[go: up one dir, main page]

HK1192037B - A secure hosted execution architecture - Google Patents

A secure hosted execution architecture Download PDF

Info

Publication number
HK1192037B
HK1192037B HK14105326.8A HK14105326A HK1192037B HK 1192037 B HK1192037 B HK 1192037B HK 14105326 A HK14105326 A HK 14105326A HK 1192037 B HK1192037 B HK 1192037B
Authority
HK
Hong Kong
Prior art keywords
application
changes
persistent memory
storage element
memory image
Prior art date
Application number
HK14105326.8A
Other languages
Chinese (zh)
Other versions
HK1192037A (en
Inventor
T.P.瓦奥莱尤
T.S.拉维沙卡
Original Assignee
甲骨文国际公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 甲骨文国际公司 filed Critical 甲骨文国际公司
Publication of HK1192037A publication Critical patent/HK1192037A/en
Publication of HK1192037B publication Critical patent/HK1192037B/en

Links

Description

Secure hosted execution architecture
Background
As the capabilities of modern computing devices have grown to meet the increasing demand, designers strive to modify existing software platforms to accommodate the new applications. Such devices span a range from purely embedded and hybrid embedded systems to general purpose computer systems. Certain applications, such as medical devices, smart phones, notebook and laptop computers, are designed to meet stringent hardware and software compatibility requirements. Many of these applications require a constantly changing balance between compatibility and security considerations.
Existing software platforms can provide a wide range of security features when coupled with compatible hardware. For example, data encapsulation and cryptography are common features in mobile operating systems that utilize secure microcontrollers. The hardware components may also contribute to the security of the device when coupled with compatible software. However, the design and development costs associated with such a dedicated architecture can be substantial.
In addition to cost considerations, security features may also limit the functionality and/or efficiency of the device. At the same time, many embedded systems used in common electronic devices are modified to incorporate the functionality of more general purpose computers. For example, it is contemplated that Web-2.0 enabled smart phones and netbooks may simulate an online experience provided by a desktop personal computer, but without the associated security risks. As designers include greater openness and functionality in the design of these devices, they also increase the likelihood of introducing vulnerabilities that can be exploited by malware, trojans, viruses, and other attacks. Thus, designers are faced with the difficult task of balancing safety considerations with those of cost and functionality.
Disclosure of Invention
In general, in one aspect, the invention relates to a method for executing an application. The method includes accessing a secure storage element via a host device including a computer processor; executing, by a computer processor, a Hosted Execution Runtime Environment (HERE) on a host device; identifying a persistent memory image of the HERE in the secure storage element; executing, by the computer processor, the application with the HERE; and applying the first set of changes to the persistent memory image based on executing the application.
In general, in one aspect, the invention relates to a system for executing an application. The system includes a host device including a computer processor; a secure storage element operatively connected to the host device and configured to authenticate a user of the host device to access the secure storage element; and a Hosted Execution Runtime Environment (HERE) executing on the computer processor and configured to: identifying a persistent memory image of the HERE in the secure storage element; and executing the application, wherein the first set of changes is applied to the persistent memory image of the HERE based on executing the application.
In general, in one aspect, the invention relates to a non-transitory computer-readable storage medium storing instructions for executing an application. The instructions include the following functionality: accessing a secure storage element via a host device; executing an execution runtime environment (HERE) hosted on a host device; identifying a persistent memory image of the HERE in the secure storage element; executing the application with the HERE; and applying the first set of changes to the persistent memory image based on executing the application.
Other aspects of the invention will become apparent from the following description and appended claims.
Drawings
FIG. 1 shows a schematic diagram in accordance with one or more embodiments of the invention.
Fig. 2 and 3 show flow diagrams in accordance with one or more embodiments of the invention.
FIG. 4 illustrates a mobile device in accordance with one or more embodiments of the invention.
FIG. 5 illustrates a computer system in accordance with one or more embodiments of the invention.
Detailed Description
Specific embodiments of the present invention will now be described in detail with reference to the accompanying drawings. Like elements in the various figures are indicated by like reference numerals for consistency.
In the following detailed description of embodiments of the invention, numerous specific details are set forth in order to provide a more thorough understanding of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known features have not been described in detail to avoid unnecessarily complicating the description.
In general, embodiments of the invention provide methods and systems for executing applications using a managed execution runtime environment (HERE). In general, embodiments of the invention execute a HERE by a host device operatively connected to a secure storage element. The secure storage element includes a persistent memory image of the HERE, which may be updated as a result of executing the application.
FIG. 1 shows a system (199) according to one embodiment of the invention. As shown in fig. 1, the system (199) includes a plurality of components, such as a host device (100), a Hosted Execution Runtime Environment (HERE) (105), a persistent memory cache (110), a secure storage element (115), a secure element runtime environment (ser) (120), and a persistent memory image (125). The components of the system may reside on the same device (e.g., server, mainframe, desktop Personal Computer (PC), laptop, Personal Digital Assistant (PDA), telephone, mobile telephone, kiosk, cable set-top box, and any other device) or may reside on separate devices connected by a network (e.g., the internet) having wired and/or wireless segments. Those skilled in the art will recognize that in a given embodiment of the invention, there may be more than one of each individual component, and any combination of these components, running on a single device.
The host device (100) may be a Personal Computer (PC), a Personal Digital Assistant (PDA), a mobile phone, a smartphone, a Mobile Internet Device (MID), an Ultra Mobile Personal Computer (UMPC), a laptop, a netbook, a tablet, a Home Theater Personal Computer (HTPC), a handheld computer, a GPS navigation device, an automobile computer system, a Mobile Information Device Profile (MIDP) compatible device, a Connected Limited Device Configuration (CLDC) compatible device, and/or any other computing device capable of executing an application.
In one or more embodiments of the inventionThe secure storage element (115) is a memory device or an allocated memory segment. Examples of secure storage elements (115) include security tokens, Subscriber Identity Module (SIM) cards, Secure Digital (SD) cards, IronkeyTMA USB card (Ironkey is a trademark of Ironkey corporation of Sunnyvale, california), a secure location in a Trusted Embedded Environment (TEE), and any persistent memory that can be read by the host device (100).
In one or more embodiments of the invention, the secure storage element (115) includes functionality to perform hardware data encryption and decryption, authentication, credential management, and/or access control. The secure storage element (115) may also include lockout functionality, biometric authentication, tamper-resistant packaging/detection, and/or various other hardware and software security mechanisms according to various embodiments of the present invention.
In one or more embodiments of the invention, the secure storage element (115) includes a persistent memory image (125) of the HERE (105). The persistent memory image (125) may be any form of persistent memory (e.g., an electrically erasable programmable read-only memory (EEPROM)) that stores the fire (105) in the secure storage element (115).
Continuing with the discussion of FIG. 1, in accordance with one or more embodiments of the invention, the persistent memory cache (110) is a cache of a persistent memory image (125) residing on the host device (100). The persistent memory cache (110) may reside in the host device (100) and/or on one or more persistent or non-persistent (i.e., volatile) memory devices (e.g., random access memory) operatively connected to the host device (100). In one or more embodiments of the invention, the SERE (120) is configured to send a copy of the persistent memory image (125) to the HERE (105) via a secure communication session for use as the persistent memory cache (110).
The Hosted Execution Runtime Environment (HERE) (105) may be any software capable of executing an application on the host device (100). An example of HERE (105) may include Oracle corporation's JavaTMRuntime ringJavaCard of Yun (JRE), Oracle corporationTMRuntime Environment (JCRE), Symbian operating System from Nokia, iOS from AppleTMThe Android operating system of Google corporation, and/or any operating system or runtime environment capable of executing applications.
