专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2008071836A1 METHOD FOR THE SECURE STORING OF PROGRAM STATE DATA IN AN ELECTRONIC DEVICE 审中-公开
标题翻译：在电子设备中安全存储程序状态数据的方法
公开(公告)号：WO2008071836A1
公开(公告)日：2008-06-19
申请号：PCT/FI2007/050658
申请日：2007-12-04
申请人： NOKIA CORPORATION , EKBERG, Jan-Erik , PAATERO, Lauri
发明人： EKBERG, Jan-Erik , PAATERO, Lauri
IPC分类号： G06F21/00 , H04L9/00
CPC分类号： G06F21/6272 , G06F21/305 , G06F21/51 , G06F21/52 , G06F21/57 , H04L9/3247 , H04L2209/603 , H04L2209/80 , H04W12/06 , H04W12/10
摘要： The invention relates to a method in which program information is obtained to an execution environment (110) in an electronic device (100). The program information comprises at least a program code (121 ). A key is computed of the program information and a device specific secret value (114). The key is used to decrypt program specific state data (170) in the execution environment (110) and to encrypt modified state data after the execution.
摘要翻译：本发明涉及一种向电子设备（100）中的执行环境（110）获得节目信息的方法。程序信息至少包括程序代码（121）。计算节目信息和设备特定秘密值的密钥（114）。该密钥用于解密执行环境（110）中的程序特定状态数据（170），并且在执行之后加密修改后的状态数据。

2. 发明申请

WO2006120302A1 IMPLEMENTATION OF AN INTEGRITY-PROTECTED SECURE STORAGE 审中-公开
标题翻译：实施全面保障的安全存储
公开(公告)号：WO2006120302A1
公开(公告)日：2006-11-16
申请号：PCT/FI2006/050186
申请日：2006-05-11
申请人： NOKIA CORPORATION , ASOKAN, Nadarajah , EKBERG, Jan-Erik , PAATERO, Lauri
发明人： ASOKAN, Nadarajah , EKBERG, Jan-Erik , PAATERO, Lauri
IPC分类号： G07F7/10 , G06F21/00 , H04L9/00 , G06K19/07
CPC分类号： H04L63/0428 , G06F21/606 , G06F21/62 , G06F21/71 , G06F21/78 , G06F21/79 , G06Q20/341 , G06Q20/3576 , G06Q20/40975 , G07F7/1008 , H04L9/0833 , H04L9/0838 , H04L9/0891 , H04L67/1097 , H04L2209/12 , H04L2209/603 , H04L2209/80
摘要： An internal but not integrated security token is provided for a device which comprises a first integrated circuitry comprising a secure processor. The security token is provided by a second integrated circuitry separate from the first circuitry. The second integrated circuitry comprises a secure non-volatile storage. The secure processor communicates information to the second circuitry in a secure manner for the secure information to be securely stored in the secure non-volatile storage, and the second integrated circuitry communicates information stored in its secure non-volatile storage to the secure processor in a secure manner. Communications is secured by means of cryptography. The first integrated circuitry and the second integrated circuitry are internal parts of the device. An initialization method for distributing a secure key to be shared between the circuitries and to be used in cryptography is also disclosed.
摘要翻译：为包括包括安全处理器的第一集成电路的设备提供内部但未集成的安全令牌。安全令牌由与第一电路分开的第二集成电路提供。第二集成电路包括安全的非易失性存储器。安全处理器以安全的方式将信息传送到第二电路，以将安全信息安全地存储在安全的非易失性存储器中，并且第二集成电路将存储在其安全非易失性存储器中的信息传送到安全处理器安全的方式。通信是通过密码保护的。第一集成电路和第二集成电路是器件的内部部件。还公开了一种用于分发要在电路之间共享并将用于密码学的安全密钥的初始化方法。

