Method for processing information in an electronic device, a system, an electronic device and a processing block

US 7,437,574 B2
Filed: 08/05/2002
Issued: 10/14/2008
Est. Priority Date: 08/07/2001
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

operating a processing block in an electronic device in one of at least a protected mode, where at least certain information used in the protected mode has limited accessibility, and a normal mode where at least certain information used in the protected mode cannot be used or accessed in the normal mode, at least part of a memory being accessible by a processor of the processing block only in said protected mode, anddecrypting at least one second private key using information of at least a first private key stored in the at least part of the memory that is accessible by said processor only in said protected mode;

where when the processing block is operated in the protected mode further comprising preventing access to the processing block from outside the processing block.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Processing information in an electronic device is carried out by at least one processing block for controlling the operation of the electronic device, and a memory. At least a first private key is used for processing information. At least a protected mode and a normal mode are established in the processing block. Part of the memory can be accessed only in said protected mode. At least said first private key is stored in the memory that is accessible in said protected mode.

145 Citations

85 Claims

1. A method, comprising:
- operating a processing block in an electronic device in one of at least a protected mode, where at least certain information used in the protected mode has limited accessibility, and a normal mode where at least certain information used in the protected mode cannot be used or accessed in the normal mode, at least part of a memory being accessible by a processor of the processing block only in said protected mode, anddecrypting at least one second private key using information of at least a first private key stored in the at least part of the memory that is accessible by said processor only in said protected mode;
  
  where when the processing block is operated in the protected mode further comprising preventing access to the processing block from outside the processing block.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 2. The method according to claim 1, wherein in said protected mode transfer of information from the processing block is prevented to prevent determination of an internal function of the processing block.
  - 3. The method according to claim 1, where the processor executes a program code that when executed results in the decryption of said at least one second private key through use of said first private key.
  - 4. The method according to claim 1, wherein the electronic device receives encrypted information, wherein to decrypt the encrypted information, said at least one second private key is decrypted using said first private key, and the encrypted information is decrypted using said decrypted second private key.
  - 5. The method according to claim 1, wherein said processing block comprises a single processor configurable to be used as part of initiating and as part of controlling operation in the protected mode, and as part of initiating and as part of controlling operation in the normal mode, and when said first private key is used, the processing block is set in said protected mode.
  - 6. The method according to claim 1, said electronic device comprising at least a device identity stored therein, where said at least one second private key entails at least one public key;
    - wherein authentication comprises;
      
      decryption of said second private key,forming a digital signature based on said device identity to verify authenticity of the device identity, in which said second private key is used, andverifying said digital signature with said public key to identify the electronic device.
  - 7. The method according to claim 1, where the at least part of the memory that is accessible by said processor only in said protected mode comprises one-time programmable read-only memory.
  - 8. The method according to claim 1, where the at least part of the memory that is accessible by said processor only in said protected mode comprises reprogrammable read-only memory.
  - 9. The method according to claim 1, where the at least part of the memory that is accessible by said processor only in said protected mode comprises electrically erasable programmable read-only memory.
  - 10. The method according to claim 1, where the at least part of the memory that is accessible by said processor only in said protected mode is arranged with the processing block in an integrated processor block.
  - 11. The method according to claim 1, where the at least part of the memory that is accessible by said processor only in said protected mode comprises random access memory.
  - 12. The method according to claim 1, further comprising storing the decrypted second private key in said part of the memory that is accessible only in said protected mode.
  - 13. The method according to claim 1, further comprising storing the decrypted second private key in part of the memory that is accessible in said normal mode.
  - 14. The method of claim 1, where the processor executes a program code that results in the decryption of the at least one second private key through use of said first private key.
  - 15. The method of claim 14, where before allowing access to the at least one first private key said processor takes an action that results in shifting to the protected mode.
  - 16. The method of claim 1, where the processor controls the decryption of the at least one second private key.
  - 17. The method of claim 1, where the processor takes part in the decryption process of the least one second private key.
  - 18. The method of claim 1, where at least part of the memory that is accessible by the processor only in said protected mode comprises one-time programmable read-only memory or reprogrammable read-only memory.
  - 19. The method of claim 1, where at least part of the memory that is accessible by the processor only in said protected mode comprises one-time programmable read-only memory or reprogrammable read-only memory that comprises part of said processing block.
  - 20. The method of claim 1, where before allowing access to the at least one first private key said processor takes an action that results in shifting to the protected mode.
  - 21. the method of claim 1, where the same processor takes part in implementation of at least all of the following processes:
    - control of whether operation of the processing block is shifted to the normal mode or to the protected mode;
      
