Telecommunications device security
First Claim
1. A terminal for use with a cellular or mobile telecommunications network, the terminal including:
- a security platform including;
a normal execution environment; and
a secure execution environment in which security functions trusted by a third party are performed;
wherein the security platform is configured to amend software of the terminal for performing the security functions entirely in the secure execution environment,wherein the amendment of the software is performed entirely within the secure execution environment such that a required security property of the amended software is consistent with a protection profile associated with the software before and after the amendment,wherein new keys associated with the software for performing the security functions are encrypted within the amended software and decrypted and used solely within the secure execution environment.
1 Assignment
0 Petitions
Accused Products
Abstract
A mobile terminal for use with a cellular or mobile telecommunications network includes a normal execution environment (operating system) (30) and a secure execution environment (32) comprising a Mobile Trusted Module (MTM). The mobile terminal enables the software of the terminal in the secure execution environment (32) to be updated. The terminal 1 may be provided with minimal software initially in the secure execution environment (32), and is operable to subsequently update the software by over the air transmission of software. Also disclosed is a method for managing rights in respect of broadcast, multicast and/or unicast (downloaded) data, relevant in particular to managing access to a broadcast video data stream complying with a mobile digital broadcast scheme. The method defines a service protection platform implemented on mobile terminals having both normal execution environment (i.e. the operating system) and secure execution environment. Service protection is provided by separating the operation of service protection application components into those that operate in the normal environment and those that are adapted to execute only in the secure execution environment. Making the secure execution environment application component interchangeable allows the method to be adapted to any of a number of service protection protocols or “profiles” by downloading only the secure execution environment application component.
30 Citations
50 Claims
-
1. A terminal for use with a cellular or mobile telecommunications network, the terminal including:
-
a security platform including; a normal execution environment; and a secure execution environment in which security functions trusted by a third party are performed; wherein the security platform is configured to amend software of the terminal for performing the security functions entirely in the secure execution environment, wherein the amendment of the software is performed entirely within the secure execution environment such that a required security property of the amended software is consistent with a protection profile associated with the software before and after the amendment, wherein new keys associated with the software for performing the security functions are encrypted within the amended software and decrypted and used solely within the secure execution environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of providing security functions trusted by a third party in a mobile terminal for use with a cellular or mobile telecommunications network,
the terminal including a normal execution environment and a secure execution environment in which the security functions trusted by the third party are performed, the method including: -
amending software of the terminal for performing the security functions entirely in the secure execution environment, wherein the amendment of the software is performed entirely within the secure execution environment such that a required security property of the amended software is consistent with a protection profile associated with the software before and after the amendment; encrypting new keys associated with the amended software wherein the new keys are decrypted and used solely within the secure execution environment. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for processing encrypted data received by a terminal, comprising:
-
providing a security platform having a normal execution environment and a secure execution environment, the secure execution environment being loaded with at least one secure application component adapted to execute only in the secure execution environment, the at least one secure application component representing a secure protocol; obtaining a key management profile necessary for facilitating decryption of the encrypted data; in the secure execution environment, using the at least one secure application component to process the key management profile with the given secure protocol in order to extract temporary decryption information, wherein amendment of the at least one secure application component is performed entirely within the secure execution environment such that a required security property of the amended at least one secure application component is consistent with a protection profile associated with the at least one secure application component before and after the amendment; and in the normal execution environment, using the temporary decryption information to decrypt the encrypted data traffic. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A system for processing encrypted data received by a terminal incorporating a security platform with a normal execution environment and a secure execution environment, the secure execution environment being loaded with at least one secure application component adapted to execute only in the secure execution environment, the at least one secure application component representing a secure protocol, the system comprising:
the security platform configured to; obtain a key management profile necessary for facilitating decryption of the encrypted data traffic; use, in the secure execution environment, the at least one secure application component to process the key management profile in accordance with the given secure protocol to extract temporary decryption information in the secure execution environment, wherein amendment of the at least one secure application component is performed entirely within the secure execution environment such that a required security property of the amended at least one secure application component is consistent with a protection profile associated with the at least one secure application component before and after the amendment; and decrypt the encrypted data traffic in the normal execution environment using the temporary decryption information. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
Specification