3. 发明申请

WO2004070587A1 ARCHITECTURE FOR ENCRYPTED APPLICATION INSTALLATION 审中-公开
标题翻译：加密应用程序安装架构
公开(公告)号：WO2004070587A1
公开(公告)日：2004-08-19
申请号：PCT/IB2003/000343
申请日：2003-02-03
申请人： NOKIA CORPORATION , PAATERO, Lauri
发明人： PAATERO, Lauri
IPC分类号： G06F1/00
CPC分类号： G06F21/10 , G06F2221/2149
摘要： The present invention relates to methods to control, and systems arranged to control, the decryption of a provided encrypted application in a device executing the application, the device being arranged with a secure environment to which access is strictly controlled by a device processor. The invention is based on the idea that the application is divided into an installation part that establishes proper set up of the application and a protected part which is to be executed in the secure environment. An advantage with the invention is that the application provider has the freedom to control the decryption of the application software. Since it is performed in the secure environment, the owner of the device, is unable to access the application and thereby copy, read or manipulate it. Moreover, the application provider handles the installation of the encrypted application and the key for decrypting the application, and is thus given the possibility to handle the encryption/decryption schemes and the key management.
摘要翻译：本发明涉及用于控制的方法以及被配置为控制在执行应用程序的设备中提供的加密应用程序的解密的系统，该设备被布置有安全环境，访问被设备处理器严格控制。本发明基于将应用程序划分为安装部分，其建立应用程序的正确设置和将在安全环境中执行的受保护部分。本发明的一个优点是应用提供者具有控制应用软件解密的自由度。由于它是在安全环境中执行的，所以设备的所有者无法访问应用程序，从而复制，读取或操作它。此外，应用提供者处理加密应用程序的安装和用于解密应用程序的密钥，因此可以处理加密/解密方案和密钥管理。

4. 发明申请

WO2007148222A2 CREDENTIAL PROVISIONING FOR MOBILE DEVICES 审中-公开
标题翻译：移动设备的认证提供
公开(公告)号：WO2007148222A2
公开(公告)日：2007-12-27
申请号：PCT/IB2007/001872
申请日：2007-06-21
申请人： NOKIA CORPORATION , NOKIA, INC. , TAKALA, Janne, P. , TAMMINEN, Rauno , PAATERO, Lauri , KIIVERI, Antti
发明人： TAKALA, Janne, P. , TAMMINEN, Rauno , PAATERO, Lauri , KIIVERI, Antti
IPC分类号： G06F21/00 , H04L9/32 , H04L29/06
CPC分类号： G06F21/57 , G06F21/10 , G06F2221/2111 , H04W12/08
摘要： A method and system for determining rights to access digital content at a mobile communication device is described. A mobile communication device is manufactured with a credential store that maintains credentials associated with the mobile communication device. After manufacturing of the mobile communication device, a player component is installed onto the mobile communication device. With a request for digital content to be used or distributed by the player component, one or more credentials of the mobile communication device are confirmed for accuracy. If accurate, the mobile communication device receives the requested digital content for use and distribution.
摘要翻译：描述了一种用于确定在移动通信设备处访问数字内容的权限的方法和系统。制造具有保存与移动通信设备相关联的凭据的凭证存储器的移动通信设备。在制造移动通信设备之后，将播放器组件安装到移动通信设备上。通过播放器组件使用或分发数字内容的请求，确认移动通信设备的一个或多个凭证的准确性。如果准确，则移动通信设备接收所请求的数字内容以供使用和分发。

5. 发明申请

WO2005091108A1 SECURE MODE CONTROLLED MEMORY 审中-公开
标题翻译：安全模式控制存储器
公开(公告)号：WO2005091108A1
公开(公告)日：2005-09-29
申请号：PCT/IB2005/000562
申请日：2005-03-03
申请人： NOKIA CORPORATION , PAATERO, Lauri
发明人： PAATERO, Lauri
IPC分类号： G06F1/00
CPC分类号： G06F21/14 , G06F21/51 , G06F21/575 , G06F21/72 , G06F21/78 , G06F21/85 , G06F2221/2105
摘要： The present invention relates to a method of, and a system for, enhancing data security, which data is to be executed in an electronic device (101) comprising a secure execution environment (104) to which access is restricted. A basic idea of the present invention is that, at device boot, data in the form of e.g. program code is copied from permanent memory (112) to temporary memory (110). The integrity of this program code must be verified to ensure that the program code has not been altered during the transmission between the memories. Further, a new secret key is generated in the secure execution environment. this new secret key is used by a device processor (103) to encrypt the program code to be stored in the temporary memory in order to ensure that the program code is kept secret during transmission. The device processor thereafter writes the encrypted program code into the temporary memory.
摘要翻译：本发明涉及一种用于增强数据安全性的方法和系统，所述数据安全性将在包括被限制访问的安全执行环境（104）的电子设备（101）中执行。本发明的基本思想是，在设备启动时，以例如形式的数据。程序代码从永久存储器（112）复制到临时存储器（110）。必须验证此程序代码的完整性，以确保在存储器之间的传输期间程序代码未被更改。此外，在安全执行环境中生成新的秘密密钥。该新的秘密密钥由设备处理器（103）使用来加密要存储在临时存储器中的程序代码，以便确保程序代码在传输期间保密。然后，设备处理器将加密的程序代码写入临时存储器。

