CN102103671A - 用于执行安全环境起始指令的系统和方法 - Google Patents

用于执行安全环境起始指令的系统和方法 Download PDF

Info

Publication number
CN102103671A
CN102103671A CN2011100308767A CN201110030876A CN102103671A CN 102103671 A CN102103671 A CN 102103671A CN 2011100308767 A CN2011100308767 A CN 2011100308767A CN 201110030876 A CN201110030876 A CN 201110030876A CN 102103671 A CN102103671 A CN 102103671A
Authority
CN
China
Prior art keywords
processor
logic
chipset
virtual machine
logic processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011100308767A
Other languages
English (en)
Other versions
CN102103671B (zh
Inventor
詹姆斯·萨顿二世
戴维·格劳罗克
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Publication of CN102103671A publication Critical patent/CN102103671A/zh
Application granted granted Critical
Publication of CN102103671B publication Critical patent/CN102103671B/zh
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4403Processor initialisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01NINVESTIGATING OR ANALYSING MATERIALS BY DETERMINING THEIR CHEMICAL OR PHYSICAL PROPERTIES
    • G01N23/00Investigating or analysing materials by the use of wave or particle radiation, e.g. X-rays or neutrons, not covered by groups G01N3/00 – G01N17/00, G01N21/00 or G01N22/00
    • G01N23/22Investigating or analysing materials by the use of wave or particle radiation, e.g. X-rays or neutrons, not covered by groups G01N3/00 – G01N17/00, G01N21/00 or G01N22/00 by measuring secondary emission from the material
    • G01N23/223Investigating or analysing materials by the use of wave or particle radiation, e.g. X-rays or neutrons, not covered by groups G01N3/00 – G01N17/00, G01N21/00 or G01N22/00 by measuring secondary emission from the material by irradiating the sample with X-rays or gamma-rays and by measuring X-ray fluorescence
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01NINVESTIGATING OR ANALYSING MATERIALS BY DETERMINING THEIR CHEMICAL OR PHYSICAL PROPERTIES
    • G01N33/00Investigating or analysing materials by specific methods not covered by groups G01N1/00 - G01N31/00
    • G01N33/48Biological material, e.g. blood, urine; Haemocytometers
    • G01N33/50Chemical analysis of biological material, e.g. blood, urine; Testing involving biospecific ligand binding methods; Immunological testing
    • G01N33/5005Chemical analysis of biological material, e.g. blood, urine; Testing involving biospecific ligand binding methods; Immunological testing involving human or animal cells
    • G01N33/5008Chemical analysis of biological material, e.g. blood, urine; Testing involving biospecific ligand binding methods; Immunological testing involving human or animal cells for testing or evaluating the effect of chemical or biological compounds, e.g. drugs, cosmetics
    • G01N33/502Chemical analysis of biological material, e.g. blood, urine; Testing involving biospecific ligand binding methods; Immunological testing involving human or animal cells for testing or evaluating the effect of chemical or biological compounds, e.g. drugs, cosmetics for testing non-proliferative effects
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01NINVESTIGATING OR ANALYSING MATERIALS BY DETERMINING THEIR CHEMICAL OR PHYSICAL PROPERTIES
    • G01N33/00Investigating or analysing materials by specific methods not covered by groups G01N1/00 - G01N31/00
    • G01N33/48Biological material, e.g. blood, urine; Haemocytometers
    • G01N33/50Chemical analysis of biological material, e.g. blood, urine; Testing involving biospecific ligand binding methods; Immunological testing
    • G01N33/68Chemical analysis of biological material, e.g. blood, urine; Testing involving biospecific ligand binding methods; Immunological testing involving proteins, peptides or amino acids
    • G01N33/6872Intracellular protein regulatory factors and their receptors, e.g. including ion channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/145Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being virtual, e.g. for virtual blocks or segments before a translation mechanism
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/42Bus transfer protocol, e.g. handshake; Synchronisation
    • G06F13/4282Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01NINVESTIGATING OR ANALYSING MATERIALS BY DETERMINING THEIR CHEMICAL OR PHYSICAL PROPERTIES
    • G01N2223/00Investigating materials by wave or particle radiation
    • G01N2223/07Investigating materials by wave or particle radiation secondary emission
    • G01N2223/076X-ray fluorescence
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/60Details of cache memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2213/00Indexing scheme relating to interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F2213/0026PCI express
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Immunology (AREA)
  • Chemical & Material Sciences (AREA)
  • Molecular Biology (AREA)
  • Biomedical Technology (AREA)
  • Hematology (AREA)
  • Urology & Nephrology (AREA)
  • General Health & Medical Sciences (AREA)
  • Analytical Chemistry (AREA)
  • Biochemistry (AREA)
  • Cell Biology (AREA)
  • Pathology (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microbiology (AREA)
  • Signal Processing (AREA)
  • Biotechnology (AREA)
  • Medicinal Chemistry (AREA)
  • Food Science & Technology (AREA)
  • Tropical Medicine & Parasitology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Proteomics, Peptides & Aminoacids (AREA)
  • Toxicology (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
  • Multi Processors (AREA)

Abstract

用于执行安全环境起始指令的系统和方法,描述了在微处理器系统内启动安全操作的方法和装置。在一个实施方案中,一个启动逻辑处理器通过停止其它逻辑处理器的执行,然后把起始和安全虚拟机监控软件载入存储器,来启动该过程。启动处理器然后把起始软件载入安全存储器进行验证和执行。起始软件然后在安全系统操作之前验证和记录安全虚拟机监控软件。