In one or more embodiments of the invention, the HERE (105) is configured to create a persistent memory cache (110) at a predetermined time. For example, the persistent memory cache (110) may be created at boot-up of the host device (100) or when the HERE (105) executes in the host device (100). According to various embodiments of the invention, the HERE (105) may be configured to create, synchronize, and/or delete the persistent memory cache (110) at any time.
In one or more embodiments of the invention, the HERE (105) is configured to synchronize the persistent memory image (125) and the persistent memory cache (110). Synchronization may be performed to allow for the persistence of single-item atomic changes to persistent objects and commit transactions. In one or more embodiments of the invention, single atomic changes to a persistent object outside of any transaction are performed immediately to both the persistent memory image (125) and the persistent memory cache (110).
In one or more embodiments of the invention, the HERE (105) maintains one or more change logs, including changes to the persistent memory cache (110) that have not yet been applied to the persistent memory image (125). Initially, changes within the scope of an ongoing transaction may be performed on the persistent memory cache (110) and recorded in a change log. In one or more embodiments of the invention, the change log is applied to the persistent memory image (125) when the transaction commits. According to one or more embodiments of the invention, the HERE (105) may maintain a change log for each running application, each transaction, each session, and/or each update to the persistent memory cache (110). In one or more embodiments of the invention, the SERE (120) stores the change log(s) in the secure storage element (115).
In one or more embodiments of the invention, the HERE (105) is configured to bypass the caching mechanism of the host device (100) in order to maintain the persistent memory cache (110) and apply one or more methods of applying changes to the persistent memory image (125), as disclosed herein. In one or more embodiments of the invention, the HERE (105) is configured to utilize a caching mechanism of the host device (100) in order to enforce synchronization of the persistent memory cache (110) and the persistent memory image (125).
Continuing with the discussion of FIG. 1, in accordance with one or more embodiments of the present invention, the HERE (105) is configured to detect a corruption and/or out-of-sync condition of the persistent memory image (125). The corruption and/or out-of-sync condition may be due to an interruption of the HERE (105), an interruption of the ser (120), an interruption of the operating system of the host device (100), a user suddenly removing the secure storage element (115) and/or any interruption of a process or component associated with maintaining the integrity of the cache, the cache log, the session cache log, and/or the persistent memory image (125). In one or more embodiments of the invention, the HERE (105) and/or host device (100) are configured to perform a synchronization check at boot-up. As a result of the synchronization check, if a corruption and/or out-of-synchronization condition of the persistent memory image (125) is identified, the secure storage element (115) is prevented from further access until one or more predefined security verification and/or recovery procedures can be performed.
In one or more embodiments of the invention, the HERE (105) is configured to roll back transaction changes and/or change logs partially applied to the persistent memory cache (110) in response to detecting the interrupt. The HERE (100) may also be configured to recreate the persistent memory cache (110) when a corruption of the persistent memory cache (110) is detected. In one or more embodiments of the invention, the SERE (120) is configured to track synchronization operations to the persistent memory cache (110) and to verify that the last change log was correctly recorded.
In one or more embodiments of the invention, the HERE (105) is configured to retrieve the last session change log from the secure storage element (115) and apply it the next time the platform is reset. Alternatively, in accordance with one or more embodiments of the invention, the SERE (120) may directly apply the change log to the persistent memory image (125) concurrently with execution of the HERE (105).
In one or more embodiments of the invention, the HERE (105) includes one or more security features when coupled with the host device (100). Examples of security features include data encapsulation, application firewalls, cryptography, and/or any other security feature provided by the HERE (105). In one or more embodiments of the invention, in order to be considered secure (i.e., to guarantee the integrity of or support for one or more of the security features) by the HERE (105), the host device (100) must satisfy a set of compatibility criteria. Examples of compatibility standards include hardware encryption support (e.g., program and/or data memory encryption, automatic generation of encryption keys), access prevention, copy/lock protection, embedded software security (e.g., firmware/memory security, Trusted Embedded Environment (TEE) support, etc.), hardware component requirements, performance requirements (e.g., CPU, microcontroller, microprocessor reference requirements, Random Access Memory (RAM), SRAM, ROM, EPROM, EEPROM, or other memory capability requirements), memory addressing requirements, architectural design requirements (e.g., separate address and data buses), hardware/memory self-destruct capability, tamper resistance, separation of data from program memory, etc.
The compatibility criteria may also include compatibility with one or more standards defined by a standardization organization. Examples of standards include JEDEC Standard 100B.01 and JESC21-C, maintained by the JEDEC Solid State technology Association.
Continuing with the discussion of fig. 1, in accordance with one or more embodiments of the present invention, the host device (100) does not meet one or more of the compatibility standards for the HERE (105). In this way, the host device (100) may be considered insecure with respect to one or more of the above-mentioned security features. In other words, if the host device (100) is deemed insecure, one or more of the security features may be compromised or inoperable.
In one or more embodiments of the invention, the HERE (105) is configured to identify sensitive portions of an application. The sensitive portion may be any other identifiable portion of any code segment, function, procedure, library, object, and/or application (including portions of the HERE (105) itself) that is either (1) so divided or (2) matches a predefined criteria. The sensitive portions may be partitioned with a set of predefined annotations in a programming language used to author the application. For example, JavaCardTM3 Security annotations can be used to partition JavaTMThe sensitive part of the code. Java and Java Card are trademarks of Oracle corporation, located in Redwood City, Calif. The sensitive portion may be integrity sensitive, confidentiality sensitive, and/or sensitive according to any other predefined security criteria.
In one or more embodiments of the invention, the HERE (105) is configured to identify sensitive portions of the application based on predefined criteria. The predefined criteria (other than the explicit partitioning discussed above) may identify any operation type, statement, and/or any criteria for identifying a portion of code. For example, the HERE (105) may be configured to identify cryptographic computations as sensitive and delegate them to the SERE (120) for execution. In one or more embodiments of the invention, the HERE (105) includes functionality to encrypt and store sensitive portions of the application in a memory device (e.g., RAM) of the host device (100). Thus, encryption and decryption of sensitive parts may be performed as required by the application being executed.
In one or more embodiments of the invention, the HERE (105) includes functionality to produce a remote agent to allow for the enablement of sensitive portions deployed on the secure storage element (115).
In one or more embodiments of the invention, the HERE (105) is configured to calculate a check value of the HERE (105) executing on the host device (100) and to check the check value against the previously calculated check value. According to various embodiments of the invention, the check value may be stored on the host device (100) or on the secure storage element (115). If the check value is stored on the secure storage element (115), the check value may be sent over the secure communication session. In this way, the entire HERE (105) may be periodically checked.
In one or more embodiments of the invention, the HERE (105) is configured to periodically disconnect from the ser (120) and restart the host device (100) and/or restart its own execution.
In one or more embodiments of the invention, the HERE (105) includes functionality to identify portions of both the HERE-specific portion of the application and the secure element-specific (SE-specific) portion of the application. The HERE-specific and SE-specific portions may be partitioned by a developer of the application. In one or more embodiments of the invention, the HERE-specific applications include web and extended applet applications designed to be executed by the HERE (105), while the SE-specific applications include classic applets designed to be executed by the SERE (120).
