WO2012113545A2 - Verfahren zum datenaustausch in einer gesicherten laufzeitumgebung - Google Patents
Verfahren zum datenaustausch in einer gesicherten laufzeitumgebung Download PDFInfo
- Publication number
- WO2012113545A2 WO2012113545A2 PCT/EP2012/000763 EP2012000763W WO2012113545A2 WO 2012113545 A2 WO2012113545 A2 WO 2012113545A2 EP 2012000763 W EP2012000763 W EP 2012000763W WO 2012113545 A2 WO2012113545 A2 WO 2012113545A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- secure
- environment
- swd
- runtime environment
- task
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
Definitions
- the invention relates to a method for data exchange between a secure running time environment in which a number of secure applications can be executed, and an insecure environment of a microprocessor unit, in particular in a mobile terminal.
- Secured run time environments are well known in the art and enable anti-attack execution of programs with a microprocessor unit.
- Under microprocessor unit is to be understood as the entirety of the hardware used for program execution, in particular the actual microprocessor and corresponding volatile and non-volatile memory, which are used in the program execution for filing data.
- the transmission of application data and control data via different buffers allows for strict process isolation that allows secure reloading of binary code. Furthermore, a faster data exchange of applications of the unsafe environment with processes in the secure runtime environment is made possible. It is preferred if the control data of different types are transmitted via different buffers. Likewise, it is preferable if the control data relating to the switching between the secure runtime environment and the insecure environment is transmitted via its own, secure buffer. The control data can be used to switch between a secure runtime environment and an insecure environment.
- the transmission of the application data and of the control data and optionally of the control data is based on an ARM monitor code which is implemented in a monitor unit which has interfaces to the secure runtime environment and the unsafe environment. It is further preferred if the transmission of the application data and the control data takes place between the secure runtime environment and a driver of the unsafe environment.
- a scheduler implemented in the insecure environment, particularly in an interface of the driver for the control data determines which of the secure applications will be executed in the secure runtime environment.
- the data exchange takes place using a memory area of a memory which can be read and / or written by the secure runtime environment and the insecure environment.
- the memory area is preferably initialized by a control message.
- the runtime environment saved via control messages is notified of data intended for this in the memory area.
- the control data are preferably provided with a unique session identifier (session ID), by means of which the secure runtime environment can assign the control message to one of the applications executed in the secure runtime environment.
- each process running in the secure runtime environment is assigned a defined computing time that can not be exceeded. For safety reasons, this must not be exceeded. This allows strict process isolation to be achieved.
- the process running in the secure runtime environment has the following thread structure: Identifier (ID) of the thread; current state of the thread; local Exception handler the thread; Priority of the thread.
- a respective process has the following task structure: Current state of the task; Task identifier of the generator task; external exception handler of the task; Computing time quota of the task; Number of threads that the task can enable or provide; Priority and rights of the task. Due to the thread and / or task structures described, no large amounts of data need to be copied during a context switch. This allows fast context switching times to be achieved.
- the invention further provides a microprocessor unit with a secure runtime environment and an unsafe environment, which is designed such that the data exchange between the secure runtime environment and the unsafe environment, the transfer of application data and control data via different buffers.
- the concept of the microprocessor unit is again to be understood broadly and includes all hardware components necessary for the execution of the data exchange, eg a portable data carrier and in particular a chip card.
- the invention further relates to a mobile terminal, in particular a mobile phone, which includes a corresponding microprocessor unit.
- FIG. 1 is a schematic representation of the method according to the invention
- 2 shows a schematic representation of the components of a microprocessor unit necessary for realizing the method according to the invention
- FIG. 3 shows a schematic representation with reference to which the mode of operation of the method according to the invention is explained
- Fig. 4 is a schematic representation of an application example of the method according to the invention.
- FIG. 1 is embodied in the form of a so-called ARM trust zone.
