Key storage administration
First Claim
1. A method comprising:
- allocating a storage area configured to store data for an application of a multiple of applications within a secure environment of a device to which access is restricted;
associating the storage area with an application identity of said application of said multiple applications to generate an associated identity, wherein said application identity of said application of said multiple of applications is generated by the device;
storing the associated identity within the secure environment; and
controlling access to the storage area by verifying correspondence between the associated identity and an accessing application identity so that only said application of said multiple applications can access the storage area;
wherein the application identity of said application is a digital signature created based on a private key, the digital signature being attached to said application, and the verification of the application identity is performed by verifying the digital signature with a public key that corresponds to said private key.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to a method and a system for allowing multiple applications to manage their respective data in a device (100, 200) having a secure environment (104, 204, 211) to which access is strictly controlled. The idea of the invention is that a storage area is allocated (301) within the secure environment (104, 204, 211) of a device (100, 200). The storage area is associated (302) with an identity of an application, the associated identity is stored (303) in the secure environment (104, 204, 211) and access to the storage area is controlled (304) by verifying correspondence between the associated identity and the identity of an accessing application. This is advantageous, since it is possible for the accessing application to read, write and modify objects, such as cryptographic keys, intermediate cryptographic calculation results and passwords, in the allocated storage area.
11 Citations
12 Claims
-
1. A method comprising:
-
allocating a storage area configured to store data for an application of a multiple of applications within a secure environment of a device to which access is restricted; associating the storage area with an application identity of said application of said multiple applications to generate an associated identity, wherein said application identity of said application of said multiple of applications is generated by the device; storing the associated identity within the secure environment; and controlling access to the storage area by verifying correspondence between the associated identity and an accessing application identity so that only said application of said multiple applications can access the storage area; wherein the application identity of said application is a digital signature created based on a private key, the digital signature being attached to said application, and the verification of the application identity is performed by verifying the digital signature with a public key that corresponds to said private key. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus comprising a control processing unit configured to:
-
allocate a storage area configured to store data for an application of a multiple of applications within a secure environment of a device to which access is restricted; associate the storage area with an application identity of said application of said multiple applications to generate an associated identity, wherein said application identity of said application of said multiple of applications is generated by the device; store the associated identity within the secure environment; and control access to the storage area by verifying correspondence between the associated identity and an accessing application identity so that only said application of said multiple applications can access the storage area; wherein the application identity of said application is a digital signature created based on a private key, the digital signature being attached to said application, and the verification of the application identity is performed by decrypting the digital signature with a public key that corresponds to said private key. - View Dependent Claims (7, 8)
-
-
9. Circuitry for providing data security comprising:
-
at least one storage circuit comprising at least one storage area configured to store data for an application of a multiple of applications within a secure environment of a device to which access is restricted; at least one processor configured to; associate the at least one storage area with an application identity of said application of said multiple applications to generate an associated identity, wherein said application identity of said application of said multiple of applications is generated by the device; and store the associated identity within the secure environment; and a register configured to enable said at least one processor to control access to said at least one storage area by verifying correspondence between the associated identity and an accessing application identity so that only said application of said multiple applications can access the at least one storage area; wherein the application identity of said application is a digital signature created based on a private key, the digital signature being attached to said application, and the verification of the application identity is performed by decrypting the digital signature with a public key that corresponds to said private key. - View Dependent Claims (10)
-
-
11. A computer-readable non-transitory storage medium storing computer-executable components, which when executed by a processor, performs:
-
allocating a storage area configured to store data for an application of a multiple of applications within a secure environment of a device to which access is restricted; associating the storage area with an application identity of said application of said multiple applications to generate an associated identity, wherein said application identity of said application of said multiple of applications is generated by the device; storing the associated identity within the secure environment; and controlling access to the storage area by verifying correspondence between the associated identity and an accessing application identity so that only said application of said multiple applications can access the storage area; wherein the application identity of said application is a digital signature created based on a private key, the digital signature being attached to said application, and the verification of the application identity is performed by verifying the digital signature with a public key that corresponds to said private key.
-
-
12. An apparatus comprising:
-
a processor configured for allocating a storage area configured to store data for an application of a multiple of applications within a secure environment of a device to which access is restricted; the processor further configured for associating the storage area with an application identity of said application of said multiple applications to generate an associated identity, wherein said application identity of said application of said multiple of applications is generated by the device; the storage area configured for storing the associated identity within the secure environment; and the processor further configured for controlling access to the storage area by verifying correspondence between the associated identity and an accessing application identity so that only said application of said multiple applications can access the storage area; wherein the application identity of said application is a digital signature created based on a private key, the digital signature being attached to said application, and the verification of the application identity is performed by verifying the digital signature with a public key that corresponds to said private key.
-
Specification