In one or more embodiments of the invention, the HERE (105) includes one or more security features that are compatible with the HERE-specific portions of the executing application (e.g., portions that are compatible with one or more security features of the HERE (105)). In one or more embodiments of the invention, the HERE (105) includes functionality to encrypt, decrypt, and/or transmit the HERE-specific portion of the application to the ser (120) for storage as the original binary object. Then, during application execution, the original binary object may be passed back to the HERE (105) by the ser (120) and decrypted by the HERE (105). In one or more embodiments of the invention, the HERE (105) and SERE (120) utilize an out-of-band communication protocol to transmit the original binary object storing the encrypted HERE-specific portion.
Continuing with the discussion of fig. 1, in accordance with one or more embodiments of the present invention, the HERE (105) is configured to utilize a remote agent for an application originally designed to be executed by the secure storage element (120), the application being executed in the HERE (105). These remote agents may be used to delegate calls to the SERE (120) for security-sensitive portions stored in the secure storage element (115). In one or more embodiments of the invention, a developer may employ a remote agent to enhance the security of an application originally designed to be executed by a SERE (120) and executed by a HERE (105).
In one or more embodiments of the invention, the HERE (105) includes or is operatively connected to a Hosted Execution (HE) card manager. The HE card manager may include functionality to perform and/or facilitate communication between the HERE (105) and the secure storage element (115) and/or the ser (120). As such, the HE card manager may be configured to establish a secure communication session, process credential management, perform cryptographic calculations, and/or initiate one or more functions of the secure storage element (115) or a component thereof. In one or more embodiments of the invention, the HERE-specific application or portions of an application may delegate access (i.e., read and write) to the secure storage element (115) to the HE card manager. In one or more embodiments of the invention, the HE card manager delegates credential management to a Secure Element (SE) card manager.
In one or more embodiments of the invention, the HERE (105) is configured to restrict use of a library provided by an operating system of the host device (100) by executing an application. Thus, the HERE (105) can identify a subset of the available libraries on the host device (100) and allow the use of this approved subset in order to reduce possible vulnerabilities of the system (199).
In one or more embodiments of the invention, the HERE (105) includes functionality to establish a secure communication session with the ser (120). The secure communication session may be a secure (e.g., encrypted) connection initiated by the fire (105) or the ser (120) and capable of transmitting data between the fire (105) and the ser (120). The secure communication session may use an out-of-band communication protocol and/or any secure channel protocol supported by the HERE (105) and ser (120). For example, the Global Platform (Global Platform) SCP03 secure channel protocol may be used to establish a secure communication session. In accordance with one or more embodiments of the present invention, a secure communication session may be facilitated by an operating system of a host device (100) and/or may utilize one or more operating system calls.
Continuing with the discussion of fig. 1, according to one or more embodiments of the invention, the fire (105) is configured to restart after a failure of the secure communication session. The SERE (120) may be configured to keep track of failures and may lock the secure storage element or a portion thereof after a predefined number of failed attempts.
In one or more embodiments of the invention, the HERE (105) is configured to communicate with the ser (120) using an out-of-band communication protocol. Examples of out-of-band communication protocols may include any protocol that is different from the general mass storage interface used by the host device (100). An example of an out-of-band communication protocol is an Application Protocol Data Unit (APDU).
In one or more embodiments of the invention, in a layered architecture, the secure storage element (115) includes a SERE (120). The SERE (120) may be any process that controls access to the persistent memory image (125), where the persistent memory image (125) includes a runtime environment (i.e., an execution environment), a firmware application, a firmware data structure, an operating system, and/or any software code, application, or runtime environment capable of controlling access to the persistent memory image (125).
In one or more embodiments of the invention, a SERE (120) is a software application that, when executed by a host device (100), provides an interface for communication between one or more external applications (e.g., HERE (105)) and a persistent memory image (125). An example of SERE (120) may include Oracle corporation's JavaTMRuntime Environment (JRE), Java Card of Oracle corporationTMRuntime Environment (JRE), truelcrypt application by truelcrypt Foundation, FreeOTFE application by Sarah Dean, and any management/encryption/authentication application. In one or more embodiments of the invention, the SERE may be implemented as a secure element application that includes one or more functions of the SERE without the functionality of a runtime environment.
Continuing with the discussion of fig. 1, in accordance with one or more embodiments of the invention, the ser (120) performs encryption and/or decryption on data stored on the secure storage element (115) (or a segment thereof). The ser (120) may be configured to use any encryption method, including symmetric key (e.g., Data Encryption Standard (DES), Advanced Encryption Standard (AES), and public key encryption (e.g., RSA encryption).
In one or more embodiments of the invention, the secure storage element (115) does not include a SERE (120) in a non-layered architecture. Various other software and/or hardware security mechanisms may be utilized in the non-layered architecture according to various embodiments of the invention.
In one or more embodiments of the invention, the SERE (120) includes functionality to randomly generate a transient key as a two-party session key for a secure communication session. The two-party session key may be generated upon retrieving the HERE (105) code from the secure storage element (115) to be executed on the host device (100). Instead, in one or more embodiments of the invention, the secure storage element (115) is configured to generate a unique session key upon retrieving the HERE (105) code from the secure storage element (115) to be executed on the host device (100).
In one or more embodiments of the invention, the SERE (120) is configured to:
inserting a session key in the HERE (105) code retrieved from the secure storage element (115)
For very short time intervals, put the session key in a known location on the secure storage element (115)
For very short time intervals, the session key is retrieved in response to a request to the SERE (120)
In one or more embodiments of the invention, a time password may be used in place of the key. According to various embodiments of the present invention, the key or password can only be used once.
In one or more embodiments of the invention, the SERE (120) is configured to commit changes (e.g., change logs, single atomic changes to persistent objects) to a session change log in the secure storage element (115). The SERE (120) may then apply the session change log to the persistent memory image (125) at the next platform reset, at one or more predefined times, and/or in response to one or more events. For example, the SERE (120) may be configured to apply the session change log upon detecting that the persistent memory image (125) must undergo disk fragment reorganization. In one or more embodiments of the invention, the HERE (105) includes functionality to apply any of the above-mentioned changes directly to the secure storage element (115) without the need for the ser (120) (e.g., in a non-layered architecture).
Continuing with the discussion of fig. 1, in accordance with one or more embodiments of the present invention, the ser (120) is configured to perform one or more periodic maintenance operations on the secure storage element (115) and/or the persistent memory image (125). Examples of periodic maintenance operations include disk fragment reassembly and garbage collection. The SERE (120) may perform periodic maintenance operations as needed or at one or more predefined times. For example, maintenance operations may be performed when the platform is reset. In one or more embodiments of the invention, the HERE (105) includes functionality to perform one or more periodic maintenance operations directly on the secure memory element (115) without the need for a ser (120) (e.g., in a non-layered architecture).
In one or more embodiments of the invention, the SERE (120) is configured to create a copy of the persistent memory image (125) (or any segment thereof). The SERE (120) may then apply the session change log to a copy of the persistent memory image (125) (or, alternatively, to the original persistent memory image (125)). The SERE (120) may be configured to replace the original persistent memory image (125) with the copy after successful application of the session change log. In one or more embodiments of the invention, after applying the session change log to the copy, the session change log and the original (i.e., unaltered) persistent memory image (125) are deleted. In one or more embodiments of the invention, the HERE (105) includes functionality to create a copy of the persistent memory image in the secure storage element (115) and apply the change log directly to the secure storage element (115) without requiring the ser (120) (e.g., in a non-layered architecture).