      accessing information of the at least one first private key; and
      
      decryption of the second private key through use of the first private key.
  - 22. The method of claim 21, where the same processor takes part in restricting access to the information of the at least one first private key.
  - 23. The method of claim 21, where before allowing access to the information of the at least one first private key the same processor takes an action that results in shifting to the protected mode.
  - 24. The method of claim 21, where the information of at least one first private key that is accessible by the same processor only in said protected mode is taken from at least part of a one-time programmable read-only memory or from at least part of a reprogrammable read-only memory.
  - 25. The method of claim 1, where preventing access comprises providing no connection between address, control and data buses internal to the processing block and address, control and data buses external to the processing block.
  - 26. The method of claim 1, where said processing block comprises the processor, read only memory that stores the first private key, random access memory and a connection block that is configurable in the normal mode to provide a bi-directional connection between address, control and data buses internal to said processing block and address, control and data buses external to said processing block to enable signal information flow to and from said processing block.
  - 27. The method of claim 26, where in the normal mode the random access memory cannot be read from outside the processing block.
  - 28. The method of claim 26, where the read only memory also stores a device identity of an electronic device that comprises the processing block.
  - 29. The method of claim 28, further comprising decrypting the device identity using the first private key.
  - 30. The method of claim 1, where the processor is disposed in a signal path between address, control and data buses internal to the processing block and address, control and data buses external to the processing block.

31. An apparatus comprising:
- means for controlling operation of the apparatus, said means for controlling comprising a processing block comprising a single processor and a memory, andmeans for using at least a first private key for processing information, wherein one of at least a protected mode and a normal mode are established by the processing block, andmeans, responsive to said protected mode being established by the processing block, for preventing access to said processing block from outside said processing block;
  
  the processing block configured such that (1) at least part of the memory is accessible by said processor only in said protected mode, and (2) information of at least said first private key is stored in the part of the memory that is accessible by said processor only in said protected mode, the apparatus and processor configured such that (1) at least one second private key can be stored in an encrypted format in memory that is accessible by the processor in said normal mode and (2), said at least one second private key can be decrypted by said using means by use of said first private key.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 32. The apparatus according to claim 31, wherein the at least a part of the memory that is accessible by said processor only in said protected mode is a one time programmable read-only memory.
  - 33. The apparatus according to claim 31, where the at least part of the memory that is accessible by said processor only in said protected mode comprises reprogrammable read-only memory.
  - 34. The apparatus according to claim 31, where the at least part of the memory that is accessible by said processor only in said protected mode comprises electrically erasable programmable read-only memory.
  - 35. The apparatus according to claim 31, where the processing block has the at least part of the memory that is accessible only by said processor in said protected mode and the processor integrated therewith as an integrated processor block.
  - 36. The apparatus of claim 31, where said using means decrypts the at least one second private key while the protected mode is established.
  - 37. The apparatus of claim 31, where said using means decrypts the at least one second private key while the normal mode is established.
  - 38. The apparatus of claim 31, where said at least part of the memory that is accessible by said processor only in said protected mode comprises one-time programmable read-only memory.
  - 39. The apparatus of claim 31, where said at least part of the memory that is accessible by said processor only in said protected mode comprises reprogrammable read-only memory.
  - 40. The apparatus of claim 31, where said at least part of the memory that is accessible by said processor only in said protected mode comprises electrically erasable programmable read-only memory.
  - 41. The apparatus of claim 31, where at least said processor and said at least part of the memory that is accessible by said processor only in said protected mode are arranged in an integrated processor block.

