公开(公告)号：US20160314082A1

公开(公告)日：2016-10-27

申请号：US15200909

申请日：2016-07-01

Applicant: Samsung Electronics Co., Ltd.

Inventor： Tymur KORKISHKO ,  Kyunghee LEE ,  Sergiy POMETUN ,  Sergey BELOUSOV ,  Vasyl SHUTOVSKYI ,  Vitaliy VASYLSKYY ,  Andrey ANDROSOV ,  Kateryna DOVGAN

IPC: G06F12/14 ,  G06F21/44

CPC classification number: G06F12/1408 ,  G06F21/44 ,  G06F2212/1052 ,  H04L63/0428 ,  H04L63/123

Abstract: A method and apparatus of access control in an electronic apparatus implementing the method are provided. The method of operating an electronic apparatus includes detecting an access request to a resource from an application included in a first area of a memory by a processor of the electronic apparatus, in response to the access request, executing an access control module included in a second area of the memory to calculate a hash value of the application by the processor, determining whether a record exists in the memory, the record corresponding to the hash value and identification information of the application, by executing the access control module by the processor, and allowing access to the resource by the processor when the record exists in the memory.

Abstract translation: 提供了一种实现该方法的电子设备中的访问控制的方法和装置。 操作电子设备的方法包括响应于该访问请求，检测来自电子设备的处理器的包括在存储器的第一区域中的应用对资源的访问请求，执行包括在第二个中的访问控制模块 存储器的区域，通过由处理器执行访问控制模块来计算处理器的应用程序的哈希值，确定存储器中是否存在记录，对应于哈希值的记录和应用的识别信息，以及 当记录存在于存储器中时允许处理器访问资源。

公开(公告)号：US20140281501A1

公开(公告)日：2014-09-18

申请号：US14205842

申请日：2014-03-12

Applicant: SAMSUNG ELECTRONICS CO., LTD.

Inventor： Tymur KORKISHKO ,  Kyunghee LEE ,  Sergey POMETUN ,  Sergiy BELOUSOV ,  Vasyl SHUTOVSKYI ,  Vitaliy VASILSKIY ,  Andrey ANDROSOV ,  Kateryna DOVGAN

IPC: H04L29/06

CPC classification number: G06F12/1408 ,  G06F21/44 ,  G06F2212/1052 ,  H04L63/0428 ,  H04L63/123

Abstract: A method and apparatus of access control in an electronic apparatus implementing the method are provided. The method of operating an electronic apparatus includes detecting an access request to a resource from an application included in a first area of a memory by a processor of the electronic apparatus, in response to the access request, executing an access control module included in a second area of the memory to calculate a hash value of the application by the processor, determining whether a record exists in the memory, the record corresponding to the hash value and identification information of the application, by executing the access control module by the processor, and allowing access to the resource by the processor when the record exists in the memory.

Abstract translation: 提供了一种实现该方法的电子设备中的访问控制的方法和装置。 操作电子设备的方法包括响应于该访问请求，检测来自电子设备的处理器的包括在存储器的第一区域中的应用对资源的访问请求，执行包括在第二个中的访问控制模块 存储器的区域，通过由处理器执行访问控制模块来计算处理器的应用程序的哈希值，确定存储器中是否存在记录，对应于哈希值的记录和应用的识别信息，以及 当记录存在于存储器中时允许处理器访问资源。

公开(公告)号：US20160277369A1

公开(公告)日：2016-09-22

申请号：US15068758

申请日：2016-03-14

Applicant: Samsung Electronics Co., Ltd.

Inventor： Kyunghee LEE ,  Tymur KORKISHKO ,  Jeongho PARK ,  Ignat KORCHAGIN

IPC: H04L29/06 ,  H04L9/30 ,  H04W76/02 ,  H04L9/14

CPC classification number: H04L9/30 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/126 ,  H04W76/10

Abstract: A method and an electronic device are disclosed herein. The electronic device includes a communication unit, a storage unit and at least one processor, which executes the method, including detecting a request for establishing a call session, generating a new security key from a preset security key, renewing the preset security key by setting the generated new security key as a current preset security key, and establishing the call session based on the generated new security key.

Abstract translation: 本文公开了一种方法和电子设备。 电子设备包括执行该方法的通信单元，存储单元和至少一个处理器，包括检测建立呼叫会话的请求，从预设的安全密钥生成新的安全密钥，通过设置更新预设的安全密钥 生成的新安全密钥作为当前预设的安全密钥，并且基于生成的新的安全密钥建立呼叫会话。

公开(公告)号：US20160112454A1

公开(公告)日：2016-04-21

申请号：US14887655

申请日：2015-10-20

Applicant: Samsung Electronics Co., Ltd.

Inventor： Kyunghee LEE ,  Ignat KORCHAGIN ,  Tymur KORKISHKO ,  Siejoon CHO

IPC: H04L29/06 ,  G06F21/60

CPC classification number: H04L63/20 ,  G06F21/606 ,  H04L63/16

Abstract: Disclosed herein is an electronic device and method for data communication. The electronic device includes a communication unit for communicating with a counterpart device through a communication network, and at least one processor, which may execute the method, including negotiating via the communication unit with the counterpart device for a security layer to perform security processing of data, determining at least one layer as the security layer based on a result of the negotiation outcome, and communicating with the counterpart device using the security layer.