Description

用于执行安全环境起始指令的系统和方法
本申请是PCT国际申请号为PCT/US03/08762、国际申请日为2003年3月20日、中国国家申请号为03811454.2、题为“用于执行安全环境起始指令的系统和方法”的申请的分案申请。
技术领域
本发明通常涉及微处理器系统,更具体地说,涉及可以在可信或安全环境中运行的微处理器系统。
背景技术
在本地或远程微型计算机上执行的金融和个人事务的增加量已经推动了“可信”或“安全”微处理器环境的建立。这些环境试图要解决的问题是个人隐私的泄露或者数据被破坏或滥用。用户不想公开他们的私人数据。他们也不想不当的事务改变或使用他们的数据。这样的例子包括非故意地泄露医疗记录或者从在线银行或其它存款处因为电子方式失窃资金。类似地,内容供给者设法保护数字内容(例如,音乐、其它音频、视频或其它类型的一般数据)不会在未经授权的情况下被复制。
现有的可信系统可以利用一套完全封闭的可信软件。这个方法实施起来相对简单,但缺点是不允许同时使用市场上可买到的普通操作系统和应用软件。这个缺点限制了对上述可信系统的认可。
附图说明
本发明是以实施例的方式来说明的,而不是以限定的方式来说明的,附图中相近的附图标记表示类似的部件,其中:
图1是在微处理器系统中执行的示例性软件环境的图。
图2是依据本发明一个实施方案的某些示例性可信或安全软件模块和示例性系统环境的图。
图3是依据本发明一个实施方案的示例性可信或安全软件环境的图。
图4A是依据本发明一个实施方案,适合于支持图3的安全软件环境的示例性微处理器系统示意图。
图4B是依据本发明另一实施方案,适合于支持图3安全软件环境的示例性微处理器系统示意图。
图5是依据本发明另一实施方案,适合于支持图3安全软件环境的示例性微处理器系统示意图。
图6是依据本发明一个实施方案的软件成分执行的时线图。
图7是依据本发明一个实施方案的软件和其它过程块的流程图。
具体实施方式
下面的说明描述了在微处理器系统内启动可信或安全环境的技术。在下面说明中,为了更彻底地理解本发明,阐述了许多具体细节,例如逻辑实现、软件模块分配、加密技术、总线信令技术,以及操作细节。然而,本领域技术人员将能理解,没有上述具体细节也可以实施本发明。在其它情况下,为了不搞混本发明,没有详细表示控制结构、门电平电路和全部软件指令序列。获悉本文所包含的说明的本领域普通技术人员无需超出常规的试验就能够实现恰当的功能性。本发明是以微处理器系统的形式公开的。然而,以其它处理器的形式也可以实施本发明,例如数字信号处理器、小型计算机或大型计算机。
现在参考图1,图中所示为在微处理器系统中执行的一个示例性软件环境。图1中所示的软件不是可信的(非可信的)。当在高特权级下运行时,操作系统150的大小和持续更新使得按照适时方式进行任何信任分析非常困难。许多操作系统位于特权环(ring)零(0)内,即最高特权级。应用152,154和156具有降低了很多的特权,典型地位于特权环三(3)内。不同特权环的存在以及操作系统150和应用152,154,156分成这些不同特权环似乎允许图1的软件按照可信模式运行,即基于决策来信任由操作系统150提供的设备。然而,实际上进行上述信任决策经常是不切实际的。影响这个问题的因素包括运行系统150的大小(代码行的数目),操作系统150可以是许多更新(新代码模块和补丁)的接收者的事实,以及操作系统150也可以包含代码模块(例如由用户而不是操作系统开发者提供的设备驱动器)的事实。操作系统150可以是通用操作系统,例如Linux或或者可以是任何其它适当已知或另外可获得的操作系统。应用或操作系统运行或正在运行的具体类型或名称不是关键的。
现在参考图2,图中所示为依据本发明一个实施方案的某些示例性可信或安全软件模块和示例性系统环境200。在图2的实施方案中,处理器202、处理器212、处理器222和可选的其它处理器(未图示)图示为单独硬件实体。在其它实施方案中,正如不同部件和功能单元的边界可以变化,处理器的数量也可以不同。在某些实施方案中,可以用在一个或多个物理处理器上运行的单独硬件执行线程(thread)或“逻辑处理器”来替换这些处理器。
处理器202,212,222可以包含某些专用电路或逻辑元件以支持安全或可信操作。例如,处理器202可以包含安全输入(SENTER)逻辑204以支持执行专用SENTER指令,所述指令可以启动可信操作。处理器202也可以包含总线消息逻辑206以支持系统总线230上的专用总线消息,支持专用SENTER操作。在另外的实施方案中,芯片组240的存储控制功能可以分配给处理器内的电路,对于多个处理器而言,可以包括在单个管芯上。在这些实施方案中,专用总线消息也可以在这些处理器内部的总线上发送。由于几个原因,使用专用总线消息可以增加系统安全性或可信任性。如果电路元件例如处理器202,212,222或芯片组240包含本发明公开的实施方案的适当逻辑元件,则它们可以只发布或响应上述消息。因此专用总线消息的成功交换可以有助于确保适当的系统配置。专用总线消息也可以允许通常应该被禁止的活动,例如复位平台配置寄存器278。通过允许专用总线消息的发布只响应专用安全指令,可以限制潜在的敌对非可信代码对某些总线事务进行侦测的能力。
另外,处理器202可以包含安全存储器208以支持安全起始操作。在一个实施方案中,安全存储器208可以是处理器202的内部高速缓存器,或许按照专用模式运行。在另外的实施方案中,安全存储器208可以是专用存储器。其它处理器,例如处理器212和处理器222,也可以包括SENTER逻辑214,224、总线消息逻辑216,226、以及安全存储器218,228。
“芯片组”可以定义为一组电路和逻辑,它们支持存储器以及针对连接的一个或多个处理器所进行输入/输出(I/O)操作。芯片组的单个元件可以组合在在单个芯片、一对芯片上或分散在多个芯片中,包括处理器。在图2的实施方案中,芯片组240可以包括支持存储器和I/O操作的电路和逻辑,以支持处理器202,212和222。在一个实施方案中,芯片组240可以与许多存储页面250-262和设备访问页面表248连接,页面表248包含指示非处理器设备是否可以访问存储页面250-262的控制信息。芯片组240可以包括设备访问逻辑247,所述逻辑可以允许或拒绝从I/O设备到存储页面250-262的所选部分的直接存储器存取(DMA)。在某一实施方案中,设备访问逻辑247可以包含允许或拒绝上述访问需要的所有相关信息。在其它实施方案中,设备访问逻辑247可以访问保存在设备访问页面表248内的上述信息。存储页面的实际数量不是重要的,并且将根据系统需求而变化。在其它实施方案中,存储器访问功能可以在芯片组240的外部。在另外实施方案中,芯片组240的功能还可以在一个或多个物理设备中分配。
为支持专用SENTER操作,芯片组240可以另外包括它自己的总线消息逻辑242来支持系统总线230上的专用总线消息。这些专用总线消息中的某些可以包括:把关键字(key)寄存器244的内容传递给处理器202,212或222,或者允许通过处理器202,212或222检验专用的ALL-JOINED标志274。总线消息逻辑242的附加特征可以是把多个处理器的总线活动记录在“EXISTS”寄存器272中以及把多个处理器的某一专用总线消息活动保存在“JOINS”寄存器272中。EXISTS寄存器272和JOINS寄存器272的内容的等同性可以用来设定专用的ALL-JOINED标志,以指示系统内所有处理器都在参与安全输入过程。
芯片组240可以支持I/O总线上的标准I/O操作,所述I/O总线例如外设部件接口(PCI)、加速图形接口(AGP)、通用串行总线(USB)、低引线数(LPC)总线或任何其它类型I/O总线(未示出)。接口290可以用来使芯片组240与标记276连接,标记276包含一个或多个平台配置寄存器(PCR)278,279。在一个实施方案中,接口290可以是通过修改增加了某些安全上的增强的LPC总线(低引线数(LPC)接口规范,英特尔公司1997年12月29日的修订版1.0)。上述安全上的增强的一个实施例是位置确认消息,利用以前保存的消息头和地址信息,把标记276内的平台配置寄存器(PCR)278作为目标。在一个实施方案中,标记276可以包含专用安全特征,在一个实施方案中,可以包括可信平台模块(TPM)281,该模块在2001年12月1日由TCPA出版的版本为1.1a的可信计算平台联合(TCPA)主要规范中被公开(在本申请递交时从www.trustedpc.com可得到)。
在系统环境200内确定的两个软件成分是安全虚拟机监控程序(SVMM)282模块和安全起始授权码(SINIT-AC)280模块。SVMM 282模块可以保存在系统盘或其它大容量存贮器上,并且根据需要移动或复制到其它位置。在一个实施方案中,在开始安全启动过程之前,SVMM 282可以移动或复制到一个或多个存储页面250-262。安全输入过程之后,可以创建虚拟机环境,其中SVMM 282可以作为系统内最高特权代码来运行,可以用来允许或拒绝在创建的虚拟机内的操作系统或应用直接访问某些系统资源。
安全输入过程需要的某些动作可能超出简单硬件实施的范围,并且相反可以方便地使用软件模块,其中所述软件模块的执行可以默认是可信的。在一个实施方案中,通过安全起始(SINIT)代码可以执行这些动作。这里确定三个典型动作,但这些动作不应理解为是限定性的。一个动作可能要求对各种表示系统配置关键部分的控制进行检验,以确保所述配置支持正确的安全环境实例。在一个实施方案中,一个要求的检验可以是,芯片组240提供的存储控制器配置不允许两个或多个不同系统总线地址接触存储页面250-262内的相同位置。第二个动作可以是配置设备访问页面表248和设备访问逻辑247,以保护SVMM 282存储驻留拷贝使用的那些存储页面不受非处理器设备干扰。第三个动作可以是计算和记录SVMM 282模块的身份,并且把系统控制传递给它。这里“记录(register)”是指把SVMM282信任测量结果放入寄存器,例如放入PCR278或放入PCR279。当进行了这个最后的动作,潜在的系统用户可以检查SVMM282的可信度。
处理器或芯片组的制造商可以生成SINIT代码。为此,可以信任SINIT代码来帮助芯片组240的安全启动。为了分配SINIT代码,在一个实施方案中,众所周知的加密散列由全部SINIT代码构成,生成一个被称为“摘要”的值。一个实施方案生成一个160位的值来作为摘要。然后通过在一个实施方案中由处理器制造商拥有的私钥(private key)对摘要进行加密,以形成数字签名。当SINIT代码与相应数字签名捆绑在一起时,这个组合可以称为SINIT授权码(SINIT-AC)280。如下所述,SINIT-AC 280的拷贝可以在后面验证。
SINIT-AC 280可以保存在系统盘或其它大容量存储器上或者保存在固定媒介中,并且根据需要移动或复制到其它位置。在一个实施方案中,在开始安全启动过程之前,SINIT-AC 280可以移动或复制到存储页面250-262以形成SINIT-AC存储驻留拷贝。
任何逻辑处理器可以开始安全启动过程,并且因而可以被称为启动逻辑处理器(ILP)。在本实施例中,处理器202为ILP,尽管系统总线230上的任何处理器能够成为ILP。此时,SINIT-AC280存储驻留拷贝或SVMM282存储驻留拷贝都不被认为是可信的,因为除了其它原因之外,另外的处理器或DMA设备可以重写存储页面250-262。
然后,ILP(处理器202)执行专用指令。这个专用指令可以称为安全输入(SENTER)指令,并且可以由SENTER逻辑204支持。SENTER指令的执行可以使ILP(处理器202)在系统总线230上发布专用总线消息,然后为随后的系统动作等待相当长的时间间隔。SENTER执行开始之后,这些专用总线消息之一,即SENTER BUS MESSAGE在系统总线230上广播。除了ILP之外的那些逻辑处理器可以称为响应逻辑处理器(RLP),它们用内部非屏蔽事件响应SENTERBUS MESSAGE。在本实施例中,RLP包括处理器212和处理器222。RLP必须各自终止当前操作,在系统总线230上发送RLP确认(ACK)专用总线消息,然后进入等待状态。应该注意,ILP也在系统总线230上发送它自己的ACK消息。
芯片组240可以包含一对寄存器,即“EXISTS”寄存器270和“JOINS”寄存器272。这些寄存器可以用来检验ILP和所有RLP正在适当地响应SENTER BUSMESSAGE。在一个实施方案中,通过在逻辑处理器所进行的任何系统总线事务中把“1”写入EXISTS寄存器270的相应位,芯片组240可以把始终掌握在系统内的所有操作逻辑处理器的情况。在本实施方案中,系统总线230上的每个事务必须包含标识字段(field),所述字段包含逻辑处理器标识符。在一个实施方案中,这是由物理处理器标识符和每个物理处理器内硬件执行线程的标识符构成。例如,如果在处理器222上执行的线程在系统总线230上引起任何总线事务,则芯片组240将在该事务中发现这个逻辑处理器标识符,并且把“1”写入EXISTS寄存器270内的相应位置286。安全启动过程期间,当处理器222上的那个同一线程在系统总线230上发送它自己的ACK信息时,芯片组240也将发现这个标识符,并且把“1”写入JOINS寄存器272内的相应位置288。(在图2的实施例中,为了清楚每个物理处理器图示为只带有单个执行线程。在另外实施方案中,物理处理器可以支持多个线程,因而支持多个逻辑处理器。)当JOINS寄存器272的内容与EXISTS寄存器270的内容匹配时,则芯片组240可以设置ALL-JOINED标志246,该标志表示所有处理器已经适当地响应了SENTER BUS MESSAGE。
在另一实施方案中,在ALL-JOINED标志246设置之后,EXISTS寄存器270和JOINS寄存器272可以继续有助于安全性。在ALL-JOINED标志246设置之后直到可信或安全操作结束期间,芯片组240可以继续监控并比较相对JOINS寄存器272的总线周期。在这期间,如果芯片组240在任何时候从逻辑处理器中发现总线事务,而所述处理器不是当前在JOINS寄存器272内所确定的,则芯片组240可以假设这个逻辑处理器不知何故已经“出现”晚了。这将暗示上述逻辑处理器没有参加过安全启动过程,因此可能代表攻击者(安全威胁)。在这样的情况下,芯片组240可以适当地响应以把这个攻击者保持在安全环境之外。在一个实施方案中,芯片组240可以在这样的情况下强制系统复位。在第二个实施方案中,在ACK总线消息断言之后的每个事务中,通过每个逻辑处理器在系统总线上断言专用的保留信号,可以实现类似的“晚到”处理器检测。在本实施方案中,在ALL-JOINED标志246设置之后,如果芯片组240观察到处理器启动的总线事务没有专用的断言信号,则芯片组240可以再次假设这个逻辑处理器不知何故已经“出现”晚了,并且可能代表攻击者。
发布SENTER BUS MESSAGE之后,ILP(处理器202)轮询ALL-JOINED标志246以发现所有处理器何时和是否已经用它们的ACK适当地进行了响应。如果从未设置标志246,几种实现是可能的。在ILP或芯片组内、或其它地方的监控定时器可以使系统复位。可选地,系统可能中止并需要操作员复位。在任一情况下,尽管系统可能不继续运行,但安全环境断言得到保护(其中如果不是所有的处理器都参与,安全启动过程就不结束)。在正常操作中,在短时间之后,ALL-JOINED标志246被设置,并且ILP可以确保所有其它逻辑处理器已经进入等待状态。
当ALL-JOINED标志246被设置时,为了验证和随后执行包含在SINIT-AC280内的SINIT代码,ILP(处理器202)可以把SINIT-AC 280拷贝和关键字284移入安全存储器208。在一个实施方案中,这个安全存储器208可以是ILP(处理器202)的内部高速缓存器,或许按照专用模式运行。关键字284表示与私钥对应的公钥(public key),私钥用来加密包含在SINIT-AC 280模块内的数字签名,并且关键字284用来检验数字签名和由此验证SINIT代码。在一个实施方案中,关键字284可能已经保存在处理器内,或许作为SENTER逻辑204的一部分。在另一实施方案中,关键字284可以保存在芯片组240的只读关键字寄存器244内,寄存器244由ILP读取。在又一实施方案中,不是处理器就是芯片组关键字寄存器244可以实际保存关键字284的加密摘要,其中关键字284本身包含在SINIT-AC 280模块内。在最后这个实施方案中,ILP从关键字寄存器244中读取摘要,计算关于嵌入在SINIT-AC 280内的关键字284的等同加密散列(hash),并且比较这两个摘要以确保所提供的关键字284是确实可信的。
然后,SINIT-AC拷贝和公钥拷贝可以在安全存储器208内存在。通过使用公钥拷贝解密包含在SINIT-AC拷贝内的数字签名,ILP现在可以验证SINIT-AC拷贝。所述解码产生加密散列摘要的原始拷贝。如果新计算出的摘要与这个原始摘要匹配,则SINIT-AC拷贝和它包含的SIMT代码可以认为是可信的。
