专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US11455387B2 Worker thread scheduling in trusted execution environment 有权
公开(公告)号：US11455387B2
公开(公告)日：2022-09-27
申请号：US16836002
申请日：2020-03-31
申请人： Trustonic Limited
发明人： Lukas Hanel , Olivier Deprez , Alexandre Gonzalo
IPC分类号： G06F21/53 , G06F9/50 , G06F21/57
摘要： A trusted execution environment scheduling method for a device comprising a multicore processor, the processor operable to execute a rich execution environment (REE) and a trusted execution environment (TEE), the method comprising: providing a REE global scheduler in the REE, the REE global scheduler operable to schedule threads for execution in the REE; providing a TEE scheduler in the TEE, the TEE scheduler operable to schedule threads for execution in the TEE, wherein the TEE scheduler determines a number of runnable TEE threads which are either presently, or are awaiting, execution in the TEE and stores the number of runnable TEE threads in a location accessible to threads executing in the REE; providing a plurality of worker threads in the REE, the worker threads being in an activated state or in an deactivated state, wherein when an activated worker thread of the plurality of worker threads is executed according to the schedule of the REE global scheduler the worker thread makes a call to the TEE to cause execution of the TEE on the same core as the worker thread, and wherein the worker thread retrieves the number of runnable TEE threads and compares the retrieved number of runnable TEE threads to the number of currently activated worker threads.

2. 发明授权

US11153344B2 Establishing a protected communication channel 有权
公开(公告)号：US11153344B2
公开(公告)日：2021-10-19
申请号：US16568597
申请日：2019-09-12
申请人： TRUSTONIC LIMITED
发明人： Richard Hayton
IPC分类号： H04L29/06 , H04L9/08 , H04L9/06
摘要： To establish a first protected communication channel between a device D and a first server S, a symmetric key KS is derived at the device D, based on a device identifying key KD and public key information dependent on a first server public key Spublic of the first server S. The symmetric key KS is derived in a corresponding way at a second server T. The symmetric key KS is transmitted from the second server T to the first server S on a second protected communication channel. Communication on the first protected communication channel between the device D and the first server S is protected using a communication key KC which is dependent on the symmetric key KS. This can enable a device D lacking support for asymmetric key cryptography to securely enter into communication with the first server S.

3. 发明授权

US10904015B2 Post-manufacture generation of device certificate and private key for public key infrastructure 有权
公开(公告)号：US10904015B2
公开(公告)日：2021-01-26
申请号：US16118579
申请日：2018-08-31
申请人： Trustonic Limited
发明人： Chris Loreskar , Alec Milne Edgington , John Dent , Jan-Erik Gustav Ekberg
IPC分类号： G06F21/33 , H04L9/32 , H04L9/00 , H04L9/08 , H04L9/14 , H04L9/30
摘要： A method of post-manufacture generation of the device certificate 20 for verifying an electronic device 2 according to a public key infrastructure is provided. The method comprises obtaining, at a certificate generating apparatus 40, a first key 42 associated with the device 2. A second key 22 for the electronic device is derived from the first key 42. The device certificate 20 for the PKI is generated with the second key acting as the public key 22 associated with the device certificate 20. In a corresponding way a private key 24 for the PKI can be generated by the electronic device 2 based on a shared first key 42. This approach enables the manufacturing cost for manufacturing an electronic device to be reduced whilst still enabling use of a PKI for attesting to properties of the device 2.