In one or more embodiments of the invention, the change log is organized into a series of idempotent entries such that changes can be applied multiple times without losing information. In the event of an interruption while the change log is applied, this may be more efficient than deleting the entire copy of the persistent memory image (125) and restarting the process.
In one or more embodiments of the invention, rather than creating a copy of the entire persistent memory image (125), the SERE (120) is configured to create a copy of one or more changed pages in the persistent memory image (125). Thus, changes from the change log can be applied to these pages individually. In the event of an interruption while applying the change log, it is possible to reapply the change only to the affected pages, rather than to the entire persistent memory image (125).
In one or more embodiments of the invention, the SERE (120) is configured to store, in the secure storage element (115), a check value for a corresponding sensitive portion of the application. The check value may be used to perform error detection and identify sensitive parts that are damaged or compromised. The check value may be any numeric, alphanumeric, binary, or other value calculated based on a mathematical function of the sensitive portion. For example, the ser (120) may use a Cyclic Redundancy Check (CRC) to generate a check value and perform error detection.
In one or more embodiments of the invention, the SERE (120) is configured to calculate a check value for the sensitive portion and verify it against a previously recorded check value stored in the secure storage element (115). The HERE (105) may submit the sensitive portion to the SERE (120), and then the SERE (120) performs the verification. Alternatively, the HERE (105) may request the stored check value from the ser (120) in order to perform the verification. In one example, the HERE (105) executes an application and, during execution, identifies sensitive objects in the application. On the first access to an object, the HERE (105) submits the object to the SERE (120). The SERE (120) computes a first check value for the object and stores the object in a secure storage element (115). Continuing with this example, the HERE (105) identifies a second access to the sensitive object and submits the object to the SERE (120) again. The SERE (120) calculates a second check value based on the object and authenticates the object by confirming that the first check value and the second check value are equal.
Continuing with the discussion of fig. 1, in accordance with one or more embodiments of the present invention, the ser (120) is configured to store a check value in a private partition of the secure storage element (115). The private partition may be used to prevent illegal modification of the check value and/or may be further divided into portions for each application executing on the host device (100). In one or more embodiments of the invention, the HERE (105) includes all of the above-mentioned functionality of directly storing, calculating, and/or verifying the check value applied to the corresponding sensitive portion in the secure storage element (115) without requiring the ser (120) (e.g., in a non-layered architecture).
Instead, in one or more embodiments of the invention, the SERE (120) is configured to encrypt and store sensitive portions of the application on the secure storage element (115). The SERE (120) may then decrypt the sensitive portion upon a request from the HERE (105).
In one or more embodiments of the invention, the SERE (120) includes one or more security features compatible with SE-specific portions of the executing application. In one or more embodiments of the invention, the SE-specific portions (e.g., portions compatible with one or more security features of the SERE (120)) are encrypted, stored in the secure storage element (115), and/or decrypted by the SERE (120). Thus, in accordance with one or more embodiments of the invention, when executing an application, the HERE (105) may be configured to delegate SE-specific sensitive portion access and security to the SERE (120).
In one or more embodiments of the invention, the SERE (120) includes functionality to identify SE-specific portions of the application and HERE-specific portions of the application. Both the SE-specific portion and the HERE-specific portion may be partitioned by a developer of the application.
Continuing with the discussion of fig. 1, in accordance with one or more embodiments of the present invention, the ser (120) is configured to calculate a check value for the HERE (105) and to check the check value against a previously calculated check value. According to various embodiments of the invention, the check value may be stored on the host device (100) or on the secure storage element (115). In one or more embodiments of the invention, rather than transmitting and checking the complete code of the HERE (105), a portion of the code may be used to calculate the check value. According to various embodiments of the invention, this portion may be randomly determined by the HERE (105) or the ser (120). Thus, in one or more embodiments of the invention, the SERE (120) may request a portion of the HERE (105) code from the HERE (105) to verify or may request the HERE (105) to calculate a check value for the portion to verify. Accordingly, the HERE (105) may be periodically checked.
In one or more embodiments of the invention, the HERE (105) and/or the ser (120) are configured to generate a comparison of the newly calculated check value for the security-sensitive portion and/or object with the registered check value stored in the secure storage element. Based on this comparison (e.g., check values are equal), the HERE (105) and/or the ser (120) may verify the security-sensitive portion of the code to be executed. In one or more embodiments of the invention, the check value registered is updated periodically or in response to one or more predefined events.
In one or more embodiments of the invention, the SERE (120) is configured to trigger one or more security checks of the HERE (105) code. The security check may include any method of verifying the integrity of the HERE (105), including one or more of the error checking methods disclosed herein. The security check may be performed at start-up, exit-time, in time, and/or under certain conditions while interacting with the HERE (105). In one or more embodiments of the invention, the SERE (120) is configured to detect a failure of the security check and to lock the persistent memory image (125) and/or end communication with the HERE (105) in response to the failure. In one or more embodiments of the invention, the HERE (105) includes all of the functionality mentioned above to store, calculate, and/or verify the check value directly for the HERE (105) and trigger one or more security checks of the HERE (105), without requiring the ser (120) (e.g., in a non-layered architecture).
Continuing with the discussion of FIG. 1, the SERE (120) includes or is operatively coupled to a SE card manager in accordance with one or more embodiments of the present invention. The SE card manager may include functionality to perform and/or facilitate communication between the ser (120) and the secure storage element (115). Thus, as disclosed herein, an SE card manager may be configured to control access to and/or management of a secure storage element (115), in accordance with various embodiments of the present invention. In one or more embodiments of the invention, an SE-specific application or a portion of an application is delegated to an SE card manager for accessing (i.e., reading and writing) the secure storage element (115). In one or more embodiments of the invention, the SE card manager performs a secure update to the HERE (105).
In one or more embodiments of the invention, the system (199) utilizes the following, or any variation of the following chain of trust: 1) ser (120) → 2) HERE (105) → 3) security countermeasure → 4) an application executing on the host device (100). Countermeasures may include any method of ensuring the authenticity and/or integrity of sensitive portions of an application or the HERE (105), the ser (120), the persistent memory image (125), and/or the persistent memory cache (110), as disclosed herein. In the event of a conflict between any two entities identified by the trust chain, the system grants a prevailing privilege to the higher ranked entity in the chain. For example, requests from the SERE (120) are given a higher priority than conflicting requests from the HERE (105).
In one example, the SERE is a Java CardTM2 runtime environment, and HERE (105) is a Java CardTM3 is connected withAnd receiving the runtime environment. In this example, the developer divides the code of the application into two parts: (1) ". jar" file HERE-specific code and (2) ". cap" file SE-specific code. The application comprises the following components:
transit POS web application
Transit Admin Web application
Transit Turnsting extended applet application
Wallet Assist extended applet application
Wallet Classic applet application
Continuing with this example, a Transit POS web application, a Transit Admin web application, a Transit Turnsting extended applet application, and a Wallet Assist extended applet application are all deployed to the HERE (105). The Wallet Classic applet application and the required remote agent counterparts (program framework) will be deployed to the SERE (120).
