Arrangement and method of execution of code
First Claim
1. A system for executing code, the code comprising critical code portions and non-critical code portions, wherein the system comprises:
- a computer having at least one application,a secure execution unit connected to the computer, wherein the secure execution unit includes;
means for executing the critical code portions,means for storing a secret key known only to the secure execution unit, andmeans for authenticating a result of an executed critical code portion using the secret key;
wherein the at least one application is arranged to send a request to the secure execution unit to execute a first critical code portion.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to systems (1) and a method for executing code. According to the method a non-critical code portion is executed on a computer (3). When an application (5) on the computer detects a critical code portion to be executed, the application sends a request to a secure execution unit (4) connected to the computer to execute the critical code portion. The secure execution unit (4) executes the critical code portion in response to the request. Thereafter the secure execution unit authenticates the result of the execution of the critical code portion using a secret key (7). The authentication allows for another party (2) to verify that the execution was carried out in a trusted way. An advantage of the present invention is that it provides a reliable execution environment that can be trusted to execute critical code.
-
Citations
35 Claims
-
1. A system for executing code, the code comprising critical code portions and non-critical code portions, wherein the system comprises:
-
a computer having at least one application, a secure execution unit connected to the computer, wherein the secure execution unit includes; means for executing the critical code portions, means for storing a secret key known only to the secure execution unit, and means for authenticating a result of an executed critical code portion using the secret key; wherein the at least one application is arranged to send a request to the secure execution unit to execute a first critical code portion. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A processing system including a first subsystem and a second subsystem, wherein at least the first subsystem comprises:
-
a computer having at least one application; a secure execution unit connected to the computer, wherein the secure execution unit includes; means for executing the critical code portions; means for storing a secret key known only to the secure execution unit; and means for authenticating a result of an executed critical code portion using the secret key; wherein the at least one application is arranged to send a request to the secure execution unit to execute a first critical code portion. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method for executing code having critical code portions and non-critical code portions, wherein the method includes the step of executing at least a first non-critical code portion on a computer, said method further comprising the steps of:
-
detecting by an application on the computer, a first critical code portion to be executed; sending by the application, a request to a secure execution unit to execute the first critical code portion; executing by the secure execution unit, the first critical code portion in response to the request; and authenticating by the secure execution unit, the result of the execution of the first critical code portion using a secret key known only to the secure execution unit. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35)
-
Specification