IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
UP-0715970
(2003-11-17)
|
등록번호 |
US-7636844
(2010-01-08)
|
발명자
/ 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
Blakely, Sokoloff, Taylor & Zafman LLP
|
인용정보 |
피인용 횟수 :
6 인용 특허 :
207 |
초록
▼
Exchanging data between a SIM device and an application executed in a trusted platform, wherein the data to be exchanged is secured from unauthorized access. In one embodiment, the exchanging data includes exchanging an encryption key via a trusted path within a computer system, and exchanging data
Exchanging data between a SIM device and an application executed in a trusted platform, wherein the data to be exchanged is secured from unauthorized access. In one embodiment, the exchanging data includes exchanging an encryption key via a trusted path within a computer system, and exchanging data encrypted with the encryption key, via an untrusted path with the computer system.
대표청구항
▼
What is claimed is: 1. A method comprising: executing, by a hardware processor, a protected application in a protected execution environment that is provided by a trusted platform, the protected execution environment being associated with a protected section of memory that is inaccessible to direct
What is claimed is: 1. A method comprising: executing, by a hardware processor, a protected application in a protected execution environment that is provided by a trusted platform, the protected execution environment being associated with a protected section of memory that is inaccessible to direct memory access and an unprotected section of memory that is accessible to direct memory access, wherein the trusted platform includes a trusted path and an untrusted path; determining, by the hardware processor executing the protected application, that information is to be accessed from a subscriber identity module (SIM) device that includes a SIM card, the SIM device being physically connected with the trusted platform; wherein the trusted path is a path between the protected application and the SIM device, the trusted path being a path through a trusted port of the trusted platform, wherein the trusted port is mapped to the protected section of memory; wherein the untrusted path is another path between the protected application and the SIM device, the untrusted path being a path through an untrusted port of the trusted platform, wherein the untrusted port is mapped to the unprotected section of memory; exchanging unencrypted data that includes an encryption key between the SIM device and the protected application via the trusted path, wherein the unencrypted data to be exchanged is secured from unauthorized access via properties of the trusted port; and exchanging encrypted data that is additional data that has been encrypted using the encryption key between the SIM device and the protected application via the untrusted path. 2. The method of claim 1, wherein exchanging the encryption key includes the protected application transmitting the encryption key to the protected section of memory; and the SIM device accessing the encryption key from the protected section of memory. 3. The method of claim 1, wherein exchanging the encryption key includes the protected application accessing the encryption key from the SIM device, the protected application accessing the encryption key via the trusted port. 4. The method of claim 1, wherein exchanging the encryption key includes exchanging multiple encryption keys, and exchanging the encrypted data includes exchanging separate units of data, with each unit of data separately encrypted with an encryption key selected from the multiple encryption keys. 5. The method of claim 1, wherein exchanging the encrypted data includes a host controller transmitting data from the SIM device to the unprotected section of memory, and a driver transmitting data from the unprotected section of memory to the protected application. 6. The method of claim 5, wherein the host controller is a Universal Serial Bus (USB) host controller and the driver is a USB driver. 7. The method of claim 1, wherein exchanging the encryption key includes the SIM device reading the encryption key from the protected section of memory via the trusted port. 8. The method of claim 1 further comprising: the protected application decrypting the encrypted data using the encryption key. 9. The method of claim 1 further comprising: prior to exchanging the encryption key, the protected application authenticating the SIM device. 10. The method of claim 5, further comprising: exchanging a new encryption key based on a predetermined event selected from a group comprising of, each new transaction, passage of a predetermined period of time, and exchange of a predetermined amount of data. 11. A system comprising: a memory having a protected section that is inaccessible to direct memory access and an unprotected section that is accessible to direct memory access; a trusted platform to provide a protected execution environment, the protected execution environment being associated with the protected section of memory and the unprotected section of memory, wherein the trusted platform includes a trusted path and an untrusted path; and a hardware processor to execute a protected application in the protected execution environment, wherein the trusted application to: determine that information is to be accessed from a subscriber identity module (SIM) device that includes a SIM card, the SIM device being physically connected with the trusted port; wherein the trusted path is a path between the protected application and the SIM device, the trusted path being a path through a trusted port of the trusted platform, wherein the trusted port is mapped to the protected section of memory; wherein the untrusted path is another path between the protected application and the SIM device, the untrusted path being a path through an untrusted port of the trusted platform, wherein the untrusted port is mapped to the unprotected section of memory; exchange, with the SIM device, unencrypted data that includes an encryption key via the trusted path, wherein the unencrypted data to be exchanged is secured from unauthorized access via properties of the trusted port; and exchange, with the SIM device, encrypted data that is additional data that has been encrypted using the encryption key via the untrusted path. 12. The system of claim 11, wherein the exchange of the encryption key includes the protected application to transmit the encryption key to the protected section of memory, and the SIM device to access the encryption key from the protected section of memory. 13. The system of claim 11, wherein the exchange of the encryption key includes the protected application to access the encryption key from the SIM device, the protected application to access the encryption key via the trusted port of the trusted platform. 14. The system of claim 11, wherein the exchange of the encryption key includes an exchange of multiple encryption keys, and the exchange of encrypted data includes an exchange of separate units of data, with each unit of data separately encrypted with an encryption key selected from the multiple encryption keys. 15. The system of claim 11, wherein the system further includes a host controller to transmit data from the SIM device to the unprotected section of memory. 16. The system of claim 15, wherein the system further includes a driver to transmit data from the unprotected section of memory to the protected application. 17. The system of claim 16, wherein the host controller is a Universal Serial Bus (USB) host controller and the driver is a USB driver. 18. The system of claim 11, wherein the SIM device is to read the encryption key from the protected section of memory via the trusted port of the trusted platform. 19. The system of claim 11, wherein the protected application is to decrypt the encrypted data using the encryption key. 20. The system of claim 11, wherein the protected application is to authenticate the SIM device prior to the exchange of the encryption key. 21. The system of claim 11, wherein a new encryption key is to be exchanged based on a predetermined event selected from a group comprising of, each new transaction, passage of a predetermined period of time, and exchange of a predetermined amount of data. 22. The method of claim 1, further comprising: determining, by the SIM device, that the protected application is executed in the trusted execution environment before exchanging the unencrypted data. 23. The method of claim 1, wherein the trusted path is not accessible to applications other than the protected application and the untrusted path is accessible to applications other than the protected application.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.