经由信令等待的RLP(处理器212,处理器222)的系统总线230以及将要启动安全操作的芯片组240,ILP现在可以发布另一专用总线消息,即SENTERCONTTINUE MESSAGE。如下所概述的那样,通过把SINIT-AC模块的加密摘要值写入安全标记276内的平台配置寄存器272中,ILP现在可以记录SINIT-AC模块的唯一身份。通过把执行控制传递给保存在ILP安全存储器208内的可信SINIT代码拷贝,ILP对其SENTER指令的执行现在可以终止。可信SINIT代码然后可以执行它的系统测试和配置动作,并且依照上述“记录”的定义,可以记录SVMM存储驻留拷贝。
可以按照几种方式完成SVMM存储驻留拷贝的记录。在一个实施方案中,运行在ILP上的SENTER指令把计算出的SINIT-AC摘要写入安全标记276内的PCR 278中。随后,可信SINIT代码可以把计算出的存储驻留SVMM摘要写入同一PCR 278或安全标记276内的另一PCR 279中。如果把SVMM摘要写入同一PCR 278中,则安全标记276用新值(SVMM摘要)弄乱原始内容(SINIT摘要),并且把结果写回PCR278。在第一次(开始)对PCR278的写入被限制在SENTER指令的这些实施方案中,最后的摘要可以用作系统信任根(root oftrust)。
一旦可信SINIT代码已经结束它的执行,并且已经把SVMM的身份记录在PCR内,SINIT代码就可以把ILP执行控制传递给SVMM。在典型的实施方案中,ILP执行的最初的SVMM指令表征为SVMM的自启动例程。在一个实施方案中,ILP可以把单独的RLP JOIN MESSAGE专用总线消息发送给每个RLP,在现在执行的SVMM拷贝的监督下,使每个RLP加入操作。根据前面这个观点,如下面图3的讨论中所概述的那样,整个系统运行在可信模式下。
现在参考图3,图中所示为依据本发明一个实施方案的示例性可信或安全软件环境。在图3的实施方案中,可以同时加载可信或非可信软件,并且可以在单个计算机系统上同时执行。SVMM350可选择地允许或防止来自一个或多个非可信操作系统340和非可信应用310-330的对硬件资源380的直接访问。在上下文中,“非可信”不是必定意味着操作系统或应用正在行为不端,但是相互作用的码的大小和多样性使得可靠断言软件正在按要求运行变得不切实际,并且不存在干扰它执行的病毒或其它外来码。在典型的实施方案中,非可信代码是由在当今个人计算机上可以找到的普通操作系统和应用组成的。
SVMM350也可选择地允许或防止来自一个或多个可信或安全核心程序360和一个或多个可信应用370的对硬件资源380的直接访问。可以限制上述可信或安全核心程序360和可信应用370的大小和功能性,从而有助于在其上面完成信任分析的能力。可信应用370可以是在安全环境中可执行的任何软件代码、程序、例程或例程组。因此,可信应用370可以是各种应用或代码序列,或者可以是相对小的应用,例如Java程序。
由能改变系统资源保护或特权的操作系统340或核心程序360正常执行的指令或操作可以被SVMM350拦住,并且可选择地允许、部分允许或拒绝。作为实施例,在典型的实施方案中,被SVMM350拦住的指令变成了改变由操作系统340或核心程序360正常执行的处理器页面表的指令,这将确保在它的虚拟机范围之外所述请求不试图要求改变页面特权。
现在参考图4A,图中所示为适合于支持图3的安全软件环境的微处理器系统400的一个实施方案。CPU A 410、CPU B 414、CPU C 418和CPU D 422可以配置附加微码或逻辑电路以支持专门指令的执行。在一个实施方案中,这个附加微码或逻辑电路可以是图2的SENTER逻辑204。这些专用指令可以支持专用总线消息在系统总线420上的发布,系统总线420可以使这些处理器在启动安全环境期间能够适当同步。在一个实施方案中,专用总线消息的发布可以由电路支持,例如图2的总线消息逻辑206。类似地,芯片组430可以类似于芯片组420,并且可以支持上述系统总线420上的专用周期。物理处理器的数量可以根据具体实施方案的实施而变化。在一个实施方案中,处理器可以是
Figure BSA00000429650000091
级的微处理器。经由PCI总线446,或者可选择地,经由USB442,集成控制器电路(IDE)总线(未图示),小型计算机系统接口(SCSI)总线(未图示),或任何其它I/O总线,芯片组430可以与大容量存储设备连接,例如固定媒介444或可移动媒介448。固定媒介444或可移动媒介448可以是磁盘、磁带、磁碟、磁光驱动器、CD-ROM、DVD-ROM、闪存卡,或许多其它形式的大容量存储器。
在图4A的实施方案中,四个处理器CPU A 410、CPU B 414、CPU C 418和CPU D 422图示为四个单独硬件实体。在其它实施方案中,处理器的数量可以不同。实际上,物理上离散的处理器可以用在一个或多个物理处理器上运行的分立的硬件执行线程来替换。在后者的情况下,这些线程拥有许多附加物理处理器的特征。为了具有一般的表达来讨论使用多个物理处理器和多个在处理器上的线程的任何混合,表达“逻辑处理器”可以用来描述一个物理处理器或在一个或多个物理处理器内操作的线程。因此,一个单线程处理器可以认为是一个逻辑处理器,多线程或多核心处理器可以认为是多个逻辑处理器。
在一个实施方案中,芯片组430与改进的LPC总线450连接。改进的LPC总线450可以用来把芯片组430与安全标记454连接。在一个实施方案中,标记454可以包括由可信计算平台联合(TCPA)设想的TPM471。
现在参考图4B,图中所示为适合于支持图3的安全软件环境的另一微处理器系统490的实施方案。与图4A的实施方案不同,CPU A 410和CPU B 414使用系统总线A 402可以连接到芯片组428,而CPU C 418和CPU D 422使用系统总线B 404可以连接到芯片组428。在其它实施方案中,可以使用两个以上的系统总线。在另一替代实施方案中,可以使用点对点总线。专用指令可以支持专用总线消息在系统总线A 402和系统总线B 404上的发布,系统总线A 402和系统总线B404可以使这些处理器在启动安全环境期间能够适当地同步。在一个实施方案中,专用总线消息的发布可以由电路支持,例如图2的总线消息逻辑206。
在一个实施方案中,芯片组428担负维护系统总线A 402和系统总线B 404上的一致性和相干性。如果在系统总线A 402上发送标准或专用的总线消息,芯片组428把这个信息(适当时)反映在系统总线B 404上,反之亦然。
在可替代的实施方案中,芯片组428把系统总线A 402和系统总线B 404看作独立子系统。在系统总线A 402上发布的任何专用总线消息只应用于该总线上的处理器,类似地,在系统总线B 404上发布的任何专用总线消息只应用于该总线上的处理器。针对系统总线A 402建立的任何受保护的存储器只可被连接到系统总线A 402的处理器访问,而系统总线B 404上的处理器可以被看作非可信设备。为了访问为系统总线A 402上的CPU A 410和CPU B 414建立的任何受保护的存储器,系统总线B 404上的处理器CPU C 418和CPU D 422必须执行它们自己的SENTER过程,创建一个被记录在案的环境,该环境等同于为系统总线A402上的处理器建立的环境。
现在参考图5,表示依据本发明另一实施方案,适合于支持图3的安全软件环境的示例性微处理器系统500的示意图。与图4A的实施方案不同,每个处理器(例如CPU A 510)可以包括某些芯片组功能(例如芯片组功能593),所述芯片组功能实现,例如,存储控制器功能和设备访问逻辑功能。由此,这些芯片组功能允许存储器(例如存储器A 502)直接连接到处理器。其它芯片组功能可以保留在独立的芯片组530中。在系统总线520上可以发布专用总线消息。
每个处理器可以间接访问连接到其它处理器的存储器,然而,与对处理器本身存储器的访问相比,这些访问可能相当慢。在开始SENTER过程之前,软件可以把SINIT-AC566和SVMM574的拷贝从固定媒介544移入本地存储器504,形成SINIT-AC556拷贝和SVMM572拷贝。在一个实施方案中,可以选择存储器504,因为它由确定为ILP的处理器直接访问,在图5实施例中,这是CPU B514。可选择地,SINIT-AC566和SVMM574的拷贝可以放在连接到其它(非ILP)处理器的其它存储器中,只要ILP514能够访问那些存储器。如图2中已经描述的那样,CPU B ILP 514通过发布SENTER指令开始安全输入过程,并且具有类似的结果和发布的总线周期。如上结合图2所述,芯片组530可以利用EXISTS寄存器576、JOINS寄存器580和ALL-JOINED标志584,以确定所有处理器是否已经适当地响应了SENTER BUS MESSAGE,并且把这个信息发送给ILP。ILP(CPU B 514)可以再次把SINIT-AC556的存储驻留拷贝连同公钥564的拷贝一起移入安全存储器560。在SINIT-AC556确认和记录后,ILP就可以继续进行SVMM存储驻留拷贝的确认和记录。
现在参考图6,表示依据本发明一个实施方案的各种操作的时线图。图6的时线表示结合示例性系统论述的全部操作时间表,上文结合图2讨论了所述系统。当软件决定安全或可信操作是要求的,在时间610,任何软件定位并且复制SINIT-AC280和SVMM282拷贝用于随后的SENTER指令。在本实施例中,软件把SINIT-AC280拷贝和SVMM282拷贝加载到一个或多个存储页面250-262中。然后选择一个处理器作为ILP,在本实施例中是处理器202,ILP在时间612发布SENTER指令。在时间614,ILP的SENTER指令发布SENTER BUS MESSAGE616。然后,在时间628进入“等待芯片组标志”状态之前,ILP在时间618发布它本身的SENTER ACK 608。
每个RLP,例如处理器222,通过在时间620期间完成当前指令来响应SENTER BUS MESSAGE 616。然后,RLP发布它的SENTER ACK 622,然后进入状态634,其中它等待SENTER CONTINUE MESSAGE。
芯片组240花费时间624来设定JOINS寄存器272以响应在系统总线230上观察的SENTER ACK信息。当JOINS寄存器272的内容与EXISTS寄存器270的内容匹配时,芯片组240在时间626设定ALL-JOINED标志246。
在此期间,ILP在轮询ALL-JOINED标志246时可以保持在循环状态下。当ALL-JOINED标志246被设定,并且ILP确定ALL-JOINED标志246是在时间630设定的,然后,ILP可以在时间632期间发布SENTER CONTINUEMESSAGE。当SENTER CONTINUE MESSAGE在时间636在系统总线230上传播时,RLP可以进入“等待加入”的状态。例如,处理器222的RLP在时间周期638期间进入“等待加入”的状态。
一旦发布SENTER CONTINUE MESSAGE,ILP于是(在时间周期640内)就可以把芯片组240的关键字寄存器244的公钥和SINIT-AC的拷贝加入它的安全存储器208,以形成所述公钥拷贝和SINIT-AC拷贝。在另一实施方案中,关键字寄存器244可以包含公钥摘要,实际公钥可以包含在SINIT-AC内或与其包含在一起。如上结合图2所述,一旦验证SINIT-AC的拷贝,ILP于是就可以在安全存储器208内实际执行SINIT-AC的拷贝。
SINIT-AC在安全存储器208内的拷贝开始执行之后,它随后(时间周期640期间)确认并且记录SVMM的存储驻留拷贝。SVMM的拷贝记录在安全标记276的PCR278内之后,SVMM的存储驻留拷贝本身开始执行。此时,在正在进行的时间周期650期间,SVMM操作建立在ILP内。
ILP SVMM操作最初要做的事情之一是在系统总线230上发布单独的RLPJOIN MESSAGES。一个实施例就是处理器222的JOIN MESSAGE 644。这个消息可以包括存储器内的位置,在该位置上RLP处理器222可以加入被记录的SVMM存储驻留拷贝的执行。可选择地,ILP SVMM操作可能已经把存储器位置记录在芯片组或存储器内的预定位置中,一旦接收到JOIN MESSAGE,RLP就从所述位置取回它的开始地址。在接收到处理器222的JOIN MESSAGE并且确定它的开始地址之后,在时间周期646期间,RLP处理器222跳转到这个位置,并且加入被记录的SVMM存储驻留拷贝的执行。
在所有RLP已经加入被记录的SVMM存储驻留拷贝之后,安全操作在整个微型计算机系统200上被建立起来。
现在参考图7,表示依据本发明一个实施方案的软件和其它过程块(processblock)的流程图。为了清楚,图7只表示用于单个有代表性的RLP的过程块。在其它实施方案中,可以存在几个响应逻辑处理器。
过程700从过程块710开始,这时,逻辑处理器复制能用来由随后的SENTER指令进行访问的SINIT-AC和SVMM模块。在这个实施例中,在过程块712中,ILP把SINIT-AC和SVMM代码从大容量存储器加载到物理存储器内。在替代的实施方案中,任何逻辑处理器可以这样做,而不只是ILP。如在过程块714中所注,通过执行SENTER指令,处理器成为ILP。在过程块716中,ILPSENTER指令在过程块716中发布SENTER BUS MESSAGE。然后,ILP在过程块718中把它本身的SENTER ACK消息发送给芯片组。如判断过程块720所示,ILP于是进入等待状态,等待芯片组设定其ALL-JOINED标志。
在每个RLP在过程块770中接收到SENTER BUS MESSAGE之后,它以当前指令的结束来暂停执行,然后在过程块772中发布它自己的SENTER ACK。如判断过程块774所示,每个RLP于是进入等待状态,等待从ILP到来的SENTERCONTINUE MES SAGE。
当接收到SENTER ACK信息时,芯片组设定JOINS寄存器内的相应位。当JOINS寄存器的内容等于EXISTS寄存器的内容时,芯片组设定ALL-JOINED标志,给ILP发送信号以从判断过程块720继续进行。
一旦在YES路径上离开判断过程块720,ILP于是就在过程块722中发布SENTER CONTINUE MESSAGE。这给每个RLP发送信号以从判断过程块774继续进行。如判断过程块776所示,然后每个RLP进入第二个等待状态,等待SENTER JOIN MESSAGE。
同时,ILP在过程块724中把芯片组公钥和SINIT-AC存储驻留拷贝移入它自己的安全存储器用于安全执行。ILP在过程块726中使用所述公钥验证SINIT-AC的安全存储驻留拷贝,然后执行它。SINIT-AC的执行可以进行系统配置和SVMM拷贝的测试,然后记录SVMM身份,最后在过程块728中开始执行SVMM。作为在过程块728中执行的动作的一部分,ILP SINIT代码可以配置存储器和芯片组的设备访问页面表248和设备访问逻辑247,以保护SVMM 282存储驻留拷贝使用的那些存储页面不受非处理器设备的干扰,如过程块754中所示。
ILP在SVMM控制下开始执行之后,在过程块730中,ILP给每个RLP发送单独的SENTER JOIN MESSAGE。发送SENTER JOIN MESSAGE之后,ILP随后在过程块732中开始SVMM操作。
SENTER JOIN MESSAGE的接收使每个RLP沿着YES路径离开由判断过程块776表示的等待状态,且在过程块780中开始SVMM操作。SENTER JOINMESSAGE可以包含SVMM入口点,RLP在加入SVMM操作时向该入口点分支。可选择地,ILP SVMM代码可以把适当的RLP入口点记录在系统位置内(例如在芯片组内),RLP一旦接收到SENTER JOIN MESSAGE就重新取回它。
虽然公开的不同实施方案包括两个或多个处理器(逻辑或物理处理器),但应该理解,这样的多个处理器和/或多个线程系统以更详细的方式进行了描述以解释增加的复杂性,所述复杂性与使带有多个逻辑或物理处理器的系统安全有关。在复杂程度较底的系统中可能有利的实施方案可以只使用一个处理器。在某些情况下,一个物理处理器可以是多个线程,从而可以包括多个逻辑处理器(因此具有所述的ILP和RLP)。然而,在其它情况下,可以使用单个处理器、单线程系统,仍然利用所公开的安全处理技术。在上述情况下,可以没有RLP;然而,所述安全处理技术仍然起作用来减少以未授权方式能够窃取或操纵数据的可能性。
在前述说明书中,已经参考本发明的示例性实施方案对其进行了描述。然而,显然可以对本发明进行各种修改和变化而不脱离附属权利要求书所提出的本发明更宽的本质和范围。因此把说明书和附图看作例证性的而不是限制性的。

