专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20070300058A1 Credential Provisioning For Mobile Devices 审中-公开
标题翻译：移动设备凭证配置
公开(公告)号：US20070300058A1
公开(公告)日：2007-12-27
申请号：US11425572
申请日：2006-06-21
申请人： Janne P. Takala , Rauno Tamminen , Lauri Paatero , Antti Kiiveri
发明人： Janne P. Takala , Rauno Tamminen , Lauri Paatero , Antti Kiiveri
IPC分类号： H04L9/00
CPC分类号： G06F21/57 , G06F21/10 , G06F2221/2111 , H04W12/08
摘要： A method and system for determining rights to access digital content at a mobile communication device is described. A mobile communication device is manufactured with a credential store that maintains credentials associated with the mobile communication device. After manufacturing of the mobile communication device, a player component is installed onto the mobile communication device. With a request for digital content to be used or distributed by the player component, one or more credentials of the mobile communication device are confirmed for accuracy. If accurate, the mobile communication device receives the requested digital content for use and distribution.
摘要翻译：描述了一种用于确定在移动通信设备处访问数字内容的权限的方法和系统。制造具有保存与移动通信设备相关联的凭据的凭证存储器的移动通信设备。在制造移动通信设备之后，将播放器组件安装到移动通信设备上。通过播放器组件使用或分发数字内容的请求，确认移动通信设备的一个或多个凭证的准确性。如果准确，则移动通信设备接收所请求的数字内容以供使用和分发。

2. 发明申请

US20050033969A1 Secure execution architecture 有权
标题翻译：安全执行架构
公开(公告)号：US20050033969A1
公开(公告)日：2005-02-10
申请号：US10634734
申请日：2003-08-04
申请人： Antti Kiiveri , Lauri Paatero
发明人： Antti Kiiveri , Lauri Paatero
IPC分类号： G06F1/00 , G06F9/455 , G06F21/57 , G06F12/14
CPC分类号： G06F21/57
摘要： The present invention relates to circuitry and a method for providing data security, which circuitry contains at least one processor and at least one storage circuit. The invention is based on the idea that circuitry is provided in which a processor is operable in at least two different modes, one first secure operating mode and one second unsecure operating mode. In the secure mode, the processor has access to security related data located in various memories located within the circuitry. The access to these security data and the processing of them need to be restricted, since an intruder with access to security data could manipulate the circuitry. When testing and/or debugging the circuitry, access to security information is not allowed. For this reason, the processor is placed in the unsecure operating mode, in which mode it is no longer given access to the protected data.
摘要翻译：本发明涉及用于提供数据安全性的电路和方法，该电路包含至少一个处理器和至少一个存储电路。本发明基于以下思想：提供电路，其中处理器可以以至少两种不同模式操作，一种第一安全操作模式和一种第二不安全操作模式。在安全模式中，处理器可以访问位于电路内的各种存储器中的安全相关数据。需要限制对这些安全数据的访问和处理，因为访问安全数据的入侵者可以操纵电路。当测试和/或调试电路时，不允许访问安全信息。因此，处理器处于不安全的操作模式，在哪种模式下，它不再被访问受保护的数据。

3. 发明授权

US09111097B2 Secure execution architecture 有权
标题翻译：安全执行架构
公开(公告)号：US09111097B2
公开(公告)日：2015-08-18
申请号：US10634734
申请日：2003-08-04
申请人： Antti Kiiveri , Lauri Paatero
发明人： Antti Kiiveri , Lauri Paatero
IPC分类号： G06F21/76 , G06F21/57 , G06F21/78
CPC分类号： G06F21/57
摘要： The present invention relates to circuitry and a method for providing data security, which circuitry contains at least one processor and at least one storage circuit. The invention is based on the idea that circuitry is provided in which a processor is operable in at least two different modes, one first secure operating mode and one second unsecure operating mode. In the secure mode, the processor has access to security related data located in various memories located within the circuitry. The access to these security data and the processing of them need to be restricted, since an intruder with access to security data could manipulate the circuitry. When testing and/or debugging the circuitry, access to security information is not allowed. For this reason, the processor is placed in the unsecure operating mode, in which mode it is no longer given access to the protected data.
摘要翻译：本发明涉及用于提供数据安全性的电路和方法，该电路包含至少一个处理器和至少一个存储电路。本发明基于以下思想：提供电路，其中处理器可以以至少两种不同模式操作，一种第一安全操作模式和一种第二不安全操作模式。在安全模式中，处理器可以访问位于电路内的各种存储器中的安全相关数据。需要限制对这些安全数据的访问和处理，因为访问安全数据的入侵者可以操纵电路。当测试和/或调试电路时，不允许访问安全信息。因此，处理器处于不安全的操作模式，在哪种模式下，它不再被访问受保护的数据。

