Abstract: An internal but not integrated security token is provided for a device which includes a first integrated circuitry including a secure processor. The security token is provided by a second integrated circuitry separate from the first circuitry. The second integrated circuitry includes a secure non-volatile storage. The secure processor communicates information to the second circuitry in a secure manner for the secure information to be securely stored in the secure non-volatile storage, and the second integrated circuitry communicates information stored in its secure non-volatile storage to the secure processor in a secure manner. Communications is secured by means of cryptography. The first integrated circuitry and the second integrated circuitry are internal parts of the device. An initialization method for distributing a secure key to be shared between the circuitries and to be used in cryptography is also disclosed.

Abstract: An internal but not integrated security token is provided for a device which includes a first integrated circuitry including a secure processor. The security token is provided by a second integrated circuitry separate from the first circuitry. The second integrated circuitry includes a secure non-volatile storage. The secure processor communicates information to the second circuitry in a secure manner for the secure information to be securely stored in the secure non-volatile storage, and the second integrated circuitry communicates information stored in its secure non-volatile storage to the secure processor in a secure manner. Communications is secured by means of cryptography. The first integrated circuitry and the second integrated circuitry are internal parts of the device. An initialization method for distributing a secure key to be shared between the circuitries and to be used in cryptography is also disclosed.

Abstract: An internal but not integrated security token is provided for a device which includes a first integrated circuitry including a secure processor. The security token is provided by a second integrated circuitry separate from the first circuitry. The second integrated circuitry includes a secure non-volatile storage. The secure processor communicates information to the second circuitry in a secure manner for the secure information to be securely stored in the secure non-volatile storage, and the second integrated circuitry communicates information stored in its secure non-volatile storage to the secure processor in a secure manner. Communications is secured by means of cryptography. The first integrated circuitry and the second integrated circuitry are internal parts of the device. An initialization method for distributing a secure key to be shared between the circuitries and to be used in cryptography is also disclosed.

Abstract: The present invention relates to circuitry and a method for providing data security, which circuitry contains at least one processor and at least one storage circuit. The invention is based on the idea that circuitry is provided in which a processor is operable in at least two different modes, one first secure operating mode and one second unsecure operating mode. In the secure mode, the processor has access to security related data located in various memories located within the circuitry. The access to these security data and the processing of them need to be restricted, since an intruder with access to security data could manipulate the circuitry. When testing and/or debugging the circuitry, access to security information is not allowed. For this reason, the processor is placed in the unsecure operating mode, in which mode it is no longer given access to the protected data.

Abstract: The invention relates to a method in which program information is obtained to an execution environment in an electronic device. The program information comprises at least a program code. A key is computed of the program information and a device specific secret value. The key is used to decrypt program specific state data in the execution environment and to encrypt modified state data after the execution.

Abstract: The present invention relates to a method and a system for allowing multiple applications to manage their respective data in a device (100, 200) having a secure environment (104, 204, 211) to which access is strictly controlled. The idea of the invention is that a storage area is allocated (301) within the secure environment (104, 204, 211) of a device (100, 200). The storage area is associated (302) with an identity of an application, the associated identity is stored (303) in the secure environment (104, 204, 211) and access to the storage area is controlled (304) by verifying correspondence between the associated identity and the identity of an accessing application. This is advantageous, since it is possible for the accessing application to read, write and modify objects, such as cryptographic keys, intermediate cryptographic calculation results and passwords, in the allocated storage area.

Abstract: The present invention relates to an electronic device (301) in which acceleration of data processing operations is provided, the device comprising a secure execution environment to which access is controlled. A basic idea of the present invention is to provide a device (311) for acceleration of data processing operations (an “accelerator”). In particular, the accelerator is used to accelerate cryptographic data operations such that it performs cryptographic operations on data provided to it via a first logical interface. The cryptographic operations are performed by means of encryption/decryption keys provided to the accelerator via a secure second logical interface which may share a same physical interface (312) with the first logical interface or which may use a distinct physical interface (414) from that of a distinct physical interface (412) used as the first logical interface.

Abstract: Methods and systems are arranged to control the decryption of an encrypted application in a device executing the application, the device arranged with a secure environment to which access is strictly controlled by a device processor. The application is divided into an installation part that establishes proper set up of the application and a protected part which is to be executed in the secure environment. An advantage with the invention is that the application provider has the freedom to control the decryption of the application software. Since it is performed in the secure environment, the owner of the device is unable to access the application and thereby copy, read or manipulate it. Moreover, the application provider handles the installation of the encrypted application and the key for decrypting the application, and is thus given the possibility to handle the encryption/decryption schemes and the key management.

Abstract: An improved system and method for safe booting an electronic device. In situations such as where a virus is infecting various devices within a network, the present invention provides an authentication centre with the ability to instruct a device on the network to safe boot. During the safe boot, it can be arranged such that no third party applications are run, only backup, restoration, or uninstallation of programs are possible, and/or only programs in the device's read-only memory are loaded. The present invention also provides a user with the ability to go through the boot process in a step-by-step manner.

