Method and apparatus for providing secure processing and data storage for a wireless communication device

US 7,047,405 B2
Filed: 04/05/2001
Issued: 05/16/2006
Est. Priority Date: 04/05/2001
Status: Active Grant

First Claim

Patent Images

1. A remote terminal in a wireless communication system, comprising:

a data processing unit configured to process data for a communication over a wireless link;

a main processor coupled to the data processing unit and configured to provide control for the remote terminal, wherein the data processing unit and main processor are unsecured units vulnerable to being spoofed by external entities; and

a secure unit operatively coupled to the main processor and includinga secure processor configured to perform secure processing for the remote terminal, anda secure memory configured to provide secure storage of data, andwherein the secure unit is physically encapsulated within a secure module and further configured to prevents unauthorized accesses to the secure memory via hardcoded protocols.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for providing secure processing and data storage for a wireless communication device. In one specific design, a remote terminal includes a data processing unit, a main processor, and a secure unit. The data processing unit processes data for a communication over a wireless link. The main processor provides control for the remote terminal. The secure unit includes a secure processor that performs the secure processing for the remote terminal (e.g., using public-key cryptography) and a memory that provides secure storage of data (e.g., electronics funds, personal data, certificates, and so on). The secure processor may include an embedded ROM that stores program instructions and parameters used for the secure processing. For enhanced security, the secure processor and memory may be implemented within a single integrated circuit. Messaging and data may be exchanged with the secure unit via a single entry point provided by a bus.

78 Citations

View as Search Results

26 Claims

1. A remote terminal in a wireless communication system, comprising:
- a data processing unit configured to process data for a communication over a wireless link;
  
  a main processor coupled to the data processing unit and configured to provide control for the remote terminal, wherein the data processing unit and main processor are unsecured units vulnerable to being spoofed by external entities; and
  
  a secure unit operatively coupled to the main processor and includinga secure processor configured to perform secure processing for the remote terminal, anda secure memory configured to provide secure storage of data, andwherein the secure unit is physically encapsulated within a secure module and further configured to prevents unauthorized accesses to the secure memory via hardcoded protocols.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The remote terminal of claim 1, wherein the secure unit further includesa read only memory (ROM) configured to store program instructions and parameters used for the secure processing.
  - 3. The remote terminal of claim 2, wherein the ROM is embedded within the secure processor.
  - 4. The remote terminal of claim 1, wherein the secure processor and secure memory are implemented and physically encapsulated within a single integrated circuit (IC).
  - 5. The remote terminal of claim 1, wherein the secure processor and secure memory are physically encapsulated within a tamper resistance or tamper evident unit.
  - 6. The remote terminal of claim 1, wherein the secure processor and secure memory are permanently affixed within the remote terminal.
  - 7. The remote terminal of claim 1, wherein messaging and data are exchanged with the secure unit via a single entry point provided by a bus.
  - 8. The remote terminal of claim 1, wherein the secure unit is configured to implement public-key cryptography for the secure processing.
  - 9. The remote terminal of claim 8, wherein a private key assigned to the remote terminal is embedded within the secure processor.
  - 10. The remote terminal of claim 9, wherein the private key is permanently etched within the secure processor.
  - 11. The remote terminal of claim 9, wherein the private key assigned to the remote terminal is stored in a ROM within the secure processor.
  - 12. The remote terminal of claim 1, wherein the secure processor is configurable to implement one or more security protocols.
  - 13. The remote terminal of claim 12, wherein the one or more security protocols include Secure Sockets Layer (SSL) protocol or Transport Layer Security (TLS) protocol, or both.
  - 14. The remote terminal of claim 1, wherein the secure unit is configurable to act in a role of a client or a server for each secure transaction with a foreign entity.
  - 15. The remote terminal of claim 1, wherein the secure memory is configured to store electronics funds.
  - 16. The remote terminal of claim 1, wherein the secure memory is configured to store cryptographic parameters used for the secure processing.
  - 17. The remote terminal of claim 1, wherein the secure memory is configured to store one or more certificates used for authentication.
  - 18. The remote terminal of claim 17, wherein a certificate is loaded into the secure memory via a secure transaction with a certificate authority.
  - 19. The remote terminal of claim 18, wherein different levels of security is implemented for a certificate loading transaction depending on whether or not a certificate has already been loaded to the remote terminal.

20. A remote terminal in a wireless communication system, comprising:
- a data processing unit configured to process data for a communication over a wireless link;
  
  a main processor coupled to the data processing unit and configured to provide control for the remote terminal, wherein the data processing unit and main processor are unsecured units vulnerable to being spoofed by external entities; and
  
  a secure unit embedded within the main processor and configured to perform secure processing for the remote terminal and provide secure storage of data, wherein the secure unit is further configured to implement public-key cryptography for the secure processing, and wherein the secure unit is further configured to prevents unauthorized accesses to securely stored data via hardcoded protocols.

21. A method for providing secure processing and data storage for a wireless communication device, comprising:
- defining a main processor within the communication device for providing control to the remote terminal;
  
  defining a secure processor within the communication device for performing secure processing;
  
  defining a secure storage within the communication device for providing secure data storage;
  
  storing program instructions and parameters used for the secure processing within the secure processor or secure storage, wherein the stored program instructions implement hardcoded protocols; and
  
  physically encapsulating the secure processor and secure storage within a secure unit.
- View Dependent Claims (22, 23)
- - 22. The method of claim 21, wherein the secure processor and secure storage are physically encapsulated within a single integrated circuit (IC).
  - 23. The method of claim 21, further comprising:
    - permanently affixing the encapsulated secure processor and secure storage within the communication device.

24. A method for providing secure processing and data storage for a wireless communication device, comprising:
- receiving a first message to initiate a secure transaction with a foreign entity;
  
  authenticating the foreign entity through a secure processor located within the communication device; and
  
  if the foreign entity is authenticated, performing securing processing for the secure transaction through the secure processor,wherein the secure unit is physically encapsulated within a secure module and further configured to prevents unauthorized accesses to the secure memory via hardcoded protocols, andproviding control for the communication device through a main processor.
- View Dependent Claims (25, 26)
- - 25. The method of claim 24, wherein the secure processing is performed based on program instructions stored within the secure processor.
  - 26. The method of claim 24, wherein the authentication is achieved via exchanges of certificates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Mauro, Anthony
Primary Examiner(s)
Smithers, Matthew
Assistant Examiner(s)
FIELDS, COURTNEY D

Application Number

US09/826,742
Publication Number

US 20020147920A1
Time in Patent Office

1,867 Days
Field of Search

713/166, 705/76, 705/64, 705/65, 705/66, 705/67, 705/68, 705/69, 380/270, 380/272, 380/273, 380/275
US Class Current

713/166
CPC Class Codes

G06Q 20/367   involving electronic purses...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3674   involving authentication

G06Q 20/3676   Balancing accounts

G06Q 20/3678   e-cash details, e.g. blinde...

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

H04L 63/0823   using certificates cryptogr...

H04W 12/069   using certificates or pre-s...

H04W 88/02   Terminal devices

Method and apparatus for providing secure processing and data storage for a wireless communication device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

78 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for providing secure processing and data storage for a wireless communication device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others