents is that they do not make claims on creating a trusted environment or having a security chip on the motherboard. They provide services to a trusted environment which has access to a cryptographic unit coupled to the trusted environment's processor.

This passage gets at what the inventions are trying to address.

“There are emerging mechanisms to address potential attacks on computer systems. One of these is the creation of trusted execution environments in a conventional computer system. These trusted environments possess hidden execution and protected storage. Hidden execution allows for the execution of operations which are not observable to traditional computing resources. Protected storage provides for the safekeeping of sensitive information, such as cryptographic keys, signature keys, or other private information. Hidden execution and protected storage allow conventional computer systems to execute portions of transactional protocols without allowing software debuggers to monitor the data structures and effect breakpoint or watchpoints within the trusted environment. These aspects of the trusted environment also aid in preventing viruses or other attack mechanisms from modifying the application data or executable object code. Thus, sensitive portions of the transactions may be protected from some traditional software attacks.”

”Although trusted environments provide some protection from traditional attacks, these trusted environments have several drawbacks. In particular, there is no mechanism for verifying the integrity of the trusted environment's security. A user may wish to provide input including sensitive data from a variety of sources, including smart cards, biometric sensors, or other peripheral devices. It is difficult to allow a user to input data to the trusted environment in a secure manner. It is also difficult to securely provide feedback relating to the processing occurring in the trusted environment.”

”Accordingly, what is needed is a system and method for providing an environment which allows secure transactions to be processed while avoiding many of drawbacks of the present implementations of trusted environments. The present invention addresses such a need.”


The services that are

1) provide authentication for a trusted environment through development of a root of trust

2)provide a means of secure input into a trusted environment which are used for multi-factor authentication of transactions in a non-repudiatable manner within the trusted environment of the security co-processor

3) provide means for determining whether the plurality of secure resources with a computer are sufficient for executing an application; and means for executing the application only if the plurality of resources is sufficient

[Zeev Hed]

Read the claims as finally granted, no such language there. The independent claims of '202 are 1, 14, 17 and one method claim, 18, all have co-processors and an interface to a host microprocessor or computer. Typically, from my experience, when the specification is broader than the claim, it means that during prosecution, the claims were narrowed because of prior art. Under these circumstances,the Markman decision eliminates the doctrine of equivalents and the claims must be read (apply protection) to just what was claimed and not to any equivalents to what was claimed. You got to have the file wraper to know the details, though. Of course, a patent lawyer if any is on this thread, could better analyze this situation. If someone designs a security function without the interface integrating the co-processor into the processor ( just as Math Co-processors and many graphics processing functions were integrated into microprocessors), it is not infringing on '202.