4. 发明授权

US07418593B2 Method and a system for performing testing in a device, and a device 有权
标题翻译：用于在设备和设备中执行测试的方法和系统
公开(公告)号：US07418593B2
公开(公告)日：2008-08-26
申请号：US10771164
申请日：2004-02-03
申请人： Lauri Paatero , Antti Kiiveri
发明人： Lauri Paatero , Antti Kiiveri
IPC分类号： H04L9/00
CPC分类号： G06F21/78 , G06F21/62 , G06F2221/2105 , G06F2221/2113
摘要： The present invention relates to a method and a system for performing testing in a device (1), in which at least one program (110, 112) is loaded and at least one item of mode data relating to the program is determined. Furthermore, at least one key (111) is generated for use in said program. In the method, at least two different security levels are determined for the keys to be used in the device (1). In the method, said security level determined for the key and at least one mode data relating to the program are examined, and on the basis of the examination, it is decided if said key is available for use in the mode indicated in the mode data of the program. The invention also relates to a device, a mobile communication device and a storage medium.
摘要翻译：本发明涉及一种用于在装置（1）中执行测试的方法和系统，其中加载了至少一个程序（110,112），并且确定了与程序相关的至少一个模式数据项。此外，生成用于所述程序的至少一个键（111）。在该方法中，为在设备（1）中使用的密钥确定至少两个不同的安全级别。在该方法中，检查针对密钥确定的所述安全级别和与程序有关的至少一个模式数据，并且基于检查，确定所述密钥是否可用于模式数据中指示的模式的程序。本发明还涉及一种设备，移动通信设备和存储介质。

5. 发明授权

US07107616B2 Method of producing a response 有权
标题翻译：产生回应的方法
公开(公告)号：US07107616B2
公开(公告)日：2006-09-12
申请号：US10047193
申请日：2002-01-15
申请人： Lauri Paatero
发明人： Lauri Paatero
IPC分类号： H04L9/32
CPC分类号： H04L9/3271 , G06Q20/367 , G06Q20/3674 , G06Q20/3829 , G06Q20/4012
摘要： The present invention relates to a device (1) comprising an input for receiving an input; calculation means (P) for producing a response (OUTPUT) in response to the input (INPUT) and a secret key (A) by utilizing a first predetermined function (f), and an output (3) for feeding said response (OUTPUT) further. In order for an attacker not be able to find out the secret key, the device further comprises a memory (M) in which the key-specific number (RND) is stored, and means for retrieving the key-specific number (RND) from the memory (M) and for feeding it to the calculation means (P′) for carrying out predetermined calculation operations (f2) on the basis of the key-specific number (RND) when producing said response (OUTPUT).
摘要翻译：本发明涉及一种装置（1），包括用于接收输入的输入端; 用于通过利用第一预定功能（f）产生响应于输入（INPUT）和秘密密钥（A）的响应（OUTPUT）的计算装置（P）和用于馈送所述响应（OUTPUT）的输出（3）进一步。为了使攻击者不能找到秘密密钥，该设备还包括其中存储密钥特定号码（RND）的存储器（M），以及用于从密钥特定号码（RND）中检索密钥特定号码存储器（M），并且用于在产生所述响应（OUTPUT）时将其馈送到计算装置（P'），用于基于密钥特定号码（RND）执行预定的计算操作（f 2）。