6. 发明申请

WO2005003938A1 KEY STORAGE ADMINISTRATION 审中-公开
标题翻译：主要存储管理
公开(公告)号：WO2005003938A1
公开(公告)日：2005-01-13
申请号：PCT/IB2003/002661
申请日：2003-07-04
申请人： NOKIA CORPORATION , PAATERO, Lauri , COFTA, Piotr
发明人： PAATERO, Lauri , COFTA, Piotr
IPC分类号： G06F1/00
CPC分类号： G06F21/78 , G06F21/62 , G06F21/74 , G06F2221/2105
摘要： The present invention relates to a method and a system for allowing multiple applications to manage their respective data in a device (100, 200) having a secure environment (104, 204, 211) to which access is strictly controlled. The idea of the invention is that a storage area is allocated (301) within the secure environment (104, 204, 211) of a device (100, 200). The storage area is associated (302) with an identity of an application, the associated identity is stored (303) in the secure environment (104, 204, 211) and access to the storage area is controlled (304) by verifying correspondence between the associated identity and the identity of an accessing application. This is advantageous, since it is possible for the accessing application to read, write and modify objects, such as cryptographic keys, intermediate cryptographic calculation results and passwords, in the allocated storage area.
摘要翻译：本发明涉及一种用于允许多个应用在具有严格控制访问的安全环境（104,204,211）的设备（100,200）中管理其各自数据的方法和系统。本发明的思想是在设备（100,200）的安全环境（104,204,211）内分配（301）存储区域。存储区域与应用程序的身份相关联（302），相关联的身份（303）存储在安全环境（104,204,211）中，并通过验证访问存储区域的方式来控制对存储区域的访问（304）关联身份和访问应用程序的身份。这是有利的，因为访问应用可以在所分配的存储区域中读取，写入和修改诸如加密密钥，中间密码计算结果和密码的对象。

7. 发明申请

WO2004070586A1 A METHOD AND A SYSTEM FOR PERFORMING TESTING IN A DEVICE, AND A DEVICE 审中-公开
标题翻译：用于在设备中执行测试的方法和系统，以及设备
公开(公告)号：WO2004070586A1
公开(公告)日：2004-08-19
申请号：PCT/FI2004/050010
申请日：2004-02-02
申请人： NOKIA CORPORATION , PAATERO, Lauri , KIIVERI, Antti
发明人： PAATERO, Lauri , KIIVERI, Antti
IPC分类号： G06F1/00
CPC分类号： G06F21/78 , G06F21/62 , G06F2221/2105 , G06F2221/2113
摘要： The present invention relates to a method and a system for performing testing in a device (1), in which at least one program (110, 112) is loaded and at least one item of mode data relating to the program is determined. Furthermore, at least one key (111) is generated for use in said program. In the method, at least two different security levels are determined for the keys to be used in the device (1). In the method, said security level determined for the key and at least one mode data relating to the program are examined, and on the basis of the examination, it is decided if said key is available for use in the mode indicated in the mode data of the program.
摘要翻译：本发明涉及一种用于在装置（1）中执行测试的方法和系统，其中加载了至少一个程序（110,112），并且确定了与程序相关的至少一个模式数据项。此外，生成用于所述程序的至少一个键（111）。在该方法中，为在设备（1）中使用的密钥确定至少两个不同的安全级别。在该方法中，检查针对密钥确定的所述安全级别和与程序有关的至少一个模式数据，并且基于检查，确定所述密钥是否可用于模式数据中指示的模式的程序。

