Patents by Inventor Antti Kiiveri
Antti Kiiveri has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9111097Abstract: The present invention relates to circuitry and a method for providing data security, which circuitry contains at least one processor and at least one storage circuit. The invention is based on the idea that circuitry is provided in which a processor is operable in at least two different modes, one first secure operating mode and one second unsecure operating mode. In the secure mode, the processor has access to security related data located in various memories located within the circuitry. The access to these security data and the processing of them need to be restricted, since an intruder with access to security data could manipulate the circuitry. When testing and/or debugging the circuitry, access to security information is not allowed. For this reason, the processor is placed in the unsecure operating mode, in which mode it is no longer given access to the protected data.Type: GrantFiled: August 4, 2003Date of Patent: August 18, 2015Assignee: Nokia Technologies OyInventors: Antti Kiiveri, Lauri Paatero
-
Methods, apparatuses, and computer program products for bootstrapping device and user authentication
Patent number: 8869252Abstract: An apparatus may include a processor configured to receive a security certificate request from a remote device comprising a public key of the remote device and an authentication credential based upon a legacy authentication mechanism of the remote device. The processor may be further configured to validate the received authentication credential in accordance with the legacy authentication mechanism. The processor may be additionally configured to generate a security certificate for the public key. The processor may be further configured to provide the generated security certificate to the remote device.Type: GrantFiled: May 19, 2008Date of Patent: October 21, 2014Assignee: Nokia CorporationInventors: Nadarajah Asokan, Jan-Erik Ekberg, Antti Kiiveri, Olli Muukka -
Patent number: 8621191Abstract: An apparatus for providing a secure predefined boot sequence may include a processor. The processor may be configured to verify a predefined boot sequence certificate that defines a boot sequence for a device, verify one or more software elements referenced by the predefined boot sequence certificate, and execute one or more software elements that have been verified in the sequence defined by the predefined boot sequence certificate. Corresponding methods, systems, and computer program products are also provided.Type: GrantFiled: December 26, 2007Date of Patent: December 31, 2013Assignee: Nokia CorporationInventor: Antti Kiiveri
-
Patent number: 8296575Abstract: The invention relates to an electronic device, which comprises an operational unit and a user-specific module. Data in the device, necessary for checking the user-specific module, is protected with a key of the encryption method employed by the device manufacturer. A verification key of the encryption method employed by the electronic device manufacturer is stored in the operational unit, by means of which verification key the data necessary for checking the user-specific module is verified.Type: GrantFiled: June 21, 2002Date of Patent: October 23, 2012Assignee: Nokia CorporationInventor: Antti Kiiveri
-
METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR BOOTSTRAPPING DEVICE AND USER AUTHENTICATION
Publication number: 20110093938Abstract: An apparatus may include a processor configured to receive a security certificate request from a remote device comprising a public key of the remote device and an authentication credential based upon a legacy authentication mechanism of the remote device. The processor may be further configured to validate the received authentication credential in accordance with the legacy authentication mechanism. The processor may be additionally configured to generate a security certificate for the public key.Type: ApplicationFiled: May 19, 2008Publication date: April 21, 2011Inventors: Nadarajah Asokan, Jan-Erik Ekberg, Antti Kiiveri, Olli Muukka -
Patent number: 7630495Abstract: Identity data of an operational unit and a verification key of the cryptographic method employed by the service provider are protected with a key of the cryptographic method employed by the manufacturer of the operational unit. The verification key of the cryptographic method employed by the manufacturer of the operational unit is stored in the operational unit of the electronic device. The identity data of the operational unit and the identity data of the service provider are protected with a key of the cryptographic method employed by the service provider. The identity data of the operational unit and the verification key of the service provider are verified with the verification key of the manufacturer of the operational unit. The identity data of the operational unit and the identity data of the service provider are verified with the verified verification key of the service provider. The identity data stored in the user-specific module are compared with the verified identity data.Type: GrantFiled: June 28, 2002Date of Patent: December 8, 2009Assignee: Nokia CorporationInventors: Antti Kiiveri, Nadarajah Asokan, Valtteri Niemi
-
