Secure Zone for Digital Communications
US-2019081933-A1 · Mar 14, 2019 · US
Secure zone for secure purchases
US11201869B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11201869-B2 |
| Application number | US-201916388145-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 18, 2019 |
| Priority date | Apr 20, 2012 |
| Publication date | Dec 14, 2021 |
| Grant date | Dec 14, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An apparatus according to the present disclosure may comprise a secure zone configured to execute a task having a subtask. The task and subtask may have respective executable code and may be digitally signed by respective code providers. The secure zone may be further configured to apply respective sets of permissions while the respective executable code of the task and subtask are executed. The respective set of permissions for the task may be based on at least one of information associated with the signed task and information in a digital certificate of the respective code provider for the task. The respective set of permissions for the subtask may be based on at least one of information associated with the signed subtask and information in a digital certificate of the respective code provider for the subtask.
First claim
Opening claim text (preview).
What is claimed is: 1. An apparatus comprising: a secure zone comprising an interface to a non-secure zone, a secure processor, and a memory; the secure processor configured to: execute a task having one or more subtasks, wherein the task and the subtasks have respective executable code for one or more secure transactions; store a state of the task into the memory of the secure zone; and switch execution from the executable code of the task to executable code of a first subtask, wherein after executing the first subtask, the secure processor is further configured to clear the memory of data related to the first subtask and switch execution to the executable code of the task based on the state of the task stored in the memory. 2. The apparatus of claim 1 , wherein the secure processor is further configured to: store the state of the first subtask into the memory of the secure zone. 3. The apparatus of claim 1 , wherein to switch execution from the task to the first subtask, the secure processor is further configured to: suspend execution of the executable code of the task; load the executable code of the first subtask into the secure processor; and execute the executable code of the first subtask. 4. The apparatus of claim 1 , wherein to store the state of the task, the secure processor is further configured to store a counter-value of a program counter register into the memory of the secure zone. 5. The apparatus of claim 1 , wherein to store the state of the task, the secure processor is further configured to store one or more counter-values of one or more registers of the secure processor into the memory of the secure zone. 6. The apparatus of claim 1 , wherein to store the state of the task, the secure processor is further configured to store a memory-state of data-memory associated with the task into the memory of the secure zone. 7. The apparatus of claim 1 , wherein the secure processor is further configured to apply a set of permissions for the first subtask, wherein the set of permissions instruct the secure processor to restrict access of the executable code of the task executing on the secure processor to data stored in the memory of the secure zone. 8. The apparatus of claim 1 , wherein the secure processor is further configured to encrypt the data in the memory. 9. The apparatus of claim 1 , wherein the non-secure zone further comprises a memory, and wherein the secure processor is further configured to calculate a hash value of data stored in the memory of the non-secure zone. 10. The apparatus of claim 1 , wherein to store the state of the task, the secure processor is further configured to: read a state of one or more peripherals; and store the state of the one or more peripherals into the memory of the secure zone. 11. The apparatus of claim 10 , wherein after executing the first subtask, the secure processor is further configured to return the one or more peripherals to the state of the one or more peripherals stored in the memory of the secure zone. 12. A method implemented on a computer having a secure zone, wherein the secure zone comprises a secure processor, a memory, and an interface to a non-secure zone, the method comprising: executing, by the secure processor, a task having one or more subtasks, wherein the task and the subtasks have respective executable code for one or more secure transactions; storing a state of the task into the memory; switching, by the secure processor, execution from the executable code of the task to executable code of a first subtask; clearing, by the secure processor, the memory of data related to the first subtask after executing the first subtask; and switching, by the secure processor, execution to the executable code of the task based on the state of the task stored in the memory. 13. The method of claim 12 , further comprising: storing the state of the first subtask into the memory of the secure zone. 14. The method of claim 12 , wherein switching execution from the task to the first subtask includes: suspending execution of the executable code of the task; loading the executable code of the first subtask into the secure processor; and executing the executable code of the first subtask. 15. The method of claim 12 , wherein storing the state of the task includes storing a counter-value of a program counter register into the memory of the secure zone. 16. The method of claim 12 , wherein storing the state of the task includes storing one or more counter-values of one or more registers of the secure processor into the memory of the secure zone. 17. The method of claim 12 , wherein storing the state of the task includes storing a memory-state of data memory associated with the task into the memory of the secure zone. 18. The method of claim 12 , further comprising applying, by the computer, a set of permissions for the first subtask, wherein the set of permissions instruct the secure processor to restrict access of the executable code of the task executing on the secure processor to data stored in the memory of the secure zone. 19. The method of claim 12 , further comprising encrypting the data in the memory of the secure zone. 20. The method of claim 12 , further comprising calculating a hash value of data stored in a memory of the non-secure zone. 21. The method of claim 12 , wherein storing the state of the task includes: reading a state of one or more peripherals; and storing the state of the one or more peripherals into the memory of the secure zone. 22. The method of claim 21 , the method further comprising returning the one or more peripherals to the state of the one or more peripherals stored in the memory of the secure zone. 23. The method of claim 12 , wherein a peripheral of the one or more peripherals is selected from the group comprising: an LED, a keyboard, and a screen.
Assignees
Inventors
Classifications
Program or device authentication · CPC title
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
by adding security routines or objects to programs · CPC title
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
Specific access rights for resources, e.g. using capability register · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11201869B2 cover?
- An apparatus according to the present disclosure may comprise a secure zone configured to execute a task having a subtask. The task and subtask may have respective executable code and may be digitally signed by respective code providers. The secure zone may be further configured to apply respective sets of permissions while the respective executable code of the task and subtask are executed. Th…
- Who is the assignee on this patent?
- Ologn Technologies Ag
- What technology area does this patent fall under?
- Primary CPC classification G06F21/74. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Dec 14 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).