Using hardware to secure areas of long term storage in CE devices
First Claim
1. A system for securing long-term storage in an electronic device, the system comprising:
- a memory including one or more areas of long-term storage, including at least one area of secured long-term storage;
a memory management unit for managing at least the secured long-term storage area of the memory;
a security component for regulating access to at least the secured long-term storage area, the security component including;
a memory security application for receiving and authenticating a cryptographic authorization code that controls access to at least the secured long-term storage area, and a controller for sending instructions from the memory security application to the memory management unit to disable writing into at least the secured long-term storage area of the memory if the security application does not authenticate the cryptographic authorization code;
wherein the security component is implemented by dedicated circuitry.
3 Assignments
0 Petitions
Accused Products
Abstract
A system includes long-term storage (e.g., flash memory) for storing sensitive data and critical components of a consumer electronic (CE) device such as an operating system (OS) kernel, private cryptographic key values, security applications, and firmware configurations, for example. Security hardware/software designates and restricts access to secured portions of long-term storage that contain the critical components. Requests for access to these secured portions are addressed by the security hardware/software, which authenticates a cryptographic authorization code received with the request. Read-write access to the secured portions is allowed for download and installation of, for example, a software or firmware upgrade if the cryptographic authorization code is authenticated.
-
Citations
22 Claims
-
1. A system for securing long-term storage in an electronic device, the system comprising:
-
a memory including one or more areas of long-term storage, including at least one area of secured long-term storage;
a memory management unit for managing at least the secured long-term storage area of the memory;
a security component for regulating access to at least the secured long-term storage area, the security component including;
a memory security application for receiving and authenticating a cryptographic authorization code that controls access to at least the secured long-term storage area, and a controller for sending instructions from the memory security application to the memory management unit to disable writing into at least the secured long-term storage area of the memory if the security application does not authenticate the cryptographic authorization code;
wherein the security component is implemented by dedicated circuitry. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of controlling access to a secured long-term storage of an electronic device, the method comprising the steps of:
-
a) receiving data and a request to store the data in the secured long-term storage;
b) receiving a cryptographic authorization code associated with the received data;
b) authenticating the cryptographic authorization code d) preventing the storing the data into the secured long-term storage if the cryptographic authorization code is not authenticated. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method of controlling access to a secured long-term storage of an electronic device, the method comprising the steps of:
-
receiving a request for data from the secured long-term storage;
performing a data authentication process on the requested data to obtain a computed message digest of the requested data;
retrieving a stored message digest of the requested data;
comparing the stored message digest with the computed message digest; and
aborting the request for data from the secured long-term storage if the stored message digest does not match the computed message digest. - View Dependent Claims (22)
-
Specification