- the ARM trust zone represents a known technology with which a protected area is generated in a microprocessor unit, which is used as a secure runtime environment SWd for carrying out applications called trustlets.
- the secure runtime environment is referred to as "Secure World", the unsafe environment as "Normal World”.
- the ARM trust zone is implemented in a hardware platform, the so-called trust zone hardware, of a mobile terminal, for example a mobile telephone.
- the runtime environment represents a software layer between the application and the operating system layer of the microprocessor unit.
- Fig. 1 shows schematically such a microprocessor unit with a secure runtime environment SWd with a communication unit MCCM, which is designed as a so-called. MobiCore communication module.
- the communication unit MCCM uses the operating system MC (MobiCore) of the secured runtime environment SWd. Also shown is the non-secure environment NWd with a driver MCD, which is designed as a so-called. MobiCore driver.
- the operating system is Rieh OS. Secured run time environment SWd and insecure environment NWd are realized in a so-called trust zone hardware TZH.
- a monitor unit M is provided for the data exchange between the secured runtime environment SWd and the insecure environment NWd.
- the transmission of application data AD, control data MCP (MobiCore Control Protocol data), control data NQ (Notification Queue) and control data FC (so-called fast calls) takes place via respective, different buffers.
- the transmission of the application data AD, the control data MCP and NQ and the control data FC is based on ARM monitor code implemented in the monitor unit M, which interfaces with the secure runtime environment SWd and the non-secure environment NWd.
- FIG. 2 shows the components of a microprocessor unit MP necessary for realizing the method according to the invention.
- This has the already described secure runtime environment SWd and the non-secure environment NWd.
- the secured environment is also referred to as a trust zone TZ.
- This contains at least one application called Trustlet TL.
- An application-specific interface (MC Trustlet API) communicates with an operating system of the secure runtime environment MC, for example MobiCore, (Block Bl).
- DRV drivers are included in the secure runtime environment SWd (block B2).
- At least one application APP is provided, which is connected via an application-specific interface (API) with an application TLC (so-called Trustlet Connector) in block AI can exchange data.
- the application connector can communicate via an interface TCI with an application TL in the secure runtime environment.
- a driver MCD for example a MobiCore driver
- MC driver API application-specific interface
- a virtual driver VDRV is included in the unsafe environment.
- the MobiCore driver MCD can communicate via an interface MCI with the operating system MC of the secure runtime environment. Via an interface DCI, a communication between the virtual driver VDRV and the DRV driver of the secured runtime environment is possible.
- properties of the microprocessor unit according to the invention are an outsourced process scheduler in the unsafe environment in the MobiCore driver MCD.
- an optimized ⁇ is included, which, for example, does not include inter-process communication.
- MC preemptive multitasking with time quotas.
- MC includes an optimized task context.
- the microprocessor unit comprises a multi-layered driver concept in blocks AI, A2, A3 which are optimized for asynchronous communication with a multitasking environment in Bl.
- the multilayer driver concept will be explained in more detail below with reference to FIG.
- the MobiCore driver MCD (block A2), as shown in Fig.
- control data MCP and NQ and control data FC between the unsafe environment and the secure runtime environment SWD.
- MobiCore Operating system block Bl
- MCRT run time management unit
- FCH control data handler
- the interface assigned to the transmission of the control data MCP is mainly responsible for the control of the MobiCore operating system MC. Here it is decided which tasks of the operating system are started and stopped. The data supplied by the MobiCore operating system is checked for proper formatting. For communication, a special buffer is reserved in a memory, which is initialized via a control message FC. The memory is called World Shared Memory. These can be accessed both from the non-secure environment NWd and from the secure runtime environment SWd.
- the interface associated with the transmission of the control data NQ is responsible for informing the runtime management unit MCRT by means of messages that data is ready for collection in the memory.
- This data can originate from the MobiCore driver MCD, ie for data communication between an application of the insecure environment NWd and a specific application (trustlet TL) of the secure runtime environment SWd.
