Using a trusted-platform-based shared-secret derivation and WWAN infrastructure-based enrollment to establish a secure local channel
First Claim
1. A method for establishing a connection on a mobile computing device, comprising:
- generating a secret, wherein the secret is generated on a trusted platform;
transporting the secret to a secure channel application, the secure channel application for establishing a trusted local communication channel between the trusted platform and a SIM(subscriber identity module)/Smartcard;
receiving the secret directly into the SIM/Smartcard; and
providing the secret to a secure channel applet on the SIM/Smartcard, the secure channel applet for establishing the trusted local communication channel between the SIM/Smartcard and the trusted platform, wherein the secret is shared by the trusted platform and the SIM/Smartcard.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for establishing a trusted connection on a mobile computing device. A shared secret is generated on a trusted platform of the mobile computing device. The shared secret is transported to a secure channel application. The secure channel application establishes a secure local communication channel between the trusted platform and a SIM (subscriber identity module)/Smartcard on the mobile computing device. The shared secret is received by the SlM/Smartcard. In one embodiment, the mobile computing device includes a GSM (Global Systems for Mobile Communications) 03.48 application that sends the shared secret to a GSM 03.48 network infrastructure for storage, management, and verification by the GSM 03.48 network infrastructure, and in turn sends the shared secret to the SIM/Smartcard on the mobile computing device. In an alternative embodiment, a Diffie-Hellman key exchange is performed by the trusted platform to send the shared secret to the SIM/Smartcard. The shared secret, after being received by the SlM/Smartcard, is provided to a secure channel applet on the SIM/Smartcard. The secure channel applet establishes the local communication channel between the SlM/Smartcard and the trusted platform. Once the secure channel application on the trusted platform and the secure channel applet on the SIM/Smartcard both have the shared secret, a transport layer security (TLS)-based handshake can take place to establish the secure local communication channel.
-
Citations
39 Claims
-
1. A method for establishing a connection on a mobile computing device, comprising:
-
generating a secret, wherein the secret is generated on a trusted platform;
transporting the secret to a secure channel application, the secure channel application for establishing a trusted local communication channel between the trusted platform and a SIM(subscriber identity module)/Smartcard;
receiving the secret directly into the SIM/Smartcard; and
providing the secret to a secure channel applet on the SIM/Smartcard, the secure channel applet for establishing the trusted local communication channel between the SIM/Smartcard and the trusted platform, wherein the secret is shared by the trusted platform and the SIM/Smartcard. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for establishing a connection on a mobile computing device, comprising:
a computing device, the computing device having a Trusted platform architecture with a Trusted Partition, the Trusted Partition comprising a trusted key generator to generate a secret, a trusted storage to store the secret, a secure channel application to establish a secure local communication channel between the Trusted Partition and a SIM(subscriber identity module)/Smartcard card on the computing device, and an application to enable the secret to be passed to the SIM/Smartcard to establish trust between the SIM/Smartcard and the Trusted Partition;
wherein when the Trusted Partition and the SIM/Smartcard both possess the secret, the occurrence of a transport layer security (TLS)-based handshake establishes a secure local channel.- View Dependent Claims (20, 21, 22)
-
23. An article comprising:
- a storage medium having a plurality of machine accessible instructions, wherein when the instructions are executed by a processor, the instructions provide for generating a secret, wherein the secret is generated on a trusted platform;
transporting the secret to a secure channel application, the secure channel application for establishing a trusted local communication channel between the trusted platform and a SIM(subscriber identity module)/Smartcard;
receiving the secret directly into the SIM/Smartcard; and
providing the secret to a secure channel applet on the SIM/Smartcard, the secure channel applet for establishing the trusted local communication channel between the SIM/Smartcard and the trusted platform, wherein the secret is shared by the trusted platform and the SIM/Smartcard. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- a storage medium having a plurality of machine accessible instructions, wherein when the instructions are executed by a processor, the instructions provide for generating a secret, wherein the secret is generated on a trusted platform;
Specification