Publication number: 20090172376Abstract: An apparatus for providing a secure predefined boot sequence may include a processor. The processor may be configured to verify a predefined boot sequence certificate that defines a boot sequence for a device, verify one or more software elements referenced by the predefined boot sequence certificate, and execute one or more software elements that have been verified in the sequence defined by the predefined boot sequence certificate. Corresponding methods, systems, and computer program products are also provided.Type: ApplicationFiled: December 26, 2007Publication date: July 2, 2009Inventor: Antti Kiiveri
-
Patent number: 7506381Abstract: The disclosure describes a method for securing the trustworthiness of an electronic device. At least first and second check-up data are stored in the electronic device. In the method, a first step of a boot program is executed. In the first boot step, the trustworthiness of the first check-up data is examined, wherein if the check-up shows that the first check-up data is trusted, the second check-up data related to the second boot step is examined to confirm the trustworthiness of the second boot step. If the check-up shows that the second check-up data related to the second boot step is trusted, the second boot step is executed after said first boot step.Type: GrantFiled: June 14, 2002Date of Patent: March 17, 2009Assignee: Nokia CorporationInventors: Toni Sormunen, Risto Ronkka, Antti Kiiveri
-
Patent number: 7437574Abstract: Processing information in an electronic device is carried out by at least one processing block for controlling the operation of the electronic device, and a memory. At least a first private key is used for processing information. At least a protected mode and a normal mode are established in the processing block. Part of the memory can be accessed only in said protected mode. At least said first private key is stored in the memory that is accessible in said protected mode.Type: GrantFiled: August 5, 2002Date of Patent: October 14, 2008Assignee: Nokia CorporationInventors: Risto Rönkkä, Toni Sormunen, Antti Kiiveri, Antti Jauhiainen
-
Patent number: 7418593Abstract: The present invention relates to a method and a system for performing testing in a device (1), in which at least one program (110, 112) is loaded and at least one item of mode data relating to the program is determined. Furthermore, at least one key (111) is generated for use in said program. In the method, at least two different security levels are determined for the keys to be used in the device (1). In the method, said security level determined for the key and at least one mode data relating to the program are examined, and on the basis of the examination, it is decided if said key is available for use in the mode indicated in the mode data of the program. The invention also relates to a device, a mobile communication device and a storage medium.Type: GrantFiled: February 3, 2004Date of Patent: August 26, 2008Assignee: Nokia CorporationInventors: Lauri Paatero, Antti Kiiveri
-
Patent number: 7363511Abstract: A method for processing audiovisual information in an electronic device comprises at least one control block for controlling the operation of the electronic device, and a memory. The audiovisual information is encrypted. The control block is provided with a protected processing block, and part of the memory is available in said protected processing block only. The audiovisual information is decrypted in said protected processing block and transmitted from the protected processing block to means for presenting audiovisual information.Type: GrantFiled: June 27, 2002Date of Patent: April 22, 2008Assignee: Nokia CorporationInventor: Antti Kiiveri
-
Publication number: 20070300058Abstract: A method and system for determining rights to access digital content at a mobile communication device is described. A mobile communication device is manufactured with a credential store that maintains credentials associated with the mobile communication device. After manufacturing of the mobile communication device, a player component is installed onto the mobile communication device. With a request for digital content to be used or distributed by the player component, one or more credentials of the mobile communication device are confirmed for accuracy. If accurate, the mobile communication device receives the requested digital content for use and distribution.Type: ApplicationFiled: June 21, 2006Publication date: December 27, 2007Applicant: NOKIA CORPORATIONInventors: Janne P. Takala, Rauno Tamminen, Lauri Paatero, Antti Kiiveri
-
Publication number: 20050033969Abstract: The present invention relates to circuitry and a method for providing data security, which circuitry contains at least one processor and at least one storage circuit. The invention is based on the idea that circuitry is provided in which a processor is operable in at least two different modes, one first secure operating mode and one second unsecure operating mode. In the secure mode, the processor has access to security related data located in various memories located within the circuitry. The access to these security data and the processing of them need to be restricted, since an intruder with access to security data could manipulate the circuitry. When testing and/or debugging the circuitry, access to security information is not allowed. For this reason, the processor is placed in the unsecure operating mode, in which mode it is no longer given access to the protected data.Type: ApplicationFiled: August 4, 2003Publication date: February 10, 2005Inventors: Antti Kiiveri, Lauri Paatero