- the messages are provided with an identifier, a so-called session ID, by means of which the MobiCore operating system MC can unambiguously assign the message to a specific application TL of the secure runtime environment SWd.
- control data from the layer of control data MCP may be in the buffer of the control data NQ.
- the interface assigned to NQ informs the runtime management unit MCRP about the provision of a special interrupt (preferably a special trust zone interrupt SIQ) via data provided.
- a special interrupt preferably a special trust zone interrupt SIQ
- the actual change between the non-secure environment NWd and the secure runtime environment SWd takes place via the interface assigned to the control data FC.
- monitor unit M Via so-called fast calls, N-SIQ messages or NQ-IRQ messages.
- the latter are called Notification IRQ.
- the first two only switch from the unsafe environment to the secure runtime environment. In the case of NQ-IRQs, switching in the reverse direction is also possible.
- the task of the scheduler adopts the interface assigned to the control data MCP in the MobiCore driver MCD of the unsafe environment.
- the driver decides which MobiCore task to run.
- the concept described allows optimizations in the ⁇ ⁇ ⁇ approach. Compared to classical ⁇ approaches, no interprocess communication IPC is implemented in the MobiCore operating system MC. MobiCore processes can still exchange data through a shared memory (World Shared Memory). In addition, MobiCore processes are assigned a certain amount of computing time, which can not be exceeded for security reasons.
- a MobiCore process has simple thread or task structures. This eliminates the need to copy large amounts of data when changing context. This results in fast context change pages.
- the thread structure is as follows: ID of the thread, current state of the thread, local exception handler of the threads, priority of the thread.
- the task structure is as follows: current state of the task, task ID of the generator task, external task task exception handler, computation time quota of the task, number of threads that the task can activate or donate, priority and rights of the task task.
- An application in a secure area of a mobile telephone H 1, H 2,..., H n communicates with a central background system (database D) and receives information therefrom for display in the security mode display.
- the information to be displayed can be, for example, a number column, an image, a logo, etc.
- the background system D modifies the information to be displayed in the security mode.
- the information to be presented is publicly announced at the same time to a broad circle of users.
- the user of the terminal Hl, H2, Hn which comprises a secure display device, can check the currently valid information via a second communication channel.
- the second communication channel may be, for example, an Internet-capable computer, the browser of the mobile phone that includes a web connection from the secure world, a daily newspaper, and so on. This is not the protection of safety-critical data, such as cryptographic key in the foreground. Instead, the user perception of a secure display or a secure input means is important here. This can increase the trust of end users in mobile devices, for example, for mobile banking applications or payment applications.
- information is stored in the database system D, which are exchanged in the terminals Hl, H2,..., Hn by means of an updating server implemented in the terminals via an updating client of the database.
- the information in FIG. 4 is an example of a Christmas tree.
- the same information is also made publicly accessible to any systems for verifying VS via a public channel v via a web server integrated in the database system.
- the process of updating the information is as follows:
- the update server contacted via a secure channel s all listed in the database D mobile terminals Hl, H2, ..., Hn to send new information. This means that at regular intervals the background system modifies the information to be displayed in the secure mode of the mobile terminal H1, H2,..., Hn.
- the update client must authenticate to the update server in the terminal. This can be done, for example, with a client certificate.
- the terminal's update server must also prove to the update client of the database that the correct server has been contacted for the update. This can be done by means of a server certificate. 3.
- the new information in this case: Christmas tree
- the new information is imported into the terminal via the secure channel s between the updating server of the handsets and the updating client of the database in an area accessible only in the security mode.
- the information is protected with a digital watermark and personalized for each device.
- the personalization can be checked, for example, in the secure runtime environment. If it is not suitable for the terminal, certain functionalities of the secure runtime environment are blocked. This has, for example, the consequence that no mobile payment transactions are possible.
- the end user performs an action that switches the mobile terminal Hl, H2, ..., Hn into a security mode.
