Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services
First Claim
1. A method of executing a trusted application on a trusted security zone enabled electronic device, comprising:
- examining a provisioning status of a trusted security subzone on the electronic device;
responsive to a trusted security subzone not being provisioned on the electronic device, generating, by a server, a temporary trust token;
transmitting the temporary trust token to the electronic device;
comparing the temporary trust token with a plurality of trust tokens stored in the electronic device to determine the trustworthiness of the temporary trust token;
responsive to the temporary trust token being determined to be trustworthy, provisioning the non-provisioned trusted security subzone on the electronic device to be a temporary trust enablement;
transmitting the trusted application through an encrypted channel to the temporary trust enablement;
executing the trusted application in the temporary trust enablement, wherein the temporary trust enablement selectively blocks at least part of a processor of the electronic device to execute the trusted application, and wherein the trusted application has restricted access to a subset of application programming interfaces and hardware peripherals of the electronic device;
releasing the at least part of the processor when the trusted application is completed; and
removing the trusted application, the temporary trust enablement, and the temporary trust token when the trusted application is completed.
6 Assignments
0 Petitions
Accused Products
Abstract
A method of executing a trusted application on a trusted security zone enabled electronic device. The method comprises responsive to a trusted security subzone not being provisioned on the electronic device, generating, by a server, a temporary trust token, transmitting the temporary trust token to the electronic device, and comparing the temporary trust token with a plurality of trust tokens stored in the electronic device to determine the trustworthiness of the temporary trust token. The method further comprises responsive to the temporary trust token being determined to be trustworthy, provisioning the non-provisioned trusted security subzone on the electronic device to be a temporary trust enablement, transmitting the trusted application through an encrypted channel to the temporary trust enablement, executing the trusted application in the temporary trust enablement, and removing the trusted application, the temporary trust enablement, and the temporary trust token when the trusted application is completed.
-
Citations
13 Claims
-
1. A method of executing a trusted application on a trusted security zone enabled electronic device, comprising:
-
examining a provisioning status of a trusted security subzone on the electronic device; responsive to a trusted security subzone not being provisioned on the electronic device, generating, by a server, a temporary trust token; transmitting the temporary trust token to the electronic device; comparing the temporary trust token with a plurality of trust tokens stored in the electronic device to determine the trustworthiness of the temporary trust token; responsive to the temporary trust token being determined to be trustworthy, provisioning the non-provisioned trusted security subzone on the electronic device to be a temporary trust enablement; transmitting the trusted application through an encrypted channel to the temporary trust enablement; executing the trusted application in the temporary trust enablement, wherein the temporary trust enablement selectively blocks at least part of a processor of the electronic device to execute the trusted application, and wherein the trusted application has restricted access to a subset of application programming interfaces and hardware peripherals of the electronic device; releasing the at least part of the processor when the trusted application is completed; and removing the trusted application, the temporary trust enablement, and the temporary trust token when the trusted application is completed. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of executing a trusted application on a mobile communication device without a trusted security zone hardware partition, comprising:
-
examining a provisioning status of a trusted security subzone on the mobile communication device; responsive to no trusted security zone hardware partition being found on the mobile communication device, generating, by a server, an encrypted key; transmitting the encrypted key to the mobile communication device; comparing the encrypted key with a plurality of trust keys stored in the mobile communication device to determine the trustworthiness of the encrypted key; responsive to the encrypted key being determined to be trustworthy, installing a temporary trust enablement application on the mobile communication device; transmitting the trusted application through an encrypted channel to the temporary trust enablement; blocking, by the temporary trust enablement, at least part of a processor of the mobile communication device every other predefined number of clock cycles to execute the trusted application; restricting the trusted application to a subset of application programming interfaces and hardware peripherals of the mobile communication device; releasing the at least part of the processor when the trusted application is completed; and removing the trusted application, the temporary trust enablement, and the encrypted key when the trusted application is completed. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
Specification