Implementation of an integrity-protected secure storage
First Claim
1. A device which comprises:
- a first integrated circuitry for forming a first trust zone, the first integrated circuitry comprising a secure processor; and
a second integrated circuitry separate from the first circuitry for forming a second trust zone, the second integrated circuitry comprising a secure non-volatile storage within the second trust zone, wherein the secure processor is configured to communicate information from the first trust zone to the second trust zone in a secure manner for the secure information to be securely stored in the secure non-volatile storage;
the second integrated circuitry is configured to communicate information stored in its secure non-volatile storage from the second trust zone to the secure processor within the first trust zone in a secure manner; and
wherein said first integrated circuitry and said second integrated circuitry are internal parts of the device.
2 Assignments
0 Petitions
Accused Products
Abstract
An internal but not integrated security token is provided for a device which includes a first integrated circuitry including a secure processor. The security token is provided by a second integrated circuitry separate from the first circuitry. The second integrated circuitry includes a secure non-volatile storage. The secure processor communicates information to the second circuitry in a secure manner for the secure information to be securely stored in the secure non-volatile storage, and the second integrated circuitry communicates information stored in its secure non-volatile storage to the secure processor in a secure manner. Communications is secured by means of cryptography. The first integrated circuitry and the second integrated circuitry are internal parts of the device. An initialization method for distributing a secure key to be shared between the circuitries and to be used in cryptography is also disclosed.
96 Citations
27 Claims
-
1. A device which comprises:
-
a first integrated circuitry for forming a first trust zone, the first integrated circuitry comprising a secure processor; and
a second integrated circuitry separate from the first circuitry for forming a second trust zone, the second integrated circuitry comprising a secure non-volatile storage within the second trust zone, wherein the secure processor is configured to communicate information from the first trust zone to the second trust zone in a secure manner for the secure information to be securely stored in the secure non-volatile storage;
the second integrated circuitry is configured to communicate information stored in its secure non-volatile storage from the second trust zone to the secure processor within the first trust zone in a secure manner; and
whereinsaid first integrated circuitry and said second integrated circuitry are internal parts of the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for initializing a secure key to be shared between a first integrated circuitry and a second integrated circuitry, the method comprising:
-
distributing the secure key to be shared between the first integrated circuitry and the second integrated circuitry from a secure key-distribution server to the first and second integrated circuitry, wherein the method comprises;
protecting the distribution of the secure key from the secure key-distribution server to the first integrated circuitry using a first key, the first key being a key shared beforehand between the first integrated circuitry and the secure key-distribution server; and
protecting the distribution of the secure key from the secure key-distribution server to the second integrated circuitry using a second key, the second key being a key shared beforehand between the second integrated circuitry and the secure key-distribution server.
-
-
23. An integrated circuitry, which comprises:
-
a secure processor for issuing and encrypting commands to be transferred to another integrated circuitry in accordance with a secure protocol, wherein the secure protocol comprises a key-change operation by which a secure key shared between the integrated circuitry and said another integrated circuitry can be changed.
-
-
24. A computer program executable by a secure processor of an integrated circuitry, comprising:
-
program code for issuing commands to be transferred to another integrated circuitry in accordance with a secure protocol; and
program code for causing the secure processor to initiate a key-change operation by which a secure key shared between the integrated circuitry and said another integrated circuitry is changed.
-
-
25. An integrated circuitry, which comprises:
-
a non-volatile memory for storing secure data received from another integrated circuitry; and
logics for accessing said non-volatile memory, wherein the integrated circuitry is adapted to communicate secure data stored on said non-volatile memory and secured by means of cryptography to said another integrated circuitry, and wherein the integrated circuitry is configured to use a single cryptographic primitive.
-
-
26. A computer program executable in an integrated circuitry, comprising:
-
program code for securing communications with another integrated circuitry by using a key shared between the integrated circuitry and said another integrated circuitry; and
program code for changing between different key-states of different security levels.
-
-
27. An energy management chip adapted to carry out energy management of a device, the energy management chip comprising a secure non-volatile memory and logics so as to provide a security token for a secure processor external to said energy management chip.
Specification