| CPC G06F 21/72 (2013.01) [G06F 21/34 (2013.01); G06F 21/606 (2013.01); G06F 21/74 (2013.01); G06F 21/84 (2013.01)] | 20 Claims |
|
1. A cryptographic device comprising:
a communication interface circuit, wherein the communication interface circuit is arranged to communicate with a server,
a processor circuit,
wherein the processor circuit has a normal mode and a secure mode,
wherein a data and a code are isolated from the normal mode when the processor circuit is in the secure mode,
wherein the data comprises at least a first private key and secret,
wherein the first private key corresponds to a first public key,
wherein the secret is shared with a user,
wherein a first software is executed when the processor circuit is in the normal mode,
wherein when the processor circuit is in the normal mode, the first software is arranged to receive an encrypted message and an encrypted authentication tag from the server,
wherein the encrypted message and encrypted authentication tag are encrypted with the first public key,
wherein when the processor circuit is in the normal mode, the first software is arranged to forward the encrypted message and the encrypted authentication tag to second software,
wherein the second software is executed when the processor circuit is in the secure mode,
wherein when the processor circuit is in the secure mode, the second software is arranged to decrypt the encrypted message and encrypted authentication tag with the first private key,
wherein the first private key is stored in data of the secure mode, wherein when the processor circuit is in the secure mode, the second software is arranged to display the shared secret, the message and the decrypted authentication tag so as to indicate to the user that the message is displayed by software running in the secure mode,
wherein a legacy software is arranged to receive the decrypted authentication tag from the user through an input interface of the cryptographic device.
|