Method and system to provide a trusted channel within a computer system for a SIM device
First Claim
Patent Images
1. A method comprising:
- executing, by a hardware processor, a protected application in a protected execution environment that is provided by a trusted platform, the protected execution environment being associated with a protected section of memory that is inaccessible to direct memory access and an unprotected section of memory that is accessible to direct memory access, wherein the trusted platform includes a trusted path and an untrusted path;
determining, by the hardware processor executing the protected application, that information is to be accessed from a subscriber identity module (SIM) device that includes a SIM card, the SIM device being physically connected with the trusted platform;
wherein the trusted path is a path between the protected application and the SIM device, the trusted path being a path through a trusted port of the trusted platform, wherein the trusted port is mapped to the protected section of memory;
wherein the untrusted path is another path between the protected application and the SIM device, the untrusted path being a path through an untrusted port of the trusted platform, wherein the untrusted port is mapped to the unprotected section of memory;
exchanging unencrypted data that includes an encryption key between the SIM device and the protected application via the trusted path, wherein the unencrypted data to be exchanged is secured from unauthorized access via properties of the trusted port; and
exchanging encrypted data that is additional data that has been encrypted using the encryption key between the SIM device and the protected application via the untrusted path.
1 Assignment
0 Petitions
Accused Products
Abstract
Exchanging data between a SIM device and an application executed in a trusted platform, wherein the data to be exchanged is secured from unauthorized access. In one embodiment, the exchanging data includes exchanging an encryption key via a trusted path within a computer system, and exchanging data encrypted with the encryption key, via an untrusted path with the computer system.
280 Citations
23 Claims
-
1. A method comprising:
-
executing, by a hardware processor, a protected application in a protected execution environment that is provided by a trusted platform, the protected execution environment being associated with a protected section of memory that is inaccessible to direct memory access and an unprotected section of memory that is accessible to direct memory access, wherein the trusted platform includes a trusted path and an untrusted path; determining, by the hardware processor executing the protected application, that information is to be accessed from a subscriber identity module (SIM) device that includes a SIM card, the SIM device being physically connected with the trusted platform; wherein the trusted path is a path between the protected application and the SIM device, the trusted path being a path through a trusted port of the trusted platform, wherein the trusted port is mapped to the protected section of memory; wherein the untrusted path is another path between the protected application and the SIM device, the untrusted path being a path through an untrusted port of the trusted platform, wherein the untrusted port is mapped to the unprotected section of memory; exchanging unencrypted data that includes an encryption key between the SIM device and the protected application via the trusted path, wherein the unencrypted data to be exchanged is secured from unauthorized access via properties of the trusted port; and exchanging encrypted data that is additional data that has been encrypted using the encryption key between the SIM device and the protected application via the untrusted path. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 22, 23)
-
-
11. A system comprising:
-
a memory having a protected section that is inaccessible to direct memory access and an unprotected section that is accessible to direct memory access; a trusted platform to provide a protected execution environment, the protected execution environment being associated with the protected section of memory and the unprotected section of memory, wherein the trusted platform includes a trusted path and an untrusted path; and a hardware processor to execute a protected application in the protected execution environment, wherein the trusted application to; determine that information is to be accessed from a subscriber identity module (SIM) device that includes a SIM card, the SIM device being physically connected with the trusted port; wherein the trusted path is a path between the protected application and the SIM device, the trusted path being a path through a trusted port of the trusted platform, wherein the trusted port is mapped to the protected section of memory; wherein the untrusted path is another path between the protected application and the SIM device, the untrusted path being a path through an untrusted port of the trusted platform, wherein the untrusted port is mapped to the unprotected section of memory; exchange, with the SIM device, unencrypted data that includes an encryption key via the trusted path, wherein the unencrypted data to be exchanged is secured from unauthorized access via properties of the trusted port; and exchange, with the SIM device, encrypted data that is additional data that has been encrypted using the encryption key via the untrusted path. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification