KR100823631B1 - Key storage administration - Google Patents

Abstract

The present invention is directed to a method and system for allowing multiple applications to manage their respective data in a device (100, 200) having a secure environment (104, 204, 211) in which access is tightly controlled. The concept of the present invention is that a storage area is allocated within the secure environment 104, 204, 211 of the devices 100, 200. The storage area is associated with the application's identity (302), and the associated identity is stored in the secure environment (104, 204, 211) (303), and access to the storage area is confirmed by matching the identity between the associated identity and the identity of the access application. Controlled 304. This is advantageous because in the allocated storage area, the access application is able to read, write and modify objects such as encryption keys, intermediate cryptographic calculation results and passwords.

Description

Key storage administration

The present invention is directed to a method and system for allowing multiple applications to manage their respective data in a device having a secure environment where access is tightly controlled.

Various electronic devices such as mobile telecommunication terminals, portable computers and PDAs are used for application programs, encryption keys, encryption key data material, intermediate encryption calculation results, passwords, authentication means for data downloaded from the outside. Access to security-relevant elements such as These elements, and their processing, are kept secret within the electronic device. Conceptually, they can only be known by as few people as possible. This is because if these factors are known, the device, for example the mobile terminal, may be subject to unwanted interference. Access to these types of elements can help a malicious attacker to manipulate the terminal.

Thus, a secure execution environment has been introduced, in which the processor in the electronic device can access security related elements. Access to, processing within, and escape from the secure execution environment must be carefully controlled. Prior art hardware including such a secure environment is enclosed in tamper resistant packaging. It should not be possible to perform or investigate tests and measurements on this type of hardware that may result in the disclosure of security-related elements and their processing.

The “Mobile Information Device Profile” for JAVA ^TM 2 Micro Edition of Version 2.0 by the JSR 118 Expert Group enables an open, third-party application development environment for Mobile Information Devices (MIDs). It defines the improved architecture and related application program interfaces (APIs) needed to achieve this. Examples of MIDs include cellular phones, two-way pagers, and wireless capable PDAs. If the device determines that the MID application can be trusted, access is allowed as indicated by the device's security policy. Signed applications can be trusted by authenticating the signers of the applications.

Mobile information device profiles provide a mechanism for applications to permanently store data in so-called record stores and later retrieve it. Record storage consists of a collection of records that will be persistent across multiple invocations of an application. The mobile information device platform is responsible for making the best efforts to maintain the purity of the record stores of applications through normal use of the platform, including rebooting, battery replacement, and the like. Record stores are created in platform-dependent locations that are not exposed to applications.

In the prior art, when performing security related operations on a device accessed by many others, each of those accessing the device by different application programs, many other non-equivalent, mutually independent ones, are the encryption keys on the device. Attempting to manage their own encrypted data, such as encryption key data material, intermediate encryption calculation results and passwords, which results in a number of other problems. For example, a secure execution environment typically has its designated owner. For example, a secure execution environment provided in the form of a smart card may typically be provided in a mobile phone. The designated owner of the smart card is the card issuer, which determines which application programs are processed and accepted by the card, e.g. which software is initially loaded into the card and which type of instructions the card follows. Doing is the card issuer. This raises the problem that the superior role as the only card manager is given to the card issuer, and the card issuer can prohibit others from reusing the smart card for their own purposes. In general, the creation of an object for a smart card by an application of a non-administrator of the smart card currently requires the permission of the administrator. This is a problem because it usually involves online access to the server of the administrator, the card issuer. Furthermore, even if an object is set for a card, the object's access control does not exist by default, that is, the object is globally available for all applications that can access the card, or only for applications in the card manager. Available.

It is an object of the present invention to provide a solution to the problems given above by means of systems and methods, in which others are able to access their respective data in a secure environment independently of each other and without supervision of the secure environment administrator. It is possible to store and access.

This purpose is to enable multiple applications to manage their respective data in a device having a secure environment in which access is strictly controlled in accordance with claim 1, and to provide a method for multiple applications in a device having a secure environment in which access is strictly controlled in accordance with claim 7. Obtained by a system for managing their respective data, circuitry for providing data security, said circuitry comprising at least one storage circuitry and at least one processor according to claim 12.

