Abstract: Augmented processor hardware contains a microcode interpreter. When encrypted microcode is included in a challenge from a service requiring authentication, the microcode may be passed to the microcode interpreter. Based on decryption and execution of the microcode taking place at the processor hardware, tampering by potentially abusive device software may be avoided.

Abstract: Systems and methods are provided for computing a secret shared with a portable electronic device and service entity. The service entity has a public key G and a private key g. A message comprising the public key G is broadcast to the portable electronic device. A public key B of the portable electronic device is obtained from a manufacturing server and used together with the private key g to compute the shared secret. The portable electronic device receives the broadcast message and computes the shared secret as a function of the public key G and the portable electronic device's private key b. The shared secret can be used to establish a trusted relationship between the portable electronic device and the service entity, to activate a service on the portable electronic device, and to generate certificates.

Abstract: Normally, at the time of manufacturing, security may be provided to a device being manufactured through the loading of an operating system that has been cryptographically signed. The present application discloses a “factory mode” for the device. The “factory mode” allows the device to execute untrusted operating system code, such as unsigned operating system code and operating system code that has been signed, but the certificate authority is not trusted. To support execution of untrusted operating system code in a secure manner, the device may be adapted to prevent data of predetermined type from being loaded on the device while the device is in the “factory mode”. In contrast to the “factory mode”, the secure mode of the device is referred to herein as a “product mode”. There develops a need to manage, in a secure manner, transitions between the “product mode” and the “factory mode”.

Abstract: A mobile communications device having a digital certificate authenticating the device itself is proposed. A server for authenticating the device and a method of authenticating the device are also disclosed. The device comprises a transmitter, a processor, a memory and a computer readable medium. The memory includes a certificate certifying the authenticity of the mobile communications device, the certificate comprising device-specific data and a digital signature signed by an authority having control of the authenticity of the mobile communications device. The computer readable medium has computer readable instructions stored thereon that when executed configure the processor to instruct the transmitter to transmit a copy of the certificate to a service provider in response to a request to authenticate the mobile communications device with the service provider.

Abstract: Augmented processor hardware contains a microcode interpreter. When encrypted microcode is included in a message from a service, the microcode may be passed to the microcode interpreter. Based on decryption and execution of the microcode taking place at the processor hardware, extended functionality may be realized.

Abstract: A mobile communications device having a digital certificate authenticating the device itself is proposed. A server for authenticating the device and a method of authenticating the device are also disclosed. The device comprises a transmitter, a processor, a memory and a computer readable medium. The memory includes a certificate certifying the authenticity of the mobile communications device, the certificate comprising device-specific data and a digital signature signed by an authority having control of the authenticity of the mobile communications device. The computer readable medium has computer readable instructions stored thereon that when executed configure the processor to instruct the transmitter to transmit a copy of the certificate to a service provider in response to a request to authenticate the mobile communications device with the service provider.

Abstract: A mobile communications device having a digital certificate authenticating the device itself is proposed. A server for authenticating the device and a method of authenticating the device are also disclosed. The device comprises a transmitter, a processor, a memory and a computer readable medium. The memory includes a certificate certifying the authenticity of the mobile communications device, the certificate comprising device-specific data and a digital signature signed by an authority having control of the authenticity of the mobile communications device. The computer readable medium has computer readable instructions stored thereon that when executed configure the processor to instruct the transmitter to transmit a copy of the certificate to a service provider in response to a request to authenticate the mobile communications device with the service provider.

Abstract: An electronic device having an alterable configuration includes a non-volatile memory configurable to include at least a first partition and a second partition, the non-volatile memory storing a boot ROM. The boot ROM is operable when executed by a processor of said electronic device to, in the event that a third partition is available, boot an operating system in the third partition, the operating system operable when booted to cause the third partition to be deleted and the second partition to be expanded to encompass memory freed by the deletion; and otherwise boot an operating system in the first partition.

Abstract: The described embodiments relate generally to methods, systems and devices for maintaining data integrity of a removable media card of a handheld electronic device, particularly when such media card is removed from such device.

