Telecommunications device security

US 9,015,495 B2
Filed: 12/02/2013
Issued: 04/21/2015
Est. Priority Date: 07/14/2006
Status: Active Grant

First Claim

Patent Images

1. A method for processing encrypted data received by a terminal, the method comprising:

providing a security platform in the terminal, the security platform including a normal execution environment and a secure execution environment, the secure execution environment being loaded with at least one secure application component adapted to execute only in the secure execution environment;

identifying secure protocols used in encrypting the encrypted data;

determining whether the secure execution environment is loaded with secure application components associated with the secure protocols used in encrypting the encrypted data;

loading new secure application components associated with the secure protocols used in encrypting the encrypted data that are not already loaded in the secure execution environment;

obtaining key information for decrypting the encrypted data using the new secure application components; and

decrypting the encrypted data in the normal execution environment using the key information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile terminal for use with a cellular or mobile telecommunications network includes a normal execution environment and a secure execution environment The mobile terminal enables the software of the terminal in the secure execution environment to be updated. The terminal may be provided with minimal software initially in the secure execution environment, and is operable to subsequently update the software by over the air transmission of software. Also disclosed is a method for managing rights in respect of broadcast, multicast and/or unicast (downloaded) data. The method defines a service protection platform implemented on mobile terminals having both normal execution environment and secure execution environment. Service protection is provided by separating the operation of service protection application components into those that operate in the normal environment and those that are adapted to execute only in the secure execution environment.

Citations

25 Claims

1. A method for processing encrypted data received by a terminal, the method comprising:
- providing a security platform in the terminal, the security platform including a normal execution environment and a secure execution environment, the secure execution environment being loaded with at least one secure application component adapted to execute only in the secure execution environment;
  
  identifying secure protocols used in encrypting the encrypted data;
  
  determining whether the secure execution environment is loaded with secure application components associated with the secure protocols used in encrypting the encrypted data;
  
  loading new secure application components associated with the secure protocols used in encrypting the encrypted data that are not already loaded in the secure execution environment;
  
  obtaining key information for decrypting the encrypted data using the new secure application components; and
  
  decrypting the encrypted data in the normal execution environment using the key information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein loading the new secure application components associated with the secure protocols used in encrypting the encrypted data that are not already loaded the secure execution environment includes requesting a copy of the secure application components that are not in the secure execution environment from an application server.
  - 3. The method of claim 2, wherein loading the new secure application components associated with the secure protocols used in encrypting the encrypted data that are not already loaded the secure execution environment includes downloading the new secure application components and installing the new secure application components in the secure execution environment.
  - 4. The method of claim 1, wherein the terminal is portable and wherein the encrypted data is broadcast data.
  - 5. The method of claim 1, wherein loading the new secure application components includes determining whether at least one secure application component already loaded in the secure execution requires amendment or replacement, wherein the new secure application components includes replacement secure application components for the secure application components that require amendment or replacement.
  - 6. The method of claim 5, further comprising:
    - requesting the replacement secure application components from an application server for the at least one secure application that requires amendment or replacement;
      
      downloading the replacement secure application components;
      
      installing the replacement secure application components on the terminal; and
      
      loading the replacement secure application components into the secure execution area in place of the at least one secure application component that requires replacement or amendment.
  - 7. The method of claim 1, wherein the key information is stored in the secure execution area.
  - 8. The method of claim 1, wherein the secure execution environment is adapted to host a plurality of secure protocols.
  - 9. The method of claim 1, wherein loading the secure application components further comprises:
    - downloading the new secure application components;
      
      receiving new key information in the downloaded secure application components, where the new key information is encrypted; and
      
      decrypting the new key information solely in the secure execution environment, wherein the new key information is used in decrypting the encrypted data.
  - 10. The method of claim 1, deleting old keys from the secure execution environment.
  - 11. The method of claim 1, further comprising downloading the secure application components that are not in the secure execution environment over the air (OTA).