Claims (49)

1.一种系统,包括:
第一逻辑处理器,所述第一逻辑处理器包括安全存储器以执行安全输入指令;以及
芯片组,所述芯片组防止非处理器设备访问安全虚拟机监控程序。
2.如权利要求1所述的系统,其中所述安全输入指令是使所述第一逻辑处理器给第二逻辑处理器发布专用总线消息,以在安全操作中使所述第二处理器与所述第一处理器同步。
3.如权利要求1所述的系统,其中所述安全存储器位于所述第一逻辑处理器的高速缓存器内。
4.如权利要求1所述的系统,其中所述安全存储器被保护,从而不被除所述第一逻辑处理器之外的电路访问。
5.如权利要求1所述的系统,还包含安全标志,所述安全标志包括平台配置寄存器以保存摘要。
6.如权利要求1所述的系统,还包含第二逻辑处理器以响应来自所述安全输入指令的第一专用总线消息。
7.如权利要求6所述的系统,其中所述第二逻辑处理器完成当前指令的执行,并且发布第二专用总线消息来响应所述第一专用总线消息。
8.如权利要求7所述的系统,其中所述芯片组设定标志以响应接收所述第二专用总线消息。
9.如权利要求8所述的系统,其中所述第二逻辑处理器跳转到所述安全虚拟机监控程序的入口点,以响应第三专用总线消息。
10.一种方法,包括:
同步第一逻辑处理器和第二逻辑处理器;
验证起始代码模块;
验证安全虚拟机监控程序;以及
执行所述安全虚拟机监控程序。
11.如权利要求10所述的方法,还包括把专用总线消息发送给所述第二逻辑处理器,以便在所述第二逻辑处理器上以响应方式执行所述安全虚拟机监控程序。
12.如权利要求10所述的方法,其中所述同步包括专用总线消息以使所述第二逻辑处理器暂停执行并且发送确认。
13.如权利要求12所述的方法,其中所述同步包括在芯片组内设定标志以响应所述确认。
14.如权利要求10所述的方法,其中所述验证起始代码模块包括把所述起始代码模块的拷贝和公钥移到安全存储器中。
15.如权利要求14所述的方法,其中所述验证起始代码模块包括比较所述起始代码模块的第一摘要和所述起始代码模块的第二摘要。
16.如权利要求10所述的方法,其中所述验证安全虚拟机监控程序包括执行所述起始代码模块。
17.如权利要求16所述的方法,其中所述验证安全虚拟机监控程序包括把所述安全虚拟机监控程序记录在平台配置寄存器内。
18.一种装置,包括:
用于同步第一逻辑处理器和第二逻辑处理器的设备;
用于验证起始代码模块的设备;
用于验证安全虚拟机监控程序的设备;以及
用于在所述第一逻辑处理器内执行所述安全虚拟机监控程序的设备。
19.如权利要求18所述的装置,还包括用于把第一专用总线消息发送给所述第二逻辑处理器的设备,以便在所述第二逻辑处理器上执行所述安全虚拟机监控程序。
20.如权利要求18所述的装置,还包括用于把所述起始代码模块的拷贝和公钥移到安全存储器中的设备。
21.如权利要求20所述的装置,还包括用于比较所述起始代码模块的第一摘要和所述起始代码模块的第二摘要的设备。
22.如权利要求18所述的装置,还包括用于记录所述安全虚拟机监控程序的设备。
23.一种处理器,包括:
安全输入逻辑,所述安全输入逻辑执行第一指令以调用安全操作起始,并且检测时间点以继续执行安全起始密码;以及
总线消息逻辑,所述总线消息逻辑发送第一专用总线消息以响应所述第一指令,并且发送第二专用总线消息以响应所述检测时间点。
24.如权利要求23所述的处理器,其中所述时间点在第一逻辑处理器发布确认之后。
25.如权利要求23所述的处理器,其中所述安全输入逻辑还轮询芯片组内的标志寄存器以确定所述时间点。
26.如权利要求23所述的处理器,其中所述安全输入逻辑还输入关键字和验证所述时间点之后的代码模块。
27.如权利要求23所述的处理器,其中所述总线消息逻辑还发送包括代码入口点的第三专用总线消息。
28.一种芯片组,包括:
总线消息逻辑,所述总线消息逻辑响应来自第一逻辑处理器的第一专用总线消息以准备安全操作;以及
寄存器,所述寄存器保存来自第二逻辑处理器的确认,以响应所述第一专用总线消息。
29.如权利要求28所述的芯片组,其中所述芯片组比较所述寄存器和逻辑处理器动作,以确定何时给第一逻辑处理器发送信号以继续安全操作起始。
30.如权利要求29所述的芯片组,其中所述信号包括设定标志。
31.如权利要求28所述的芯片组,还包括设备访问逻辑以锁定安全虚拟机监控程序。
32.如权利要求28所述的芯片组,还包括关键字寄存器,以便在所述第一专用总线消息之后给所述第一逻辑处理器发送关键字。
33.一种系统,包括:
逻辑处理器,所述逻辑处理器具有安全输入逻辑和响应所述安全输入逻辑的第一总线消息逻辑;以及
芯片组,所述芯片组包括第二总线消息逻辑以从所述第一总线消息逻辑接收第一专用总线消息,并且包括要设定的标志,以响应确认。
34.如权利要求33所述的系统,还包括安全起始授权码以启动安全操作来响应所述安全输入逻辑。
35.如权利要求34所述的系统,还包括由所述逻辑处理器使用的关键字以验证所述安全起始授权码。
36.如权利要求34所述的系统,其中所述第一总线消息逻辑发布第二专用总线消息,其中所述逻辑处理器在所述第二专用总线消息之后把所述安全起始授权码移到安全存储器中。
37.如权利要求34所述的系统,还包括安全虚拟机监控程序。
38.如权利要求37所述的系统,其中所述安全起始授权码执行所述安全虚拟机监控程序的起始。
39.如权利要求38所述的系统,其中所述起始包括验证,并且其中所述芯片组包括设备访问逻辑,用来防止非处理器设备访问所述安全虚拟机监控程序以响应所述起始。
40.如权利要求38所述的系统,其中所述第一总线消息逻辑发布第三专用总线消息以响应所述起始。
41.如权利要求40所述的系统,其中所述第三专用总线消息包括用于所述安全虚拟机监控程序的代码入口点。
42.一种方法,包括:
发送专用总线消息;
验证第一逻辑处理器内的起始代码;
验证安全虚拟机监控程序;以及
在所述第一逻辑处理器内执行所述安全虚拟机监控程序。
43.如权利要求42所述的方法,还包括发送确认以响应所述第一总线消息。
44.如权利要求42所述的方法,还包括暂停第二逻辑处理器内的执行和发送确认。
45.如权利要求44所述的方法,还包括在芯片组内设定标志以响应所述确以。
46.如权利要求42所述的方法,其中所述验证起始代码包括把所述起始代码的拷贝和公钥移到安全存储器中。
47.如权利要求46所述的方法,其中所述验证起始代码包括比较所述起始代码的第一摘要和所述起始代码的第二摘要。
48.如权利要求42所述的方法,其中所述验证安全虚拟机监控程序包括执行所述起始代码。
49.如权利要求48所述的方法,其中所述验证安全虚拟机监控程序包括把所述虚拟机监控程序记录在平台配置寄存器内。
CN2011100308767A 2002-03-29 2003-03-20 用于执行安全环境初始化指令的系统和方法 Expired - Lifetime CN102103671B (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/112,169 2002-03-29
US10/112,169 US7069442B2 (en) 2002-03-29 2002-03-29 System and method for execution of a secured environment initialization instruction

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN038114542A Division CN101410772B (zh) 2002-03-29 2003-03-20 用于执行安全环境起始指令的系统

Publications (2)

Publication Number Publication Date
CN102103671A true CN102103671A (zh) 2011-06-22
CN102103671B CN102103671B (zh) 2013-10-16

Family

ID=28453267

Family Applications (11)

Application Number Title Priority Date Filing Date
CN201210159183.2A Expired - Lifetime CN102841994B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的系统和方法
CN201510995651.3A Expired - Lifetime CN105608384B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的系统和方法
CN201510622256.0A Expired - Lifetime CN105184172B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的系统和方法
CN2010101619843A Expired - Lifetime CN101833632B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的系统和方法
CN038114542A Expired - Lifetime CN101410772B (zh) 2002-03-29 2003-03-20 用于执行安全环境起始指令的系统
CN2011100308767A Expired - Lifetime CN102103671B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的系统和方法
CN201210162765.6A Expired - Lifetime CN102855441B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的系统和方法
CN201210056872.0A Expired - Lifetime CN102708333B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的处理器
CN201710096210.9A Expired - Lifetime CN106845249B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的系统和方法
CN201310419555.5A Expired - Lifetime CN103559448B (zh) 2002-03-29 2003-03-20 一种用于安全环境的处理器
CN201210159237.5A Expired - Lifetime CN102841995B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的系统和处理器

Family Applications Before (5)

Application Number Title Priority Date Filing Date
CN201210159183.2A Expired - Lifetime CN102841994B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的系统和方法
CN201510995651.3A Expired - Lifetime CN105608384B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的系统和方法
CN201510622256.0A Expired - Lifetime CN105184172B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的系统和方法
CN2010101619843A Expired - Lifetime CN101833632B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的系统和方法
CN038114542A Expired - Lifetime CN101410772B (zh) 2002-03-29 2003-03-20 用于执行安全环境起始指令的系统

Family Applications After (5)

Application Number Title Priority Date Filing Date
CN201210162765.6A Expired - Lifetime CN102855441B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的系统和方法
CN201210056872.0A Expired - Lifetime CN102708333B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的处理器
CN201710096210.9A Expired - Lifetime CN106845249B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的系统和方法
CN201310419555.5A Expired - Lifetime CN103559448B (zh) 2002-03-29 2003-03-20 一种用于安全环境的处理器
CN201210159237.5A Expired - Lifetime CN102841995B (zh) 2002-03-29 2003-03-20 用于执行安全环境初始化指令的系统和处理器

Country Status (10)

Country Link
US (10) US7069442B2 (zh)
JP (9) JP4823481B2 (zh)
KR (1) KR100634933B1 (zh)
CN (11) CN102841994B (zh)
AU (1) AU2003224737A1 (zh)
DE (1) DE10392470B4 (zh)
GB (5) GB2419988B (zh)
HK (1) HK1068430A1 (zh)
TW (3) TWI315487B (zh)
WO (1) WO2003085497A2 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112740122A (zh) * 2018-08-21 2021-04-30 皮尔茨公司 用于监视安全关键过程的自动化系统