4. 发明申请

US20140316993A1 MOBILE TERMINAL, TRANSACTION TERMINAL, AND METHOD FOR CARRYING OUT A TRANSACTION AT A TRANSACTION TERMINAL BY MEANS OF A MOBILE TERMINAL 审中-公开
标题翻译：移动终端，交易终端和通过移动终端在交易终端进行交易的方法
公开(公告)号：US20140316993A1
公开(公告)日：2014-10-23
申请号：US14352376
申请日：2012-09-26
申请人： TRUSTONIC LIMITED
发明人： Stephan Spitz
IPC分类号： G06Q20/40 , G06Q20/38 , H04M1/725
CPC分类号： H04M1/72527 , G06F21/31 , G06F2221/2109 , G06F2221/2149 , G06Q20/18 , G06Q20/3227 , G06Q20/3278 , G06Q20/3821 , G06Q20/4012 , G06Q20/4097 , G07F7/1025 , G07F7/1091 , H04W12/06 , H04W88/06
摘要： The invention relates to a method for carrying out a transaction at a transaction terminal (40) by means of a mobile terminal (20), to such a transaction terminal (40), and to such a mobile terminal (20). The method has the step of identifying a user by means of the transaction terminal (40) and the step of authenticating the user with respect to the transaction terminal (40). The method is characterized in that the user is authenticated by checking whether a password, in particular a PIN, which is entered by the user via an input device (22, 24) of the mobile terminal (20) matches a password which is stored for the user in the transaction terminal (40) or in a background system (80) that is connected to said transaction terminal. A processor unit (33) in which a normal runtime environment (NZ) and a secured runtime environment (TZ) are implemented is provided in the mobile terminal (20), wherein an input device driver (34) is implemented in the secured runtime environment (TZ), said driver being designed to transmit inputs via the input device (22, 24) of the mobile terminal (20) to the secured runtime environment (TZ) of the processor unit (33) of the mobile terminal (20) in a secured manner for further processing.
摘要翻译：本发明涉及一种用于通过移动终端（20）在交易终端（40），向这种交易终端（40）以及这种移动终端（20）执行交易的方法。该方法具有通过交易终端（40）识别用户的步骤和相对于交易终端（40）认证用户的步骤。该方法的特征在于，通过检查由用户经由移动终端（20）的输入设备（22,24）输入的口令（特别是PIN）是否匹配用于存储的密码交易终端（40）中的用户或连接到所述交易终端的后台系统（80）中的用户。在移动终端（20）中提供了其中实现正常运行时环境（NZ）和安全运行时环境（TZ）的处理器单元（33），其中输入设备驱动器（34）被实现在安全运行环境（TZ），所述驱动器被设计成经由移动终端（20）的输入设备（22,24）将输入传送到移动终端（20）的处理器单元（33）的安全运行时环境（TZ）一种安全的方式进一步处理。

5. 发明申请

US20140237621A1 MICROPROCESSOR SYSTEM WITH SECURED RUNTIME ENVIRONMENT 有权
标题翻译：具有安全运行环境的微处理器系统
公开(公告)号：US20140237621A1
公开(公告)日：2014-08-21
申请号：US14346811
申请日：2012-10-04
申请人： TRUSTONIC LIMITED
发明人： Stephen Spitz , Markus Kohler , Ullrich Martini
IPC分类号： G06F21/62
CPC分类号： G06F21/62 , G06F9/54 , G06F21/53 , G06F21/57
摘要： Microprocessor system that is implemented or can be implemented in a mobile terminal and comprises: a normal operating system designed to generate and maintain a non-secure runtime environment and a security operating system designed to generate and maintain a secured runtime environment, and an operating system interface between the normal operating system and the security operating system, said operating interface being designed to control communication between the non-secure runtime environment and the secured runtime environment on the operating system level, and at least one filter interface that is designed to securely control communication between the non-secure runtime environment and a secured runtime environment on a level different from the operating system level.
摘要翻译：在移动终端中实现或可以实现的微处理器系统，包括：设计用于生成和维护非安全运行时环境的正常操作系统和被设计为生成和维护安全运行时环境的安全操作系统，以及操作系统所述操作界面被设计为控制所述非安全运行时环境与所述操作系统级别上的所述受保护的运行时环境之间的通信，以及至少一个被设计为安全地控制的过滤器接口非安全运行时环境与不同于操作系统级别的级别的安全运行时环境之间的通信。

6. 发明授权

US11520879B2 Trusted execution environment migration method 有权
公开(公告)号：US11520879B2
公开(公告)日：2022-12-06
申请号：US16738011
申请日：2020-01-09
申请人： TRUSTONIC LIMITED
发明人： Olivier Deprez , Lukas Hänel
IPC分类号： G06F21/53 , G06F9/48 , G06F12/0806 , G06F21/57 , G06F21/74 , G06F9/52
摘要： A trusted execution environment migration method for a device comprising a multicore processor, the processor operable to execute a rich execution environment (REE) and a trusted execution environment (TEE), the method comprising: executing a TEE scheduler in the REE on a first core of the multicore processor; subsequent to a migration of the TEE scheduler from the first core to a second core, issuing a request, by the TEE scheduler and to a transition submodule in the TEE, to execute an operations submodule in the TEE, wherein the transition submodule is operable to manage the transition of a core of the processor between execution of the REE and execution of the operations submodule in the TEE, and wherein the transition submodule is executed on the same core as the TEE scheduler; upon execution of the operations submodule, determining if the core on which the operations submodule is executing has changed since the previous execution of the operations submodule.

