Trusted security zone communication addressing on an electronic device
First Claim
1. A method of communicating with a computing device having a trusted security zone, the method comprising:
- mapping a unique identifier for a computing device with a trust zone access control address, wherein the computing device comprises a normal security zone and a trusted security zone providing hardware assisted security that is separate from the normal security zone, wherein the trust zone access control address is unique to a hardware component of the trusted security zone within the computing device, and wherein when an application executes in the trusted security zone of the computing device, applications that are configured to execute in the normal security zone are prevented from executing on the computing device;
composing, by a source external to the computing device, a message comprising the trust zone access control address, wherein the trust zone access control address is not discoverable from the computing device, and wherein the trusted zone access control address is different from the unique identifier;
routing the message to the computing device based on the unique identifier, wherein the message is internally routed to the trusted security zone within the computing device using the trust zone access control address, and wherein the message is received by an application executing in the trusted security zone of the computing device;
providing a second message to a second application on the computing device executing in the trusted security zone subsequent to routing;
obtaining a response from the second application on computing device; and
determining that the message was routed to the trusted security zone based on the response obtained from the second application.
6 Assignments
0 Petitions
Accused Products
Abstract
A method of communicating with a computing device having a trusted security zone comprises mapping a unique identifier for a computing device with a trust zone access control (TZAC) address, composing a message comprising the trust zone access control address, and routing the message to the computing device based on the unique identifier. The computing device comprises a normal security zone and a trusted security zone that is separate from the normal security zone, and the trust zone access control address is a unique identifier associated with a hardware component of the trusted security zone within the computing device. The message is internally routed to the trusted security zone within the computing device using on the trust zone access control address.
425 Citations
19 Claims
-
1. A method of communicating with a computing device having a trusted security zone, the method comprising:
-
mapping a unique identifier for a computing device with a trust zone access control address, wherein the computing device comprises a normal security zone and a trusted security zone providing hardware assisted security that is separate from the normal security zone, wherein the trust zone access control address is unique to a hardware component of the trusted security zone within the computing device, and wherein when an application executes in the trusted security zone of the computing device, applications that are configured to execute in the normal security zone are prevented from executing on the computing device; composing, by a source external to the computing device, a message comprising the trust zone access control address, wherein the trust zone access control address is not discoverable from the computing device, and wherein the trusted zone access control address is different from the unique identifier; routing the message to the computing device based on the unique identifier, wherein the message is internally routed to the trusted security zone within the computing device using the trust zone access control address, and wherein the message is received by an application executing in the trusted security zone of the computing device; providing a second message to a second application on the computing device executing in the trusted security zone subsequent to routing; obtaining a response from the second application on computing device; and
determining that the message was routed to the trusted security zone based on the response obtained from the second application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of communicating over a network, the method comprising:
-
receiving, from an external device, a message at a computing device, wherein the message comprises a routing address, a trust zone access control address, and a key, wherein the computing device comprises a normal security zone and a trusted security zone providing hardware assisted security that is separate from the normal security zone, wherein the routing address comprises information configured to route the message to the computing device, wherein the trust zone access control address is unique to a hardware component of the trusted security zone within the computing device, and wherein when an application executes in the trusted security zone of the computing device, applications that are configured to execute in the normal security zone are prevented from executing on the computing device; internally providing the message to the trusted security zone based on the trust zone access control address, wherein the trust zone access control address is not discoverable from the computing device, and wherein the trust zone access control address is different from the routing address; initiating an execution of an application within the trusted security zone of the computing device using the key; preventing the execution of any applications in the normal security zone in response to initiating the application within the trusted security zone; receiving a second message comprise the trust zone access control address and data; internally providing the second message to the trusted security zone based on the trust zone access control address in the second message while the application is executing in the trusted security zone; processing the data in the second message within the trusted security zone; performing an action within the trusted security zone based on processing the data; and providing a third message to the external device from a second application executing in the trusted security zone, wherein the third message comprises information indicating that the second massage was routed to the trusted security zone. - View Dependent Claims (12, 13, 14)
-
-
15. A computing device comprising:
-
a modem; a processor, wherein the processor comprises a trusted security zone and a normal security zone, wherein the trusted security zone provides hardware assisted security; a memory comprising non-transitory storage; a trusted security zone application stored in the memory, that upon execution on the processor, configures at least the processor to; block access by other applications executing in the normal security zone of the processor from accessing the memory, reading inputs, and writing outputs while the trusted security zone application executes in the trusted security zone, accept a massage comprising a trust zone access control address from a source external to the computing device, wherein the trust zone access control address is not discoverable from the computing device, process the massage within the trusted security zone, and change information within the trusted security zone based on processing the massage within the trusted security zone; and the trust zone access control address encoded into at least one of the trusted security zone of the processor or a secure partition in the memory, wherein the trust zone access control address is unique to the at least one of the trusted security zone of the processor or the secure partition in the memory; and a first application stored in the memory, that upon execution by the processor, configures at least the processor to; receive a second massage from the source external to the computing device, invoke the first application in response to reception of the massage, wherein the first application executes in the trusted security zone, and provide a response massage to the source subsequent to invocation of the trusted security zone, wherein the response massage comprises information that indicates that the information within the trusted security zone changed after the massage comprising the trust zone access control address is accepted. - View Dependent Claims (16, 17, 18, 19)
-
Specification