Families Citing this family (118)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7069442B2 (en) * 2002-03-29 2006-06-27 Intel Corporation System and method for execution of a secured environment initialization instruction
US7076669B2 (en) * 2002-04-15 2006-07-11 Intel Corporation Method and apparatus for communicating securely with a token
US7603550B2 (en) * 2002-04-18 2009-10-13 Advanced Micro Devices, Inc. Computer system including a secure execution mode-capable CPU and a security services processor connected via a secure communication path
US20040141461A1 (en) * 2003-01-22 2004-07-22 Zimmer Vincent J. Remote reset using a one-time pad
US7210034B2 (en) * 2003-01-30 2007-04-24 Intel Corporation Distributed control of integrity measurement using a trusted fixed token
US7370212B2 (en) 2003-02-25 2008-05-06 Microsoft Corporation Issuing a publisher use license off-line in a digital rights management (DRM) system
US7334123B2 (en) * 2003-05-02 2008-02-19 Advanced Micro Devices, Inc. Computer system including a bus bridge for connection to a security services processor
US7725740B2 (en) * 2003-05-23 2010-05-25 Nagravision S.A. Generating a root key for decryption of a transmission key allowing secure communications
US8086844B2 (en) * 2003-06-03 2011-12-27 Broadcom Corporation Online trusted platform module
US20050044408A1 (en) * 2003-08-18 2005-02-24 Bajikar Sundeep M. Low pin count docking architecture for a trusted platform
US20060242406A1 (en) 2005-04-22 2006-10-26 Microsoft Corporation Protected computing environment
US7698552B2 (en) * 2004-06-03 2010-04-13 Intel Corporation Launching a secure kernel in a multiprocessor system
EP1607821A1 (fr) 2004-06-17 2005-12-21 Nagracard S.A. Méthode de mise à jour sécurisée de logiciel dans un mobile de sécurité
US7590867B2 (en) * 2004-06-24 2009-09-15 Intel Corporation Method and apparatus for providing secure virtualization of a trusted platform module
JP4447977B2 (ja) 2004-06-30 2010-04-07 富士通マイクロエレクトロニクス株式会社 セキュアプロセッサ、およびセキュアプロセッサ用プログラム。
US8271976B2 (en) * 2004-06-30 2012-09-18 Microsoft Corporation Systems and methods for initializing multiple virtual processors within a single virtual machine
EP1628235A1 (en) * 2004-07-01 2006-02-22 Texas Instruments Incorporated Method and system of ensuring integrity of a secure mode entry sequence
US7886293B2 (en) 2004-07-07 2011-02-08 Intel Corporation Optimizing system behavior in a virtual machine environment
US8347078B2 (en) 2004-10-18 2013-01-01 Microsoft Corporation Device certificate individualization
US8176564B2 (en) 2004-11-15 2012-05-08 Microsoft Corporation Special PC mode entered upon detection of undesired state
US8336085B2 (en) 2004-11-15 2012-12-18 Microsoft Corporation Tuning product policy using observed evidence of customer behavior
US8464348B2 (en) * 2004-11-15 2013-06-11 Microsoft Corporation Isolated computing environment anchored into CPU and motherboard
DE102004062203B4 (de) * 2004-12-23 2007-03-08 Infineon Technologies Ag Datenverarbeitungseinrichtung, Telekommunikations-Endgerät und Verfahren zur Datenverarbeitung mittels einer Datenverarbeitungseinrichtung
US7360253B2 (en) * 2004-12-23 2008-04-15 Microsoft Corporation System and method to lock TPM always ‘on’ using a monitor
US8533777B2 (en) * 2004-12-29 2013-09-10 Intel Corporation Mechanism to determine trust of out-of-band management agents
WO2006082988A2 (en) 2005-02-07 2006-08-10 Sony Computer Entertainment Inc. Methods and apparatus for facilitating a secure processor functional transition
JP4489030B2 (ja) 2005-02-07 2010-06-23 株式会社ソニー・コンピュータエンタテインメント プロセッサ内にセキュアな起動シーケンスを提供する方法および装置
JP4522372B2 (ja) * 2005-02-07 2010-08-11 株式会社ソニー・コンピュータエンタテインメント プロセッサと外部のデバイスとの間にセキュアセッションを実現する方法および装置
US8438645B2 (en) 2005-04-27 2013-05-07 Microsoft Corporation Secure clock with grace periods
US8725646B2 (en) 2005-04-15 2014-05-13 Microsoft Corporation Output protection levels
US9436804B2 (en) 2005-04-22 2016-09-06 Microsoft Technology Licensing, Llc Establishing a unique session key using a hardware functionality scan
US9363481B2 (en) 2005-04-22 2016-06-07 Microsoft Technology Licensing, Llc Protected media pipeline
US20060265758A1 (en) 2005-05-20 2006-11-23 Microsoft Corporation Extensible media rights
US8353046B2 (en) 2005-06-08 2013-01-08 Microsoft Corporation System and method for delivery of a modular operating system
US20060294380A1 (en) * 2005-06-28 2006-12-28 Selim Aissi Mechanism to evaluate a token enabled computer system
US8549592B2 (en) 2005-07-12 2013-10-01 International Business Machines Corporation Establishing virtual endorsement credentials for dynamically generated endorsement keys in a trusted computing platform
US7822978B2 (en) * 2005-07-22 2010-10-26 Intel Corporation Quiescing a manageability engine
US7752436B2 (en) * 2005-08-09 2010-07-06 Intel Corporation Exclusive access for secure audio program
JP2009519513A (ja) * 2005-12-06 2009-05-14 ボストンサーキッツ インコーポレイテッド 専用スレッド管理を用いたマルチコアの演算処理方法及び装置
US7836303B2 (en) 2005-12-09 2010-11-16 University Of Washington Web browser operating system
US8196205B2 (en) * 2006-01-23 2012-06-05 University Of Washington Through Its Center For Commercialization Detection of spyware threats within virtual machine
US8286158B2 (en) * 2006-02-06 2012-10-09 Imation Corp. Method and system for installing portable executable applications
US8128203B2 (en) * 2006-04-28 2012-03-06 Telecom Italia S.P.A. Ink-jet printhead and manufacturing method thereof
US8973094B2 (en) * 2006-05-26 2015-03-03 Intel Corporation Execution of a secured environment initialization instruction on a point-to-point interconnect system
US7840795B2 (en) * 2006-10-17 2010-11-23 Zachary Nathaniel Joseph Peterson Method and apparatus for limiting access to sensitive data
US7689817B2 (en) * 2006-11-16 2010-03-30 Intel Corporation Methods and apparatus for defeating malware
GB0624582D0 (en) 2006-12-08 2007-01-17 Visible Computing Ltd USB autorun devices
WO2008078564A1 (ja) * 2006-12-22 2008-07-03 Panasonic Corporation 情報処理装置、集積回路、方法、およびプログラム
US8209542B2 (en) * 2006-12-29 2012-06-26 Intel Corporation Methods and apparatus for authenticating components of processing systems
US20080263256A1 (en) * 2007-04-20 2008-10-23 Motorola, Inc. Logic Device with Write Protected Memory Management Unit Registers
US8285958B1 (en) * 2007-08-10 2012-10-09 Mcafee, Inc. System, method, and computer program product for copying a modified page table entry to a translation look aside buffer
US7984449B2 (en) * 2007-08-15 2011-07-19 International Business Machines Corporation In-band communication with virtual machines via a hypervisor message bus
CA2698086C (en) * 2007-08-31 2017-05-23 Homeatm Epayment Solutions Apparatus and method for conducting secure financial transactions
US8250641B2 (en) 2007-09-17 2012-08-21 Intel Corporation Method and apparatus for dynamic switching and real time security control on virtualized systems
US8583908B2 (en) * 2007-12-31 2013-11-12 Intel Corporation Enhanced network and local boot of Unified Extensible Firmware Interface images
US8069228B2 (en) * 2009-05-08 2011-11-29 Hewlett-Packard Development Company, L.P. Preventing access of a network facility in response to an operation
US8312272B1 (en) * 2009-06-26 2012-11-13 Symantec Corporation Secure authentication token management
EP2278514B1 (en) * 2009-07-16 2018-05-30 Alcatel Lucent System and method for providing secure virtual machines
US8286164B2 (en) 2009-08-07 2012-10-09 International Business Machines Corporation Secure recursive virtualization
US20110153944A1 (en) * 2009-12-22 2011-06-23 Klaus Kursawe Secure Cache Memory Architecture
US8776245B2 (en) * 2009-12-23 2014-07-08 Intel Corporation Executing trusted applications with reduced trusted computing base
US9202015B2 (en) * 2009-12-31 2015-12-01 Intel Corporation Entering a secured computing environment using multiple authenticated code modules
CN102195940A (zh) * 2010-03-12 2011-09-21 北京路模思科技有限公司 一种基于虚拟机技术安全输入和提交数据的方法和系统
US8938774B2 (en) 2010-05-28 2015-01-20 Dell Products, Lp System and method for I/O port assignment and security policy application in a client hosted virtualization system
US8719557B2 (en) 2010-05-28 2014-05-06 Dell Products, Lp System and method for secure client hosted virtualization in an information handling system
US8990584B2 (en) 2010-05-28 2015-03-24 Dell Products, Lp System and method for supporting task oriented devices in a client hosted virtualization system
US8589702B2 (en) * 2010-05-28 2013-11-19 Dell Products, Lp System and method for pre-boot authentication of a secure client hosted virtualization in an information handling system
US8458490B2 (en) * 2010-05-28 2013-06-04 Dell Products, Lp System and method for supporting full volume encryption devices in a client hosted virtualization system
CN103080944B (zh) * 2010-08-27 2016-04-13 惠普发展公司,有限责任合伙企业 操作计算机的方法和电子设备
CN103329095B (zh) 2011-01-28 2017-03-22 惠普发展公司,有限责任合伙企业 用编码的信息验证管理程序
US10496824B2 (en) 2011-06-24 2019-12-03 Microsoft Licensing Technology, LLC Trusted language runtime on a mobile platform
US8843764B2 (en) 2011-07-15 2014-09-23 Cavium, Inc. Secure software and hardware association technique
US8788763B2 (en) * 2011-10-13 2014-07-22 International Business Machines Corporation Protecting memory of a virtual guest
WO2013085517A1 (en) * 2011-12-08 2013-06-13 Intel Corporation Method and apparatus for policy-based content sharing in a peer to peer manner using a hardware based root of trust
RU2472215C1 (ru) 2011-12-28 2013-01-10 Закрытое акционерное общество "Лаборатория Касперского" Способ выявления неизвестных программ с использованием эмуляции процесса загрузки
US9158902B2 (en) * 2011-12-29 2015-10-13 Intel Corporation Software modification for partial secure memory processing
US9069598B2 (en) 2012-01-06 2015-06-30 International Business Machines Corporation Providing logical partions with hardware-thread specific information reflective of exclusive use of a processor core
US20130254906A1 (en) * 2012-03-22 2013-09-26 Cavium, Inc. Hardware and Software Association and Authentication
GB2506195A (en) 2012-09-25 2014-03-26 Ibm Managing a virtual computer resource
US9342695B2 (en) * 2012-10-02 2016-05-17 Mordecai Barkan Secured automated or semi-automated systems
US8924741B2 (en) 2012-12-29 2014-12-30 Intel Corporation Instruction and logic to provide SIMD secure hashing round slice functionality
US10038550B2 (en) 2013-08-08 2018-07-31 Intel Corporation Instruction and logic to provide a secure cipher hash round functionality
KR101432721B1 (ko) 2013-08-21 2014-08-21 주식회사 엑스엔시스템즈 용도별 가상환경을 제공하는 컴퓨팅 장치 및 그 제공방법
US9407638B2 (en) 2013-08-26 2016-08-02 The Boeing Company System and method for trusted mobile communications
US9547767B2 (en) * 2013-11-13 2017-01-17 Via Technologies, Inc. Event-based apparatus and method for securing bios in a trusted computing system during execution
US10503510B2 (en) 2013-12-27 2019-12-10 Intel Corporation SM3 hash function message expansion processors, methods, systems, and instructions
US9344439B2 (en) * 2014-01-20 2016-05-17 The Boeing Company Executing unprotected mode services in a protected mode environment
US9413765B2 (en) * 2014-03-25 2016-08-09 Intel Corporation Multinode hubs for trusted computing
US9912481B2 (en) 2014-03-27 2018-03-06 Intel Corporation Method and apparatus for efficiently executing hash operations
US9317719B2 (en) 2014-09-04 2016-04-19 Intel Corporation SM3 hash algorithm acceleration processors, methods, systems, and instructions
US9658854B2 (en) 2014-09-26 2017-05-23 Intel Corporation Instructions and logic to provide SIMD SM3 cryptographic hashing functionality
US9575802B2 (en) * 2014-10-28 2017-02-21 International Business Machines Corporation Controlling execution of threads in a multi-threaded processor
GB2539436B (en) * 2015-06-16 2019-02-06 Advanced Risc Mach Ltd Secure initialisation
US10083306B2 (en) * 2015-06-26 2018-09-25 Intel Corporation Establishing hardware roots of trust for internet-of-things devices
CN105046138A (zh) * 2015-07-13 2015-11-11 山东超越数控电子有限公司 一种基于飞腾处理器的可信管理系统及方法
US10902112B2 (en) * 2015-08-25 2021-01-26 Sekisui House, Ltd. System including a hypervisor
US9935945B2 (en) * 2015-11-05 2018-04-03 Quanta Computer Inc. Trusted management controller firmware
CN106888451B (zh) * 2015-12-15 2020-02-18 中国移动通信集团公司 可信执行环境tee初始化方法及设备
US10318737B2 (en) * 2016-06-30 2019-06-11 Amazon Technologies, Inc. Secure booting of virtualization managers
US11416421B2 (en) 2016-07-19 2022-08-16 Cypress Semiconductor Corporation Context-based protection system
CN107870788B (zh) * 2016-09-26 2020-10-02 展讯通信(上海)有限公司 多可信执行环境下终端设备的启动方法和终端设备
CN108270910A (zh) * 2016-12-30 2018-07-10 展讯通信(上海)有限公司 移动终端
US20190087580A1 (en) * 2017-09-19 2019-03-21 Microsoft Technology Licensing, Llc Secure launch for a hypervisor
CN107832244B (zh) * 2017-10-18 2020-10-20 北京全路通信信号研究设计院集团有限公司 一种安全计算机的处理器系统
US11245550B2 (en) * 2017-12-24 2022-02-08 Technion Research & Development Foundation Limited Message authentication based on a physical location on a bus
CN109960520B (zh) * 2017-12-25 2022-07-19 浙江宇视科技有限公司 程序加载方法、装置及电子设备
US10942798B2 (en) * 2018-05-31 2021-03-09 Microsoft Technology Licensing, Llc Watchdog timer hierarchy
US11182192B2 (en) 2019-03-08 2021-11-23 International Business Machines Corporation Controlling access to secure storage of a virtual machine
US11283800B2 (en) * 2019-03-08 2022-03-22 International Business Machines Corporation Secure interface control secure storage hardware tagging
US11068310B2 (en) 2019-03-08 2021-07-20 International Business Machines Corporation Secure storage query and donation
US11455398B2 (en) 2019-03-08 2022-09-27 International Business Machines Corporation Testing storage protection hardware in a secure virtual machine environment
US11176054B2 (en) 2019-03-08 2021-11-16 International Business Machines Corporation Host virtual address space for secure interface control storage
CN110109731B (zh) * 2019-04-19 2021-02-09 苏州浪潮智能科技有限公司 一种云环境下虚拟可信根的管理方法与系统
US11574060B2 (en) 2019-04-24 2023-02-07 International Business Machines Corporation Secure initial program load
US11099878B2 (en) 2019-06-28 2021-08-24 Intel Corporation Scalable virtual machine operation inside trust domains within the trust domain architecture
WO2020263510A1 (en) * 2019-06-28 2020-12-30 Cadence Gourmet LLC Methods and systems for producing frozen cocktail ice structures
US11449601B2 (en) * 2020-01-08 2022-09-20 Red Hat, Inc. Proof of code compliance and protected integrity using a trusted execution environment
CN111753311B (zh) * 2020-08-28 2020-12-15 支付宝(杭州)信息技术有限公司 超线程场景下安全进入可信执行环境的方法及装置

