Abstract: The present invention relates to circuitry and a method for providing data security, which circuitry contains at least one processor and at least one storage circuit. The invention is based on the idea that circuitry is provided in which a processor is operable in at least two different modes, one first secure operating mode and one second unsecure operating mode. In the secure mode, the processor has access to security related data located in various memories located within the circuitry. The access to these security data and the processing of them need to be restricted, since an intruder with access to security data could manipulate the circuitry. When testing and/or debugging the circuitry, access to security information is not allowed. For this reason, the processor is placed in the unsecure operating mode, in which mode it is no longer given access to the protected data.

Abstract: An apparatus may include a processor configured to receive a security certificate request from a remote device comprising a public key of the remote device and an authentication credential based upon a legacy authentication mechanism of the remote device. The processor may be further configured to validate the received authentication credential in accordance with the legacy authentication mechanism. The processor may be additionally configured to generate a security certificate for the public key. The processor may be further configured to provide the generated security certificate to the remote device.

Abstract: An apparatus for providing a secure predefined boot sequence may include a processor. The processor may be configured to verify a predefined boot sequence certificate that defines a boot sequence for a device, verify one or more software elements referenced by the predefined boot sequence certificate, and execute one or more software elements that have been verified in the sequence defined by the predefined boot sequence certificate. Corresponding methods, systems, and computer program products are also provided.

Abstract: The invention relates to an electronic device, which comprises an operational unit and a user-specific module. Data in the device, necessary for checking the user-specific module, is protected with a key of the encryption method employed by the device manufacturer. A verification key of the encryption method employed by the electronic device manufacturer is stored in the operational unit, by means of which verification key the data necessary for checking the user-specific module is verified.

Abstract: An apparatus may include a processor configured to receive a security certificate request from a remote device comprising a public key of the remote device and an authentication credential based upon a legacy authentication mechanism of the remote device. The processor may be further configured to validate the received authentication credential in accordance with the legacy authentication mechanism. The processor may be additionally configured to generate a security certificate for the public key.

Abstract: Identity data of an operational unit and a verification key of the cryptographic method employed by the service provider are protected with a key of the cryptographic method employed by the manufacturer of the operational unit. The verification key of the cryptographic method employed by the manufacturer of the operational unit is stored in the operational unit of the electronic device. The identity data of the operational unit and the identity data of the service provider are protected with a key of the cryptographic method employed by the service provider. The identity data of the operational unit and the verification key of the service provider are verified with the verification key of the manufacturer of the operational unit. The identity data of the operational unit and the identity data of the service provider are verified with the verified verification key of the service provider. The identity data stored in the user-specific module are compared with the verified identity data.

Abstract: An apparatus for providing a secure predefined boot sequence may include a processor. The processor may be configured to verify a predefined boot sequence certificate that defines a boot sequence for a device, verify one or more software elements referenced by the predefined boot sequence certificate, and execute one or more software elements that have been verified in the sequence defined by the predefined boot sequence certificate. Corresponding methods, systems, and computer program products are also provided.

Abstract: The disclosure describes a method for securing the trustworthiness of an electronic device. At least first and second check-up data are stored in the electronic device. In the method, a first step of a boot program is executed. In the first boot step, the trustworthiness of the first check-up data is examined, wherein if the check-up shows that the first check-up data is trusted, the second check-up data related to the second boot step is examined to confirm the trustworthiness of the second boot step. If the check-up shows that the second check-up data related to the second boot step is trusted, the second boot step is executed after said first boot step.

Abstract: Processing information in an electronic device is carried out by at least one processing block for controlling the operation of the electronic device, and a memory. At least a first private key is used for processing information. At least a protected mode and a normal mode are established in the processing block. Part of the memory can be accessed only in said protected mode. At least said first private key is stored in the memory that is accessible in said protected mode.

Abstract: The present invention relates to a method and a system for performing testing in a device (1), in which at least one program (110, 112) is loaded and at least one item of mode data relating to the program is determined. Furthermore, at least one key (111) is generated for use in said program. In the method, at least two different security levels are determined for the keys to be used in the device (1). In the method, said security level determined for the key and at least one mode data relating to the program are examined, and on the basis of the examination, it is decided if said key is available for use in the mode indicated in the mode data of the program. The invention also relates to a device, a mobile communication device and a storage medium.