Abstract: The present invention relates to a method of, and a system for, enhancing data security, which data is to be executed in an electronic device (101) comprising a secure execution environment (104) to which access is restricted. A basic idea of the present invention is that, at device boot, data in the form of e.g. program code is copied from permanent memory (112) to temporary memory (110). The integrity of this program code must be verified to ensure that the program code has not been altered during the transmission between the memories. Further, a new secret key is generated in the secure execution environment. This new secret key is used by a device processor (103) to encrypt the program code to be stored in the temporary memory in order to ensure that the program code is kept secret during transmission. The device processor thereafter writes the encrypted program code into the temporary memory.

Abstract: The present invention relates to a method and a system for performing testing in a device (1), in which at least one program (110, 112) is loaded and at least one item of mode data relating to the program is determined. Furthermore, at least one key (111) is generated for use in said program. In the method, at least two different security levels are determined for the keys to be used in the device (1). In the method, said security level determined for the key and at least one mode data relating to the program are examined, and on the basis of the examination, it is decided if said key is available for use in the mode indicated in the mode data of the program. The invention also relates to a device, a mobile communication device and a storage medium.

Abstract: A code signature methodology that allows recovery from incorrectly signed software while preventing rollbacks is described herein. When software is signed, the code signature is based not only on the current version of executable code and information corresponding to the current version of executable code, but also includes a history value based on a previous version of the executable code. Each history value is unknown until each version of the software is validly signed. Thus, the code signature technique allows a signing entity to continue using the same signing key even after recovering from an attack, can be used with and without pre-configured trust roots, and allows a device to upgrade from one version of software to another version of the software while skipping intermediate versions.

Abstract: The invention relates to a method in which program information is obtained to an execution environment in an electronic device. The program information comprises at least a program code. A key is computed of the program information and a device specific secret value. The key is used to decrypt program specific state data in the execution environment and to encrypt modified state data after the execution.

Abstract: A method and system to allow user generation of a private-public key pair and an associated user generated certificate to establish the identity of a user based upon signing the user generated certificate with a private key of a private-public key pair associated with a certificate issued by a Certification Authority (CA). The user generated certificate thereby allows the user that generated the certificate to establish a secure session with a third party without multiple use of the certificate issued by the CA, typically for use on another network infrastructure. The method and system are particularly useful for establishing a secure session, such as a Secure Socket Layer session using a personal computer, where the CA certificate is associated with a wireless identity module of a wireless device.

Abstract: A method and system for determining rights to access digital content at a mobile communication device is described. A mobile communication device is manufactured with a credential store that maintains credentials associated with the mobile communication device. After manufacturing of the mobile communication device, a player component is installed onto the mobile communication device. With a request for digital content to be used or distributed by the player component, one or more credentials of the mobile communication device are confirmed for accuracy. If accurate, the mobile communication device receives the requested digital content for use and distribution.

Abstract: Method, system and computer program product for implementing a trusted counter in a personal communication device. In particular, the method, system and computer program product utilizes cryptography and an external, read-write storage device that stores important state information that cannot be modified without detection. Using the present invention, the counter can be implemented in a personal even if state information is stored in an insecure storage device.

Abstract: The invention is a method and system for visualizing a level of trust of network communication operations and connection of servers.

Abstract: An internal but not integrated security token is provided for a device which includes a first integrated circuitry including a secure processor. The security token is provided by a second integrated circuitry separate from the first circuitry. The second integrated circuitry includes a secure non-volatile storage. The secure processor communicates information to the second circuitry in a secure manner for the secure information to be securely stored in the secure non-volatile storage, and the second integrated circuitry communicates information stored in its secure non-volatile storage to the secure processor in a secure manner. Communications is secured by means of cryptography. The first integrated circuitry and the second integrated circuitry are internal parts of the device. An initialization method for distributing a secure key to be shared between the circuitries and to be used in cryptography is also disclosed.

Abstract: State information necessary to maintain securely is saved on a probabilistic basis onto a flash memory of protected memory chip. The protected memory chip has a communication logics that prevents access to the flash memory unless appropriate cryptographically protected instructions are given. By saving data on a probabilistic basis, the aging of the flash memory can be reduced so as to inhibit malicious destruction of the flash memory. The communication logics can also address different parts of the flash memory selectively so that any time the state information changes, something is written to the flash memory. To yet avoid premature aging of the whole flash memory, a dedicated disposable portion can be used for normal writing so that the remainder of the flash memory remains operable. Corresponding security circuitry, assembly module and computer programs are also described.

Abstract: The present invention relates to a device (1) comprising an input for receiving an input; calculation means (P) for producing a response (OUTPUT) in response to the input (INPUT) and a secret key (A) by utilizing a first predetermined function (f), and an output (3) for feeding said response (OUTPUT) further. In order for an attacker not be able to find out the secret key, the device further comprises a memory (M) in which the key-specific number (RND) is stored, and means for retrieving the key-specific number (RND) from the memory (M) and for feeding it to the calculation means (P?) for carrying out predetermined calculation operations (f2) on the basis of the key-specific number (RND) when producing said response (OUTPUT).