- the mobile terminal concerned now displays any information, in this case the Christmas Tree, at a certain point in the secure screen.
- the user of the terminal can now check via a second, parallel channel, if the information on his mobile device with the otherwise published information is correct. This increases the end user's confidence in a mobile phone, especially for payment and banking applications. Attacks that simulate a security state of an electronic device are made much more difficult. The user will be able to check if himself the mobile device is in secure mode. This creates a higher level of user confidence in the applications mentioned above.
Abstract
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012800103219A CN103477344A (zh) | 2011-02-24 | 2012-02-22 | 用于在安全运行时环境中交换数据的方法 |
KR1020137024122A KR20140027109A (ko) | 2011-02-24 | 2012-02-22 | 보안된 런타임 환경에서 데이터를 교환하기 위한 방법 |
US14/001,332 US20140007251A1 (en) | 2011-02-24 | 2012-02-22 | Method for interchanging data in a secure runtime environment |
EP12711339.7A EP2678796B1 (de) | 2011-02-24 | 2012-02-22 | Verfahren zum datenaustausch in einer gesicherten laufzeitumgebung |
JP2013554811A JP2014506704A (ja) | 2011-02-24 | 2012-02-22 | セキュアランタイム環境でのデータ交換方法 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102011012227.3 | 2011-02-24 | ||
DE102011012227A DE102011012227A1 (de) | 2011-02-24 | 2011-02-24 | Verfahren zum Datenaustausch in einer gesicherten Laufzeitumgebung |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2012113545A2 true WO2012113545A2 (de) | 2012-08-30 |
WO2012113545A3 WO2012113545A3 (de) | 2013-01-10 |
Family
ID=45922632
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2012/000763 WO2012113545A2 (de) | 2011-02-24 | 2012-02-22 | Verfahren zum datenaustausch in einer gesicherten laufzeitumgebung |
Country Status (7)
Country | Link |
---|---|
US (1) | US20140007251A1 (de) |
EP (1) | EP2678796B1 (de) |
JP (1) | JP2014506704A (de) |
KR (1) | KR20140027109A (de) |
CN (1) | CN103477344A (de) |
DE (1) | DE102011012227A1 (de) |
WO (1) | WO2012113545A2 (de) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102011018431A1 (de) | 2011-04-21 | 2012-10-25 | Giesecke & Devrient Gmbh | Verfahren zur Anzeige von Informationen auf einer Anzeigeeinrichtung eines Endgeräts |
DE102011115135A1 (de) | 2011-10-07 | 2013-04-11 | Giesecke & Devrient Gmbh | Mikroprozessorsystem mit gesicherter Laufzeitumgebung |
US9672360B2 (en) | 2012-10-02 | 2017-06-06 | Mordecai Barkan | Secure computer architectures, systems, and applications |
EP2904743B1 (de) | 2012-10-02 | 2017-09-06 | Mordecai Barkan | Sichere computerarchitekturen, systeme und anwendungen |
US9342695B2 (en) | 2012-10-02 | 2016-05-17 | Mordecai Barkan | Secured automated or semi-automated systems |
US11188652B2 (en) | 2012-10-02 | 2021-11-30 | Mordecai Barkan | Access management and credential protection |
FR3003967B1 (fr) * | 2013-03-29 | 2015-05-01 | Alstom Transport Sa | Procede d'execution d'un logiciel securitaire et d'un logiciel non securitaire entrelaces |
GB201408539D0 (en) * | 2014-05-14 | 2014-06-25 | Mastercard International Inc | Improvements in mobile payment systems |
CN104378381A (zh) * | 2014-11-27 | 2015-02-25 | 上海斐讯数据通信技术有限公司 | 智能终端企业邮件安全办公方法及系统 |
