Systems and Methods for Provisioning and Using Multiple Trusted Security Zones on an Electronic Device

US 20140047548A1
Filed: 08/10/2012
Published: 02/13/2014
Est. Priority Date: 08/10/2012
Status: Active Grant

First Claim

Patent Images

1. A method of executing independent trusted applications in a processor having a plurality of trusted security zones, comprising:

invoking a first trusted application to execute in a first subordinate trusted security zone of the processor, wherein the first trusted application is invoked by a master trusted application executing in a master trusted security zone of the processor and wherein the master trusted application has no visibility into a first memory space associated with the first subordinate trusted security zone and no visibility into the processing of the first trusted application; and

invoking a second trusted application to execute in a second subordinate trusted security zone of the processor, wherein the second trusted application is invoked by the master trusted application executing in the master trusted security zone of the processor and wherein the master trusted application has no visibility into a second memory space associated with the second subordinate trusted security zone and no visibility into the processing of the second trusted application,wherein the master trusted security application mediates access to the first trusted security zone and to the second trusted security zone.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of provisioning a subordinate trusted security zone in a processor having a trusted security zone. The method comprises receiving by a master trusted application executing in a master trusted security zone of the processor a request to provision a subordinate trusted security zone in the processor, wherein the request comprises a master trusted security zone key, wherein the request designates the subordinate trusted security zone, and wherein the request defines an independent key. The method further comprises provisioning by the master trusted application the subordinate trusted security zone to be accessible based on the independent key.

Citations

20 Claims

1. A method of executing independent trusted applications in a processor having a plurality of trusted security zones, comprising:
- invoking a first trusted application to execute in a first subordinate trusted security zone of the processor, wherein the first trusted application is invoked by a master trusted application executing in a master trusted security zone of the processor and wherein the master trusted application has no visibility into a first memory space associated with the first subordinate trusted security zone and no visibility into the processing of the first trusted application; and
  
  invoking a second trusted application to execute in a second subordinate trusted security zone of the processor, wherein the second trusted application is invoked by the master trusted application executing in the master trusted security zone of the processor and wherein the master trusted application has no visibility into a second memory space associated with the second subordinate trusted security zone and no visibility into the processing of the second trusted application,wherein the master trusted security application mediates access to the first trusted security zone and to the second trusted security zone.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the processor comprises a normal security zone and when an application executes in one of the plurality of trusted security zones, applications that are configured to execute in the normal security zone are prevented from executing.
  - 3. The method of claim 1, wherein the processor having a plurality of trusted security zones is a part of a mobile device.
  - 4. The method of claim 3, wherein the first trusted application is associated with an enterprise computing persona of the mobile device and the second trusted application is associated with a private persona of the mobile device.
  - 5. The method of claim 1, further comprising generating a report of memory utilization of the first subordinate trusted security zone.
  - 6. The method of claim 5, further comprising the master trusted application reducing a memory allocation to the first subordinate trusted security zone and increasing a memory allocation to the second subordinate trusted security zone based on the report of memory utilization of the first subordinate trusted security zone.

7. A method of provisioning a subordinate trusted security zone in a processor having a trusted security zone, comprising:
- receiving by a master trusted application executing in a master trusted security zone of the processor a request to provision a subordinate trusted security zone in the processor, wherein the request comprises a master trusted security zone key, wherein the request designates the subordinate trusted security zone, and wherein the request defines an independent key; and
  
  provisioning by the master trusted application the subordinate trusted security zone to be accessible based on the independent key.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein provisioning the subordinate trusted security zone further comprises allocating a quantity of trusted memory to the subordinate trusted security zone, wherein the trusted memory is not accessible by applications executing outside of the subordinate trusted security zone.
  - 9. The method of claim 8, further comprising:
    - receiving by the master trusted application a command to install a trusted application in the subordinate trusted security zone, wherein the command is accompanied by the independent key; and
      
      installing by the master trusted application the trusted application in the trusted memory of the subordinate trusted security zone.
  - 10. The method of claim 9, wherein the trusted application is one of a credit card application and a debit card application.
  - 11. The method of claim 9, wherein the trusted application is an enterprise network access application.
  - 12. The method of claim 7, wherein the request to provision the subordinate trusted security zone is received via a radio communication link.
  - 13. The method of claim 7, wherein the trusted security zone comprises at least four subordinate trusted security zones.

14. A method of changing the memory size of a subordinate trusted security zone in a processor having a trusted security zone, comprising:
- transmitting an indication of memory utilized by a first subordinate trusted security zone of the processor to a master trusted application executing in a master trusted security zone of the processor;
  
  receiving by the master trusted application a request to increase the memory size of a second subordinate trusted security zone of the processor;
  
  reducing the memory size of the first subordinate trusted security zone based at least in part on the indication of memory utilized by the first subordinate trusted security zone; and
  
  increasing the memory size of the second subordinate trusted security zone.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the indication of memory utilized by the first subordinate trusted security zone is transmitted when the first trusted subordinate trusted security zone discontinues executing.
  - 16. The method of claim 14, further comprising determining an average memory utilized by the first subordinate trusted security zone based on the indication of memory utilized by the first subordinate trusted security zone, wherein reducing the memory size of the first subordinate trusted security zone is based on the average memory utilized by the first subordinate trusted security zone.
  - 17. The method of claim 16, wherein the average memory utilized by the first subordinate trusted security zone is determined based on a predefined number of the most recently transmitted indications of memory utilized by the first subordinate trusted security zone.
  - 18. The method of claim 14, further comprising determining a maximum quantity of memory utilized by the first subordinate trusted security zone based on the indication of memory utilized by the first subordinate trusted security zone, wherein reducing the memory size of the first subordinate trusted security zone is based on the maximum quantity of memory utilized by the first subordinate trusted security zone.
  - 19. The method of claim 14, further comprising reducing the memory size of a third subordinate trusted security zone of the processor based at least in part on one of an average memory utilization of the third subordinate trusted security zone or a maximum memory utilization of the third subordinate trusted security zone determined from an indication of memory utilized by the third subordinate trusted security zone.
  - 20. The method of claim 14, wherein reducing the memory size of the first subordinate trusted security zone is further based on a daily schedule associated with a mobile device that comprises the processor having the trusted security zone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Paczkowski, Lyle W., Parsel, William M., Persson, Carl J., Schlesener, Matthew C., Shipley, Trevor D., Bye, Stephen J.

Granted Patent

US 9,183,412 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/62   Protecting access to data v...

G06F 21/74   operating in dual or compar...

Systems and Methods for Provisioning and Using Multiple Trusted Security Zones on an Electronic Device

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods for Provisioning and Using Multiple Trusted Security Zones on an Electronic Device

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links