Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services

US 9,230,085 B1
Filed: 07/29/2014
Issued: 01/05/2016
Est. Priority Date: 07/29/2014
Status: Active Grant

First Claim

Patent Images

1. A method of executing a trusted application on a trusted security zone enabled electronic device, comprising:

examining a provisioning status of a trusted security subzone on the electronic device;

responsive to a trusted security subzone not being provisioned on the electronic device, generating, by a server, a temporary trust token;

transmitting the temporary trust token to the electronic device;

comparing the temporary trust token with a plurality of trust tokens stored in the electronic device to determine the trustworthiness of the temporary trust token;

responsive to the temporary trust token being determined to be trustworthy, provisioning the non-provisioned trusted security subzone on the electronic device to be a temporary trust enablement;

transmitting the trusted application through an encrypted channel to the temporary trust enablement;

executing the trusted application in the temporary trust enablement, wherein the temporary trust enablement selectively blocks at least part of a processor of the electronic device to execute the trusted application, and wherein the trusted application has restricted access to a subset of application programming interfaces and hardware peripherals of the electronic device;

releasing the at least part of the processor when the trusted application is completed; and

removing the trusted application, the temporary trust enablement, and the temporary trust token when the trusted application is completed.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of executing a trusted application on a trusted security zone enabled electronic device. The method comprises responsive to a trusted security subzone not being provisioned on the electronic device, generating, by a server, a temporary trust token, transmitting the temporary trust token to the electronic device, and comparing the temporary trust token with a plurality of trust tokens stored in the electronic device to determine the trustworthiness of the temporary trust token. The method further comprises responsive to the temporary trust token being determined to be trustworthy, provisioning the non-provisioned trusted security subzone on the electronic device to be a temporary trust enablement, transmitting the trusted application through an encrypted channel to the temporary trust enablement, executing the trusted application in the temporary trust enablement, and removing the trusted application, the temporary trust enablement, and the temporary trust token when the trusted application is completed.

Citations

13 Claims

1. A method of executing a trusted application on a trusted security zone enabled electronic device, comprising:
- examining a provisioning status of a trusted security subzone on the electronic device;
  
  responsive to a trusted security subzone not being provisioned on the electronic device, generating, by a server, a temporary trust token;
  
  transmitting the temporary trust token to the electronic device;
  
  comparing the temporary trust token with a plurality of trust tokens stored in the electronic device to determine the trustworthiness of the temporary trust token;
  
  responsive to the temporary trust token being determined to be trustworthy, provisioning the non-provisioned trusted security subzone on the electronic device to be a temporary trust enablement;
  
  transmitting the trusted application through an encrypted channel to the temporary trust enablement;
  
  executing the trusted application in the temporary trust enablement, wherein the temporary trust enablement selectively blocks at least part of a processor of the electronic device to execute the trusted application, and wherein the trusted application has restricted access to a subset of application programming interfaces and hardware peripherals of the electronic device;
  
  releasing the at least part of the processor when the trusted application is completed; and
  
  removing the trusted application, the temporary trust enablement, and the temporary trust token when the trusted application is completed.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising, monitoring, by a security monitor application, the temporary trust enablement.
  - 3. The method of claim 1, wherein the trusted application is an application that downloads premium media content from the server.
  - 4. The method of claim 1, wherein the trusted application is an application that uploads private media content to the server.
  - 5. The method of claim 1, wherein the processor of the electronic device operates at a clock speed based on a predefined number of clock cycles, and the trusted application is executed in the temporary trust enablement during every other clock cycle.
  - 6. The method of claim 5, wherein an operating system of the electronic device is suspended when the trusted application is executed.

7. A method of executing a trusted application on a mobile communication device without a trusted security zone hardware partition, comprising:
- examining a provisioning status of a trusted security subzone on the mobile communication device;
  
  responsive to no trusted security zone hardware partition being found on the mobile communication device, generating, by a server, an encrypted key;
  
  transmitting the encrypted key to the mobile communication device;
  
  comparing the encrypted key with a plurality of trust keys stored in the mobile communication device to determine the trustworthiness of the encrypted key;
  
  responsive to the encrypted key being determined to be trustworthy, installing a temporary trust enablement application on the mobile communication device;
  
  transmitting the trusted application through an encrypted channel to the temporary trust enablement;
  
  blocking, by the temporary trust enablement, at least part of a processor of the mobile communication device every other predefined number of clock cycles to execute the trusted application;
  
  restricting the trusted application to a subset of application programming interfaces and hardware peripherals of the mobile communication device;
  
  releasing the at least part of the processor when the trusted application is completed; and
  
  removing the trusted application, the temporary trust enablement, and the encrypted key when the trusted application is completed.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, further comprising, monitoring, by a server trusted security zone on the server, the temporary trust enablement application.
  - 9. The method of claim 7, wherein a kernel of an operating system of the electronic device is utilized by the temporary trust enablement to block the at least part of the processor.
  - 10. The method of claim 9, wherein the server interrogates the electronic device to determine which suspend modes of the processor the kernel supports.
  - 11. The method of claim 10, wherein when the suspend modes is determined, the server transmits the encrypted key to the electronic device.
  - 12. The method of claim 7, wherein the server trusted security zone installs the temporary trust enablement application on the electronic device.
  - 13. The method of claim 7, wherein the electronic device is one of a server computer, a desktop computer, a laptop computer, a notebook computer, a tablet computer, a mobile phone, a personal digital assistant, a media player, a headset computer, a wearable computer, a game console, an Internet digital media streaming device, a television, or another network/communications capable device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Paczkowski, Lyle W., Parsel, William M., Persson, Carl J., Schlesener, Matthew C.
Primary Examiner(s)
Thiaw, Catherine

Application Number

US14/446,330
Time in Patent Office

525 Days
Field of Search

726 22- 25
US Class Current

1/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/57   Certifying or maintaining t...

G06F 21/602   Providing cryptographic fac...

Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links