Patent application number | Description | Published |
20080222368 | Updating Memory Contents of a Processing Device - A method of updating memory content stored in a memory of a processing device, the memory comprising a plurality of addressable memory blocks, the memory content being protected by a current integrity protection data item stored in the processing device, the method comprising determining a first subset of memory blocks that require an update, and a second subset of memory blocks that remain unchanged by said updating; calculating, as parallel processes, a first and a second integrity protection data item over the memory blocks; wherein the first integrity protection data item is calculated over the current memory contents of the first and second subsets of memory blocks; and wherein the second integrity protection data item is calculated over the current memory contents of the second subset of memory blocks and the updated memory block contents of the first subset of memory blocks. | 09-11-2008 |
20080261561 | Secure Soft SIM Credential Transfer - The method and apparatus described herein transfers soft SIM credentials from a transferring mobile device to a target mobile device while ensuring that only one mobile device contains active soft SIM credentials at a time. Broadly, a transferring mobile device securely transfers the soft SIM credentials to a target mobile device either directly or via a network server. Before the target mobile device receives or activates the soft SIM credentials, the transferring mobile device deactivates the soft SIM credentials to ensure that only one mobile device contains the active soft SIM credentials. | 10-23-2008 |
20080317036 | Secure Communications Within and Between Personal Area Networks by Using Private and Public Identifiers - A Personal Area Network Security Domain (PSD) ( | 12-25-2008 |
20090007275 | Method and Apparatus for Protecting SIMLock Information in an Electronic Device - The teachings herein present a method and apparatus for protecting usage restriction data that governs usage of an electronic device. A cryptographic circuit supports secure and non-secure accesses. When non-securely accessed, it is operable only to verify the stored usage restriction data, and, when securely accessed, it is operable to generate a new message authentication code for changed usage restriction data, for subsequent authentication of that data. The usage restriction data may be stored in non-secure memory and may include static and dynamic parts. One or more embodiments include a secure circuit indicating whether the device has been initialized. The cryptographic circuit outputs a message authentication code for the static part using a permanent device key from the secure circuit, only if the device has not been initialized, and outputs a message authentication code for the dynamic part as needed to support authorized changes to the dynamic part. | 01-01-2009 |
20090013380 | Networks - A Personal Area Network Security Domain (PSD) is formed between devices ( | 01-08-2009 |
20090259857 | System and Method for Efficient Security Domain Translation and Data Transfer - A mobile UE includes a CPU, a secure DMA module, a secure cryptographic module, secure memory, and non-secure memory. The secure cryptographic module and secure memory allow access only by secure processes, including the secure DMA module. The CPU manages cryptographic keys and initializes DMA transfers in secure mode. The CPU executes the DMA transfers in non-secure mode. A first DMA transfer moves data encrypted in a first security domain to the secure cryptographic module, and moves clear text data to the secure memory. A second DMA transfer moves the clear text data to the secure cryptographic module, and data encrypted in a second security domain out of the secure cryptographic module. The data encrypted in the second security domain are transmitted to an external device. The secure memory protects the clear text data from being copied; only encrypted data is accessible by non-secure processes. | 10-15-2009 |
20090276844 | Method and Apparatus for Secure Hardware Analysis - A Hardware Analysis Module (“HAM”) embedded in an integrated circuit (IC) implements a dedicated hardware-controlled access control procedure. The secure hardware analysis features are unlocked by a key unit subject to successful completion of an access control procedure. The access control procedure prevents unlocking of the secure hardware analysis features by an unauthorized or compromised key unit by including an embedded control command in an authentication challenge sent by the HAM to the key unit during the access control procedure. | 11-05-2009 |
20090307478 | PLATFORM BOOT WITH BRIDGE SUPPORT - A method for booting a processing device, the processing device comprising a first and a second processing unit, the method comprising: detecting by the first processing unit, whether at least one boot configuration parameter is accessible from a non-volatile storage medium of the processing device, the at least one configuration parameter being indicative of a boot interface; if said at least one configuration parameter is available, forwarding at least a part of the detected at least one configuration parameter by the first processing unit to the second processing unit; otherwise detecting by at least one of the first and second processing units whether a boot interface is available to the processing device; booting at least the second processing unit from the indicated or detected boot interface. | 12-10-2009 |
