System Utilizing a Secure Element

US 20130145429A1
Filed: 12/06/2011
Published: 06/06/2013
Est. Priority Date: 12/06/2011
Status: Active Grant

First Claim

Patent Images

1. An electronic device comprising:

a receiver configured to receive, from an entity, a request to perform a function;

a secure element to verify the request to perform the function, the secure element including;

hardware programmed with instructions to verify that a security of the secure element has not been breached; and

software including instructions to determine an access right for the entity requesting performance of the function, and to perform the function when the hardware verifies that the security of the secure element has not been breached and the access right indicates that the entity is authorized to request performance of the secure function.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An electronic device includes a receiver configured to receive, from an entity, a request to perform a function. The electronic device also includes a secure element to verify the request to perform the function. The secure element includes hardware programmed with instructions to verify that a security of the secure element has not been breached. The secure element also includes software including instructions to determine an access right for the entity requesting performance of the function, and to perform the function when the hardware verifies that the security of the secure element has not been breached and the access right indicates that the entity is authorized to request performance of the secure function.

95 Citations

20 Claims

1. An electronic device comprising:
- a receiver configured to receive, from an entity, a request to perform a function;
  
  a secure element to verify the request to perform the function, the secure element including;
  
  hardware programmed with instructions to verify that a security of the secure element has not been breached; and
  
  software including instructions to determine an access right for the entity requesting performance of the function, and to perform the function when the hardware verifies that the security of the secure element has not been breached and the access right indicates that the entity is authorized to request performance of the secure function.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The device of claim 1, where the request to perform a function comprises a command to execute a script programmed in the secure element.
  - 3. The device of claim 2, where the script includes the instructions to determine the access right for an entity requesting performance of the function.
  - 4. The device of claim 1, where the secure element is configured to operate in either a report mode or a silent mode, where details about a status of the performance of the function are displayed when the device operates in the report mode, and where no details about the status of the performance of the function are displayed when the device operates in the silent mode.
  - 5. The device of claim 1, where the function is scheduled to be performed at a specified time, where the secure element obtains the actual time from a remote server, and where the secure element performs the function when the specified time equals the actual time.
  - 6. The device of claim 1, where the function comprises a software update.

7. A method for performing a secure operation, comprising:
- receiving a request from an entity to perform a time dependent secure operation in a device;
  
  obtaining temporal parameters and verification information from a remote server to verify the current time;
  
  comparing the received verification information from the remote server with internal verification information for the remote server stored in the device to verify an integrity of the obtained temporal parameters; and
  
  performing the secure operation in accordance with the temporal parameters when the received verification information matches the internal verification information.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, where the remote server is selected from a plurality of trusted remote servers.
  - 9. The method of claim 8, where the device stores internal verification information for each of the plurality of trusted remote servers.
  - 10. The method of claim 8, further comprising receiving temporal parameters and verification information from another remote server of the plurality of trusted servers when the received verification information from a previously selected remote server does not match the internal verification information for the previously selected remote server stored in the device.
  - 11. The method of claim 7, where the temporal parameters and verification information from the remote server are obtained in response to a request for temporal parameters sent by the device.

12. A method for performing a secure operation, comprising:
- receiving a command from an entity to run a script with a secure element of a device, the secure element having a software component and a hardware component, the script including instructions for executing an initialization function, instructions for executing an entity verification function, instructions for executing a device security function, and instructions for executing a secure operation function to be performed at a specified time;
  
  executing the initialization function of the script with the software component to begin execution of the script;
  
  executing the entity verification function with the software component after the initialization function to determine whether the entity has access rights to command execution of the secure operation function;
  
  executing the device security function of the script with the hardware component after the initialization function to determine that a security of the device has not been breached;
  
  determining when the specified time occurs by obtaining time information from a server; and
  
  executing the secure operation function of the script with the software component when the software component determines that the entity has access rights to command execution of the secure operation function, the hardware component determines that the security of the device has not been breached, and the specified time occurs.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, where obtaining the time information from a server comprises:
    - receiving temporal information and server verification information from a server;
      
      comparing the server verification information to internal verification information for the server stored in the secure element; and
      
      identifying the temporal information as the time information when the server verification information matches the internal verification information.
  - 14. The method of claim 12, where executing the entity verification function comprises:
    - obtaining entity identification information for the entity;
      
      accessing a condition table identifying a plurality of entities and access rights for each of the entities;
      
      identifying access rights for the entity in the condition table using the entity identification information;
      
      comparing the identified access rights in the condition table with access rights necessary to command execution of the secure operation function; and
      
      determining whether the entity has access rights to command execution of the secure operation function based on the comparison.
  - 15. The method of claim 12, where the software component initiates the execution of the device security function of the script by the hardware component, and where the hardware component reports the results of the device security function to the software component.
  - 16. The method of claim 12, where the script further comprises instructions for executing an output function that outputs the result of the secure operation function to the entity.
  - 17. The method of claim 16, where the only information transmitted or accessible to the entity sending the command is the outputted result of the secure operation function.
  - 18. The method of claim 12, where the instructions of the script are not displayed or accessible to the entity sending the command.
  - 19. The method of claim 12, further comprising performing a security action when the software component determines that the entity does not have access rights to command execution of the secure operation function based on the comparison, or the hardware component determines that the security of the device has been breached.
  - 20. The method of claim 19, where the security action comprises preventing access to any information stored in memory on the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Mendel, Jacob, Potievsky, Alexander, Webber-Zvik, Eyal

Granted Patent

US 8,549,586 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/57   Certifying or maintaining t...

G06F 21/629   to features or functions of...

G06F 21/72   in cryptographic circuits

G06F 2221/034   Test or assess a computer o...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2153   Using hardware token as a s...

H04L 63/10   for controlling access to d...

System Utilizing a Secure Element

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

95 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System Utilizing a Secure Element

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

95 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links