Abstract: An electronic device having an alterable configuration includes a non-volatile memory configurable to include at least a first partition and a second partition, the non-volatile memory storing a boot ROM. The boot ROM is operable when executed by a processor of said electronic device to, in the event that a third partition is available, boot an operating system in the third partition, the operating system operable when booted to cause the third partition to be deleted and the second partition to be expanded to encompass memory freed by the deletion; and otherwise boot an operating system in the first partition.

Abstract: Systems and methods are provided for computing a secret shared with a portable electronic device and service entity. The service entity has a public key G and a private key g. A message comprising the public key G is broadcast to the portable electronic device. A public key B of the portable electronic device is obtained from a manufacturing server and used together with the private key g to compute the shared secret. The portable electronic device receives the broadcast message and computes the shared secret as a function of the public key G and the portable electronic device's private key b. The shared secret can be used to establish a trusted relationship between the portable electronic device and the service entity, to activate a service on the portable electronic device, and to generate certificates.

Abstract: Normally, at the time of manufacturing, security may be provided to a device being manufactured through the loading of an operating system that has been cryptographically signed. The present application discloses a “factory mode” for the device. The “factory mode” allows the device to execute untrusted operating system code, such as unsigned operating system code and operating system code that has been signed, but the certificate authority is not trusted. To support execution of untrusted operating system code in a secure manner, the device may be adapted to prevent data of predetermined type from being loaded on the device while the device is in the “factory mode”. In contrast to the “factory mode”, the secure mode of the device is referred to herein as a “product mode”. There develops a need to manage, in a secure manner, transitions between the “product mode” and the “factory mode”.

Abstract: An electronic device having an alterable configuration includes a non-volatile memory configurable to include at least a first partition and a second partition, the non-volatile memory storing a boot ROM. The boot ROM is operable when executed by a processor of said electronic device to, in the event that a third partition is available, boot an operating system in the third partition, the operating system operable when booted to cause the third partition to be deleted and the second partition to be expanded to encompass memory freed by the deletion; and otherwise boot an operating system in the first partition.

Abstract: An electronic device having an alterable configuration includes a non-volatile memory configurable to include at least a first partition and a second partition, the non-volatile memory storing a boot ROM. The boot ROM is operable when executed by a processor of said electronic device to, in the event that a third partition is available, boot an operating system in the third partition, the operating system operable when booted to cause the third partition to be deleted and the second partition to be expanded to encompass memory freed by the deletion; and otherwise boot an operating system in the first partition.

Abstract: Augmented processor hardware contains a microcode interpreter. When encrypted microcode is included in a challenge from a service requiring authentication, the microcode may be passed to the microcode interpreter. Based on decryption and execution of the microcode taking place at the processor hardware, tampering by potentially abusive device software may be avoided.

Abstract: Augmented processor hardware contains a microcode interpreter. When encrypted microcode is included in a message from a service, the microcode may be passed to the microcode interpreter. Based on decryption and execution of the microcode taking place at the processor hardware, extended functionality may be realized.

Abstract: The described embodiments relate generally to methods, systems and devices for maintaining data integrity of a removable media card of a handheld electronic device, particularly when such media card is removed from such device.

Abstract: A mobile communications device having a digital certificate authenticating the device itself is proposed. A server for authenticating the device and a method of authenticating the device are also disclosed. The device comprises a transmitter, a processor, a memory and a computer readable medium. The memory includes a certificate certifying the authenticity of the mobile communications device, the certificate comprising device-specific data and a digital signature signed by an authority having control of the authenticity of the mobile communications device. The computer readable medium has computer readable instructions stored thereon that when executed configure the processor to instruct the transmitter to transmit a copy of the certificate to a service provider in response to a request to authenticate the mobile communications device with the service provider.

Abstract: The described embodiments relate generally to methods, systems and devices for maintaining data integrity of a removable media card of a handheld electronic device, particularly when such media card is removed from such device.

Abstract: The described embodiments relate generally to methods, systems and devices for maintaining data integrity of a removable media card of a handheld electronic device, particularly when such media card is removed from such device.