20110016319 | METHOD FOR RESTRICTING ACCESS TO MEDIA DATA GENERATED BY A CAMERA - A method for restricting access to media data generated by a camera comprising: setting a non-public initial user key, KICU, in the camera, providing a user client with the initial user key, KICU, establishing an authenticated relation between the user client and the camera by sending an authentication message including information based on the initial user key, KICU, from the user client to the camera, checking if an operational user key (K | 01-20-2011 |
20120117369 | PLATFORM BOOT WITH BRIDGE SUPPORT - A method for booting a processing device, the processing device comprising a first and a second processing unit, the method comprising: detecting by the first processing unit, whether at least one boot configuration parameter is accessible from a non-volatile storage medium of the processing device, the at least one configuration parameter being indicative of a boot interface; if said at least one configuration parameter is available, forwarding at least a part of the detected at least one configuration parameter by the first processing unit to the second processing unit; otherwise detecting by at least one of the first and second processing units whether a boot interface is available to the processing device; booting at least the second processing unit from the indicated or detected boot interface. | 05-10-2012 |
20120246641 | Method for Switching Between Virtualized and Non-Virtualized System Operation - A method performed by an embedded system controlled by a CPU and capable of operating as a virtualized system under supervision of a hypervisor or as a non-virtualized system under supervision of an operating system, is provided. The embedded system is executed in a normal mode if no execution of any security critical function is required by the embedded system, where the normal mode execution is performed under supervision of the operating system. If a security critical function execution is required by the embedded system, where protected mode execution is performed under supervision of the hypervisor, the operating system is switching execution of the embedded system from normal mode to protected mode, by handing over the execution of the embedded system from the operating system to the hypervisor, and when execution of the security critical function is no longer required by the embedded system is switched from protected mode to normal mode, under supervision of the hypervisor. | 09-27-2012 |
20130097296 | SECURE CLOUD-BASED VIRTUAL MACHINE MIGRATION - A virtual machine (VM) system is provided. The system includes a target physical server (PS) that has a resource configuration. The system includes a source PS that runs a virtual machine (VM). The source PS is in communication with the target PS. The source PS includes a memory that stores a migration policy file. The migration policy file includes at least one trust criteria in which the at least one trust criteria indicates a minimum resource configuration. The source PS includes a receiver that receives target PS resource configuration and a processor in communication with the memory and receiver. The processor determines whether the target PS resource configuration meets the at least one trust criteria. The processor initiates VM migration to the target PS based at least in part on whether the target PS resource configuration meets the at least one trust criteria. | 04-18-2013 |
20140032920 | Secure Virtual Machine Provisioning - A device and method in a provisioning unit of secure provisioning of a virtual machine on a target platform having a specific configuration is provided. The method comprising: receiving ( | 01-30-2014 |
20140189339 | Method For Switching Between Virtualized and Non-Virtualized System Operation - A method performed by an embedded system controlled by a CPU and capable of operating as a virtualized system under supervision of a hypervisor or as a non-virtualized system under supervision of an operating system, is provided. The embedded system is executed in a normal mode if no execution of any security critical function is required, where the normal mode execution is performed under supervision of the operating system. If a security critical function execution is required, where protected mode execution is performed under supervision of the hypervisor, the operating system is switching execution of the embedded system from normal mode to protected mode, by handing over the execution of the embedded system from the operating system to the hypervisor. When execution of the security critical function is no longer required by the system is switched from protected mode to normal mode, under supervision of the hypervisor. | 07-03-2014 |