6. 发明申请

US20060137007A1 Revoking a permission for a program 审中-公开
标题翻译：撤销程序的权限
公开(公告)号：US20060137007A1
公开(公告)日：2006-06-22
申请号：US11015099
申请日：2004-12-16
申请人： Lauri Paatero , Antti Hayrynen , Liiisa Peltonen , Vesa Tervo
发明人： Lauri Paatero , Antti Hayrynen , Liiisa Peltonen , Vesa Tervo
IPC分类号： G06F12/14
CPC分类号： G06F21/629
摘要： A device and a method for revoking a permission of an access controlled program are provided. The method includes executing an access controlled program by a processor at a device, determining if a permission of the access controlled program at the device needs to be revoked, and requesting a new permission for the access controlled program at the device if the permission is determined to need revocation. For example, revocation of the permission may result when a specified time interval has elapsed during execution of the access controlled program. As another example, revocation of the permission may result when the number of access control program instructions executed by a processor exceeds a predetermined use threshold. The access controlled program may be a Mobile Information Device Profile program also known as a MIDlet.
摘要翻译：提供了一种用于撤销访问控制程序的许可的装置和方法。该方法包括由设备处理器执行访问控制的程序，确定是否需要撤消在设备处的访问控制程序的许可，如果确定了许可，则请求在设备处的访问受控程序的新许可需要撤销。例如，当在访问控制程序的执行期间经过指定的时间间隔时，可能会导致许可的撤销。作为另一示例，当由处理器执行的访问控制程序指令的数量超过预定使用阈值时，可能导致许可的撤销。访问控制程序可以是也称为MIDlet的移动信息设备简档程序。

7. 发明授权

US08495383B2 Method for the secure storing of program state data in an electronic device 有权
标题翻译：用于在电子设备中安全地存储程序状态数据的方法
公开(公告)号：US08495383B2
公开(公告)日：2013-07-23
申请号：US11638405
申请日：2006-12-14
申请人： Jan-Erik Ekberg , Lauri Paatero
发明人： Jan-Erik Ekberg , Lauri Paatero
IPC分类号： G06F21/00
CPC分类号： G06F21/6272 , G06F21/305 , G06F21/51 , G06F21/52 , G06F21/57 , H04L9/3247 , H04L2209/603 , H04L2209/80 , H04W12/06 , H04W12/10
摘要： The invention relates to a method in which program information is obtained to an execution environment in an electronic device. The program information comprises at least a program code. A key is computed of the program information and a device specific secret value. The key is used to decrypt program specific state data in the execution environment and to encrypt modified state data after the execution.
摘要翻译：本发明涉及一种向电子设备中的执行环境获得节目信息的方法。程序信息至少包括程序代码。计算节目信息和设备特定秘密值的密钥。该密钥用于解密执行环境中的程序特定状态数据，并在执行后加密修改后的状态数据。

8. 发明授权

US08028164B2 Practical and secure storage encryption 有权
标题翻译：实用和安全的存储加密
公开(公告)号：US08028164B2
公开(公告)日：2011-09-27
申请号：US10804852
申请日：2004-03-19
申请人： Lauri Paatero
发明人： Lauri Paatero
IPC分类号： H04L29/06
CPC分类号： G06F21/72 , G06F21/74
摘要： The present invention relates to an electronic device (301) in which acceleration of data processing operations is provided, the device comprising a secure execution environment to which access is controlled. A basic idea of the present invention is to provide a device (311) for acceleration of data processing operations (an “accelerator”). In particular, the accelerator is used to accelerate cryptographic data operations such that it performs cryptographic operations on data provided to it via a first logical interface. The cryptographic operations are performed by means of encryption/decryption keys provided to the accelerator via a secure second logical interface which may share a same physical interface (312) with the first logical interface or which may use a distinct physical interface (414) from that of a distinct physical interface (412) used as the first logical interface.
摘要翻译：本发明涉及提供数据处理操作加速的电子设备（301），该设备包括对其进行访问控制的安全执行环境。本发明的基本思想是提供一种用于加速数据处理操作的装置（311）（“加速器”）。特别地，加速器用于加速加密数据操作，使得其对经由第一逻辑接口提供给它的数据执行加密操作。加密操作通过经由安全的第二逻辑接口提供给加速器的加密/解密密钥来执行，所述安全第二逻辑接口可以与第一逻辑接口共享相同的物理接口（312），或者可以使用与该第一逻辑接口不同的物理接口（414）用作第一逻辑接口的不同物理接口（412）。

