Method and an integrated circuit for executing a trusted application within a trusted runtime environment
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-012/00
G06F-013/00
G06F-013/28
G06F-003/06
G06F-021/53
G06F-021/74
G06F-012/14
출원번호
US-0898853
(2013-06-19)
등록번호
US-9927995
(2018-03-27)
국제출원번호
PCT/SE2013/050727
(2013-06-19)
국제공개번호
WO2014/204363
(2014-12-24)
발명자
/ 주소
Ekdahl, Patrik
Vahidi, Arash
출원인 / 주소
TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
대리인 / 주소
Rothwell, Figg, Ernst & Manbeck, P.C.
인용정보
피인용 횟수 :
0인용 특허 :
17
초록▼
A method and an integrated circuit (100) for executing a trusted application within a trusted runtime environment (103) of the integrated circuit (100) are disclosed. The integrated circuit (100) comprises an internal memory (101) and the integrated circuit (100) is connected to an external memory (
A method and an integrated circuit (100) for executing a trusted application within a trusted runtime environment (103) of the integrated circuit (100) are disclosed. The integrated circuit (100) comprises an internal memory (101) and the integrated circuit (100) is connected to an external memory (102). The trusted runtime environment (103) is restricted to use the internal memory (101) and the external memory (102). The integrated circuit (100) identifies (201) a call, by the trusted application, to a command of the trusted runtime environment (103). The trusted runtime environment (103) allows the command to be executed when the trusted application resides in the internal memory (101) only. Next, the integrated circuit (100) executes (204) the command while using the internal memory (101) only.
대표청구항▼
1. A method, performed by an integrated circuit, for executing a trusted application within a trusted runtime environment of the integrated circuit, wherein the integrated circuit comprises an internal memory, and wherein the integrated circuit is connected to an external memory, wherein the trusted
1. A method, performed by an integrated circuit, for executing a trusted application within a trusted runtime environment of the integrated circuit, wherein the integrated circuit comprises an internal memory, and wherein the integrated circuit is connected to an external memory, wherein the trusted runtime environment is restricted to use the internal memory and the external memory, wherein the method comprises: identifying a call, by the trusted application, to execute a command of the trusted runtime environment, wherein the trusted runtime environment allows the command to be executed when the trusted application resides in the internal memory only;in response to identifying the call, determining whether the trusted application resides in the external memory;after identifying the call and as a result of determining that the trusted application resides in the external memory, moving the trusted application from the external memory to the internal memory;after moving the trusted application from the external memory to the internal memory, executing the command while using the internal memory only;after executing the command and before deciding that the trusted application should be moved back to the external memory, determining whether the trusted application comprises any sensitive data; andas a result of determining that the trusted application does not comprise any sensitive data, deciding that the trusted application should be moved back to the external memory and then moving the trusted application back to the external memory from the internal memory. 2. The method of claim 1, wherein the trusted application is executed while using only the internal and external memories. 3. The method of claim 1, wherein the trusted runtime environment defines a set of commands, including the command, wherein the set of commands is required to use the internal memory only. 4. The method of claim 1, wherein the internal memory is a secured internal memory, wherein the secured internal memory is arranged to allow access from the trusted runtime environment only. 5. The method of claim 1, wherein the external memory is a secured external memory, wherein the secured external memory is arranged to allow access from the trusted runtime environment only. 6. The method of claim 1, wherein a further trusted application is executed in the trusted runtime environment, wherein the trusted runtime environment allows the trusted application to be executed when the trusted application resides in the internal memory only, wherein the method comprises: detecting that the further trusted application resides in the external memory;detecting a further call, by the further trusted application, to the trusted application;moving the further trusted application to the internal memory; andcontinuing execution of the further trusted application in the internal memory. 7. The method of claim 6, wherein the further trusted application is executed while using only the internal and external memories. 8. The method of claim 1, wherein the method further comprises allocating a first block of memory in response to a first memory allocation request from the trusted application,the trusted application includes a first memory pointer pointing to the first block of memory,determining whether the trusted application resides in the external memory comprises determining whether the first block of memory to which the first memory pointer points is located in the external memory, andmoving the trusted application to the internal memory comprises allocating a second block of memory from the internal memory and adjusting the first memory pointer to point to the second block of memory. 