According to a first aspect of the invention, a method is provided wherein a storage area is allocated within a secure environment. The storage area is associated with the identity of the application. Moreover, the associated identities are stored in a secure environment, and access to the storage area is controlled by confirming the correspondence between the associated identities and the identities of the access applications.

According to a second aspect of the present invention, a system is provided that includes means configured to allocate a storage area within a secure environment and associate the identity of the application with the storage area. Moreover, the means is configured to control access to the storage area by storing relevant identities within the secure environment and confirming a match between the related identities and the identities of the access application.

According to a third aspect of the invention, there is provided a circuit portion in which at least one storage region is located. The storage area contains protected data regarding circuit security. The mode setting means is configured to set the processor in one of at least two different operating modes. The mode setting means may change the processor operating mode. The storage circuit access control means is configured such that when the first processor operating mode is set, the processor can access the storage area in which the protected data is located. Moreover, the storage circuit access control means is configured such that when the second processor operating mode is set, the processor cannot access the storage area in which the protected data is located.

The concept of the invention is that a storage area is allocated within the security environment of the device. For example, the device may include a mobile telecommunications terminal, a portable computer, a PDA, and the like. In the device, the storage area is associated with the identity of the application. Applications, or application programs, are considered to be programs designed to perform a specific function on the device, and can also interact with other applications to perform a specific function on the device. The applications are provided by a number of other parties, such as, for example, operators, device manufacturers, third party application developers, service providers. The applications may be programs residing at the time of manufacture and / or programs downloaded to the device during operation. Associated identities are stored in a secure environment, and access to the storage area is controlled by verifying a match between the associated identity and the identity of the access application.

The present invention is advantageous because, in view of the case, the associated identity stored in the environment corresponds to the identity of the access application, an object such as encryption keys, encryption key data material, intermediate cryptographic calculation results and passwords in the storage area to which the access application is assigned. It is possible to read, write, and modify them. In subsequent accesses of the storage area, the application needs to verify itself. The data in the storage area is accessible and modifiable by any application having an identity corresponding to the identity associated with the storage area. Thus, any application that has an identity corresponding to its associated identity can manage the storage area, for example, read, write, and modify the storage area, restrict access to the storage area, and save the storage area and the new identity. Can be related. The manager of an allocated storage area is thereby a manager of a subset of the overall secure environment storage area, having the ability to deallocate the storage area if necessary.

Moreover, the present invention is advantageous because not only is it possible for other applications to access the secure environment of the device, but also other parties can also access the allocated storage area accordingly without talking to the administrator of the secure execution environment. to be. If the secure execution environment is in the form of a smart card removably configured on a device such as a mobile phone, the administrator is typically the issuer of the card. For example, if the environment consists of integrated circuits that are permanently configured in the device, the administrator is typically the manufacturer of the device. The card issuer (and / or device manufacturer), or "master" administrator, can still control the card by the specific software located on the card / device, because some application programs residing in a secure environment may have other application programs. This is because it takes precedence. In a mobile telecommunications terminal, booting software must be present, which includes the main functions of the terminal. Without this software, it is impossible to boot the terminal in the normal operating mode. By controlling this boot software, it can also take precedence over other applications. Thus, the master manager may, for example, prevent an application from requesting too much storage, or may disable storage area allocation entirely if desired.

According to one embodiment of the invention, the identity of the application is, for example, a digital signature created by taking a hash value of the application code and encrypting the hash value with a private key. The party responsible for the application can provide a digital signature and distribute the corresponding public key with the signed application. The identity verification is performed by decrypting the hash value of the application with the public key corresponding to the private key. This is a flexible and direct way to provide identity. It is only possible for a party accessing a private key to correctly identify itself. Encrypting the hash value has an advantage over encrypting the entire application code with an asymmetric key in that less computation is required.