7. 发明授权

US11218299B2 Software encryption 有权
公开(公告)号：US11218299B2
公开(公告)日：2022-01-04
申请号：US16781204
申请日：2020-02-04
申请人： TRUSTONIC LIMITED
发明人： Lukas Hanel , Mehdi Oukacha , Baptiste Gourdin
IPC分类号： H04L9/08 , G06F8/65 , H04L9/32 , H04L29/06 , G06F21/57 , G06F21/53 , G06F21/60 , G06F21/74
摘要： A software decryption key is injected into a computing device 2 having a secure execution environment 20 and a less secure execution environment 22. The key 38 is for decryption of software to be run on the computing device. A key injection software component 36 executed within the secure execution environment 20 is used to control storage of the software decryption key 38 in a protected state in which the software decryption key is unreadable in the clear from the key storage location by an external device or by program code executed in the less secure execution environment 22 of the computing device. Software provided to the device is decrypted based on the injected software decryption key 38.

8. 发明授权

US10680812B2 Event attestation for an electronic device 有权
公开(公告)号：US10680812B2
公开(公告)日：2020-06-09
申请号：US15819294
申请日：2017-11-21
申请人： Trustonic Limited
发明人： Richard Hayton , Chris Loreskar , Donald Kenneth Felton
IPC分类号： H04L29/06 , H04L9/08 , G06F21/73 , G06F21/57 , G06F21/44 , G06F15/02 , H04L9/32 , H04W12/08 , H04W12/10 , H04W88/02
摘要： A method for validating an electronic device 2 includes receiving attestation information provided by the electronic device 2 attesting that the electronic device 2 has received a plurality of event attestations. Each event attestation provides a cryptographically authenticated attestation to the occurrence of a respective event during a lifecycle of the electronic device. A validation result is determined that indicates whether the attestation information is valid. Providing separate cryptographically authenticated attestations for respective events in the lifecycle of the device can simplify manufacturing of the devices in a multistage manufacture process compared to an approach using a single device-specific attestation attesting that the entire process is trusted.

9. 发明授权

US10474844B2 Cryptographic program diversification 有权
公开(公告)号：US10474844B2
公开(公告)日：2019-11-12
申请号：US15259315
申请日：2016-09-08
申请人： TRUSTONIC LIMITED
发明人： Jan-Erik Gustav Ekberg , Donald Kenneth Felton
IPC分类号： G06F21/00 , H04L29/06 , H04L9/32 , H04W12/06 , G06F21/71 , G06F21/60 , G06F21/14 , G06F21/53
摘要： A device has an installed cryptographic program that performs cryptographic operations in dependence upon a received diversification value. The diversification value is generated by an obfuscated personalisation program installed in the device and is dependent upon a personalisation input to the personalisation program. The personalisation input is characteristic of the particular execution environment provided by the device, and may take the form of a proper subset selected from among variables characterising the device, such as hardware properties, static software configuration and results from processing dynamic variables to check that they have expected properties. The diversification value generated by the personalisation program is returned (in encrypted form) to a server which also has a copy of the cryptographic program. Thus, the server and the device may communicate using a secure channel provided by the combination of the cryptographic program and the diversification value. The personalisation program installed may be obfuscated by code flattening, reordering and variable fragmentation.

10. 发明授权

US09875366B2 Microprocessor system with secured runtime environment 有权
公开(公告)号：US09875366B2
公开(公告)日：2018-01-23
申请号：US14346811
申请日：2012-10-04
申请人： TRUSTONIC LIMITED
发明人： Stephen Spitz , Markus Kohler , Ullrich Martini
IPC分类号： G06F7/04 , G06F21/62 , G06F21/53 , G06F9/54
CPC分类号： G06F21/62 , G06F9/54 , G06F21/53 , G06F21/57
摘要： Microprocessor system that is implemented or can be implemented in a mobile terminal and comprises: a normal operating system designed to generate and maintain a non-secure runtime environment and a security operating system designed to generate and maintain a secured runtime environment, and an operating system interface between the normal operating system and the security operating system, said operating interface being designed to control communication between the non-secure runtime environment and the secured runtime environment on the operating system level, and at least one filter interface that is designed to securely control communication between the non-secure runtime environment and a secured runtime environment on a level different from the operating system level.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式