9. 发明授权

US07930537B2 Architecture for encrypted application installation 有权
标题翻译：加密应用程序安装架构
公开(公告)号：US07930537B2
公开(公告)日：2011-04-19
申请号：US10771836
申请日：2004-02-03
申请人： Lauri Paatero
发明人： Lauri Paatero
IPC分类号： H04L29/06 , G06F11/30 , G06F12/14 , H04K1/00 , H04L9/08
CPC分类号： G06F21/10 , G06F2221/2149
摘要： Methods and systems are arranged to control the decryption of an encrypted application in a device executing the application, the device arranged with a secure environment to which access is strictly controlled by a device processor. The application is divided into an installation part that establishes proper set up of the application and a protected part which is to be executed in the secure environment. An advantage with the invention is that the application provider has the freedom to control the decryption of the application software. Since it is performed in the secure environment, the owner of the device is unable to access the application and thereby copy, read or manipulate it. Moreover, the application provider handles the installation of the encrypted application and the key for decrypting the application, and is thus given the possibility to handle the encryption/decryption schemes and the key management.
摘要翻译：方法和系统被布置为控制在执行应用的设备中的加密应用的解密，该设备被布置有安全环境，访问被设备处理器严格控制。应用程序分为安装部分，建立应用程序的正确设置和要在安全环境中执行的受保护部分。本发明的优点在于，应用提供者具有控制应用软件解密的自由度。由于它是在安全环境中执行的，因此设备的所有者无法访问应用程序，从而复制，读取或操作该应用程序。此外，应用提供者处理加密应用程序的安装和用于解密应用程序的密钥，因此可以处理加密/解密方案和密钥管理。

10. 发明申请

US20050210287A1 Secure mode controlled memory 有权
标题翻译：安全模式控制内存
公开(公告)号：US20050210287A1
公开(公告)日：2005-09-22
申请号：US10804855
申请日：2004-03-19
申请人： Lauri Paatero
发明人： Lauri Paatero
IPC分类号： G06F1/00 , G06F21/00 , H04L9/32
CPC分类号： G06F21/14 , G06F21/51 , G06F21/575 , G06F21/72 , G06F21/78 , G06F21/85 , G06F2221/2105
摘要： The present invention relates to a method of, and a system for, enhancing data security, which data is to be executed in an electronic device (101) comprising a secure execution environment (104) to which access is restricted. A basic idea of the present invention is that, at device boot, data in the form of e.g. program code is copied from permanent memory (112) to temporary memory (110). The integrity of this program code must be verified to ensure that the program code has not been altered during the transmission between the memories. Further, a new secret key is generated in the secure execution environment. This new secret key is used by a device processor (103) to encrypt the program code to be stored in the temporary memory in order to ensure that the program code is kept secret during transmission. The device processor thereafter writes the encrypted program code into the temporary memory.
摘要翻译：本发明涉及一种用于增强数据安全性的方法和系统，所述数据安全性将在包括访问被限制的安全执行环境（104）的电子设备（101）中执行。本发明的基本思想是，在设备启动时，以例如形式的数据。程序代码从永久存储器（112）复制到临时存储器（110）。必须验证此程序代码的完整性，以确保在存储器之间的传输期间程序代码未被更改。此外，在安全执行环境中生成新的秘密密钥。该新的秘密密钥由设备处理器（103）用来加密要存储在临时存储器中的程序代码，以便确保程序代码在传输期间保密。然后，设备处理器将加密的程序代码写入临时存储器。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式