According to another embodiment of the invention, a first storage area is allocated for a first party application, the storage area is associated with a first party application identity, and the associated first party application is stored in a secure environment, Control of access to the control is performed by confirming a match between the first party application identity and the identity of the access application. Subsequently, a second storage area is allocated for the second party application, the storage area is associated with a second party application identity, the associated second party application is stored in the secure environment, and control of access to the storage area is controlled by the second party application. This is done by verifying a match between the party application identity and the identity of the access application. The first party and the second party are independent of each other, so that other parties can allocate storage areas in the secure environment without contacting the secure environment manager. If the device authorizes the second party application to do so, it is also possible that the second party application can use the allocated storage area of the first party application. For example, the storage area to be used was once allocated by a service provider providing a service that is no longer needed by the user of the device.

According to another embodiment of the present invention, an application resides outside the device and instructs the device to perform the steps of allocating a storage area within the secure environment and associating the storage area with the identity of the application. Commands are sent to the device, the application identity appended to the commands. This has the advantage that the party can send a command to the device, the device will allocate storage and associate the identity of the storage with the application, so the application does not need to be loaded on the device for the allocation to be made. However, the assignment can be performed with an application located remotely to the device.

According to a further embodiment of the invention, the device stores a digital certificate issued by a Certification Authority (CA). In the public key structure, certificates are used to guarantee the actors included in the structure and to ensure that the holder of the certificate has been authorized by the entrusting certification authority. The CA verifies the information provided by the requester of the digital certificate, and in the case of successful verification, the CA may issue a certificate to the requestor. The certificate is signed by a CA and includes, for example, the certificate owner public key, owner name and other information about the certificate owner.

Further features of the present invention and the advantages of the present invention will become apparent upon studying the appended claims and the following description. Those skilled in the art understand that other features of the present invention may be combined to create embodiments other than the embodiments described below. It is also possible to combine the described embodiments to create new embodiments. Many other changes, modifications, and combinations will be apparent to those skilled in the art.

The invention will be described in more detail with reference to the following figures.

1 shows a block diagram of a device architecture in which the present invention may be advantageously applied for providing data security.

2 is a block diagram of a device architecture for providing data security to which the present invention may be advantageously applied, further equipped with a removable smart card.

3 illustrates a flowchart for allocating a storage area in a secure environment, in accordance with the present invention.

A device architecture for providing data security is shown in FIG. Such a system is further disclosed in Applicant's International Patent Application PCT / IB02 / 03216, which application is incorporated herein by reference. The device is implemented in the form of an Application Specific Integrated Circuit (ASIC) 101. The processing portion of the architecture includes a CPU 103 and a digital signal processor 102. Electronic device 100, such as a mobile telephony terminal, portable computer, PDA, or the like, includes an ASIC 101, which is considered a "brain" of device 100.

Secure environment 104 includes ROM 105 from which ASIC 101 is booted. ROM 105 includes boot application software and an operating system. Some application programs residing in the secure environment 104 take precedence over other application programs. In a mobile telecommunications terminal in which the ASIC 101 may be provided, booting software containing the main functions of the terminal must exist. Without this software it is not possible to boot the terminal into its normal operating mode. This has the advantage that by controlling such booting software, it is also possible to control the initial activation of each terminal.

The secure environment 104 also includes a RAM 106 for the storage of data and applications, ie protected data. Preferably, RAM 106 is a small sized application for performing security critical operations in secure environment 104, so-called protected applications and encryption keys, intermediate encryption calculation results and Store objects such as passwords. Typically, the way to use protected applications is to allow "normal" applications to request services from any protected application. New protected applications can be downloaded to secure environment 104 at any time, but not if new protected applications reside in the ROM. Secure environment 104 software controls the execution and download of protected applications. Only signed protected applications are allowed to run. Protected applications can access any resources in the secure environment 104, and the protected applications can also communicate with conventional applications to provide secure services.

In the secure environment 104, the fuse memory 107 comprises a unique random number that is generated during manufacturing and programmed into the ASIC 101. This random number is used as the identity of a particular ASIC 101 and is further used to derive keys for cryptographic operations. Moreover, the storage circuit access control means in the form of a security control register is configured in the security environment 104. The purpose of the security control register is to either give the CPU 103 access to the secure environment 104 or prevent the CPU 103 from accessing the secure environment 104, depending on the mode set in the register. The operating modes for the CPU 103 can be set in registers by the application software, resulting in the architecture not having to rely on external signals. From a security point of view, this is desirable because the setting of processor modes can also be controlled by controlling the application software. It is also possible to have an external signal (not shown) connected to the ASIC 101, by which it is possible to set the security control register. By using external signals, mode changes can be made easier and faster, which can be advantageous in a test environment. The combination of these two mode setting means, i.e. the combination of external signals in addition to the application, can be realized.