CN105528554B (zh) | 2015-11-30 | 2019-04-05 | 华为技术有限公司 | 用户界面切换方法和终端 |
CN106845160B (zh) * | 2015-12-03 | 2018-04-20 | 国家新闻出版广电总局广播科学研究院 | 一种用于智能操作系统的数字版权管理(drm)方法和系统 |
CN113641518A (zh) * | 2021-08-16 | 2021-11-12 | 京东科技控股股份有限公司 | 服务调用方法、装置及存储介质 |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH01185734A (ja) * | 1988-01-20 | 1989-07-25 | Fujitsu Ltd | バッファメモリ管理方式 |
JPH05265779A (ja) * | 1992-03-23 | 1993-10-15 | Nec Corp | タスク間通信システム |
US6633984B2 (en) * | 1999-01-22 | 2003-10-14 | Sun Microsystems, Inc. | Techniques for permitting access across a context barrier on a small footprint device using an entry point object |
US6795905B1 (en) * | 2000-03-31 | 2004-09-21 | Intel Corporation | Controlling accesses to isolated memory using a memory controller for isolated execution |
GB2396930B (en) * | 2002-11-18 | 2005-09-07 | Advanced Risc Mach Ltd | Apparatus and method for managing access to a memory |
GB2402785B (en) * | 2002-11-18 | 2005-12-07 | Advanced Risc Mach Ltd | Processor switching between secure and non-secure modes |
GB0226874D0 (en) * | 2002-11-18 | 2002-12-24 | Advanced Risc Mach Ltd | Switching between secure and non-secure processing modes |
GB2406403B (en) * | 2003-09-26 | 2006-06-07 | Advanced Risc Mach Ltd | Data processing apparatus and method for merging secure and non-secure data into an output data stream |
DE102004054571B4 (de) * | 2004-11-11 | 2007-01-25 | Sysgo Ag | Verfahren zur Verteilung von Rechenzeit in einem Rechnersystem |
US7627807B2 (en) * | 2005-04-26 | 2009-12-01 | Arm Limited | Monitoring a data processor to detect abnormal operation |
US7765399B2 (en) * | 2006-02-22 | 2010-07-27 | Harris Corporation | Computer architecture for a handheld electronic device |
CN101299228B (zh) * | 2008-01-26 | 2010-09-01 | 青岛大学 | 一种基于单cpu双总线的安全网络终端 |
GB2459097B (en) * | 2008-04-08 | 2012-03-28 | Advanced Risc Mach Ltd | A method and apparatus for processing and displaying secure and non-secure data |
US8838924B2 (en) * | 2008-05-24 | 2014-09-16 | Via Technologies, Inc. | Microprocessor having internal secure memory |
US7809875B2 (en) * | 2008-06-30 | 2010-10-05 | Wind River Systems, Inc. | Method and system for secure communication between processor partitions |
US8595491B2 (en) * | 2008-11-14 | 2013-11-26 | Microsoft Corporation | Combining a mobile device and computer to create a secure personalized environment |
JP4698724B2 (ja) * | 2008-12-01 | 2011-06-08 | 株式会社エヌ・ティ・ティ・ドコモ | プログラム実行装置 |
US9207968B2 (en) * | 2009-11-03 | 2015-12-08 | Mediatek Inc. | Computing system using single operating system to provide normal security services and high security services, and methods thereof |
-
2011
- 2011-02-24 DE DE102011012227A patent/DE102011012227A1/de not_active Withdrawn
-
2012
- 2012-02-22 US US14/001,332 patent/US20140007251A1/en not_active Abandoned
- 2012-02-22 WO PCT/EP2012/000763 patent/WO2012113545A2/de active Application Filing
- 2012-02-22 JP JP2013554811A patent/JP2014506704A/ja active Pending
- 2012-02-22 CN CN2012800103219A patent/CN103477344A/zh active Pending
- 2012-02-22 EP EP12711339.7A patent/EP2678796B1/de active Active
- 2012-02-22 KR KR1020137024122A patent/KR20140027109A/ko not_active Application Discontinuation
Non-Patent Citations (1)
Title |
---|
None |
Also Published As
Publication number | Publication date |
---|---|