Abstract translation: 本文公开了一种用于数据通信的电子设备和方法。 电子设备包括用于通过通信网络与对方设备进行通信的通信单元以及可执行该方法的至少一个处理器，包括经由通信单元与用于安全层的对方设备进行协商以执行数据的安全处理 基于协商结果的结果确定至少一层作为安全层，并使用安全层与对方设备通信。

公开(公告)号：US20150121516A1

公开(公告)日：2015-04-30

申请号：US14526859

申请日：2014-10-29

Applicant: Samsung Electronics Co., Ltd.

Inventor： Tymur KORKISHKO ,  Kyung-Hee LEE

IPC: G06F21/31

CPC classification number: G06F21/31 ,  G06F2221/2105

Abstract: Disclosed herein are a method and electronic device for enhancing security authentication. An execution mode may be changed from a non-trusted execution mode to a trusted execution mode. At least one input may be authenticated while in the non-trusted execution mode.

Abstract translation: 这里公开了一种用于增强安全认证的方法和电子设备。 可以将执行模式从不可信执行模式改变为可信执行模式。 在非信任执行模式下，至少可以对一个输入进行认证。

公开(公告)号：US20140283006A1

公开(公告)日：2014-09-18

申请号：US14209017

申请日：2014-03-13

Applicant: Samsung Electronics Co., Ltd.

Inventor： Tymur KORKISHKO ,  Kyunghee LEE ,  Andrii Lukin ,  Sergii KOVBA ,  Anton GROPIANOV ,  Sergey BELOUSOV

IPC: G06F21/44 ,  G06F12/14

CPC classification number: G06F21/44 ,  G06F21/53

Abstract: A method for operating an electronic device is provided. The method includes executing, by a processor of the electronic device operable in a first mode (e.g. a trusted execution environment (TEE)) or a second mode (e.g. a non-trusted execution environment (NTEE)), wherein the first mode is more secure than the second mode; receiving, by the processor operating in the first mode, data or information related to a first software program stored in a first memory region; and authenticating, by the processor operating in the first mode, at least a portion of the data or information using a second software program stored in a second memory region.

Abstract translation: 提供一种操作电子设备的方法。 该方法包括由第一模式（例如，可信执行环境（TEE））或第二模式（例如非可信执行环境（NTEE））可操作的电子设备的处理器执行其中第一模式更多 比第二模式安全; 通过在第一模式下操作的处理器接收与存储在第一存储器区域中的第一软件程序相关的数据或信息; 以及通过在第一模式中操作的处理器，使用存储在第二存储器区域中的第二软件程序来认证所述数据或信息的至少一部分。

公开(公告)号：US20150121474A1

公开(公告)日：2015-04-30

申请号：US14529831

申请日：2014-10-31

Applicant: Samsung Electronics Co., Ltd.

Inventor： Tymur KORKISHKO ,  Kyung-Hee LEE ,  Anton GROPYANOV ,  Sergii KOVBA ,  Sergiy BELOUSOV

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  H04L63/0861 ,  H04L63/105 ,  H04W12/06

Abstract: Disclosed herein are a method and electronic device for enhancing the security of sensitive operations. Control is switched from a first driving area to a second driving area of at least one processor. Security authentication is performed by the second driving area and a result of the authentication is output.

Abstract translation: 本文公开了一种用于增强敏感操作的安全性的方法和电子设备。 控制从至少一个处理器的第一驱动区切换到第二驱动区。 由第二驱动区域执行安全认证，并输出认证结果。

公开(公告)号：US20150046712A1

公开(公告)日：2015-02-12

申请号：US14455268

申请日：2014-08-08

Applicant: Samsung Electronics Co., Ltd.

Inventor： Tymur KORKISHKO ,  Kyunghee Lee

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3234 ,  G06F21/53 ,  G06F21/606 ,  H04L9/0869 ,  H04L63/067 ,  H04L63/0876

Abstract: A method of operating data security and an electronic device supporting the same are provided. The method includes executing a general Application (App) based on a non-trusted execution module; executing a first trusted App related to the execution of the general App based on a trusted execution module; generating a message by encrypting data generated in the first trusted App; transmitting the encrypted message to the general App; and transmitting the encrypted message to a second trusted App related to the execution of the general App and executed based on the trusted execution module.

Abstract translation: 提供了一种操作数据安全性的方法和支持其的电子设备。 该方法包括：基于不可信执行模块执行通用应用（App）; 基于可信执行模块执行与所述一般应用程序的执行相关的第一可信应用程序; 通过加密在第一个可信应用程序中生成的数据来生成消息; 将加密的消息发送到普通应用程序; 以及将所述加密的消息发送到与所述一般App的执行相关的第二可信应用，并且基于所述可信执行模块执行。