Key storage administration
First Claim
1. A method for allowing multiple applications to manage their respective data in a device (100, 200) having a secure environment (104, 204, 211) to which access is strictly controlled, the method comprising the steps of:
- allocating (301) a storage area within the secure environment (104, 204, 211);
associating (302) the storage area with an identity of an application;
storing (303) the associated identity within the secure environment; and
controlling (304) access to the storage area by verifying correspondence between the associated identity and the identity of an accessing application.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to a method and a system for allowing multiple applications to manage their respective data in a device (100, 200) having a secure environment (104, 204, 211) to which access is strictly controlled. The idea of the invention is that a storage area is allocated (301) within the secure environment (104, 204, 211) of a device (100, 200). The storage area is associated (302) with an identity of an application, the associated identity is stored (303) in the secure environment (104, 204, 211) and access to the storage area is controlled (304) by verifying correspondence between the associated identity and the identity of an accessing application. This is advantageous, since it is possible for the accessing application to read, write and modify objects, such as cryptographic keys, intermediate cryptographic calculation results and passwords, in the allocated storage area.
95 Citations
17 Claims
-
1. A method for allowing multiple applications to manage their respective data in a device (100, 200) having a secure environment (104, 204, 211) to which access is strictly controlled, the method comprising the steps of:
-
allocating (301) a storage area within the secure environment (104, 204, 211);
associating (302) the storage area with an identity of an application;
storing (303) the associated identity within the secure environment; and
controlling (304) access to the storage area by verifying correspondence between the associated identity and the identity of an accessing application. - View Dependent Claims (2, 3, 4, 5, 6, 15, 16, 17)
-
-
7. A system for allowing multiple applications to manage their respective data in a device (100, 200) having a secure environment (104, 204, 211) to which access is strictly controlled, the system comprising:
-
means (103, 203) for allocating (301) a storage area within the secure environment (104, 204, 211);
means (103, 203) for associating (302) the storage area with an identity of an application;
means (103, 203) for storing (303) the associated identity within the secure environment (104, 204, 211); and
means (103, 203) for controlling (304) access to the storage area by verifying correspondence between the associated identity and the identity of an accessing application. - View Dependent Claims (8, 9, 10, 11)
-
-
12. Circuitry (101, 201) for providing data security, which circuitry (101, 201) contains at least one processor (103, 203) and at least one storage circuit (104, 204, 211) and which circuitry (101, 201) comprises:
-
at least one storage area in said at least one storage circuit (104, 204, 211), in which storage area protected data relating to circuitry security are located;
mode setting means arranged to set said processor (103, 203) in one of at least two different operating modes, the mode setting means being capable of altering the processor (103, 203) operating mode;
storage circuit access control means arranged to enable said processor (103, 203) to access said storage area in which said protected data are located when a first processor operating mode is set; and
storage circuit access control means arranged to prevent said processor (103, 203) from accessing said storage area in which protected data are located when a second processor operating mode is set. - View Dependent Claims (13, 14)
-
Specification