Method and system to provide a trusted channel within a computer system for a SIM device

US 7,636,844 B2
Filed: 11/17/2003
Issued: 12/22/2009
Est. Priority Date: 11/17/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

executing, by a hardware processor, a protected application in a protected execution environment that is provided by a trusted platform, the protected execution environment being associated with a protected section of memory that is inaccessible to direct memory access and an unprotected section of memory that is accessible to direct memory access, wherein the trusted platform includes a trusted path and an untrusted path;

determining, by the hardware processor executing the protected application, that information is to be accessed from a subscriber identity module (SIM) device that includes a SIM card, the SIM device being physically connected with the trusted platform;

wherein the trusted path is a path between the protected application and the SIM device, the trusted path being a path through a trusted port of the trusted platform, wherein the trusted port is mapped to the protected section of memory;

wherein the untrusted path is another path between the protected application and the SIM device, the untrusted path being a path through an untrusted port of the trusted platform, wherein the untrusted port is mapped to the unprotected section of memory;

exchanging unencrypted data that includes an encryption key between the SIM device and the protected application via the trusted path, wherein the unencrypted data to be exchanged is secured from unauthorized access via properties of the trusted port; and

exchanging encrypted data that is additional data that has been encrypted using the encryption key between the SIM device and the protected application via the untrusted path.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Exchanging data between a SIM device and an application executed in a trusted platform, wherein the data to be exchanged is secured from unauthorized access. In one embodiment, the exchanging data includes exchanging an encryption key via a trusted path within a computer system, and exchanging data encrypted with the encryption key, via an untrusted path with the computer system.

280 Citations

23 Claims

1. A method comprising:
- executing, by a hardware processor, a protected application in a protected execution environment that is provided by a trusted platform, the protected execution environment being associated with a protected section of memory that is inaccessible to direct memory access and an unprotected section of memory that is accessible to direct memory access, wherein the trusted platform includes a trusted path and an untrusted path;
  
  determining, by the hardware processor executing the protected application, that information is to be accessed from a subscriber identity module (SIM) device that includes a SIM card, the SIM device being physically connected with the trusted platform;
  
  wherein the trusted path is a path between the protected application and the SIM device, the trusted path being a path through a trusted port of the trusted platform, wherein the trusted port is mapped to the protected section of memory;
  
  wherein the untrusted path is another path between the protected application and the SIM device, the untrusted path being a path through an untrusted port of the trusted platform, wherein the untrusted port is mapped to the unprotected section of memory;
  
  exchanging unencrypted data that includes an encryption key between the SIM device and the protected application via the trusted path, wherein the unencrypted data to be exchanged is secured from unauthorized access via properties of the trusted port; and
  
  exchanging encrypted data that is additional data that has been encrypted using the encryption key between the SIM device and the protected application via the untrusted path.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 22, 23)
- - 2. The method of claim 1, wherein exchanging the encryption key includes the protected application transmitting the encryption key to the protected section of memory;
    - andthe SIM device accessing the encryption key from the protected section of memory.
  - 3. The method of claim 1, wherein exchanging the encryption key includes the protected application accessing the encryption key from the SIM device, the protected application accessing the encryption key via the trusted port.
  - 4. The method of claim 1, wherein exchanging the encryption key includes exchanging multiple encryption keys, and exchanging the encrypted data includes exchanging separate units of data, with each unit of data separately encrypted with an encryption key selected from the multiple encryption keys.
  - 5. The method of claim 1, wherein exchanging the encrypted data includes a host controller transmitting data from the SIM device to the unprotected section of memory, and a driver transmitting data from the unprotected section of memory to the protected application.
  - 6. The method of claim 5, wherein the host controller is a Universal Serial Bus (USB) host controller and the driver is a USB driver.
  - 7. The method of claim 1, wherein exchanging the encryption key includes the SIM device reading the encryption key from the protected section of memory via the trusted port.
  - 8. The method of claim 1 further comprising:
    - the protected application decrypting the encrypted data using the encryption key.
  - 9. The method of claim 1 further comprising:
    - prior to exchanging the encryption key, the protected application authenticating the SIM device.
  - 10. The method of claim 5, further comprising:
    - exchanging a new encryption key based on a predetermined event selected from a group comprising of, each new transaction, passage of a predetermined period of time, and exchange of a predetermined amount of data.
  - 22. The method of claim 1, further comprising:
    - determining, by the SIM device, that the protected application is executed in the trusted execution environment before exchanging the unencrypted data.
  - 23. The method of claim 1, wherein the trusted path is not accessible to applications other than the protected application and the untrusted path is accessible to applications other than the protected application.