Fig. 2 illustrates a flow diagram of a method for executing a Hosted Execution Runtime Environment (HERE) on a host device. The host device connects to a secure storage element having a persistent memory image of the HERE. Although the various steps in this flowchart are presented and described in a sequential order, one of ordinary skill in the art will recognize that some or all of the steps may be performed in a different order or some or all of the steps may be performed in parallel. In addition, in one or more embodiments of the invention, one or more of the steps described below may be omitted, repeated, and/or performed in a different order. Accordingly, the particular arrangement of steps shown in FIG. 2 should not be construed as limiting the scope of the invention.
At step 200, in one or more embodiments of the invention, the secure storage element is accessed via a host device. The secure storage element is operatively connected to a host device. Accessing the secure storage element may involve any method of authenticating a user of the host device to access the secure storage element. The secure storage element may be configured to obtain a password, key, and/or authorization from the user in order to provide access. Examples of authorization may include biometric authorization by a secure storage element.
In step 205, in one or more embodiments of the invention, a Secure Element Runtime Environment (SERE) residing in the secure storage element is executed. Upon connection of the secure storage element to the host device, the SERE may be executed as part of a boot or connection routine. Alternatively, a SERE may be executed in response to a user authorizing a host device and/or in response to any predefined trigger or event.
At step 210, in one or more embodiments of the invention, a Hosted Execution Runtime Environment (HERE) executes on a host device. In one or more embodiments of the invention, the HERE code is securely retrieved from the secure storage element. The HERE code may be retrieved by the ser in response to a request from the host device.
According to various embodiments of the invention, in a layered architecture, a SERE may initiate or request execution of a HERE. Alternatively, in one or more embodiments of the invention, after obtaining access to the secure storage element, the HERE may execute in response to any predefined event or trigger.
In one or more embodiments of the invention, a secure communication session is initiated between the HERE and the SERE at step 215. The secure communication session may utilize an out-of-band communication protocol or any predefined communication protocol. According to various embodiments of the invention, the secure communication session may facilitate data transfer between the HERE and ser and may provide encryption, integrity checking, and/or other security mechanisms.
In one or more embodiments of the invention, at step 220, the persistent memory image of the HERE is identified in the secure storage element. The persistent memory image may be an EEPROM image of the HERE code stored on the secure storage element or any other type of secure image. The SERE may identify and/or verify the integrity of the persistent memory image at any predefined time or in response to any predefined event. For example, a SERE may execute any number of security and/or boot routines involving identification of a persistent memory image at boot-up of a host device.
At step 225, the application is executed using the SERE. In one or more embodiments of the invention, in a layered architecture, the HERE initiates execution of an application and delegates SE-specific portions of the application to the SERE for execution. In one or more embodiments of the invention, the HERE executes application-specific portions and may utilize secure storage elements for sensitive portions of the application (in a layered or non-layered architecture). According to various embodiments of the invention, security-sensitive portions of an application may be delegated to a SERE and/or stored and retrieved from a secure storage element.
At step 230, a set of changes is applied to the persistent memory image based on execution of the application. In one or more embodiments of the invention, the set of changes is stored in a change log and applied to the persistent memory image at a predefined time or in response to a predefined event (e.g., a start/stop of the host device). In one or more embodiments of the invention, changes may be written to a session change log residing on the secure storage element and applied to the persistent memory image at some later time. For example, a transaction change log and a single atomic change may be written to the session change log immediately. Continuing with this example, the SERE then creates a copy of the persistent memory image and applies all changes to the copy. Once the session change log is successfully applied to the copy, the SERE replaces the persistent memory image with the copy.
Fig. 3 illustrates a flow diagram of a method of executing a security sensitive portion of an application by a secure element runtime environment (ser) residing on a secure storage element. Although the various steps in this flowchart are presented and described in a sequential order, one of ordinary skill in the art will recognize that some or all of the steps may be performed in a different order and some or all of the steps may be performed in parallel. In addition, in one or more embodiments of the invention, one or more of the steps described below may be omitted, repeated, and/or performed in a different order. Accordingly, the particular arrangement of steps shown in FIG. 3 should not be construed as limiting the scope of the invention.
At step 300, an application is executed by a Hosted Execution Runtime Environment (HERE) executing on a host device. The application may include one or more partitionable or identifiable security-sensitive code portions that are compatible with one or more security features of the SERE residing on the secure storage element.
At step 305, a secure communication session is initiated between the HERE and a SERE residing in a secure storage element operatively connected to the host device. In one or more embodiments of the invention, the secure communication session may be initiated by the HERE or SERE and may follow any of a variety of communication protocols.
At step 310, a security-sensitive portion of an application is identified. The security-sensitive portion may be partitioned in a programming language used to write the application and/or may be one or more predefined security-sensitive statements recognized by the HERE. The HERE can identify security-sensitive portions during application execution by scanning program instructions of the application before executing them.
The security-sensitive portion is verified by the ser against the registered check value stored in the secure storage element at step 315. In order to authenticate the security-sensitive part, the registered check value must be present in the secure storage element for the security-sensitive part. Thus, the HERE may calculate a check value for the security-sensitive portion and send the check value to the ser via the secure communication session. Upon receiving the check value, the SERE may compare the check value to the registered check value. If the two values are equal, the SERE may verify the security-sensitive portion by sending a verification message to the HERE over the secure communication session.
In one or more embodiments of the invention, a newly registered check value is calculated and stored if the registered check value is not already present in the secure storage element for the security-sensitive portion. First, the HERE may compute a new check value for the security-sensitive portion and send the check value to the ser via the secure communication session. Next, the ser may register and store the new check value in the secure storage element and send a message back to the HERE to confirm the registration. In one or more embodiments of the invention, the new check value is registered during application execution when the security-sensitive portion is exited.
In one or more embodiments of the invention, in a layered architecture, the check value may be calculated by the SERE and/or may be calculated based on a sub-portion sent to the SERE via a secure communication session in the security sensitive portion. In this manner, subsequent authentication of the security-sensitive portion and/or security-sensitive objects accessed by the security-sensitive portion may be performed against the newly registered check value.
At step 320, the security-sensitive portion is executed after the authentication. According to various embodiments of the invention, the execution of the security-sensitive portion may be performed by a SERE or a HERE. If the security-sensitive portion includes any SE-specific code, the SERE may be used to execute such code. Instead, the HERE-specific code may be executed by the HERE.
In one example, a user of a mobile device inserts a Subscriber Identity Module (SIM) card into the mobile device. Once powered on, the mobile device executes a JavaCard residing on the SIM cardTM2 runtime environment (JC2 RE). At this time, until the password is obtained from the user, the SIM card is locked and cannot be accessed from the application executing on the mobile device.
