METHODS, APPARATUS, AND SYSTEMS FOR SECURING SIM (SUBSCRIBER IDENTITY MODULE) PERSONALIZATION AND OTHER DATA ON A FIRST PROCESSOR AND SECURE COMMUNICATION OF THE SIM DATA TO A SECOND PROCESSOR

摘要

An electronic circuit 120 includes a more-secure processor (600) having hardware based security (138) for storing data. A less-secure processor (200) eventually utilizes the data. By a data transfer request-response arrangement (2010, 2050, 2070, 2090) between the more-secure processor (600) and the less-secure processor (200), the more-secure processor (600) confers greater security of the data on the less-secure processor (200). A manufacturing process makes a handheld device (110) having a storage space (222), a less-secure processor (200) for executing modem software and a more-secure processor (600) having a protected application (2090) and a secure storage (2210). A manufacturing process involves generating a per-device private key and public key pair, storing the private key in a secure storage (2210) where it can be accessed by the protected application (2090), combining the public key with the modem software to produce a combined software, signing the combined software; and storing the signed combined software into the storage space (222). Other processes of manufacture, processes of operation, circuits, devices, wireless and wireline communications products, wireless handsets and systems are disclosed and claimed.

主权项

1. A process of operating a mobile device that includes a modem processor and an application processor, the application processor storing sensitive data using hardware based security, comprising:
A. validating the sensitive data on the application processor with protected applications. B. sending a request for sensitive data from the modem processor to the application processor; C. receiving the request in the application processor; D. passing the request to a driver in the application processor; E. passing the request from the driver to a protected application in the application processor; F. validating the sensitive data in the protected application; G. sending the validated sensitive data through the driver, and the service routine to the modem processor.