公开(公告)号：EP2545484A2

公开(公告)日：2013-01-16

申请号：EP11707636.4

申请日：2011-03-01

申请人： ST-Ericsson SA

发明人： SIBERT, Hervé ,  STÅHL, Per

IPC分类号： G06F21/00

CPC分类号： G06F21/575

摘要： A composite customer ID (CCID) is stored in the OTP memory of integrated circuit chipsets used by a number of different customers. The CCID includes individual customer IDs (CIDs) at defined index positions, each corresponding to a different customer. Each chipset allows or disallows software booting, based reading a certificate index value from a given customer's certificate, reading an OTP CID from OTP, as pointed to the by certificate index value, and evaluating the OTP CID with a certificate CID read from the certificate. Thus, while CCID carries information for a plurality of customers, each customer's certificate points only to that customer's OTP CID, which can be changed to revoke that customer's certificate without revoking the other customers' certificates. The CCID also may include a version number, where the chipsets allow or disallow software booting based on evaluating the certificate version number in view of the CCID version number.

摘要翻译： 复合客户ID（CCID）存储在许多不同客户使用的集成电路芯片组的OTP存储器中。 CCID包括在定义的索引位置处的每个客户ID（CID），每个客户ID对应于不同的客户。 每个芯片组允许或不允许软件引导，基于从给定客户的证书读取证书索引值，从OTP读取OTP CID，如通过证书索引值指示的，以及使用从证书读取的证书CID来评估OTP CID。 因此，当CCID携带多个客户的信息时，每个客户的证书仅指示该客户的OTP CID，其可以被改变以撤消该客户的证书，而不取消其他客户的证书。 CCID还可以包括版本号，其中基于CCID版本号，基于评估证书版本号，芯片组允许或不允许软件启动。

公开(公告)号：EP2901362A1

公开(公告)日：2015-08-05

申请号：EP13759759.7

申请日：2013-09-11

申请人： ST-Ericsson SA

发明人： STÅHL, Per ,  ENGLUND, Håkan ,  HOVANG, Martin ,  SIBERT, Hervé

IPC分类号： G06F21/72 ,  G06F21/74

CPC分类号： G06F21/725 ,  G06F1/14 ,  G06F21/74

摘要： An exemplary method of maintaining secure time in a computing device is disclosed in which one or more processors implements a Rich Execution Environment (REE), and a separate Trusted Execution Environment (TEE). The TEE maintains a real-time clock (RTC) that provides a RTC time to the REE. A RTC offset is stored in non-volatile memory, with the RTC offset indicating a difference between the RTC time and a protected reference (PR) time. Responsive to a request from the REE to read the RTC time, a current RTC time is returned to the REE. Responsive to a request from the REE to adjust the RTC time, the RTC time and the corresponding RTC offset are adjusted by a same amount, such that the PR time is not altered by the RTC adjustment. An exemplary computing device operable to implement the method is also disclosed.

摘要翻译： 公开了一种在计算设备中维护安全时间的示例性方法，其中一个或多个处理器实现富执行环境（REE）和单独的可信执行环境（TEE）。 TEE维护一个实时时钟（RTC），为REE提供RTC时间。 RTC偏移存储在非易失性存储器中，RTC偏移指示RTC时间和受保护参考（PR）时间之间的差异。 响应REE阅读RTC时间的请求，当前的RTC时间返回给REE。 响应于REE调整RTC时间的请求，RTC时间和相应的RTC偏移量调整相同的量，使得PR时间不被RTC调整改变。 还公开了可操作以实现该方法的示例性计算设备。

公开(公告)号：EP2780860A1

公开(公告)日：2014-09-24

申请号：EP12787665.4

申请日：2012-10-26

申请人： ST-Ericsson SA

发明人： SIBERT, Hervé ,  ANQUET, Nicolas

IPC分类号： G06F21/82

CPC分类号： G06F21/60 ,  G06F21/74 ,  G06F21/83 ,  G06F2221/2123

摘要： It is proposed a method for managing public and private data input at a device, the device comprising: - a data-input peripheral; - an open environment, - a secure environment, - a controller connected to the data-input peripheral, and the method comprises the steps of: - receiving at the controller data input at the data-input peripheral, - determining at the controller whether received data comprises private data, - if received data comprises private data, causing the controller to provide the secured environment with a secured access to the private data, the controller causing the secure environment to access the private data by sending operative data to the secure environment via the open environment. This method enables to send both operative and public data to the open environment with a minimum risk from the security point of view.

公开(公告)号：EP2294529B1

公开(公告)日：2012-01-04

申请号：EP09769151.3

申请日：2009-06-16

申请人： ST-Ericsson SA

发明人： SIBERT, Hervé

IPC分类号： G06F21/00

CPC分类号： G06F21/572 ,  G06F8/65

摘要： An electronic device is provided which comprises a memory driver unit (FD) for reading partition headers including encrypted version numbers (X1, X2) from a memory and for writing updated encrypted version numbers (X´1, X´2) to the memory. The electronic device furthermore comprises an update agent unit (UA) for controlling a software of firmware update of the electronic device as well as a one-time programmable memory (OTP) for storing a first value and an encrypt-decrypt unit (EDU) for decrypting the partition headers stored in the memory based on the first value stored in the one-time programmable memory in order to retrieve version numbers of the partition headers. The update agent (UA) is adapted to compare the retrieved version numbers with a version number from a software or firmware update in order to determine whether the version number of the software or firmware update is larger than the retrieved version numbers. The first value is incremented and stored in the one-time programmable memory (OTP) if an update is performed. The encrypt-decrypt unit (EDU) is adapted to encrypt the version numbers of the software or firmware update based on the new first value. The memory driver unit (FD) is adapted to write a new partition header with the updated encrypted version numbers into the memory.