System and method for providing a secure application fragmentation environment
First Claim
1. A system comprising:
- a system interface configured to receive a request for a secure operation;
an external memory interface;
an application fragments store configured to store code fragments;
a secure fragmentation manager, the secure fragmentation manager configured to obtain the code fragments for the secure operation from an external memory via the external memory interface, and further configured to determine whether or not the code fragments for the secure operation are in the application fragments store, the secure fragmentation manager being coupled to the system interface, the external interface and the application fragments store;
a cryptographic engine coupled to the application fragments store and a secure key store, the cryptographic engine configured to decrypt the code fragment for the secure operation using a secure key and verifying an integrity of the code fragment for the secure operation; and
an execution engine coupled to the cryptographic engine and the application fragments store, the execution engine configured to execute the code fragments for the secure operation,wherein the execution engine executes a first code fragment for the secure operation while the secure fragmentation manger simultaneously obtains a second code fragment for the secure operation.
1 Assignment
0 Petitions
Accused Products
Abstract
System and method for providing and using expanded memory resources secure application environment is disclosed. An embodiment comprises a system and method for providing secure application functionality comprising receiving a request for a secure operation; determining if required application code for the secure operation is present in an application fragment store; sequentially loading a plurality of fragments of the required application code from an external memory, if the required application code is not present in the application fragment store; sequentially executing the plurality of fragments of the required application code; and sending a reply to the request for the secure operation. The system and method may further comprise decrypting each of the plurality of fragments of the required application code using a secure key prior to execution of the fragment and verifying the integrity of the code fragment.
11 Citations
24 Claims
-
1. A system comprising:
-
a system interface configured to receive a request for a secure operation; an external memory interface; an application fragments store configured to store code fragments; a secure fragmentation manager, the secure fragmentation manager configured to obtain the code fragments for the secure operation from an external memory via the external memory interface, and further configured to determine whether or not the code fragments for the secure operation are in the application fragments store, the secure fragmentation manager being coupled to the system interface, the external interface and the application fragments store; a cryptographic engine coupled to the application fragments store and a secure key store, the cryptographic engine configured to decrypt the code fragment for the secure operation using a secure key and verifying an integrity of the code fragment for the secure operation; and an execution engine coupled to the cryptographic engine and the application fragments store, the execution engine configured to execute the code fragments for the secure operation, wherein the execution engine executes a first code fragment for the secure operation while the secure fragmentation manger simultaneously obtains a second code fragment for the secure operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for executing a secure application, comprising:
-
receiving a request for a secure operation; executing a first application code fragment for the secure operation; simultaneously with executing the first application code fragment, determining whether or not a second application code fragment for the secure operation is present in an application fragments store and when the second application code fragment is not present in the application fragments store; loading the second application code fragment from an external memory; decrypting the second application code fragment using a secure key; and verifying an integrity of a second application code fragment; executing the decrypted second application code fragment; and sending a reply to the request for the secure operation. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification