SECURITY ENGINE FOR A SECURE OPERATING ENVIRONMENT
First Claim
1. A method comprising:
- executing, by a mobile computing device, a secure operating environment on the mobile computing device, wherein the secure operating environment executes on the mobile computing device independently of a host operating environment of the mobile computing device;
receiving, by the secure operating environment, a request for a security service, the request received from an application executing in the secure operating environment;
determining, by the secure operating environment, a security capability of the mobile computing device to provide the security service, wherein the security capability of the mobile device includes a security capability provided by the host operating environment;
determining, by the secure operating environment, a security capability of the secure operating environment to provide the security service;
selecting, by the secure operating environment, a security capability to provide the security service, wherein the security capability is selected from one or both of the security capability of the mobile computing device or the security capability of the secure operating environment; and
providing, by the secure operating environment, the security service to the application, wherein the security service is provided based on the selected security capability.
1 Assignment
0 Petitions
Accused Products
Abstract
The presenting invention relates to techniques for implementing a secure operating environment for the execution of applications on a computing devices (e.g., a mobile phone). In The secure operating environment may provide a trusted environment with dedicated computing resources to manage security and integrity of processing and data for the applications. The applications may be provided with a variety of security services and/or functions to meet different levels of security demanded by an application. The secure operating environment may include a security engine that enumerates and/or determines the security capabilities of the secure operating environment and the computing device, e.g., the hardware, the software, and/or the firmware of the computing device. The security engine may provide security services desired by applications by choosing from the security capabilities that are supported by the secure operating environment and the computing device.
-
Citations
27 Claims
-
1. A method comprising:
-
executing, by a mobile computing device, a secure operating environment on the mobile computing device, wherein the secure operating environment executes on the mobile computing device independently of a host operating environment of the mobile computing device; receiving, by the secure operating environment, a request for a security service, the request received from an application executing in the secure operating environment; determining, by the secure operating environment, a security capability of the mobile computing device to provide the security service, wherein the security capability of the mobile device includes a security capability provided by the host operating environment; determining, by the secure operating environment, a security capability of the secure operating environment to provide the security service; selecting, by the secure operating environment, a security capability to provide the security service, wherein the security capability is selected from one or both of the security capability of the mobile computing device or the security capability of the secure operating environment; and providing, by the secure operating environment, the security service to the application, wherein the security service is provided based on the selected security capability. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A mobile communication device comprising:
-
one or more processors; one or more first memory devices coupled to the one or more processors, the one more first memory devices configured to be used by the one or more processors to execute a secure operating environment; and one or more second memory devices coupled to the one or more processors, the one or more second memory devices including instructions which when executed on the one or more processors, cause the one or more processor to; execute a host operating environment; and execute the secure operating environment, wherein upon execution of the secure operating environment, the secure operating environment performs a method comprising; executing an application in the secure operating environment; receiving, from the application, a request for a security service; determining a security capability of the mobile computing device to provide the security service, wherein the security capability of the mobile device includes a security capability provided by the host operating environment; determining a security capability of the secure operating environment to provide the security service; selecting a security capability to provide the security service, wherein the security capability is selected from one or both of the security capability of the mobile computing device and the security capability of the secure operating environment; and providing, to the application, the security service based on the selected security capability. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method comprising:
-
executing, by a mobile computing device, a secure operating environment on the mobile computing device, wherein the secure operating environment executes on the mobile computing device independently of a host operating environment on the mobile computing device; executing, by the secure operating environment, an application in the secure operating environment; receiving, by the secure operating environment, from the application, a request for a security service to manage security of memory for the application; determining, by the secure operating environment, a security policy for managing security of the memory for the application; based on the security policy, selecting, by the secure operating environment, an action to perform for managing security of the memory; and performing, by the secure operating environment, the selected action. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A mobile communication device comprising:
-
one or more processors; one or more first memory devices coupled to the one or more processors, the one more first memory devices configured to be used by the one or more processors to execute a secure operating environment; and one or more second memory devices coupled to the one or more processors, the one or more second memory devices including instructions which when executed on the one or more processors, cause the one or more processor to; execute a host operating environment; and execute the secure operating environment, wherein upon execution of the secure operating environment, the secure operating environment performs a method comprising; executing an application in the secure operating environment; receiving, from the application, a request for a security service to manage security of memory for the application; determining a security policy for managing security of the memory for the application; based on the security policy, selecting an action to perform for managing security of the memory; and performing the selected action. - View Dependent Claims (26, 27)
-
Specification