Family Cites Families (326)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US607160A (en) * 1898-07-12 Charles s
US3699532A (en) * 1970-04-21 1972-10-17 Singer Co Multiprogramming control for a data handling system
US3996449A (en) * 1975-08-25 1976-12-07 International Business Machines Corporation Operating system authenticator
US4162536A (en) * 1976-01-02 1979-07-24 Gould Inc., Modicon Div. Digital input/output system and method
US4037214A (en) 1976-04-30 1977-07-19 International Business Machines Corporation Key register controlled accessing system
US4147905A (en) * 1977-05-17 1979-04-03 Chicago Lock Co. Sleeve and terminal holder assembly for an axial split-pin tumbler-type switch lock mechanism
US4247905A (en) 1977-08-26 1981-01-27 Sharp Kabushiki Kaisha Memory clear system
US4278837A (en) * 1977-10-31 1981-07-14 Best Robert M Crypto microprocessor for executing enciphered programs
US4276594A (en) * 1978-01-27 1981-06-30 Gould Inc. Modicon Division Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and method for performing the same
US4207609A (en) * 1978-05-08 1980-06-10 International Business Machines Corporation Method and means for path independent device reservation and reconnection in a multi-CPU and shared device access system
JPS5823570B2 (ja) 1978-11-30 1983-05-16 国産電機株式会社 液面検出装置
JPS5576447A (en) * 1978-12-01 1980-06-09 Fujitsu Ltd Address control system for software simulation
US4307447A (en) * 1979-06-19 1981-12-22 Gould Inc. Programmable controller
US4307214A (en) * 1979-12-12 1981-12-22 Phillips Petroleum Company SC2 activation of supported chromium oxide catalysts
US4319323A (en) * 1980-04-04 1982-03-09 Digital Equipment Corporation Communications device for data processing system
US4419724A (en) * 1980-04-14 1983-12-06 Sperry Corporation Main bus interface package
US4366537A (en) * 1980-05-23 1982-12-28 International Business Machines Corp. Authorization mechanism for transfer of program control or data between different address spaces having different storage protect keys
US4403283A (en) * 1980-07-28 1983-09-06 Ncr Corporation Extended memory system and method
DE3034581A1 (de) * 1980-09-13 1982-04-22 Robert Bosch Gmbh, 7000 Stuttgart Auslesesicherung bei einchip-mikroprozessoren
US4521852A (en) * 1982-06-30 1985-06-04 Texas Instruments Incorporated Data processing device formed on a single semiconductor substrate having secure memory
US4516205A (en) * 1982-11-09 1985-05-07 Eing A Hubert I Access control of data transmission network
JPS59111561A (ja) * 1982-12-17 1984-06-27 Hitachi Ltd 複合プロセツサ・システムのアクセス制御方式
US4759064A (en) * 1985-10-07 1988-07-19 Chaum David L Blind unanticipated signature systems
US4975836A (en) * 1984-12-19 1990-12-04 Hitachi, Ltd. Virtual computer system
JPS61206057A (ja) * 1985-03-11 1986-09-12 Hitachi Ltd アドレス変換装置
FR2592510B1 (fr) * 1985-12-31 1988-02-12 Bull Cp8 Procede et appareil pour certifier des services obtenus a l'aide d'un support portatif tel qu'une carte a memoire
FR2601525B1 (fr) * 1986-07-11 1988-10-21 Bull Cp8 Dispositif de securite interdisant le fonctionnement d'un ensemble electronique apres une premiere coupure de son alimentation electrique
FR2601535B1 (fr) * 1986-07-11 1988-10-21 Bull Cp8 Procede pour certifier l'authenticite d'une donnee echangee entre deux dispositifs connectes en local ou a distance par une ligne de transmission
FR2601476B1 (fr) * 1986-07-11 1988-10-21 Bull Cp8 Procede pour authentifier une donnee d'habilitation externe par un objet portatif tel qu'une carte a memoire
US5123101A (en) 1986-11-12 1992-06-16 Xerox Corporation Multiple address space mapping technique for shared memory wherein a processor operates a fault handling routine upon a translator miss
US4823481A (en) 1986-12-03 1989-04-25 Trotter Johnny L Mop head spreader attachment for enhanced drying
US4914657A (en) * 1987-04-15 1990-04-03 Allied-Signal Inc. Operations controller for a fault tolerant multiple node processing system
FR2618002B1 (fr) * 1987-07-10 1991-07-05 Schlumberger Ind Sa Procede et systeme d'authentification de cartes a memoire electronique
JP2714818B2 (ja) 1988-06-17 1998-02-16 株式会社芝浦製作所 フアン装置
US5007082A (en) * 1988-08-03 1991-04-09 Kelly Services, Inc. Computer software encryption apparatus
JPH0198876A (ja) 1988-08-05 1989-04-17 Hitachi Ltd 冷蔵庫
US5079737A (en) * 1988-10-25 1992-01-07 United Technologies Corporation Memory management unit for the MIL-STD 1750 bus
US5434999A (en) * 1988-11-09 1995-07-18 Bull Cp8 Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal
CN1019044B (zh) 1988-11-21 1992-11-11 中国人民解放军后勤工程学院 控制管道增压速率和最大压力泄放阀
FR2640798B1 (fr) * 1988-12-20 1993-01-08 Bull Cp8 Dispositif de traitement de donnees comportant une memoire non volatile electriquement effacable et reprogrammable
JPH02171934A (ja) * 1988-12-26 1990-07-03 Hitachi Ltd 仮想計算機システム
JPH02208740A (ja) * 1989-02-09 1990-08-20 Fujitsu Ltd 仮想計算機制御方式
US5781753A (en) 1989-02-24 1998-07-14 Advanced Micro Devices, Inc. Semi-autonomous RISC pipelines for overlapped execution of RISC-like instructions within the multiple superscalar execution units of a processor having distributed pipeline control for speculative and out-of-order execution of complex instructions
DE3918049A1 (de) 1989-06-02 1990-12-13 Honeywell Regelsysteme Gmbh Ringlaserkreisel mit drehschwingeinrichtung
US5442645A (en) * 1989-06-06 1995-08-15 Bull Cp8 Method for checking the integrity of a program or data, and apparatus for implementing this method
JP2590267B2 (ja) * 1989-06-30 1997-03-12 株式会社日立製作所 仮想計算機における表示制御方式
US5022077A (en) * 1989-08-25 1991-06-04 International Business Machines Corp. Apparatus and method for preventing unauthorized access to BIOS in a personal computer system
JP2825550B2 (ja) * 1989-09-21 1998-11-18 株式会社日立製作所 多重仮想空間アドレス制御方法および計算機システム
CA2010591C (en) * 1989-10-20 1999-01-26 Phillip M. Adams Kernels, description tables and device drivers
CA2027799A1 (en) * 1989-11-03 1991-05-04 David A. Miller Method and apparatus for independently resetting processors and cache controllers in multiple processor systems
US5075842A (en) * 1989-12-22 1991-12-24 Intel Corporation Disabling tag bit recognition and allowing privileged operations to occur in an object-oriented memory protection mechanism
EP0473913A3 (en) 1990-09-04 1992-12-16 International Business Machines Corporation Method and apparatus for providing a service pool of virtual machines for a plurality of vm users
US5108590A (en) * 1990-09-12 1992-04-28 Disanto Dennis Water dispenser
US5230069A (en) * 1990-10-02 1993-07-20 International Business Machines Corporation Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virtual machine computer system
US5317705A (en) * 1990-10-24 1994-05-31 International Business Machines Corporation Apparatus and method for TLB purge reduction in a multi-level machine system
US5287363A (en) * 1991-07-01 1994-02-15 Disk Technician Corporation System for locating and anticipating data storage media failures
US5437033A (en) * 1990-11-16 1995-07-25 Hitachi, Ltd. System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode
US5255379A (en) * 1990-12-28 1993-10-19 Sun Microsystems, Inc. Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 80486 processor
US5453003A (en) * 1991-01-09 1995-09-26 Pfefferle; William C. Catalytic method
JP2901358B2 (ja) 1991-02-21 1999-06-07 富士写真フイルム株式会社 画像読取装置
IL97894A0 (en) * 1991-04-17 1992-06-21 Ibm Multi-processor computer system
US5446904A (en) * 1991-05-17 1995-08-29 Zenith Data Systems Corporation Suspend/resume capability for a protected mode microprocessor
JPH04348434A (ja) 1991-05-27 1992-12-03 Hitachi Ltd 仮想計算機システム
US5319760A (en) * 1991-06-28 1994-06-07 Digital Equipment Corporation Translation buffer for virtual machines with address space match
US5522075A (en) * 1991-06-28 1996-05-28 Digital Equipment Corporation Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces
US5455909A (en) * 1991-07-05 1995-10-03 Chips And Technologies Inc. Microprocessor with operation capture facility
US5504814A (en) * 1991-07-10 1996-04-02 Hughes Aircraft Company Efficient security kernel for the 80960 extended architecture
JPH06236284A (ja) * 1991-10-21 1994-08-23 Intel Corp コンピュータシステム処理状態を保存及び復元する方法及びコンピュータシステム
US5627987A (en) 1991-11-29 1997-05-06 Kabushiki Kaisha Toshiba Memory management and protection system for virtual memory in computer system
US5574936A (en) * 1992-01-02 1996-11-12 Amdahl Corporation Access control mechanism controlling access to and logical purging of access register translation lookaside buffer (ALB) in a computer system
US5486529A (en) * 1992-04-16 1996-01-23 Zeneca Limited Certain pyridyl ketones for treating diseases involving leukocyte elastase
US5421006A (en) * 1992-05-07 1995-05-30 Compaq Computer Corp. Method and apparatus for assessing integrity of computer system software
US5610981A (en) 1992-06-04 1997-03-11 Integrated Technologies Of America, Inc. Preboot protection for a data security system with anti-intrusion capability
US5396614A (en) * 1992-06-25 1995-03-07 Sun Microsystems, Inc. Method and apparatus for a secure protocol for virtual memory managers that use memory objects
US5436028A (en) 1992-07-27 1995-07-25 Motorola, Inc. Method and apparatus for selectively applying solder paste to multiple types of printed circuit boards
US5237616A (en) * 1992-09-21 1993-08-17 International Business Machines Corporation Secure computer system having privileged and unprivileged memories
JPH06119250A (ja) 1992-10-08 1994-04-28 Nitsuko Corp メモリ情報保護回路及びメモリ情報保護方法
US5293424A (en) * 1992-10-14 1994-03-08 Bull Hn Information Systems Inc. Secure memory card
US5796835A (en) 1992-10-27 1998-08-18 Bull Cp8 Method and system for writing information in a data carrier making it possible to later certify the originality of this information
JP2765411B2 (ja) * 1992-11-30 1998-06-18 株式会社日立製作所 仮想計算機方式
EP0600112A1 (de) 1992-11-30 1994-06-08 Siemens Nixdorf Informationssysteme Aktiengesellschaft Datenverarbeitungsanlage mit virtueller Speicheradressierung und schlüsselgesteuertem Speicherzugriff
US5668971A (en) * 1992-12-01 1997-09-16 Compaq Computer Corporation Posted disk read operations performed by signalling a disk read complete to the system prior to completion of data transfer
JPH06187178A (ja) * 1992-12-18 1994-07-08 Hitachi Ltd 仮想計算機システムの入出力割込み制御方法
US6356989B1 (en) 1992-12-21 2002-03-12 Intel Corporation Translation lookaside buffer (TLB) arrangement wherein the TLB contents retained for a task as swapped out and reloaded when a task is rescheduled