JP2014506704A (ja) | 2014-03-17 |
EP2678796A2 (de) | 2014-01-01 |
US20140007251A1 (en) | 2014-01-02 |
WO2012113545A3 (de) | 2013-01-10 |
DE102011012227A1 (de) | 2012-08-30 |
EP2678796B1 (de) | 2015-08-19 |
KR20140027109A (ko) | 2014-03-06 |
CN103477344A (zh) | 2013-12-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2678796B1 (de) | Verfahren zum datenaustausch in einer gesicherten laufzeitumgebung | |
DE112006001978B4 (de) | Verifizierte Computerumgebung für persönliches Internetkommunikationsgerät | |
EP2642395B1 (de) | Verfahren und Vorrichtung zum Ausführen von Workflow-Skripten | |
DE102011012226A1 (de) | Verfahren zum Betrieb einer Mikroprozessoreinheit, insbesondere in einem mobilen Endgerät | |
WO2001000452A1 (de) | Fahrzeugkommunikationssystem mit anzeige-/bedieneinheit | |
DE10040213A1 (de) | System und Verfahren zur dynamischen, auf dem jeweiligen Aufgabenbereich beruhenden Konfiguration von Benutzerprofilen | |
EP2764464A1 (de) | Mikroprozessorsystem mit gesicherter laufzeitumgebung | |
DE102006008248A1 (de) | Betriebssystem für eine Chipkarte mit einem Multi-Tasking Kernel | |
DE102018132970A1 (de) | Verfahren und Vorrichtung zur Isolation von sensiblem nichtvertrauenswürdigem Programmcode auf mobilen Endgeräten | |
EP2885907B1 (de) | Verfahren zur installation von sicherheitsrelevanten anwendungen in einem sicherheitselement eines endgerät | |
DE19953055A1 (de) | Vorrichtung und Verfahren zur geschützten Ausgabe eines elektronischen Dokuments über ein Datenübertragungsnetz | |
EP1010052B1 (de) | Verfahren zur steuerung der verteilung und nutzung von software-objekten bei vernetzten rechnern | |
DE60017438T2 (de) | System zur betriebsmittelzugriffsteuerung | |
DE102016203828A1 (de) | Auf Zugriffsrechten beruhender Speicherfixierungsmechanismus | |
EP2561460B1 (de) | Verfahren zum konfigurieren einer applikation für ein endgerät | |
EP3191902B1 (de) | Verfahren zum zugreifen auf funktionen eines embedded-geräts | |
DE102004011201B4 (de) | Verfahren zum Management und zur Überwachung des Betriebs mehrerer in wenigstens ein Kommunikationsnetz eingebundener verteilter Hard- und/oder Softwaresysteme sowie System zur Durchführung des Verfahrens | |
EP3973391B1 (de) | Kraftfahrzeug-computersystem mit hypervisor sowie kraftfahrzeug | |
EP2923264B1 (de) | Verfahren und system zur applikationsinstallation in einem sicherheitselement | |
DE102018001565A1 (de) | Sicherheitselement und Verfahren zur Zugriffskontrolle auf ein Sicherheitselement | |
DE102005056357A1 (de) | Multithreading-fähige virtuelle Maschine | |
DE102007018777A1 (de) | Steuervorrichtung für Fahrzeuge | |
EP2278515B1 (de) | Verfahren zum Aktivieren einer Laufzeitumgebung einer Mikroprozessoreinheit | |
WO2010009896A1 (de) | Rechneranordnung mit automatisierter zugriffssteuerung von einer und zugriffskontrolle auf eine applikation sowie entsprechendes zugriffssteuerungs- und zugriffskontrollverfahren | |
DE10345468B4 (de) | Verfahren zur sicheren Ausführung von Programmen |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 2012711339 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2013554811 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20137024122 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14001332 Country of ref document: US |