The architecture further includes a standard bridge circuit 109 for limiting data visibility on the bus 108. The architecture must be enclosed in tamper resistant packaging. It should not be possible to investigate or perform tests and measurements on this type of hardware that may result in the disclosure of security related components and their processing. The DSP 102 accesses other peripherals 110 such as a direct memory access (DMA) unit, RAMs, flash memories, and secondary processors may be provided outside the ASIC 101.

Another embodiment of a device architecture for providing data security is shown in FIG. 2, where corresponding reference numerals refer to corresponding elements as described in connection with FIG. 1. Compared to the architecture described in FIG. 1, the difference in the architecture shown in FIG. 2 is that a removable smart card 211, such as a subscriber identity module (SIM) card, also considered a security environment in the electronic device 200. Is provided.

For security purposes, in addition to the smart card 211, the mobile terminal 200 stores a digital certificate issued by a trusted CA. The certificates are used to ensure that the holder of the certificate is authorized by the entrusting CA to the actors in communication with the mobile terminal 200 and / or the smart card 211. The CA signs the certificate, and the certificate holder must have a public key that corresponds to the CA's private key to verify that the certificate signed by the CA is valid. Note that other devices must have certificates from other CAs. In such cases, other CAs must perform some communication with each other, for example by exchanging their own public keys. Certificates are well known to those skilled in the art, and well-known standard certificates are those contained in CCITT Recommendation X.509.

FIG. 3 shows a flow chart describing how the storage area is allocated to the smart card shown in FIG. 2. It should be noted that it is also possible to allocate storage areas to the secure environment of the ASICs 101 and 201 described in FIGS. 1 and 2. The procedure for allocating the storage area is the same whether the security environment of the ASICs 101 and 201 is used or the security environment provided by the smart card 211 is used. In step 301, the mobile terminal 200 receives a request for allocating a storage area to the smart card 211. The request may be made by an application loaded into the terminal, but may also be made by an application located outside the mobile terminal. Next, in step 302, the application's certificate is checked by the CPU 203 of the ASIC 201 to ensure that the application can be trusted. The identity of the application (described below) is associated with the allocated storage area and stored in the smart card 211. Associations can be very easy, for example, an identity is associated with a storage area allocated between any two addresses in a smart card. Moreover, in step 303 the associated identity is stored in the smart card 211.

In step 304, the application generates a request to access the allocated storage area in the smart card 211; The CPU 203 of the ASIC 201 checks the identity of the requesting application. The identity of the requesting application is preferably a digital signature generated by taking a hash value of the application code and encrypting the hash value with a private key. The party responsible for the application, that is, an operator, a third party application developer or a service provider, can provide a digital signature and distribute the corresponding public key with the signed application. The identity verification is then performed by the CPU 203 in the secure environment of the ASIC 201 by deciphering the hash value of the application with the public key corresponding to the application private key. Access to the allocated storage area in the smart card 211 is controlled by the CPU 203 by confirming the correspondence between the associated identity stored in the card 211 and the identity of the accessing application. .

There are a number of methods used to identify the application and are known by those skilled in the art. As described above, it is possible to use hash functions for application code, to sign hash code, and / or to use a certificate. It is also possible to rely only on certificates, but additional cryptographic operations can be realized to achieve a higher level of security. Other potential methods include signing the application itself, using platform generated identification numbers, and the like.

When a storage area has been allocated to the smart card 211 or, alternatively, to the secure environment 204 of the ASIC 201, an authorized access application is assigned to the encryption keys, encryption key data material, intermediate, in the assigned storage area. Objects such as cryptographic calculation results and passwords can be read, written and modified. Thus, a privileged access application may appear as an administrator of an allocated storage area, having the ability to deallocate the storage area if necessary.