US5483656A (en) * 1993-01-14 1996-01-09 Apple Computer, Inc. System for managing power consumption of devices coupled to a common bus
US5469557A (en) * 1993-03-05 1995-11-21 Microchip Technology Incorporated Code protection in microcontroller with EEPROM fuses
FR2703800B1 (fr) * 1993-04-06 1995-05-24 Bull Cp8 Procédé de signature d'un fichier informatique, et dispositif pour la mise en Óoeuvre.
US5628023A (en) * 1993-04-19 1997-05-06 International Business Machines Corporation Virtual storage computer system having methods and apparatus for providing token-controlled access to protected pages of memory via a token-accessible view
FR2704341B1 (fr) * 1993-04-22 1995-06-02 Bull Cp8 Dispositif de protection des clés d'une carte à puce.
JPH06348867A (ja) * 1993-06-04 1994-12-22 Hitachi Ltd マイクロコンピュータ
FR2706210B1 (fr) * 1993-06-08 1995-07-21 Bull Cp8 Procédé d'authentification d'un objet portatif par un terminal hors ligne, objet portatif et terminal correspondants.
US5892944A (en) 1993-07-20 1999-04-06 Kabushiki Kaisha Toshiba Program execution and operation right management system suitable for single virtual memory scheme
US5555385A (en) * 1993-10-27 1996-09-10 International Business Machines Corporation Allocation of address spaces within virtual machine compute system
US5825880A (en) 1994-01-13 1998-10-20 Sudia; Frank W. Multi-step digital signature method and system
US5459869A (en) * 1994-02-17 1995-10-17 Spilo; Michael L. Method for providing protected mode services for device drivers and other resident software
US5604805A (en) * 1994-02-28 1997-02-18 Brands; Stefanus A. Privacy-protected transfer of electronic information
FR2717286B1 (fr) 1994-03-09 1996-04-05 Bull Cp8 Procédé et dispositif pour authentifier un support de données destiné à permettre une transaction ou l'accès à un service ou à un lieu, et support correspondant.
US5684881A (en) 1994-05-23 1997-11-04 Matsushita Electric Industrial Co., Ltd. Sound field and sound image control apparatus and method
US5539828A (en) 1994-05-31 1996-07-23 Intel Corporation Apparatus and method for providing secured communications
US5473692A (en) * 1994-09-07 1995-12-05 Intel Corporation Roving software license for a hardware agent
US5533123A (en) 1994-06-28 1996-07-02 National Semiconductor Corporation Programmable distributed personal security
US5978481A (en) 1994-08-16 1999-11-02 Intel Corporation Modem compatible method and apparatus for encrypting data that is transparent to software applications
JP3740195B2 (ja) 1994-09-09 2006-02-01 株式会社ルネサステクノロジ データ処理装置
JPH0883211A (ja) * 1994-09-12 1996-03-26 Mitsubishi Electric Corp データ処理装置
DE69534757T2 (de) 1994-09-15 2006-08-31 International Business Machines Corp. System und Verfahren zur sicheren Speicherung und Verteilung von Daten unter Verwendung digitaler Unterschriften
US6058478A (en) * 1994-09-30 2000-05-02 Intel Corporation Apparatus and method for a vetted field upgrade
FR2725537B1 (fr) 1994-10-11 1996-11-22 Bull Cp8 Procede de chargement d'une zone memoire protegee d'un dispositif de traitement de l'information et dispositif associe
US5903752A (en) * 1994-10-13 1999-05-11 Intel Corporation Method and apparatus for embedding a real-time multi-tasking kernel in a non-real-time operating system
US5606617A (en) * 1994-10-14 1997-02-25 Brands; Stefanus A. Secret-key certificates
US5564040A (en) * 1994-11-08 1996-10-08 International Business Machines Corporation Method and apparatus for providing a server function in a logically partitioned hardware machine
US6269392B1 (en) 1994-11-15 2001-07-31 Christian Cotichini Method and apparatus to monitor and locate an electronic device using a secured intelligent agent
US5560013A (en) * 1994-12-06 1996-09-24 International Business Machines Corporation Method of using a target processor to execute programs of a source architecture that uses multiple address spaces
US5555414A (en) * 1994-12-14 1996-09-10 International Business Machines Corporation Multiprocessing system including gating of host I/O and external enablement to guest enablement at polling intervals
US5615263A (en) * 1995-01-06 1997-03-25 Vlsi Technology, Inc. Dual purpose security architecture with protected internal operating system
US5764969A (en) 1995-02-10 1998-06-09 International Business Machines Corporation Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions with partial concept synchronization
GB9502864D0 (en) 1995-02-14 1995-04-05 Digicash Bv Cryptographic reduced instruction set processor
FR2731536B1 (fr) 1995-03-10 1997-04-18 Schlumberger Ind Sa Procede d'inscription securisee d'informations dans un support portable
US5717903A (en) * 1995-05-15 1998-02-10 Compaq Computer Corporation Method and appartus for emulating a peripheral device to allow device driver development before availability of the peripheral device
JP3451595B2 (ja) * 1995-06-07 2003-09-29 インターナショナル・ビジネス・マシーンズ・コーポレーション 二つの別個の命令セット・アーキテクチャへの拡張をサポートすることができるアーキテクチャ・モード制御を備えたマイクロプロセッサ
JP3085899B2 (ja) * 1995-06-19 2000-09-11 株式会社東芝 マルチプロセッサシステム
JP3502216B2 (ja) * 1995-07-13 2004-03-02 富士通株式会社 情報処理装置
US5684948A (en) * 1995-09-01 1997-11-04 National Semiconductor Corporation Memory management circuit which provides simulated privilege levels
US5633929A (en) * 1995-09-15 1997-05-27 Rsa Data Security, Inc Cryptographic key escrow system having reduced vulnerability to harvesting attacks
US6093213A (en) 1995-10-06 2000-07-25 Advanced Micro Devices, Inc. Flexible implementation of a system management mode (SMM) in a processor
US5737760A (en) 1995-10-06 1998-04-07 Motorola Inc. Microcontroller with security logic circuit which prevents reading of internal memory by external program
JP3693721B2 (ja) 1995-11-10 2005-09-07 Necエレクトロニクス株式会社 フラッシュメモリ内蔵マイクロコンピュータ及びそのテスト方法
IL116708A (en) 1996-01-08 2000-12-06 Smart Link Ltd Real-time task manager for a personal computer
EP0880840A4 (en) * 1996-01-11 2002-10-23 Mrj Inc DEVICE FOR CONTROLLING ACCESS AND DISTRIBUTION OF DIGITAL PROPERTY
US5657445A (en) * 1996-01-26 1997-08-12 Dell Usa, L.P. Apparatus and method for limiting access to mass storage devices in a computer system
IL117085A (en) 1996-02-08 2005-07-25 Milsys Ltd Secure computer system
US5835594A (en) 1996-02-09 1998-11-10 Intel Corporation Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage
US5978892A (en) 1996-05-03 1999-11-02 Digital Equipment Corporation Virtual memory allocation in a virtual address space having an inaccessible gap
US5809546A (en) 1996-05-23 1998-09-15 International Business Machines Corporation Method for managing I/O buffers in shared storage by structuring buffer table having entries including storage keys for controlling accesses to the buffers
US6178509B1 (en) * 1996-06-13 2001-01-23 Intel Corporation Tamper resistant methods and apparatus
US6205550B1 (en) * 1996-06-13 2001-03-20 Intel Corporation Tamper resistant methods and apparatus
US6175925B1 (en) * 1996-06-13 2001-01-16 Intel Corporation Tamper resistant player for scrambled contents
ES2117945B1 (es) 1996-06-20 1999-04-01 Alcatel Standard Electrica Dispositivo convertidor de energia alterna/continua.
US5729760A (en) * 1996-06-21 1998-03-17 Intel Corporation System for providing first type access to register if processor in first mode and second type access to register if processor not in first mode
US6199152B1 (en) * 1996-08-22 2001-03-06 Transmeta Corporation Translated memory protection apparatus for an advanced microprocessor
US5740178A (en) * 1996-08-29 1998-04-14 Lucent Technologies Inc. Software for controlling a reliable backup memory
WO1998012620A1 (fr) 1996-09-20 1998-03-26 Mitsubishi Denki Kabushiki Kaisha Micro-ordinateur possedant une fonction de commande de remise a zero
US5764889A (en) * 1996-09-26 1998-06-09 International Business Machines Corporation Method and apparatus for creating a security environment for a user task in a client/server system
US6055637A (en) * 1996-09-27 2000-04-25 Electronic Data Systems Corporation System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential
US5844986A (en) 1996-09-30 1998-12-01 Intel Corporation Secure BIOS
US5937063A (en) 1996-09-30 1999-08-10 Intel Corporation Secure boot
US5935242A (en) 1996-10-28 1999-08-10 Sun Microsystems, Inc. Method and apparatus for initializing a device
JPH10134008A (ja) 1996-11-05 1998-05-22 Mitsubishi Electric Corp 半導体装置およびコンピュータシステム
US5852717A (en) 1996-11-20 1998-12-22 Shiva Corporation Performance optimizations for computer networks utilizing HTTP
DE19649292A1 (de) * 1996-11-28 1998-06-04 Deutsche Telekom Ag Verfahren zum Sichern eines durch eine Schlüsselhierarchie geschützten Systems
US5901225A (en) 1996-12-05 1999-05-04 Advanced Micro Devices, Inc. System and method for performing software patches in embedded systems
US5757919A (en) 1996-12-12 1998-05-26 Intel Corporation Cryptographically protected paging subsystem
US5889947A (en) * 1996-12-16 1999-03-30 International Business Machines Corporation Apparatus and method for executing instructions that select a storage location for output values in response to an operation count
US5818939A (en) 1996-12-18 1998-10-06 Intel Corporation Optimized security functionality in an electronic system
US6412035B1 (en) * 1997-02-03 2002-06-25 Real Time, Inc. Apparatus and method for decreasing the response times of interrupt service routines
US6148401A (en) 1997-02-05 2000-11-14 At&T Corp. System and method for providing assurance to a host that a piece of software possesses a particular property
US5953502A (en) 1997-02-13 1999-09-14 Helbig, Sr.; Walter A Method and apparatus for enhancing computer system security
EP1013023B1 (en) * 1997-02-13 2005-10-26 Walter A. Helbig, Sr. Security coprocessor for enhancing computer system security
US5935249A (en) * 1997-02-26 1999-08-10 Sun Microsystems, Inc. Mechanism for embedding network based control systems in a local network interface device
JP4000654B2 (ja) 1997-02-27 2007-10-31 セイコーエプソン株式会社 半導体装置及び電子機器
EP0970411B1 (en) 1997-03-27 2002-05-15 BRITISH TELECOMMUNICATIONS public limited company Copy protection of data
US6272637B1 (en) * 1997-04-14 2001-08-07 Dallas Semiconductor Corporation Systems and methods for protecting access to encrypted information
JPH10301773A (ja) * 1997-04-30 1998-11-13 Sony Corp 情報処理装置および情報処理方法、並びに記録媒体
US6557104B2 (en) * 1997-05-02 2003-04-29 Phoenix Technologies Ltd. Method and apparatus for secure processing of cryptographic keys
JP3293760B2 (ja) * 1997-05-27 2002-06-17 株式会社エヌイーシー情報システムズ 改ざん検知機能付きコンピュータシステム
US6044478A (en) * 1997-05-30 2000-03-28 National Semiconductor Corporation Cache with finely granular locked-down regions
