Secure mode indicator for smart phone or PDA

US 20040123118A1
Filed: 12/18/2002
Published: 06/24/2004
Est. Priority Date: 01/16/2002
Status: Active Grant

First Claim

Patent Images

1. A method of operating a digital system, comprising the steps of:

providing a secure mode of operation in which only trusted program code can be executed; and

providing a secure mode indicator means observable by a user of the digital system, wherein the indicator means can only be activated by the trusted program code while in the secure mode of operation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A digital system is provided with a secure mode (3^rdlevel of privilege) built in a non-invasive way on a processor system that includes a processor core, instruction and data caches, a write buffer and a memory management unit. A secure execution mode is thus provided on a platform where the only trusted software is the code stored in ROM. In particular the OS is not trusted, all native applications are not trusted. The secure mode is entered through a unique entry point. The secure execution mode can be dynamically entered and exited with full hardware assessment of the entry/exit conditions. A secure mode indicator is provided to tell a user of the digital system that the device is in secure mode. This indicator may be a small LED, for example. The user should not enter any secret information (password) or should not sign anything displayed on the screen if the secure mode indicator is not active.

121 Citations

19 Claims

1. A method of operating a digital system, comprising the steps of:
- providing a secure mode of operation in which only trusted program code can be executed; and
  
  providing a secure mode indicator means observable by a user of the digital system, wherein the indicator means can only be activated by the trusted program code while in the secure mode of operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising the steps of:
    - executing an application program;
      
      entering into the secure mode of operation for executing a secure portion of the application program;
      
      activating the secure mode indicator means in response to executing the secure portion of the application program; and
      
      requesting that a user provide sensitive information to the secure portion of the application program while the indicator means is activated.
  - 3. The method of claim 2, further comprising the step of de-activating the secure mode indicator means after receiving the sensitive information while the secure portion of the application program continues to execute in secure mode.
  - 4. The method of claim 2, wherein the step of activating the secure mode indicator means comprises executing an instruction that writes to a memory mapped latch, wherein the memory mapped latch can be written to only when the instruction is executed while in the secure mode of operation.
  - 5. The method of claim 1, wherein the step of providing a secure mode of operation comprises the steps of:
    - jumping to an entry address at a particular address in an instruction memory;
      
      executing an activation sequence of instructions beginning at the entry address; and
      
      entering the secure mode of operation only if the activation sequence of instruction is fully executed by the CPU in a pre-defined order.
  - 6. The method of claim 5, wherein the last instruction of the activation sequence is a branch instruction and other than a cache flush instruction or a cache disable instruction, all other instructions in the activation sequence are NOP instructions.
  - 7. The method of claim 5, further comprising the steps of:
    - monitoring a set of one or more status signals provided by the CPU and the system during each access of the activation sequence; and
      
      aborting the activation sequence if the status signals indicate that any one of the activation sequence accesses is not an instruction fetch access.
  - 8. The method according to claim 7, further comprising the step of aborting the activation sequence if the status signals indicate that a data access is made during execution of the activation sequence.
  - 9. The method according to claim 5, further comprising the steps of establishing an operating mode according to predefined security criteria by calling an operating system (OS) task manager prior to jumping to the entry address;
    - after entering the secure mode of operation, establishing an environment suitable for secure code execution by executing a plurality of instructions from a secure read only memory (ROM);
      
      activating the secure mode indicator means by executing an instruction from the secure ROM;
      
      executing a secure routine from the secure ROM;
      
      de-activating the secure mode indicator mans by executing an instruction from the secure ROM;
      
      performing an exit sequence from the secure ROM; and
      
      jumping to an exit location in a public ROM.
  - 10. The method according to claim 1, wherein the CPU has a set of secure resources that is inaccessible in non-secure mode, and wherein the step of entering the secure mode of operation comprises asserting a security signal to enable access to the set of secure resources.
  - 11. The method of claim 1, further comprising the step of providing tamper detection means for detecting if the digital system is tampered with;
    - and wherein the step of providing a secure mode of operation is inhibited if the tamper detection means indicates the digital system has been tampered with.

12. A digital system, comprising:
- a central processing unit (CPU) for executing instruction;
  
  a public memory connected to an instruction bus of the CPU for holding non-secure instructions, the public memory being always accessible by the CPU;
  
  a secure memory connected to the instruction bus of the CPU for holding secure instructions, the secure memory being accessible only when a security signal is asserted;
  
  security circuitry having an output for asserting the security signal when a secure mode of operation is established; and
  
  a secure mode indicator responsive to the security signal, the secure mode indicator being observable by a user of the digital system, wherein the secure mode indicator can only be placed in an active mode by executing an instruction while the security signal is asserted.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The digital system of claim 12, wherein the secure mode indicator comprises:
    - a memory mapped latch connected to receive a data bit signal from the CPU in response to a write instruction, the operation of the memory mapped latch being controlled by the security signal such that the latch can only be written to when the security signal is asserted, the memory mapped latch having an output signal for indicating the state of the latch; and
      
      a secure mode indicator device connected to the output signal of the memory mapped latch, the secure mode indicator device being responsive to the state of the latch.
  - 14. The digital system of claim 13, wherein the secure mode indicator device is a lamp.
  - 15. The digital system of claim 13, wherein the secure mode indicator device is a mechanical device capable of indicating an on state and an off state.
  - 16. The digital system of claim 13, wherein the secure mode indicator device is an audio device capable of indicating an on state and an off state.
  - 17. The digital system of claim 12, wherein the security circuitry comprises a security state machine (SSM) connected to the CPU for monitoring a set of status signals and connected to the instruction address bus for monitoring instruction address signals, the SSM having an output for asserting the security signal when a secure mode of operation is established;
    - and wherein the SSM is operable to monitor execution of an activation sequence of instructions located in public ROM and to enter the secure mode of operation only if the activation sequence of instruction is executed by the CPU in a pre-defined order.
  - 18. The digital system according to claim 12, further comprising means for detecting tampering operable to indicate if the digital system has been tampered with, wherein the security circuit monitors the means for detecting tampering and is operable to prevent establishing a secure mode of operation in response to the means for detecting tampering.
  - 19. The digital system according to claim 12 being a wireless device, further comprising:
    - an integrated keyboard connected to the CPU via a keyboard adapter;
      
      a display, connected to the CPU via a display adapter;
      
      radio frequency (RF) circuitry connected to the CPU; and
      
      an aerial connected to the RF circuitry; and
      
      wherein the secure mode indicator comprises a light emitting diode (LED) arranged in viewable proximity to the display.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Texas Instruments, Inc.
Original Assignee
Texas Instruments, Inc.
Inventors
Cornillault, Bertrand, Dahan, Franck B.

Granted Patent

US 8,479,022 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

G06F 21/71   to assure secure computing ...

G06F 21/74   operating in dual or compar...

G06F 21/82   Protecting input, output or...

G06F 21/86   Secure or tamper-resistant ...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2147   Locking files

G06F 2221/2149   Restricted operating enviro...

G06F 9/4484   Executing subprograms

H04M 1/72403   with means for local suppor...

Secure mode indicator for smart phone or PDA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

121 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Secure mode indicator for smart phone or PDA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

121 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others