Increasingly, computer units, for example in the form of a tablet computer or a smart phone, are employed for carrying out digital transactions, such as for example the purchase of a good or a service from an online mail order company or the cashless payment at an NFC terminal. When such a digital transaction is carried out, usually a software application (briefly referred to as “app”) implemented on the computer unit interacts with a terminal or server. Frequently, it is a cryptographic algorithm, for example an encryption algorithm, part of the software application implemented on the computer unit, that accesses security-critical data, for example PINs, passwords, keys, etc.
A relatively new approach for protecting security-critical data on a computer unit is based on the idea of supplying a secure runtime environment in the form of a secure and/or hardened operating system on the computer unit in addition to a conventional operating system of the computer unit. Such a secure runtime environment is known to the person skilled in the art also under the term “firmware-based trusted execution environment” or briefly “TEE”. A firmware-based trusted execution environment differs from an ordinary TEE in that the NEE and TEE are run on the same CPU.
The object of the present invention is to supply an improved method for operating a computer unit with a secure runtime environment, as well as such a computer unit.