Abstract: A method for processing audiovisual information in an electronic device comprises at least one control block for controlling the operation of the electronic device, and a memory. The audiovisual information is encrypted. The control block is provided with a protected processing block, and part of the memory is available in said protected processing block only. The audiovisual information is decrypted in said protected processing block and transmitted from the protected processing block to means for presenting audiovisual information.

Abstract: A method and system for determining rights to access digital content at a mobile communication device is described. A mobile communication device is manufactured with a credential store that maintains credentials associated with the mobile communication device. After manufacturing of the mobile communication device, a player component is installed onto the mobile communication device. With a request for digital content to be used or distributed by the player component, one or more credentials of the mobile communication device are confirmed for accuracy. If accurate, the mobile communication device receives the requested digital content for use and distribution.

Abstract: The present invention relates to circuitry and a method for providing data security, which circuitry contains at least one processor and at least one storage circuit. The invention is based on the idea that circuitry is provided in which a processor is operable in at least two different modes, one first secure operating mode and one second unsecure operating mode. In the secure mode, the processor has access to security related data located in various memories located within the circuitry. The access to these security data and the processing of them need to be restricted, since an intruder with access to security data could manipulate the circuitry. When testing and/or debugging the circuitry, access to security information is not allowed. For this reason, the processor is placed in the unsecure operating mode, in which mode it is no longer given access to the protected data.

Abstract: The present invention relates to a method and a system for performing testing in a device (1), in which at least one program (110, 112) is loaded and at least one item of mode data relating to the program is determined. Furthermore, at least one key (111) is generated for use in said program. In the method, at least two different security levels are determined for the keys to be used in the device (1). In the method, said security level determined for the key and at least one mode data relating to the program are examined, and on the basis of the examination, it is decided if said key is available for use in the mode indicated in the mode data of the program. The invention also relates to a device, a mobile communication device and a storage medium.

Abstract: Processing information in an electronic device is carried out by at least one processing block for controlling the operation of the electronic device, and a memory. At least a first private key is used for processing information. At least a protected mode and a normal mode are established in the processing block. Part of the memory can be accessed only in said protected mode. At least said first private key is stored in the memory that is accessible in said protected mode.

Abstract: Identity data of an operational unit and a verification key of the cryptographic method employed by the service provider are protected with a key of the cryptographic method employed by the manufacturer of the operational unit. The verification key of the cryptographic method employed by the manufacturer of the operational unit is stored in the operational unit of the electronic device. The identity data of the operational unit and the identity data of the service provider are protected with a key of the cryptographic method employed by the service provider. The identity data of the operational unit and the verification key of the service provider are verified with the verification key of the manufacturer of the operational unit. The identity data of the operational unit and the identity data of the service provider are verified with the verified verification key of the service provider. The identity data stored in the user-specific module are compared with the verified identity data.

Abstract: The invention relates to a method for securing the trustworthiness of an electronic device. At least first and second check-up data are stored in the electronic device. In the method, a boot program is started, in which boot program at least first and second boot steps are taken. In the first boot step, the trustworthiness of said at least first check-up data is examined, wherein if the check-up shows that said at least first check-up data is trusted, said second check-up data related to at least the second boot step is examined to confirm the trustworthiness of the second boot step. If the check-up shows that at least one second check-up data related to the second boot step is trusted, said second boot step is taken after said first boot step.

Abstract: The invention relates to an electronic device, which comprises an operational unit and a user-specific module. Data in the device, necessary for checking the user-specific module, is protected with a key of the encryption method employed by the device manufacturer. A verification key of the encryption method employed by the electronic device manufacturer is stored in the operational unit, by means of which verification key the data necessary for checking the user-specific module is verified.

Abstract: The invention relates to a method for processing audiovisual information in an electronic device comprising at least one control block for controlling the operation of the electronic device, and a memory. The audiovisual information is encrypted. The control block is provided with a protected processing block, and part of the memory is available in said protected processing block only. The audiovisual information is decrypted in said protected processing block and transmitted from the protected processing block to means for presenting audiovisual information.