42. A method, comprising:
- in a normal mode of operation of a processing block, receiving encrypted information;
  
  storing the encrypted information in a memory;
  
  reading an encrypted key from a portion of the memory that is accessible when in the normal mode of operation;
  
  setting a protected mode of operation of the processing block;
  
  forming a decrypted key by decrypting the encrypted key using another key that is obtained by a processor of the processing block by reading from a portion of the memory of the processing block that is accessible by the processor only in the protected mode of operation; and
  
  decrypting the encrypted information using the decrypted key;
  
  where when said processing block is operated in said protected mode further comprising preventing access to said processing block from outside said processing block.
- View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 43. The method of claim 42, where decrypting the encrypted information using the decrypted key is performed while in the protected mode of operation of the processing block.
  - 44. The method of claim 42, where decrypting the encrypted key further comprises setting the normal mode of operation of the processing block, and where decrypting the encrypted information using the decrypted key is performed while in the normal mode of operation.
  - 45. The method of claim 42, where at least the another key is comprised of a symmetric key.
  - 46. The method of claim 42, where at least the another key is comprised of an asymmetric key.
  - 47. The method of claim 42, where the another key is generated by a program that operates on data stored in the memory that is accessible by the processor only in the protected mode of operation.
  - 48. The method of claim 42, executed in a mobile communication device.
  - 49. The method of claim 42, executed in one of personal computer or a portable computer.
  - 50. The method of claim 42, executed in one of a personal digital assistant, an MP3 player, a CD player, a DVD player, a video device or a digital television set.
  - 51. The method of claim 42, executed in an integrated processor block.

52. A computer readable medium having a computer program comprising program code for controlling operation of a processor, the code when executed by the processor resulting in at least the following:
- in a normal mode of operation of the processor, receiving encrypted information, the processor comprising a part of a processing block;
  
  storing the encrypted information in a memory;
  
  reading an encrypted key from a portion of the memory that is accessible by the processor when in the normal mode of operation;
  
  setting a protected mode of operation of the processing block;
  
  forming a decrypted key by decrypting the encrypted key using another key that is obtained by reading memory that is accessible by the processor only in the protected mode of operation; and
  
  decrypting the encrypted information using the decrypted key;
  
  where when the processing block is operated in the protected mode of operation further comprising preventing access to the processing block from outside the processing block.
- View Dependent Claims (53, 54, 55, 56, 57, 58, 59)
- - 53. The computer readable medium of claim 52, where the operation of decrypting the encrypted information using the decrypted key is performed while in the protected mode of operation.
  - 54. The computer readable medium of claim 52, where the operation of decrypting the encrypted key further comprises setting the normal mode of operation, and where the operation of decrypting the encrypted information using the decrypted key is performed while in the normal mode of operation.
  - 55. The computer readable medium of claim 52, where the another key is generated by program code that operates on data stored in the memory that is accessible by the processor only in the protected mode of operation.
  - 56. The computer readable medium of claim 52, embodied in a mobile communication device.
  - 57. The computer readable medium of claim 52, embodied in one of personal computer or a portable computer.
  - 58. The computer readable medium of claim 52, embodied in one of a personal digital assistant, an MP3 player, a CD player, a DVD player, a video device or a digital television set.
  - 59. The computer readable medium of claim 52, where the processor is a central processing unit.

60. A method, comprising:
- reading an encrypted key from a memory that is accessible when in a normal mode of operation of a processing block that comprises a processor;
  
  setting a protected mode of operation of the processing block;
  
  forming a decrypted key by decrypting the encrypted key using another key that is accessed by the processor from a memory that is accessible by the processor only in the protected mode of operation; and
  
  encrypting information using the decrypted key;
  
  where when the processing block is operated in the protected mode of operation further comprising preventing access to the processing block from outside the processing block.
- View Dependent Claims (61, 62)
- - 61. The method of claim 60, further comprising transmitting the encrypted information to a mobile communication network.
  - 62. The method of claim 60, further comprising storing the encrypted information in a storage medium.

