1. Field of the Invention
This invention relates to secure communications and more particularly relates to secure communications from a human interface device.
2. Description of the Related Art
The users of data processing devices regularly send sensitive data such as passwords, account numbers, credit card numbers, and personal identification numbers to other data processing devices. Data processing devices may include computers, servers, mainframes, networks, network devices, routers, personal digital assistants, and telephones.
Sensitive data can be intercepted when communicated between data processing devices, compromising the security of the sensitive data and any accounts, information, and resources that the sensitive data may protect. To secure sensitive data from being compromised if intercepted, sensitive data is often communicated as encrypted data.
Users frequently input sensitive data into the data processing device using a human interface device (“HID”). HIDs include keyboards, touch screens, entry tablets, computer mice, trackballs, styluses, microphones, scanners, and cameras. An HID may also include identification devices such as card readers, fingerprint scanners, retinal scanners, and physical key ports.
FIG. 1 illustrates a conventional input data encryption system 100. The sensitive data encryption system 100 communicates input data such as sensitive data from a HID 115 to a host 105. The input data encryption system 100 includes a host 105, a communicating device 110, a HID 115, and a network 120.
A user enters input data such as a password into the HID 115. The HID 115 communicates the input data to the communicating device 110. The communicating device 110 is typically a data processing device such as a computer. The communicating device 110 encrypts the input data as encrypted data. In addition, the communicating device 110 communicates the encrypted data to the host 105. The host 105 is typically a data processing device such as a server. The host 105 may decrypt the encrypted data to access the input data.
Unfortunately, the input data entered into the HID 115 is not encrypted as the input data is communicated from the HID 115 to the communicating device 110. The input data may be intercepted when communicated from the HID 115 in an unencrypted form, putting the input data at risk. For example, the keystrokes of a keyboard HID 115 may be recorded by a snooping program placed on the communicating device 110 without the knowledge of the user. If the user communicated input data such as a password to the host 105 through the communicating device 110, the snooping program could intercept the unencrypted password although the password is subsequently encrypted by the communicating device 110 for communication to the host 105.
To further protect sensitive data, data processing standards groups such as the Trusted Computing Platform Alliance (“TCPA”) and the Trusted Computing Group (“TCG”) have created specifications for establishing a trusted relationship between data processing devices. Data processing devices with a trusted relationship share a secure credential such as a random number. The data processing devices may communicate securely using encrypted data. The encrypted data is encrypted and decrypted with the secure credential possessed by the data processing devices in the trusted relationship.
For example, a first data processing device with a trusted relationship with a second data processing device may be configured to calculate encrypted data using a secure credential. The first data processing device then communicates the encrypted data to the second data processing device. The second data processing device also posses the secure credential and decrypts the encrypted data using the secure credential. Unfortunately, HIDs 115 do not support trusted relationships and cannot communicate sensitive data as encrypted data. Thus, sensitive data communicated from a HID 115 to a data processing device may be intercepted before the sensitive data can be encrypted.
Consequently, a need exists for a process, apparatus, and system for secure communications from a HID 115. What is further needed is a process, apparatus, and system for establishing a trusted relationship with the HID 115. Beneficially, such a process, apparatus, and system would enable the user to communicate input data from the HID 115 as encrypted data, protecting the sensitive data from unauthorized access if the encrypted data is intercepted after communication from the HID 115.