Continuing with this example, the host device then prompts the user for a password to unlock the SIM card. Once the SIM card is unlocked, JC2RE on the SIM card generates a password or a separate one-time-key value and stores it in the code (on the SIM card) of the HERE to be executed. The host device then retrieves the code of the HERE to be executed from the SIM card. In this example, after boot-up, the HERE (executing) on the host then retrieves the one-time key value (with limited time available) from its own code and uses it to negotiate a session key with JC2RE to enable a secure communication session between the HERE and JC2 RE.
Continuing with this example, the HERE requests a copy of the encrypted EEPROM image of the HERE residing in the SIM card. The encrypted EEPROM image is sent from JC2RE to the HERE executing on the mobile device via the secure communication session. The encrypted EEPROM image is cached in RAM of the mobile device and a platform reset is performed.
Continuing with this example, after the platform resets, the secure communication session is re-established and a set of applications are executed by the HERE on the host device. During application execution, decryption and encryption of the cache is performed by the HERE. The HERE also performs the following tasks:
a. it delegates calls to cryptographic API, Java Card 2 compliant objects to JC2RE
b. When entering a sensitive part (security annotated object or method), it sends that part to JC2RE for checking against the registered CRC/digest check value
c. When the sensitive part (the security annotated object or method) is exited, it sends the part to JC2RE for CRC/digest check value registration
d. When a single atomic update is performed or a transaction is committed with respect to a persistent object, it sends the corresponding change log to JC2RE
e. At a predetermined security checkpoint or upon request of JC2RE, it may send a predetermined or randomly determined portion of the HERE code or application code for error checking against the EEPROM image or check value stored on the SIM card.
Continuing with this example, the HERE sends the EEPROM mirrored cache (or a set of changes to the cache) to JC2RE via the secure communication session before exiting. JC2RE then checks all sensitive parts of the cached EEPROM image and encrypts and stores the cached EEPROM image on the SIM card (or applies changes to an existing EEPROM image). If the EEPROM image is marked as out-of-sync the next time the mobile device is started, the SIM card is blocked.
Regardless of the platform used, embodiments of the present invention may be implemented on virtually any type of mobile device. In one or more embodiments of the invention, the mobile device (400) includes any portable device that provides a user interface. Examples of mobile devices may include, but are not limited to, cellular telephones, personal digital assistants, personal communicators, pagers, smart phones, or any other computing device. For example, as shown in fig. 4, the mobile device (400) includes a processor (402), a memory (404), a storage device (406), a Subscriber Identity Module (SIM) card (408), a speaker (429), a receiver (428), a keypad (424), a sound recorder (426), a display device (420), a camera (422), and an antenna (419).
The mobile device (400) includes one or more processors (402) (such as a Central Processing Unit (CPU), integrated circuit, hardware processor, etc.), associated memory (404) (e.g., RAM, cache memory, flash memory, etc.), a storage device (406) (e.g., hard disk, optical drive such as a compact disk drive or Digital Video Disk (DVD) drive, flash memory stick, etc.), a SIM card (408), and many other elements and functionalities typical of today's mobile devices (not shown). The mobile device (400) may include input means and output means such as a keyboard (424), a receiver (428), and/or a display device (e.g., a liquid crystal display) (420) that allows a user to input and/or display keystrokes including numbers, letters, and other characters, images, or other media types. Other input devices may include a camera (422), a sound recorder (426), and/or other data recording mechanisms. Those skilled in the art will recognize that these input and output means may take other forms now known or later developed. Using embodiments of the present invention, a consumer may initiate an electronic funds transfer using a mobile device (400).
The mobile device (400) may be connected to a network (e.g., a Local Area Network (LAN), a Wide Area Network (WAN) such as the internet, or other similar type of network) via an antenna (419) or other network interface connection (not shown). In one or more embodiments of the invention, the network connection may be facilitated through a wireless infrastructure (not shown), including one or more transceivers cooperating to facilitate wireless communication to the wireless devices. The wireless infrastructure may include one or more routers, switches, microwave links, base stations, optical fibers, or other similar networking hardware or software components. For example, the wireless infrastructure may be a paging network, a cellular network, and the like. In one or more embodiments of the invention, the wireless infrastructure may associate any message received from the mobile device (400) with the mobile device identifier of the mobile device (400).
In one or more embodiments of the invention, the network connection may be facilitated by a hardwired or other similar connection. For example, the network connection may involve a hardwired connection or a short-range wireless connection technology with another mobile device, a printing mechanism, a scanner, or a recording system.
Regardless of the platform used, embodiments of the invention may be implemented on virtually any type of computer. For example, as shown in fig. 5, a computer system (500) includes one or more processors (502) (such as a Central Processing Unit (CPU), integrated circuit, hardware processor, etc.), associated memory (504) (e.g., RAM, cache memory, flash memory, etc.), storage devices (506) (e.g., a hard disk, an optical drive such as a compact disk drive or Digital Video Disk (DVD) drive, a flash memory stick, etc.), and many other elements and functionality typical of today's computers (not shown). The computer system (500) may also include an input device such as a keyboard (508), a mouse (510), or a microphone (not shown). In addition, the computer system (500) may include an output device, such as a monitor (512) (e.g., a Liquid Crystal Display (LCD), plasma display, or Cathode Ray Tube (CRT) monitor). The computer system (500) may be connected to a network (514) (e.g., a Local Area Network (LAN), a Wide Area Network (WAN) such as the internet, or any other type of network) via a network interface connection (not shown). Those skilled in the art will appreciate that many different types of computer systems exist, and that the above-mentioned input and output means may take other forms. In general, the computer system (500) includes at least the minimal processing, input, and/or output means necessary to practice embodiments of the present invention.
Additionally, in one or more embodiments of the invention, one or more elements of the above-mentioned computer system (500) may be located at a remote location and connected to the other elements via a network. Additionally, embodiments of the invention may be implemented on a distributed system having multiple nodes, where each portion of the invention (e.g., the secure storage element (115), host device (100), hosted execution runtime environment (105), persistent memory image (125), etc. of FIG. 1 discussed above) may be located on a different node in the distributed system. In one embodiment of the invention, the node corresponds to a computer system. Alternatively, a node may correspond to a processor with associated physical memory. Alternatively, a node may correspond to a processor or a microkernel of a processor having shared memory and/or resources. Additionally, software instructions in the form of computer-readable program code to perform embodiments of the invention may be stored temporarily or permanently on a non-transitory computer-readable storage medium, such as a Compact Disc (CD), a diskette, a tape, a memory, or any other tangible computer-readable storage device.
One or more embodiments of the invention may have one or more of the following advantages. By executing the hosted execution runtime environment on a non-secure host device connected to the secure storage element, it is possible to take advantage of one or more security features of the secure storage element or the SERE residing in the secure storage element. Thus, a greater degree of host device choice is available to designers, with additional security provided by the secure storage element.
Further, by executing the security-sensitive portion of the host application with a SERE residing on the secure storage element, one or more SE-specific security features may be utilized. Thus, the processing power of the unsecure host device may be used without compromising one or more SE-specific security features of the SERE.
Further, by maintaining changes to the persistent memory cache in the session change log and applying the changes to the persistent memory image at a predefined time (e.g., when the platform is reset), the system may reduce the likelihood that an interrupt will occur and corrupt the persistent memory image during application of the changes.
Furthermore, logging transaction change logs and single item atomic changes in the session change log, rather than applying them immediately, may reduce the number of accesses to the persistent memory image and may improve performance.
While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this disclosure, will appreciate that other embodiments can be devised which do not depart from the scope of the invention as disclosed herein. Accordingly, the scope of the invention should be limited only by the attached claims.