12. A system for processing encrypted data received by a terminal, the system comprising:
- a normal execution environment in the terminal, anda secure execution environment in the terminal, wherein the secure execution environment is configured to;
  
  evaluate the encrypted data to identify secure application components that are not loaded in the secure execution environment, wherein the secure application components are not loaded are new secure application components;
  
  obtain the new secure application components by downloading the new secure application components from an application server and loading the new secure application components in the secure execution environment;
  
  obtain key information for decrypting the encrypted data using at least the new secure application components loaded in the secure execution environment;
  
  wherein the encrypted data is decrypted in the normal execution environment.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The system of claim 12, wherein the secure execution environment is adapted to host a plurality secure application components including the new secure application components, each secure application component loaded in the secure execution environment corresponds to a distinct secure protocol.
  - 14. The system of claim 12, wherein the terminal is portable.
  - 15. The system of claim 12, further comprising:
    - a server interface configured to request a copy of the new secure application components from the application server; and
      
      a downloader for downloading the new secure application components and installing the new secure application components on the terminal,wherein the new secure application components are installed into the secure execution environment.
  - 16. The system of claim 12, wherein the secure applications that are not loaded in the secure execution environment include secure application components that are loaded in the secure execution environment but require replacement or amendment.
  - 17. The system of claim 12, wherein the new secure applications loaded into the secure application environment include new key information, wherein the new key information is encrypted and wherein the new key information is decrypted solely in the secure execution environment.
  - 18. The system of claim 17, wherein the key information and the new key information are stored solely in the secure execution environment.
  - 19. The system of claim 12, wherein all of the key information used in decrypting the encrypted data is temporary.
  - 20. The system of claim 12, wherein the encrypted data received by the terminal is broadcast data traffic, and the encrypted data traffic is decrypted in real time.
  - 21. The system of claim 12, wherein the unloaded secure application components are downloaded over the air.
  - 22. The system of claim 12, further comprising a user terminal, wherein the secure execution environment and the normal execution environment are present on the user terminal.

23. A method for processing encrypted data received by a terminal, the method comprising:
- providing a securing platform on the terminal, the security platform including a normal execution environment and a secure execution environment, where a secure application component is loaded in the secure execution environment and executes only in the secure execution environment, wherein the secure application component corresponds to a secure protocol;
  
  obtaining key information necessary for decrypting the encrypted data;
  
  processing the key information with the secure application component to obtain decryption information, wherein the secure application is amended or replaced when amendment or replacement is needed to process the key information, wherein a new secure application component is automatically downloaded when the new secure application component is needed to process the key information; and
  
  decrypting the encrypted data in the normal execution environment using the decryption information.
- View Dependent Claims (24, 25)
- - 24. The method of claim 23, wherein the new secure application component includes new key information that is encrypted, wherein the new key information is decrypted solely in the secure execution environment after the new secure application component is loaded in the secure execution environment.
  - 25. The method of claim 23, further comprising determining whether the new secure application is needed based on at least one of the key information, a kind of decryption information required, the secure application component already loaded in the secure execution environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vodafone IP Licensing Limited (Vodafone Group PLC)
Original Assignee
Vodafone IP Licensing Limited (Vodafone Group PLC)
Inventors
Priestley, Mark, Wright, Timothy, BELROSE, Caroline Jessica, BONE, Nicholas, Irwin, James
Primary Examiner(s)
BAYOU, YONAS A

Application Number

US14/094,018
Publication Number

US 20140237260A1
Time in Patent Office

505 Days
Field of Search

713/189
US Class Current

713/189
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 2463/101   applying security measures ...

H04L 63/20   for managing network securi...

H04L 67/125   involving control of end-de...

H04L 67/34   involving the movement of s...

H04W 12/00   Security arrangements; Auth...

H04W 12/02   Protecting privacy or anony...

H04W 12/04   Key management, e.g. using ...

H04W 12/35   Protecting application or s...

Telecommunications device security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Telecommunications device security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links