TRUSTED LANGUAGE RUNTIME ON A MOBILE PLATFORM

US 20120331550A1
Filed: 06/24/2011
Published: 12/27/2012
Est. Priority Date: 06/24/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented execution system, comprising:

an untrusted execution environment of a mobile device where an operating system and untrusted code of an application execute;

a trusted execution environment of the mobile device where trusted code of the application executes, the trusted code isolated from inspection and modification by the untrusted code;

a secure communications component of the mobile device that provides a secure communications channel between the trusted and untrusted execution environments; and

a processor that executes computer-executable instructions associated with at least one of the untrusted execution environment, trusted execution environment, or secure communications component.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a trusted language runtime (TLR) architecture that provides abstractions for developing a runtime for executing trusted applications or portions thereof securely on a mobile device (e.g., a smartphone). TLR offers at least two abstractions to mobile developers: a trustbox and a trustlet. The trustbox is a runtime environment that offers code and data integrity, and confidentiality. Code and data running inside a trustbox cannot be read or modified by any code running outside the trustbox. A trustlet is the code portion of an application that runs inside a trustbox. With TLR, programmers can write applications in .NET and specify which parts of the application handle sensitive data, and thus, run inside the trustbox. With the TLR, the developer places these parts in a trustlet class, and the TLR provides all support needed to run the parts in the trustbox.

101 Citations

View as Search Results

20 Claims

1. A computer-implemented execution system, comprising:
- an untrusted execution environment of a mobile device where an operating system and untrusted code of an application execute;
  
  a trusted execution environment of the mobile device where trusted code of the application executes, the trusted code isolated from inspection and modification by the untrusted code;
  
  a secure communications component of the mobile device that provides a secure communications channel between the trusted and untrusted execution environments; and
  
  a processor that executes computer-executable instructions associated with at least one of the untrusted execution environment, trusted execution environment, or secure communications component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the trusted code is identified in the application according to a class that defines data which flows between the trusted and untrusted execution environments.
  - 3. The system of claim 1, wherein the trusted execution environment is absent of input-output interfaces and device drivers.
  - 4. The system of claim 1, wherein the trusted execution environment executes according to a language runtime environment that runs using hardware-based isolation protection extensions.
  - 5. The system of claim 1, wherein the secure communications component encrypts data and binds the encrypted data to a specific set of trusted code in the trusted execution environment, which environment includes one or more sets of trusted code.
  - 6. The system of claim 1, wherein the secure communications component switches between a secure mode and an unsecure mode, the secure communications component saves and restores processor state of the trusted and untrusted execution environments based on mode.
  - 7. The system of claim 1, wherein the secure communications component establishes the secure communications channel in response to a call, the channel based on kernel-mode drivers one of which initiates a secure mode.
  - 8. The system of claim 1, wherein the secure communications component establishes the secure communications channel based on libraries at a language runtime level of the trusted and untrusted execution environments, and communications drivers at a system support level of the trusted and untrusted execution environments.
  - 9. The system of claim 1, further comprising a bootstrap component that first boots the mobile device into a secure mode and runs a secure bootloader to establish the trusted execution environment, and thereafter, invokes an untrusted bootloader to execute a standard boot sequence for the operating system.

10. A computer-implemented execution method, comprising acts of:
- creating a trusted execution environment in a mobile device using processor-based isolation extensions;
  
  establishing a secure communications channel between the trusted execution environment and an untrusted execution environment;
  
  running a portion of trusted code of an untrusted application in the trusted execution environment;
  
  communicating a call to the portion of trusted code in the trusted execution environment over the secure communications channel, the call generated in response to an invoked method of the untrusted application;
  
  returning arguments and values to the untrusted execution environment over the secure communications channel, based on the call; and
  
  utilizing a processor that executes instructions stored in memory to perform at least one of the acts of creating, establishing, running, communicating, or returning.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, further comprising isolating the portion of trusted code from inspection by untrusted application code and operating system of the mobile device using the trusted execution environment.
  - 12. The method of claim 10, further comprising defining an interface in the portion of trusted code that identifies data communicated between the trusted execution environment and untrusted execution environment.
  - 13. The method of claim 10, further comprising authenticating the mobile device based on a cryptographic device identifier of the mobile device.
  - 14. The method of claim 10, further comprising encrypting and binding data to the mobile device and a specific portion of trusted code in the trusted execution environment of the mobile device.
  - 15. The method of claim 10, further comprising destroying the trusted execution environment by destroying an associated container of the code and data.
  - 16. The method of claim 10, further comprising:
    - executing a secure bootloader to load a trusted language runtime image into memory and perform an integrity check on the image;
      
      initiating trusted language runtime initialization code to create the trusted execution environment; and
      
      thereafter executing a bootloader in the untrusted execution environment to further execute an operating system boot sequence to create the untrusted execution environment.

17. A computer-implemented execution method, comprising acts of:
- creating a trusted execution environment in a mobile device using processor-based isolation extensions;
  
  defining an interface in a portion of trusted code of an untrusted application, the interface identifies data communicated between the trusted execution environment and an untrusted execution environment;
  
  isolating the portion of trusted code from inspection by untrusted application code and operating system of the mobile device using the trusted execution environment;
  
  establishing a secure communications channel between the trusted execution environment and the untrusted execution environment using kernel mode device drivers;
  
  running the portion of trusted code in the trusted execution environment;
  
  communicating a call over the secure communications channel to the portion of trusted code and returning data over the secure communications channel to the untrusted execution environment; and
  
  utilizing a processor that executes instructions stored in memory to perform at least one of the acts of creating, defining, isolating, establishing, running, or communicating.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, further comprising executing a secure bootloader to create the trusted execution environment and thereafter executing a bootloader to create the untrusted execution environment.
  - 19. The method of claim 17, further comprising creating the trusted execution environment absent utilization input-output interfaces and input-output device drivers in the trusted execution environment.
  - 20. The method of claim 17, further comprising storing and restoring processor state when switching between a secure mode and an unsecure mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Raj, Himanshu, England, Paul, Saroiu, Stefan, Wolman, Alastair, Santos, Nuno

Granted Patent

US 10,496,824 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/53 by executing in a restricte...

G06F 21/575 Secure boot

TRUSTED LANGUAGE RUNTIME ON A MOBILE PLATFORM

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

101 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

TRUSTED LANGUAGE RUNTIME ON A MOBILE PLATFORM

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others