8. 发明申请

WO2006038082A1 SYSTEM AND METHOD FOR SAFE BOOTING ELECTRONIC DEVICES 审中-公开
标题翻译：用于安全起动电子设备的系统和方法
公开(公告)号：WO2006038082A1
公开(公告)日：2006-04-13
申请号：PCT/IB2005/002918
申请日：2005-09-30
申请人： NOKIA CORPORATION , NOKIA, INC. , VÄHÄ-SIPILÄ, Antti , PAATERO, Lauri , PÄRNÄNEN, Matti
发明人： VÄHÄ-SIPILÄ, Antti , PAATERO, Lauri , PÄRNÄNEN, Matti
IPC分类号： G06F21/00 , G06F11/14 , G06F9/445
CPC分类号： H04L63/08 , G06F21/575 , H04W12/06
摘要： An improved system and method for safe booting an electronic device. In situations such as where a virus is infecting various devices within a network, the present invention provides an authentication centre with the ability to instruct a device on the network to safe boot. During the safe boot, it can be arranged such that no third party applications are run, only backup, restoration, or uninstallation of programs are possible, and/or only programs in the device's read-only memory are loaded. The present invention also provides a user with the ability to go through the boot process in a step-by-step manner.
摘要翻译：一种用于安全引导电子设备的改进的系统和方法。在病毒感染网络内的各种设备的情况下，本发明提供了一种能够指示网络上的设备安全启动的认证中心。在安全启动期间，可以将其布置为不运行第三方应用程序，只有程序的备份，恢复或卸载成为可能，和/或仅加载设备的只读存储器中的程序。本发明还提供一种用户能够以逐步方式进行引导过程的能力。

9. 发明申请

WO2005091109A1 DEVICE WITH A CRYPTOGRAPHIC COPROCESSOR 审中-公开
标题翻译：具有CRYPTOGRAPHIC COPROCESSOR的设备
公开(公告)号：WO2005091109A1
公开(公告)日：2005-09-29
申请号：PCT/IB2005/000567
申请日：2005-03-03
申请人： NOKIA CORPORATION , PAATERO, Lauri
发明人： PAATERO, Lauri
IPC分类号： G06F1/00
CPC分类号： G06F21/72 , G06F21/74
摘要： The present invention relates to an electronic device (301) in which acceleration of data processing operations is provided, the device comprising a secure execution environment to which access is controlled. A basic idea of the present invention is to provide a device (311) for acceleration of data processing operations (an "accelerator"). In particular, the accelerator is used to accelerate cryptographic data operations such that it performs cryptographic operations on data provided to it via a first logical interface (312). The cryptographic operations are performed by means of encryption/decryption keys provided to the accelerator via a secure second logical interface (312).
摘要翻译：本发明涉及提供数据处理操作加速的电子设备（301），该设备包括对其进行访问控制的安全执行环境。本发明的基本思想是提供一种用于加速数据处理操作的装置（311）（“加速器”）。特别地，加速器用于加速加密数据操作，使得其对经由第一逻辑接口（312）提供给它的数据执行密码操作。密码操作通过经由安全的第二逻辑接口（312）提供给加速器的加密/解密密钥来执行。

10. 发明申请

WO2004015553A1 COMPUTER ARCHITECTURE FOR EXECUTING A PROGRAM IN A SECURE OF INSECURE MODE 审中-公开
标题翻译：用于在安全模式下执行程序的计算机体系结构
公开(公告)号：WO2004015553A1
公开(公告)日：2004-02-19
申请号：PCT/IB2002/003216
申请日：2002-08-13
申请人： NOKIA CORPORATION , PAATERO, Lauri , KIIVERI, Antti
发明人： PAATERO, Lauri , KIIVERI, Antti
IPC分类号： G06F1/00
CPC分类号： G06F21/57
摘要： The present invention relates to circuitry and a method for providing data security, which circuitry contains at least one processor and at least one storage circuit. The invention is based on the idea that circuitry is provided in which a processor is operable in at least two different modes, one first secure operating mode and one second unsecure operating mode. In the secure mode, the processor has access to security related data located in various memories located within the circuitry. The access to these security data and the processing of them need to be restricted, since an intruder with access to security data could manipulate the circuitry. When testing and/or debugging the circuitry, access to security information is not allowed. For this reason, the processor is placed in the unsecure operating mode, in which mode it is no longer given access to the protected data.
摘要翻译：本发明涉及用于提供数据安全性的电路和方法，该电路包括至少一个处理器和至少一个存储电路。本发明基于以下思想：提供电路，其中处理器可以以至少两种不同模式操作，一种第一安全操作模式和一种第二不安全操作模式。在安全模式下，处理器可访问位于电路内的各种存储器中的安全相关数据。需要限制对这些安全数据的访问和处理，因为访问安全数据的入侵者可以操纵电路。测试和/或调试电路时，不允许访问安全信息。因此，处理器处于不安全的操作模式，在哪种模式下，它不再被访问受保护的数据。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式