Referring to FIG. 3, the first storage area may be allocated by the first application by performing the steps shown in the drawing. A second storage area can then be allocated for the second application, with the applications having different identities. Thus, other parties may allocate their respective storage areas to secure environments 204 and 211 without having to contact the secure environment manager.

Although the present invention has been described with reference to specific exemplary embodiments thereof, modifications and the like will be apparent to those skilled in the art. As defined by the appended claims, the described embodiments are not intended to limit the scope of the invention.

Claims (14)

In a method for allowing multiple applications to manage their respective data in a device (100, 200) having a secure environment (104, 204, 211), the secure environment (104, 204, 211) is configured for the multiple applications. Located within the device to provide secure storage, access to the secure environment 104, 204, 211 is tightly controlled, and the method provides for each of the multiple applications, Allocating (301) a storage area within the secure environment (104, 204, 211); Associating (302) the identity of said storage area with said application; Storing (303) the associated identity in the secure environment; And Controlling (304) access to the storage area by confirming a match between the associated identity and the identity of an access application. The method of claim 1, wherein the identity of the application is A digital signature generated by a private key, the digital signature Attached to the application, the identification of the identity And verifying the digital signature with a public key corresponding to the private key. The method of claim 1 or claim 2, wherein the step of allocating the storage area (301), associating the storage area with the identity of an application (302), storing the associated identity (303), and the storage Controlling access to the region (304) Performed for the application of the first party, and then the same steps (301, 302, 303, 304) are performed for the application of the second party independent of the first party. The method of claim 1, wherein at least one of the applications is Located outside the device (100, 200), Allocating a storage area (301) within the secure environment (104, 204, 211), and Send instructions to the device 100, 200 instructing the device 100, 200 to perform the step 302 of associating an identity of the storage area with the at least one application, The identity of the at least one application is And appended to said instructions. The method of claim 1, wherein the device (100, 200) Storing a digital certificate issued by a consignment certification authority. The method of claim 1, wherein the security environment 104, 204, 211 And a smart card (211). In a system that allows multiple applications to manage their respective data in a device (100, 200) having a secure environment (104, 204, 211), the secure environment (104, 204, 211) may be configured for the multiple applications. Located within the device to provide secure storage, access to the secure environment 104, 204, 211 is strictly controlled and the system is Means (103, 203) for allocating (301) a storage area for each of the multiple applications in the secure environment (104, 204, 211); Means (103,203) for associating (302) each storage area with the identity of the corresponding application; Means (103, 203) for storing (303) the associated identity of each application in the secure environment (104, 204, 211); And  Means (103, 203) for controlling (304) access to said storage area by confirming a correspondence between said associated identity and identity of an access application. The method of claim 7, wherein the identity of the application is A digital signature generated by a private key, the digital signature Attached to the application, the identification of the identity And decrypting the digital signature with a public key corresponding to the private key. 8. The method of claim 7, wherein at least one of the multiple applications is Located outside the device (100, 200), Allocate a storage area (301) within the secure environment (104, 204, 211), And send instructions to the device (100, 200) instructing the device (100, 200) to associate (302) the identity of the storage area with the at least one application. The identity of the at least one application is System appended to the instructions. 8. The apparatus of claim 7, wherein the device (100, 200) And store the digital certificate issued by the certificate authority. 8. The system of claim 7, wherein the secure environment 104, 204, 211 And a smart card (211). A circuit portion 101, 201 that provides data security, wherein the circuit portion 101, 201 includes at least one processor 103, 203 and at least one storage circuit 104, 204, 211. 101, 201) At least one storage area in said storage circuitry (104, 204, 211) where protected data relating to circuit security is located; Mode setting means configured to set a processor (103, 203) in one of at least two different operating modes, the mode setting means being capable of changing the processor (103, 203) operating mode; Storage circuit access control means configured to allow the processor (103, 203) to access a storage area in which the protected data is located when a first processor operating mode is set; And Circuitry 101, 201, characterized in that the processor 103, 203 includes storage circuit access control means configured to prevent access to the storage area in which the protected data is located when a second processor operating mode is set. ). 13. Apparatus (100, 200) comprising the circuitry (101, 201) for providing data security according to claim 12. A device (100, 200) according to claim 13, wherein the device is And a mobile telecommunication terminal.

Images