9. The method of claim 8, wherein the command is a command to retrieve sensitive data from a storage unit and store the retrieved data in the first block of memory. 10. The method of claim 9, wherein the sensitive data is a key for use in decrypting encrypted data. 11. The method of claim 10, wherein the method further comprises: allocating a third block of memory in response to a second memory allocation request from the trusted application, wherein the trusted application includes a second memory pointer pointing to the third block of memory;identifying a second call, by the trusted application, to execute a second command of the trusted runtime environment, wherein the trusted runtime environment allows the second command to be executed when the trusted application resides in the internal memory only;in response to identifying the second call, determining whether the third block of memory to which the second memory pointer points is located in the external memory; andafter identifying the second call and as a result of determining that the third block of memory to which the second memory pointer points is located in the external memory, allocating a fourth block of memory from the internal memory and adjusting the second memory pointer to point to the fourth block of memory from the internal memory. 12. The method of claim 11, wherein the second command is a command to: decrypt the encrypted data to produce plaintext data and store the plaintext data in the memory block to which the second memory pointer points. 13. The method of claim 1, wherein the command is a memory allocation command. 14. An integrated circuit configured to execute a trusted application within a trusted runtime environment of the integrated circuit, wherein the integrated circuit comprises an internal memory, and wherein the integrated circuit is connected to an external memory, wherein the trusted runtime environment is restricted to use the internal memory and the external memory, wherein the integrated circuit comprises a processing circuit configured, by the trusted execution environment, to: identify a call, by the trusted application, to execute a command of the trusted runtime environment, wherein the trusted runtime environment allows the command to be executed when the trusted application resides in the internal memory only;in response to identifying the call, determine whether the trusted application resides in the external memory;after identifying the call and as a result of determining that the trusted application resides in the external memory, move the trusted application from the external memory to the internal memory;after moving the trusted application from the external memory to the internal memory, execute the command while using the internal memory only;after executing the command and before deciding that the trusted application should be moved back to the external memory, determine whether the trusted application comprises any sensitive data; andas a result of determining that the trusted application does not comprise any sensitive data, decide that the trusted application should be moved back to the external memory and then move the trusted application back to the external memory from the internal memory. 15. The integrated circuit of claim 14, wherein the trusted application is executable while using only the internal and external memories. 16. The integrated circuit of claim 14, wherein the trusted runtime environment is configured to define a set of commands, including the command, wherein the set of commands is required to use the internal memory only. 17. The integrated circuit of claim 14, wherein the internal memory is a secured internal memory, wherein the secured internal memory is arranged to allow access from the trusted runtime environment only. 18. The integrated circuit of claim 14, wherein the external memory is a secured external memory, wherein the secured external memory is arranged to allow access from the trusted runtime environment only. 19. The integrated circuit of claim 14, wherein a further trusted application is executed in the trusted runtime environment, wherein the trusted runtime environment allows the trusted application to be executed when the trusted application resides in the internal memory only, wherein the processing circuit is configured to: detect that the further trusted application resides in the external memory;detect a further call, by the further trusted application, to the trusted application;move the further trusted application to the internal memory; andcontinue execution of the further trusted application in the internal memory. 20. The integrated circuit of claim 19, wherein the further trusted application is executable while using only the internal and external memories.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (17)
Nalawadi,Rajeev K.; Siddigi,Faraz A., Dynamically loading power management code in a secure environment.
Watt,Simon Charles; Dornan,Christopher Bentley; Orion,Luc; Chaussade,Nicolas; Belnet,Lionel; Brochier,Stephane Eric Sebastien, Exception handling control in a secure processing system.
Jones, Mark T.; Athanas, Peter M.; Patterson, Cameron D.; Edmison, Joshua N.; Mahar, Anthony; Muzal, Benjamin J.; Polakowski, Barry L.; Graf, Jonathan P., Hardware-facilitated secure software execution environment.
Zimmer,Vincent J.; Rothman,Michael A., Methods and apparatus for secure collection and display of user interface information in a pre-boot environment.
Watt, Simon Charles; Dornan, Christopher Bentley; Orion, Luc; Chaussade, Nicolas; Belnet, Lionel; Brochier, Stephane Eric Sebastien, Switching between secure and non-secure processing modes.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.