11. A system comprising:
- a memory having a protected section that is inaccessible to direct memory access and an unprotected section that is accessible to direct memory access;
  
  a trusted platform to provide a protected execution environment, the protected execution environment being associated with the protected section of memory and the unprotected section of memory, wherein the trusted platform includes a trusted path and an untrusted path; and
  
  a hardware processor to execute a protected application in the protected execution environment, wherein the trusted application to;
  
  determine that information is to be accessed from a subscriber identity module (SIM) device that includes a SIM card, the SIM device being physically connected with the trusted port;
  
  wherein the trusted path is a path between the protected application and the SIM device, the trusted path being a path through a trusted port of the trusted platform, wherein the trusted port is mapped to the protected section of memory;
  
  wherein the untrusted path is another path between the protected application and the SIM device, the untrusted path being a path through an untrusted port of the trusted platform, wherein the untrusted port is mapped to the unprotected section of memory;
  
  exchange, with the SIM device, unencrypted data that includes an encryption key via the trusted path, wherein the unencrypted data to be exchanged is secured from unauthorized access via properties of the trusted port; and
  
  exchange, with the SIM device, encrypted data that is additional data that has been encrypted using the encryption key via the untrusted path.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The system of claim 11, wherein the exchange of the encryption key includes the protected application to transmit the encryption key to the protected section of memory, and the SIM device to access the encryption key from the protected section of memory.
  - 13. The system of claim 11, wherein the exchange of the encryption key includes the protected application to access the encryption key from the SIM device, the protected application to access the encryption key via the trusted port of the trusted platform.
  - 14. The system of claim 11, wherein the exchange of the encryption key includes an exchange of multiple encryption keys, and the exchange of encrypted data includes an exchange of separate units of data, with each unit of data separately encrypted with an encryption key selected from the multiple encryption keys.
  - 15. The system of claim 11, wherein the system further includes a host controller to transmit data from the SIM device to the unprotected section of memory.
  - 16. The system of claim 15, wherein the system further includes a driver to transmit data from the unprotected section of memory to the protected application.
  - 17. The system of claim 16, wherein the host controller is a Universal Serial Bus (USB) host controller and the driver is a USB driver.
  - 18. The system of claim 11, wherein the SIM device is to read the encryption key from the protected section of memory via the trusted port of the trusted platform.
  - 19. The system of claim 11, wherein the protected application is to decrypt the encrypted data using the encryption key.
  - 20. The system of claim 11, wherein the protected application is to authenticate the SIM device prior to the exchange of the encryption key.
  - 21. The system of claim 11, wherein a new encryption key is to be exchanged based on a predetermined event selected from a group comprising of, each new transaction, passage of a predetermined period of time, and exchange of a predetermined amount of data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Bajikar, Sundeep M.
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
SHAN, APRIL YING

Application Number

US10/715,970
Publication Number

US 20050108532A1
Time in Patent Office

2,227 Days
Field of Search

713/171, 455/410, 455/411, 455/558, 380/47, 380/227
US Class Current

713/171
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/78   to assure secure storage of...

H04L 63/0869   for achieving mutual authen...

H04W 12/06   Authentication

H04W 12/086   using security domains

H04W 88/02   Terminal devices

Method and system to provide a trusted channel within a computer system for a SIM device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

280 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system to provide a trusted channel within a computer system for a SIM device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

280 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links