Claims (26)

1. A method for securely executing an application on a host device, comprising:
accessing, by the host device, a smart card comprising a secure storage element;
executing, by a computer processor of the host device, a hosted execution runtime environment HERE on the host device;
executing, by the smart card, a Secure Element Runtime Environment (SERE) residing in the secure storage element;
initiating a secure communication session between the HERE and the SERE;
identifying a persistent memory image in a secure storage element that includes a HERE for the application;
verifying that the HERE is secure using the persistent memory image;
executing, by a computer processor, an application within a HERE after verifying that the HERE is secure; and
applying, by the SERE, a first plurality of changes to the persistent memory image based on execution of the application.
2. The method of claim 1, further comprising:
obtaining, by the HERE and via the secure communication session, a persistent memory image from the secure storage element; and
a cache of a persistent memory image is created in a host device prior to execution of an application, wherein a first plurality of changes are made to the cache during execution of the application.
3. The method of claim 2, wherein applying the first plurality of changes to the persistent memory image comprises:
maintaining a change log corresponding to the cache;
storing a first plurality of changes to the cache in a change log during execution of an application;
sending the change log to the SERE via the secure communication session and after executing the application; and
the first plurality of changes is applied to the persistent memory image by the SERE.
4. The method of claim 2 or 3, further comprising:
re-executing the application after applying the first plurality of changes to the persistent memory image;
while re-executing the application, storing a second plurality of changes to the cache in a session change log residing in the secure storage element, wherein the second plurality of changes are stored as a series of idempotent entries in the session change log;
creating a copy of a persistent memory image in a secure storage element;
initiating a process of applying the second plurality of changes to the copy of the persistent memory image;
detecting an interruption of the process; and
in response to detecting the interrupt, the second plurality of changes is reapplied to the copy of the persistent memory image.
5. The method of claim 2 or 3, further comprising:
re-executing the application after applying the first plurality of changes to the persistent memory image;
storing a second plurality of changes to the cache in a session change log residing in the secure storage element while the application is re-executed;
creating copies of a plurality of pages of a persistent memory image in a secure storage element;
applying a second plurality of changes to the copies of the plurality of pages; and
after applying the second plurality of changes, deleting the session change log and the copy of the plurality of pages.
6. The method of claim 1, wherein executing the application further comprises:
identifying a security-sensitive portion of an application;
calculating a check value for the security-sensitive portion;
generating a comparison of the check value with a registered check value stored in the secure storage element, wherein the check value is equal to the registered check value;
verifying, by the SERE, the security-sensitive portion based on the comparison; and
the security-sensitive portion is executed after the security-sensitive portion is verified.
7. The method of claim 6, wherein the security-sensitive portion comprises a cryptographic calculation.
8. The method of claim 1, further comprising:
a portion of the persistent memory image is specified for the application, wherein the first plurality of changes applies to the specified portion.
9. The method of claim 1, wherein the first plurality of changes comprises a single atomic change to a persistent object, and wherein the first plurality of changes are stored in a session change log residing in the secure storage element.
10. The method of claim 1, wherein accessing a secure storage element comprises:
obtaining security credentials from a user of a host device; and
the user is authenticated based on the security credentials.
11. A system for executing an application, comprising:
a host device comprising a computer processor;
a smart card comprising a secure storage element and operatively connected to a host device, wherein the secure storage element is configured to authenticate a user of the host device to access the secure storage element; and
a hosted execution runtime environment HERE executing on a computer processor and configured to:
initiating a secure communication session between the HERE and a secure element runtime environment SERE residing in the secure storage element;
identifying a persistent memory image in a secure storage element that includes a HERE for the application; and
executing an application, wherein the SERE is further configured to apply a first plurality of changes to the persistent memory image.
12. The system of claim 11, wherein the HERE is further configured to:
obtaining a persistent memory image from a secure storage element via a secure communication session; and
a cache of a persistent memory image is created in a host device prior to execution of an application, wherein a first plurality of changes are made to the cache during execution of the application.
13. The system of claim 12, wherein the HERE is further configured to:
maintaining a change log corresponding to the cache;
storing a first plurality of changes to the cache in a change log during execution of the application; and
the change log is sent to the SERE via the secure communication session and after executing the application, wherein the first plurality of changes are applied to the persistent memory image by the SERE.
14. The system of claim 12 or 13, wherein the HERE is further configured to re-execute the application, and wherein the ser is further configured to:
storing a second plurality of changes to the cache in a session change log residing in the secure storage element while the application is re-executed;
creating a copy of a persistent memory image in a secure storage element;
initiating a process of applying the second plurality of changes to the copy of the persistent memory image;
detecting an interruption of the process; and
in response to detecting the interrupt, the copy of the persistent memory image is deleted.
15. The system of claim 12 or 13, wherein the HERE is further configured to re-execute the application, and wherein the ser is further configured to:
while re-executing the application, storing a second plurality of changes to the cache in a session change log residing in the secure storage element,
creating a copy of a persistent memory image in a secure storage element;
applying the second plurality of changes to the copy of the persistent storage image; and
after applying the second plurality of changes to the copy of the persistent memory image, the session change log and the copy of the persistent memory image are deleted.
16. The system of claim 11, wherein executing the application further comprises:
identifying a security-sensitive portion of an application;
calculating a check value for the security-sensitive portion;
generating a comparison of the check value with a registered check value stored in the secure storage element, wherein the check value is equal to the registered check value;
verifying, by the SERE, the security-sensitive portion based on the comparison; and
the security-sensitive portion is executed after the security-sensitive portion is verified.
17. A system for securely executing an application on a host device, comprising:
means for accessing, by the host device, a smart card comprising a secure storage element;
means for executing, by a computer processor of the host device, a hosted execution runtime environment HERE on the host device;
means for executing, by the smart card, a secure element runtime environment SERE residing in the secure storage element;
means for initiating a secure communication session between the HERE and the SERE;
means for identifying a persistent memory image in a secure storage element that includes a HERE for the application;
means for verifying that the HERE is secure using the persistent memory image;
means for executing, by a computer processor, an application within a HERE after verifying that the HERE is secure; and
means for applying, by the SERE, a first plurality of changes to a persistent memory image based on execution of an application.
18. The system of claim 17, further comprising:
means for obtaining, by the HERE and via the secure communication session, the persistent memory image from the secure storage element; and
means for creating a cache of a persistent memory image in a host device prior to execution of an application, wherein a first plurality of changes are made to the cache during execution of the application.
19. The system of claim 18, wherein the means for applying the first plurality of changes to the persistent memory image comprises:
means for maintaining a change log corresponding to the cache;
means for storing a first plurality of changes to the cache in a change log during execution of an application;
means for sending the change log to the SERE via the secure communication session and after executing the application; and
means for applying, by the SERE, the first plurality of changes to the persistent memory image.
20. The system of claim 18 or 19, further comprising:
means for re-executing the application after applying the first plurality of changes to the persistent memory image;
means for storing a second plurality of changes to the cache in a session change log residing in the secure storage element while re-executing the application, wherein the second plurality of changes are stored as a series of idempotent entries in the session change log;
means for creating a copy of a persistent memory image in a secure storage element;
means for initiating a process of applying the second plurality of changes to the copy of the persistent memory image;
means for detecting an interruption of the process; and
means for reapplying the second plurality of changes to the copy of the persistent memory image in response to detecting the interrupt.
21. The system of claim 18 or 19, further comprising:
means for re-executing the application after applying the first plurality of changes to the persistent memory image;
means for storing the second plurality of changes to the cache in a session change log residing in the secure storage element while the application is re-executed,
means for creating a copy of a plurality of pages of a persistent memory image in a secure storage element;
means for applying a second plurality of changes to the copies of the plurality of pages; and
means for deleting the session change log and the copy of the plurality of pages after applying the second plurality of changes.
22. The system of claim 17, wherein the means for executing the application further comprises:
means for identifying a security-sensitive portion of an application;
means for calculating a check value for the security-sensitive portion;
means for generating a comparison of the check value with a registered check value stored in the secure storage element, wherein the check value is equal to the registered check value;
means for verifying, by the SERE, the security-sensitive portion based on the comparison; and
means for executing the security-sensitive portion after the security-sensitive portion is verified.
23. The system of claim 22, wherein the security-sensitive portion comprises a cryptographic calculation.
24. The system of claim 17, further comprising:
means for specifying a portion of the persistent memory image for the application, wherein the first plurality of changes are applied to the specified portion.
25. The system of claim 17, wherein the first plurality of changes comprises a single atomic change to the persistent object, and wherein the first plurality of changes are stored in a session change log residing in the secure storage element.
26. The system of claim 17, wherein the means for accessing the secure storage element comprises:
means for obtaining security credentials from a user of a host device; and
means for authenticating a user based on a security credential.
HK14105326.8A 2011-06-30 2012-06-20 A secure hosted execution architecture HK1192037B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US13/174,508 2011-06-30

