Systems and Methods for Provisioning and Using Multiple Trusted Security Zones on an Electronic Device
First Claim
1. A method of executing independent trusted applications in a processor having a plurality of trusted security zones, comprising:
- invoking a first trusted application to execute in a first subordinate trusted security zone of the processor, wherein the first trusted application is invoked by a master trusted application executing in a master trusted security zone of the processor and wherein the master trusted application has no visibility into a first memory space associated with the first subordinate trusted security zone and no visibility into the processing of the first trusted application; and
invoking a second trusted application to execute in a second subordinate trusted security zone of the processor, wherein the second trusted application is invoked by the master trusted application executing in the master trusted security zone of the processor and wherein the master trusted application has no visibility into a second memory space associated with the second subordinate trusted security zone and no visibility into the processing of the second trusted application,wherein the master trusted security application mediates access to the first trusted security zone and to the second trusted security zone.
6 Assignments
0 Petitions
Accused Products
Abstract
A method of provisioning a subordinate trusted security zone in a processor having a trusted security zone. The method comprises receiving by a master trusted application executing in a master trusted security zone of the processor a request to provision a subordinate trusted security zone in the processor, wherein the request comprises a master trusted security zone key, wherein the request designates the subordinate trusted security zone, and wherein the request defines an independent key. The method further comprises provisioning by the master trusted application the subordinate trusted security zone to be accessible based on the independent key.
-
Citations
20 Claims
-
1. A method of executing independent trusted applications in a processor having a plurality of trusted security zones, comprising:
-
invoking a first trusted application to execute in a first subordinate trusted security zone of the processor, wherein the first trusted application is invoked by a master trusted application executing in a master trusted security zone of the processor and wherein the master trusted application has no visibility into a first memory space associated with the first subordinate trusted security zone and no visibility into the processing of the first trusted application; and invoking a second trusted application to execute in a second subordinate trusted security zone of the processor, wherein the second trusted application is invoked by the master trusted application executing in the master trusted security zone of the processor and wherein the master trusted application has no visibility into a second memory space associated with the second subordinate trusted security zone and no visibility into the processing of the second trusted application, wherein the master trusted security application mediates access to the first trusted security zone and to the second trusted security zone. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of provisioning a subordinate trusted security zone in a processor having a trusted security zone, comprising:
-
receiving by a master trusted application executing in a master trusted security zone of the processor a request to provision a subordinate trusted security zone in the processor, wherein the request comprises a master trusted security zone key, wherein the request designates the subordinate trusted security zone, and wherein the request defines an independent key; and provisioning by the master trusted application the subordinate trusted security zone to be accessible based on the independent key. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method of changing the memory size of a subordinate trusted security zone in a processor having a trusted security zone, comprising:
-
transmitting an indication of memory utilized by a first subordinate trusted security zone of the processor to a master trusted application executing in a master trusted security zone of the processor; receiving by the master trusted application a request to increase the memory size of a second subordinate trusted security zone of the processor; reducing the memory size of the first subordinate trusted security zone based at least in part on the indication of memory utilized by the first subordinate trusted security zone; and increasing the memory size of the second subordinate trusted security zone. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification