XSIDES TECHNOLOGY: TRUSTED COMPUTING

The concept of security continues to become increasingly more important in a world where personal computer systems are generally connected via wireless or wired networks to other computing systems. Many companies and institutions have addressed security issues as they relate to, for example, the transfer of data from a personal (client) computer system to server computer systems over network communications. For example, firewalls are typically present on local area networks (LANs) to form boundaries between the rest of the internetworking world and the computer systems on the LAN. In addition, widely used cryptography techniques are often applied to such data transfers to ensure the security of the data communication paths.

However, there still remains a problem on the client computer systems themselves regarding valuable data that is often stored in valid form on the client computer system even though it may be transmitted in encrypted form over a communications channel to a server machine. For example, a user desiring to buy a product over the Internet, may connect and log into a website and provide his/her credit card information in order to purchase the product. Although the website (and client browser on the client machine) may support the transfer of the credit card information using a secure communications layer (such as SSL – secure socket layer protocol), the credit card information, in order to be displayed on the display device of the client computer system actually resides in unprotected memory within the computer system as valid data for some period of time. Unauthorized “hackers” can then access such stored data using sophisticated mechanisms, even if the data is stored briefly. Thus, there is an ever-increasing need for providing techniques for securing data on a client machine.

It is from this and related issues that xSides enhanced its core technology to implement the following Trusted Computing technologies, all of which enable data to be processed on an end user computer system in adherence to higher security standards:

SECURITY ENHANCED DRIVERS – At the core of the xSides Trusted Computing Technologies resides a fundamental technology defined as Security Enhanced Drivers (SEDs). The technology is based on xSides patents which enable the creation of a protected environment within a computer system which isolates a secure area of memory (video, audio, etc.) that is used to process data on the user device.

Prior to the development of xSides SEDs technology, the only alternative available to users within current computing system architecture, was the limited protection provided by forms of virtual memory. However, this alternative didn’t provide measurable defenses against hackers and various forms of malicious code, which could still affect the functionality of the operating system and required memory. xSides SEDs solves this problem through proprietary technologies which enable the isolation of memory to enhance security of data directly on the device.

xSides SEDs enable varying degrees and levels of security based on the form in which they are implemented within a computer system, inclusive of software, firmware or hardware.

XSIDES PARALLEL PLATFORM - xSides create a platform or environment, defined as the Parallel Platform, in which authorized processes are isolated from the resident operating system thereby enhancing the security available to applications and data residing within the Parallel Platform.

xSides is called the Parallel Platform because it operates in parallel to the OS running on the machine on which xSides technology is installed. It is important to note that the Parallel Platform is not a separate operating system. Because xSides resides outside of the OS, xSides remains immune to the vulnerabilities within the OS including browsers and securely delivers applications and content to enterprise and home environments.

The Parallel Platform’s primary function is to create a trusted environment or "virtual vault" inside the PC (or other end-user device) within which data can be stored and applications can be executed. Once this environment is created, the platform’s secondary function extends the secure channel all the way to the display as data is transferred from memory to the end-user’s device screen.

The following graphic is a depiction of a standard computing environment, which is enhanced with the xSides Parallel Platform. The architecture depicted on the left is that of s standard computing environment, in which it is relatively easy for hackers to manipulate systems processes including functions of the operating system, particularly when the device is connected to the internet. The architecture depicted on the right of the graph encompasses the xSides SEDs, the Parallel Platform which provides a limited set of applications program interfaces (APIs) and services for trusted applications.

xSides application programming interfaces (APIs) are proprietary, and the xSides area is effectively "locked off" from data sent through the OS. When users run trusted applications within the Parallel Platform, the output is isolated and delivered to a segregated environment directly on the display. This segregated environment cannot be assessed by the operating system, nor can it be covered by any window from programs that are running on the standard operating system.

SECURE FROM INPUT TO OUTPUT - xSides has developed methods and created systems for maintaining the security of data in a computer-based environment as it is input to a computer system from an input device such as a mouse or keyboard through transmission to trusted applications and related processing and finally to its output to the user from the computer system through, for example, audio or video means. The result is an isolated secure path directly from the user to a secure portion of the display screen.

xSides Secure Path from Input (Keyboard, Mouse) to Output (Audio, Visual) provide computer-based methods and systems for enhancing the security of data during input and output on a client computer system in order to prohibit and/or limit attempts by illegitimate processes, applications, or machines to obtain data in an unauthorized fashion. For the purposes of this description, “data” includes digital bits or analog signals in a computer system transferred or stored for any purpose, including graphics, text, audio, video, input signals, output signals, etc.