Publications (2)

Publication Number Publication Date
HK1192037A HK1192037A (en) 2014-08-08
HK1192037B true HK1192037B (en) 2018-01-19

Family

ID=

Similar Documents

Publication Publication Date Title
US8543841B2 (en) Secure hosted execution architecture
US7725703B2 (en) Systems and methods for securely booting a computer with a trusted processing module
US9916452B2 (en) Self-contained cryptographic boot policy validation
KR101476948B1 (en) System and method for tamper-resistant booting
US8751813B2 (en) Cross validation of data using multiple subsystems
CN102270288B (en) Method for performing trusted boot on operation system based on reverse integrity verification
US9569602B2 (en) Mechanism for enforcing user-specific and device-specific security constraints in an isolated execution environment on a device
KR20060108710A (en) Reliable mobile platform structure
WO2020192406A1 (en) Method and apparatus for data storage and verification
CN112148314B (en) Mirror image verification method, device and equipment of embedded system and storage medium
CN118051919B (en) Data processing method, chip, electronic device and storage medium
CN115935335B (en) Firmware starting method, chip and computing device
KR102102179B1 (en) Embedded system, authentication system comprising the same, method of authenticating the system
HK1192037B (en) A secure hosted execution architecture
HK1192037A (en) A secure hosted execution architecture
CN116089967B (en) Data rollback prevention methods and electronic devices