JTAG fuse vulnerability determination and protection using a trusted execution environment

US 9,021,585 B1
Filed: 03/15/2013
Issued: 04/28/2015
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method of configuring a trusted security zone into a portable electronic device, comprising:

executing instructions on a processor of the portable electronic device that determine the state of a Joint Test Action Group (JTAG) port of the portable electronic device;

responsive to a determination that the JTAG port is enabled, executing instructions on the processor preventing configuration of the trusted security zone into the portable electronic device;

responsive to a determination that the JTAG port is disabled, configuring the trusted security zone into the portable electronic device, wherein the trusted security zone provides hardware assisted trust, wherein configuring the trusted security zone comprises installing the trusted security zone in a secure portion of a memory in the portable electronic device; and

after the trusted security zone is configured into the portable electronic device, executing instructions on the processor creating a JTAG port inspected certificate and storing the JTAG port inspected certificate into a trusted memory area of the trusted security zone,wherein executing instructions on the processor preventing configuration of the trusted security zone into the portable electronic device responsive to the determination that the JTAG port is enabled reduces a vulnerability to hacking the trusted security zone via the enabled JTAG port.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of configuring a trusted security zone into a portable electronic device. The method comprises executing instructions on a processor of the portable electronic device that determine the state of a JTAG (JTAG) port of the portable electronic device, if the JTAG port is determined to be enabled, executing instructions on the processor preventing configuration of the trusted security zone into the portable electronic device, and if the JTAG port is determined to be disabled, configuring the trusted security zone into the portable electronic device, whereby a vulnerability to hacking the trusted security zone via an enabled JTAG port is reduced.

336 Citations

15 Claims

1. A method of configuring a trusted security zone into a portable electronic device, comprising:
- executing instructions on a processor of the portable electronic device that determine the state of a Joint Test Action Group (JTAG) port of the portable electronic device;
  
  responsive to a determination that the JTAG port is enabled, executing instructions on the processor preventing configuration of the trusted security zone into the portable electronic device;
  
  responsive to a determination that the JTAG port is disabled, configuring the trusted security zone into the portable electronic device, wherein the trusted security zone provides hardware assisted trust, wherein configuring the trusted security zone comprises installing the trusted security zone in a secure portion of a memory in the portable electronic device; and
  
  after the trusted security zone is configured into the portable electronic device, executing instructions on the processor creating a JTAG port inspected certificate and storing the JTAG port inspected certificate into a trusted memory area of the trusted security zone,wherein executing instructions on the processor preventing configuration of the trusted security zone into the portable electronic device responsive to the determination that the JTAG port is enabled reduces a vulnerability to hacking the trusted security zone via the enabled JTAG port.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein determining the state of the JTAG port comprises determining whether the fuses of the JTAG port are blown.
  - 3. The method of claim 1, wherein determining the state of the JTAG port comprises reading from the JTAG port addresses.
  - 4. The method of claim 1, further comprising, responsive to the determination that the JTAG port is enabled, sending an electronic message to a server computer identifying the portable electronic device and indicating that the JTAG port of the device was determined to be enabled, whereby a purchaser of portable electronic devices accumulates statistical information on the performance of vendors based on the message.
  - 5. The method of claim 1, wherein the portable electronic device is one of a mobile phone, a personal digital assistant (PDA), or a media player.
  - 6. The method of claim 1, wherein the portable electronic device is one of a laptop computer, a tablet computer, or a notebook computer.

7. A method of protecting an electronic device from a hacking attack that exploits a Joint Test Action Group (JTAG) port of the electronic device that has not been disabled, comprising:
- executing instructions on a processor of the electronic device that determine the state of a JTAG port of the electronic device;
  
  responsive to a determination that the JTAG port is enabled, executing instructions on the processor of the electronic device to detect a physical connection to the JTAG port;
  
  responsive to detecting a physical connection to the JTAG port, executing instructions on the processor preventing execution of trusted applications;
  
  responsive to a determination that the JTAG port is enabled, executing instructions on the processor preventing execution of software that reads from the JTAG port; and
  
  responsive to a determination that the JTAG port is enabled, preventing downloading of at least one of confidential information, financial applications, a credit card number, or a credit card payment application,wherein executing instructions on the processor preventing execution of the trusted applications responsive to detecting the physical connection to the JTAG port, executing instructions on the processor preventing execution of the software that reads from the JTAG port responsive to the determination that the JTAG port is enabled, and preventing downloading of at least one of confidential information, financial applications, a credit card number, or a credit card payment application responsive to the determination that the JTAG port is enabled reduces a vulnerability of the electronic device to a hacking attack that exploits the enabled JTAG.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein the electronic device is one of a mobile phone, a laptop computer, a tablet computer, a notebook computer, a server computer, a router, or an embedded system.
  - 9. The method of claim 7, wherein determining the state of the JTAG port comprises reading from addresses associated with the JTAG port.
  - 10. The method of claim 7, wherein determining the state of the JTAG port comprises determining the state of JTAG fuses.
  - 11. The method of claim 10, wherein responsive to a determination that the JTAG fuses are intact, storing a parameter value abstractly indicating that the JTAG port is enabled.
  - 12. The method of claim 10, wherein responsive to a determination that the JTAG fuses are blown, storing a parameter value abstractly indicating that the JTAG port is disabled.
  - 13. The method of claim 7, further comprising sending a message to a server computer indicating that the JTAG port is not disabled.

14. A method of thwarting a hacking attack on a mobile phone via an enabled Joint Test Action Group (JTAG) port of the mobile phone, comprising:
- executing instructions on a processor of the mobile phone that detect the state of the JTAG port as one of enabled or disabled;
  
  responsive to a determination that the JTAG port is enabled, taking a first action to reduce vulnerability to hacking attacks via the enabled JTAG port, wherein the first action comprises preventing downloading of at least one of confidential information, financial applications, a credit card number, or a credit card payment application;
  
  responsive to a determination that the JTAG port is disabled, configuring a trusted security zone into the mobile phone, wherein configuring the trusted security zone comprises installing the trusted security zone in a secure portion of a memory in the mobile phone; and
  
  after the trusted security zone is configured into the mobile phone, executing instructions on the processor creating a JTAG port inspected certificate and storing the JTAG port inspected certificate into a trusted memory area of the trusted security zone.
- View Dependent Claims (15)
- - 15. The method of claim 14, further comprising when the JTAG port is determined to be enabled, marking a hardware portion of the mobile phone intended for installation of a trusted security zone as one of invalid or untrusted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Paczkowski, Lyle W., Parsel, William M., Persson, Carl J., Schlesener, Matthew C.
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
AVERY, JEREMIAH L

Application Number

US13/844,325
Time in Patent Office

774 Days
Field of Search

None
US Class Current

726/22
CPC Class Codes

G06F 21/53 by executing in a restricte...

G06F 21/577 Assessing vulnerabilities a...

JTAG fuse vulnerability determination and protection using a trusted execution environment

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

336 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

JTAG fuse vulnerability determination and protection using a trusted execution environment

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

336 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links