Systems and Methods for Provisioning and Using Multiple Trusted Security Zones on an Electronic Device

US 20160004876A1
Filed: 09/15/2015
Published: 01/07/2016
Est. Priority Date: 08/10/2012
Status: Active Grant

First Claim

Patent Images

1. A method of provisioning a subordinate trusted security zone in a processor having a trusted security zone, comprising:

receiving, by a master trusted application executing in a master trusted security zone of the processor, a request to provision a subordinate trusted security zone in the processor, wherein the request comprises a master trusted security zone key, wherein the request designates the subordinate trusted security zone, and wherein the request defines an independent key; and

provisioning, by the master trusted application, the subordinate trusted security zone to be accessible based on the independent key.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of provisioning a subordinate trusted security zone in a processor having a trusted security zone. The method comprises receiving by a master trusted application executing in a master trusted security zone of the processor a request to provision a subordinate trusted security zone in the processor, wherein the request comprises a master trusted security zone key, wherein the request designates the subordinate trusted security zone, and wherein the request defines an independent key. The method further comprises provisioning by the master trusted application the subordinate trusted security zone to be accessible based on the independent key.

Citations

20 Claims

1. A method of provisioning a subordinate trusted security zone in a processor having a trusted security zone, comprising:
- receiving, by a master trusted application executing in a master trusted security zone of the processor, a request to provision a subordinate trusted security zone in the processor, wherein the request comprises a master trusted security zone key, wherein the request designates the subordinate trusted security zone, and wherein the request defines an independent key; and
  
  provisioning, by the master trusted application, the subordinate trusted security zone to be accessible based on the independent key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein provisioning the subordinate trusted security zone comprises allocating a quantity of trusted memory to the subordinate trusted security zone, and wherein the trusted memory allocated to the subordinate trusted security zone is not accessible by applications executing outside of the subordinate trusted security zone.
  - 3. The method of claim 2, further comprising:
    - receiving, by the master trusted application, a command to install a trusted application in the subordinate trusted security zone, wherein the command is accompanied by the independent key; and
      
      in response to receiving the command and based on provisioning the subordinate trusted security zone, installing, via the master trusted application, the trusted application in the trusted memory of the subordinate trusted security zone.
  - 4. The method of claim 3, wherein the trusted application is at least one of a credit card application, a debit card application, or any combination thereof.
  - 5. The method of claim 3, wherein the trusted application is an enterprise network access application.
  - 6. The method of claim 1, wherein the request to provision the subordinate trusted security zone is received via a radio communication link.
  - 7. The method of claim 1, wherein the trusted security zone comprises at least four subordinate trusted security zones.
  - 15. The method of claim 1, wherein the trusted security zone of the processor includes the master trusted security zone and the subordinate trusted security zone.
  - 16. The method of claim 1, wherein the independent key corresponds to only the subordinate trusted security zone.
  - 17. The method of claim 1, further comprising:
    - installing, via the master trusted application executing in the master trusted security zone, a first trusted application in the subordinate trusted security zone.
  - 18. The method of claim 17, further comprising:
    - disabling, by executing the first trusted application in the subordinate trusted security zone, execution of the master trusted security zone and any other subordinate trusted security zones.
  - 19. The method of claim 18, wherein execution of the first trusted application in the subordinate trusted security zone is based on the independent key.
  - 20. The method of claim 18, wherein execution of the master trusted security zone is disabled while the first trusted application in the subordinate trusted security zone continues to execute.

8. A method of changing the memory size of a subordinate trusted security zone in a processor having a trusted security zone, comprising:
- transmitting an indication of memory utilized by a first subordinate trusted security zone of the processor to a master trusted application executing in a master trusted security zone of the processor;
  
  receiving, by the master trusted application, a request to increase the memory size of a second subordinate trusted security zone of the processor;
  
  reducing the memory size of the first subordinate trusted security zone based at least in part on the indication of memory utilized by the first subordinate trusted security zone; and
  
  increasing the memory size of the second subordinate trusted security zone.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the indication of memory utilized by the first subordinate trusted security zone is transmitted when the first trusted subordinate trusted security zone discontinues executing.
  - 10. The method of claim 8, further comprising determining an average memory utilized by the first subordinate trusted security zone based on the indication of memory utilized by the first subordinate trusted security zone, wherein reducing the memory size of the first subordinate trusted security zone is based on the average memory utilized by the first subordinate trusted security zone.
  - 11. The method of claim 10, wherein the average memory utilized by the first subordinate trusted security zone is determined based on a predefined number of the most recently transmitted indications of memory utilized by the first subordinate trusted security zone.
  - 12. The method of claim 8, further comprising determining a maximum quantity of memory utilized by the first subordinate trusted security zone based on the indication of memory utilized by the first subordinate trusted security zone, wherein reducing the memory size of the first subordinate trusted security zone is based on the maximum quantity of memory utilized by the first subordinate trusted security zone.
  - 13. The method of claim 8, further comprising reducing the memory size of a third subordinate trusted security zone of the processor based at least in part on one of an average memory utilization of the third subordinate trusted security zone or a maximum memory utilization of the third subordinate trusted security zone determined from an indication of memory utilized by the third subordinate trusted security zone.
  - 14. The method of claim 8, wherein reducing the memory size of the first subordinate trusted security zone is further based on a daily schedule associated with a mobile device that comprises the processor having the trusted security zone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Bye, Stephen J., Paczkowski, Lyle W., Parsel, William M., Persson, Carl J., Schlesener, Matthew C., Shipley, Trevor D.

Granted Patent

US 9,811,672 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/62   Protecting access to data v...

G06F 21/74   operating in dual or compar...

Systems and Methods for Provisioning and Using Multiple Trusted Security Zones on an Electronic Device

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods for Provisioning and Using Multiple Trusted Security Zones on an Electronic Device

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links