63. An apparatus, comprising at least one processing block configured to control operation of an electronic device, the processing block comprising a processor and memory, the processing block configured to use at least one first private key and at least one second private key for processing information, where for the processing block one of a protected mode and a normal mode are selectively settable, at least a part of the memory being accessible by the processor only in said protected mode, where information of at least said first private key is stored in the at least a part of the memory that is accessible by the processor only in said protected mode and is readable by said processor only in said protected mode, said second private key being decryptable using said first private key, further comprising a connection block configured to respond to said protected mode being set to prevent access to said processing block from outside said processing block.
- View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85)
- - 64. The apparatus according to claim 63, where said connection block comprises at least one circuit configured to prevent transfer of information from outside the processing block in said protected mode, where determination of an internal function of the processing block is prevented in said protected mode.
  - 65. The apparatus according to claim 63, where said electronic device comprises an input unit to receive encrypted information, and further comprising a decryption function configured to decrypt the encrypted information using said decrypted second private key.
  - 66. The apparatus according to claim 65, further comprising an interface for communication with an authentication device configured to authenticate the electronic device, said electronic device having at least one device identity (DID) stored therein, where said at least one second private key that is encrypted with said first private key entails at least one public key, where said decryption function is further configured to decrypt said at least one device identity for forming a digital signature on the basis of said device identity to verify the authenticity of the device identity by using said second private key, where said authentication device verifies said digital signature with said public key to authenticate the electronic device.
  - 67. The apparatus according to claim 63, where said processing block is configured to be set in said protected mode when said first private key is used.
  - 68. The apparatus according to claim 63, where said at least a part of the memory that is readable by said processor only in said protected mode comprises a one time programmable read-only memory.
  - 69. The apparatus according to claim 63, where in the normal mode a random access memory of said processor block cannot be read from outside said processor block.
  - 70. The apparatus according to claim 63, where said first private key is comprised of a symmetric key.
  - 71. The apparatus according to claim 63, where said first private key is comprised of an asymmetric key.
  - 72. The apparatus according to claim 63, where said at least a part of the memory that is readable by said processor only in said protected mode comprises read-only memory.
  - 73. The apparatus according to claim 63, where said at least a part of the memory that is readable by said processor only in said protected mode comprises reprogrammable read-only memory.
  - 74. The apparatus according to claim 63, where said at least a part of the memory that is readable by said processor only in said protected mode comprises electrically erasable programmable read-only memory.
  - 75. The apparatus according to claim 63, where said at least a part of the memory that is readable by said processor only in said protected mode is arranged with said processor in an integrated processor block.
  - 76. The apparatus of claim 63, where the same processor is configured to take part in implementation of at least all of the following processes:
    - control of whether operation of the processing block is shifted to the normal mode or to the protected mode;
      
      accessing information of the at least one first private key; and
      
      decryption of the second private key through use of the first private key.
  - 77. The apparatus of claim 76, where the same processor is also configured to take part in restricting access to the information of the at least one first private key.
  - 78. The apparatus of claim 76, where the same processor is also configured, before allowing access to the information of the at least one first private key, to take an action that results in shifting to the protected mode.
  - 79. The apparatus of claim 76, where the same processor is also configured to obtain the information of at least one first private key, that is accessible by the processor only in said protected mode, from at least part of a one-time programmable read-only memory or from at least part of a reprogrammable read-only memory.
  - 80. The apparatus of claim 63, where said connection block is configured to prevent access by providing no connection between address, control and data buses internal to the processing block and address, control and data buses external to the processing block.
  - 81. The apparatus of claim 63, where said processing block comprises the processor, read only memory that stores the first private key, random access memory and said connection block, where said connection block is configurable in the normal mode to provide a bi-directional connection between the address, control and data buses internal to said processing block and the address, control and data buses external to said processing block to enable access to and from said processing block.
  - 82. The apparatus of claim 81, where in the normal mode the random access memory cannot be read from outside the processing block.
  - 83. The apparatus of claim 81, where the read only memory also stores a device identity of the electronic device.
  - 84. The apparatus of claim 83, said processor block configured to decrypt the device identity using the first private key.
  - 85. The apparatus of claim 63, where said processor is disposed in a signal path between address, control and data buses internal to said processing block and address, control and data buses external to said processing block.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Kiiveri, Antti, Ronkka, Risto, Sormunen, Toni, Jauhiainen, Antti
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US10/213,287
Publication Number

US 20030046570A1
Time in Patent Office

2,262 Days
Field of Search

713/193, 713/194, 726/2
US Class Current

713/194
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/74   operating in dual or compar...

G06F 21/79   in semiconductor storage me...

G06F 2221/2107   File encryption

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3247   involving digital signatures

H04W 12/033   of the user plane, e.g. use...

Method for processing information in an electronic device, a system, an electronic device and a processing block

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

145 Citations

85 Claims

Specification

Use Cases

Quick Links

Others

Method for processing information in an electronic device, a system, an electronic device and a processing block

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

145 Citations

85 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others