-
Publication number: 20040255117Abstract: The present invention relates to a method and a system for performing testing in a device (1), in which at least one program (110, 112) is loaded and at least one item of mode data relating to the program is determined. Furthermore, at least one key (111) is generated for use in said program. In the method, at least two different security levels are determined for the keys to be used in the device (1). In the method, said security level determined for the key and at least one mode data relating to the program are examined, and on the basis of the examination, it is decided if said key is available for use in the mode indicated in the mode data of the program. The invention also relates to a device, a mobile communication device and a storage medium.Type: ApplicationFiled: February 3, 2004Publication date: December 16, 2004Applicant: Nokia CorporationInventors: Lauri Paatero, Antti Kiiveri
-
Publication number: 20030046570Abstract: Processing information in an electronic device is carried out by at least one processing block for controlling the operation of the electronic device, and a memory. At least a first private key is used for processing information. At least a protected mode and a normal mode are established in the processing block. Part of the memory can be accessed only in said protected mode. At least said first private key is stored in the memory that is accessible in said protected mode.Type: ApplicationFiled: August 5, 2002Publication date: March 6, 2003Applicant: Nokia CorporationInventors: Risto Ronkka, Toni Sormunen, Antti Kiiveri, Antti Jauhiainen
-
Publication number: 20030021413Abstract: Identity data of an operational unit and a verification key of the cryptographic method employed by the service provider are protected with a key of the cryptographic method employed by the manufacturer of the operational unit. The verification key of the cryptographic method employed by the manufacturer of the operational unit is stored in the operational unit of the electronic device. The identity data of the operational unit and the identity data of the service provider are protected with a key of the cryptographic method employed by the service provider. The identity data of the operational unit and the verification key of the service provider are verified with the verification key of the manufacturer of the operational unit. The identity data of the operational unit and the identity data of the service provider are verified with the verified verification key of the service provider. The identity data stored in the user-specific module are compared with the verified identity data.Type: ApplicationFiled: June 28, 2002Publication date: January 30, 2003Applicant: Nokia CorporationInventors: Antti Kiiveri, Nadarajah Asokan, Valtteri Niemi
-
Publication number: 20030014663Abstract: The invention relates to a method for securing the trustworthiness of an electronic device. At least first and second check-up data are stored in the electronic device. In the method, a boot program is started, in which boot program at least first and second boot steps are taken. In the first boot step, the trustworthiness of said at least first check-up data is examined, wherein if the check-up shows that said at least first check-up data is trusted, said second check-up data related to at least the second boot step is examined to confirm the trustworthiness of the second boot step. If the check-up shows that at least one second check-up data related to the second boot step is trusted, said second boot step is taken after said first boot step.Type: ApplicationFiled: June 14, 2002Publication date: January 16, 2003Applicant: Nokia CorporationInventors: Toni Sormunen, Risto Ronkka, Antti Kiiveri
-
Publication number: 20030009680Abstract: The invention relates to an electronic device, which comprises an operational unit and a user-specific module. Data in the device, necessary for checking the user-specific module, is protected with a key of the encryption method employed by the device manufacturer. A verification key of the encryption method employed by the electronic device manufacturer is stored in the operational unit, by means of which verification key the data necessary for checking the user-specific module is verified.Type: ApplicationFiled: June 21, 2002Publication date: January 9, 2003Inventor: Antti Kiiveri
-
Publication number: 20030005322Abstract: The invention relates to a method for processing audiovisual information in an electronic device comprising at least one control block for controlling the operation of the electronic device, and a memory. The audiovisual information is encrypted. The control block is provided with a protected processing block, and part of the memory is available in said protected processing block only. The audiovisual information is decrypted in said protected processing block and transmitted from the protected processing block to means for presenting audiovisual information.Type: ApplicationFiled: June 27, 2002Publication date: January 2, 2003Applicant: Nokia CorporationInventor: Antti Kiiveri