Computer architecture for a handheld electronic device with a shared human-machine interface

Mobile PDA computer system ( 300 ) includes a secure user processor ( 302 ), a non-secure user processor ( 306 ), a cryptographic engine ( 304 ), and a shared human/machine interface (HMI) ( 308 ). The secure user processor ( 302 ) can be comprised of a first trusted microprocessor and a first trusted operating system executing on the first trusted microprocessor. The non-secure user processor ( 306 ) can be comprised of a second non-trusted microprocessor and a second non-trusted operating system executing on the second non-trusted microprocessor. A cryptographic engine ( 304 ) can be comprised of a third trusted cryptographic processor and a third trusted operating system executing on the third trusted cryptographic processor. The cryptographic engine can be configured for encrypting and decrypting data. A first data communication link ( 303 ) communicates data between the secure user processor and the cryptographic engine. A second data communication link ( 305 ) communicates data between the cryptographic engine and the non-secure user processor. In this way, the cryptographic engine forms a bridge between the secure user processor and the non-secure user processor. An HMI ( 308 ) comprised of trusted hardware for user input and output is time-multiplex-shared among the secure user processor ( 302 ), the non-secure user processor ( 304 ), and the cryptographic engine ( 306 ) in a secure fashion.