US6075938A (en) * 1997-06-10 2000-06-13 The Board Of Trustees Of The Leland Stanford Junior University Virtual machine monitors for scalable multiprocessors
US5987557A (en) 1997-06-19 1999-11-16 Sun Microsystems, Inc. Method and apparatus for implementing hardware protection domains in a system with no memory management unit (MMU)
US6175924B1 (en) * 1997-06-20 2001-01-16 International Business Machines Corp. Method and apparatus for protecting application data in secure storage areas
US6035374A (en) * 1997-06-25 2000-03-07 Sun Microsystems, Inc. Method of executing coded instructions in a multiprocessor having shared execution resources including active, nap, and sleep states in accordance with cache miss latency
US6584565B1 (en) 1997-07-15 2003-06-24 Hewlett-Packard Development Company, L.P. Method and apparatus for long term verification of digital signatures
US6014745A (en) * 1997-07-17 2000-01-11 Silicon Systems Design Ltd. Protection for customer programs (EPROM)
US5978475A (en) 1997-07-18 1999-11-02 Counterpane Internet Security, Inc. Event auditing system
US6212635B1 (en) * 1997-07-18 2001-04-03 David C. Reardon Network security system allowing access and modification to a security subsystem after initial installation when a master token is in place
US6188995B1 (en) 1997-07-28 2001-02-13 Apple Computer, Inc. Method and apparatus for enforcing software licenses
US5919257A (en) 1997-08-08 1999-07-06 Novell, Inc. Networked workstation intrusion detection system
DE19735948C1 (de) 1997-08-19 1998-10-01 Siemens Nixdorf Inf Syst Verfahren zur Verbesserung der Steuerungsmöglichkeit in Datenverarbeitungsanlagen mit Adreßübersetzung
JP3546678B2 (ja) * 1997-09-12 2004-07-28 株式会社日立製作所 マルチos構成方法
US6282657B1 (en) 1997-09-16 2001-08-28 Safenet, Inc. Kernel mode protection
US6708273B1 (en) 1997-09-16 2004-03-16 Safenet, Inc. Apparatus and method for implementing IPSEC transforms within an integrated circuit
US6704871B1 (en) 1997-09-16 2004-03-09 Safenet, Inc. Cryptographic co-processor
US5935247A (en) 1997-09-18 1999-08-10 Geneticware Co., Ltd. Computer system having a genetic code that cannot be directly accessed and a method of maintaining the same
US6148379A (en) 1997-09-19 2000-11-14 Silicon Graphics, Inc. System, method and computer program product for page sharing between fault-isolated cells in a distributed shared memory system
US6182089B1 (en) * 1997-09-23 2001-01-30 Silicon Graphics, Inc. Method, system and computer program product for dynamically allocating large memory pages of different sizes
US6061794A (en) * 1997-09-30 2000-05-09 Compaq Computer Corp. System and method for performing secure device communications in a peer-to-peer bus architecture
US6357004B1 (en) * 1997-09-30 2002-03-12 Intel Corporation System and method for ensuring integrity throughout post-processing
US5970147A (en) 1997-09-30 1999-10-19 Intel Corporation System and method for configuring and registering a cryptographic device
US5987604A (en) * 1997-10-07 1999-11-16 Phoenix Technologies, Ltd. Method and apparatus for providing execution of system management mode services in virtual mode
US6085296A (en) 1997-11-12 2000-07-04 Digital Equipment Corporation Sharing memory pages and page tables among computer processes
US6076160A (en) * 1997-11-20 2000-06-13 Advanced Micro Devices, Inc. Hardware-based system for enabling data transfers between a CPU and chip set logic of a computer system on both edges of bus clock signal
JPH11155064A (ja) 1997-11-21 1999-06-08 Canon Inc 画像処理方法及び装置
US6219787B1 (en) 1997-12-22 2001-04-17 Texas Instruments Incorporated Method and apparatus for extending security model to native code
US6378072B1 (en) * 1998-02-03 2002-04-23 Compaq Computer Corporation Cryptographic system
US6308270B1 (en) 1998-02-13 2001-10-23 Schlumberger Technologies, Inc. Validating and certifying execution of a software program with a smart card
US6108644A (en) 1998-02-19 2000-08-22 At&T Corp. System and method for electronic transactions
US6131166A (en) 1998-03-13 2000-10-10 Sun Microsystems, Inc. System and method for cross-platform application level power management
US6192455B1 (en) * 1998-03-30 2001-02-20 Intel Corporation Apparatus and method for preventing access to SMRAM space through AGP addressing
US6374286B1 (en) * 1998-04-06 2002-04-16 Rockwell Collins, Inc. Real time processor capable of concurrently running multiple independent JAVA machines
US6173417B1 (en) * 1998-04-30 2001-01-09 Intel Corporation Initializing and restarting operating systems
US6339826B2 (en) 1998-05-05 2002-01-15 International Business Machines Corp. Client-server system for maintaining a user desktop consistent with server application user access permissions
US6397242B1 (en) * 1998-05-15 2002-05-28 Vmware, Inc. Virtualization system including a virtual machine monitor for a computer with a segmented architecture
FR2778998B1 (fr) 1998-05-20 2000-06-30 Schlumberger Ind Sa Procede d'authentification d'un code personnel d'un utilisateur d'une carte a circuit integre
EP0961193B1 (en) 1998-05-29 2010-09-01 Texas Instruments Incorporated Secure computing device
US6421702B1 (en) 1998-06-09 2002-07-16 Advanced Micro Devices, Inc. Interrupt driven isochronous task scheduler system
AU748955B2 (en) 1998-06-17 2002-06-13 Aristocrat Technologies Australia Pty Limited Software verification and authentication
US6505279B1 (en) * 1998-08-14 2003-01-07 Silicon Storage Technology, Inc. Microcontroller system having security circuitry to selectively lock portions of a program memory address space
US6339815B1 (en) * 1998-08-14 2002-01-15 Silicon Storage Technology, Inc. Microcontroller system having allocation circuitry to selectively allocate and/or hide portions of a program memory address space
JP2000076139A (ja) 1998-08-28 2000-03-14 Nippon Telegr & Teleph Corp <Ntt> 携帯型情報記憶媒体
US6363485B1 (en) * 1998-09-09 2002-03-26 Entrust Technologies Limited Multi-factor biometric authenticating device and method
US7409694B2 (en) 1998-09-09 2008-08-05 Microsoft Corporation Highly componentized system architecture with loadable virtual memory manager
US6463535B1 (en) 1998-10-05 2002-10-08 Intel Corporation System and method for verifying the integrity and authorization of software before execution in a local platform
US6230248B1 (en) 1998-10-12 2001-05-08 Institute For The Development Of Emerging Architectures, L.L.C. Method and apparatus for pre-validating regions in a virtual addressing scheme
US7194092B1 (en) 1998-10-26 2007-03-20 Microsoft Corporation Key-based secure storage
US6609199B1 (en) * 1998-10-26 2003-08-19 Microsoft Corporation Method and apparatus for authenticating an open system application to a portable IC device
US6330670B1 (en) 1998-10-26 2001-12-11 Microsoft Corporation Digital rights management operating system
US6327652B1 (en) 1998-10-26 2001-12-04 Microsoft Corporation Loading and identifying a digital rights management operating system
GB2343269A (en) * 1998-10-30 2000-05-03 Ericsson Telefon Ab L M Processing arrangements
US6445797B1 (en) 1998-12-16 2002-09-03 Secure Choice Llc Method and system for performing secure electronic digital streaming
US6418521B1 (en) 1998-12-23 2002-07-09 Intel Corporation Hierarchical fully-associative-translation lookaside buffer structure
US6463537B1 (en) 1999-01-04 2002-10-08 Codex Technologies, Inc. Modified computer motherboard security and identification system
US6282650B1 (en) * 1999-01-25 2001-08-28 Intel Corporation Secure public digital watermark
US7111290B1 (en) * 1999-01-28 2006-09-19 Ati International Srl Profiling program execution to identify frequently-executed portions and to assist binary translation
US6560627B1 (en) * 1999-01-28 2003-05-06 Cisco Technology, Inc. Mutual exclusion at the record level with priority inheritance for embedded systems using one semaphore
US6188257B1 (en) * 1999-02-01 2001-02-13 Vlsi Technology, Inc. Power-on-reset logic with secure power down capability
EP1030237A1 (en) 1999-02-15 2000-08-23 Hewlett-Packard Company Trusted hardware device in a computer
US6272533B1 (en) 1999-02-16 2001-08-07 Hendrik A. Browne Secure computer system and method of providing secure access to a computer system including a stand alone switch operable to inhibit data corruption on a storage device
JP4072271B2 (ja) * 1999-02-19 2008-04-09 株式会社日立製作所 複数のオペレーティングシステムを実行する計算機
CN2359735Y (zh) * 1999-03-12 2000-01-19 深圳市欧迪科技发展有限公司 能共享微计算机主机资源的多用户连接装置
US6327646B1 (en) 1999-03-12 2001-12-04 Intel Corporation Translation look-aside buffer utilizing high-order bits for fast access
US7225333B2 (en) * 1999-03-27 2007-05-29 Microsoft Corporation Secure processor architecture for use with a digital rights management (DRM) system on a computing device
US6615278B1 (en) 1999-03-29 2003-09-02 International Business Machines Corporation Cross-platform program, system, and method having a global registry object for mapping registry equivalent functions in an OS/2 operating system environment
US6684326B1 (en) * 1999-03-31 2004-01-27 International Business Machines Corporation Method and system for authenticated boot operations in a computer system of a networked computing environment
US6651171B1 (en) 1999-04-06 2003-11-18 Microsoft Corporation Secure execution of program code
EP1272948A1 (en) 1999-04-12 2003-01-08 Digital Media on Demand, Inc. ( DMOD, Inc.) Secure electronic commerce system
US6389537B1 (en) * 1999-04-23 2002-05-14 Intel Corporation Platform and method for assuring integrity of trusted agent communications
US6275933B1 (en) 1999-04-30 2001-08-14 3Com Corporation Security system for a computerized apparatus
EP1056014A1 (en) 1999-05-28 2000-11-29 Hewlett-Packard Company System for providing a trustworthy user interface
EP1055989A1 (en) 1999-05-28 2000-11-29 Hewlett-Packard Company System for digitally signing a document
US6321314B1 (en) 1999-06-09 2001-11-20 Ati International S.R.L. Method and apparatus for restricting memory access
TW479194B (en) 1999-06-18 2002-03-11 Phoenix Tech Ltd Method and apparatus for execution of an application during computer pre-boot operation
US6633981B1 (en) 1999-06-18 2003-10-14 Intel Corporation Electronic system and method for controlling access through user authentication
JP2001051858A (ja) 1999-06-18 2001-02-23 Fiinikkusu Technologies Ltd 基本入出力システム(bios)サービスを安全に使用するためのシステムおよび方法
US6158546A (en) 1999-06-25 2000-12-12 Tenneco Automotive Inc. Straight through muffler with conically-ended output passage
US6584612B1 (en) * 1999-07-15 2003-06-24 International Business Machines Corporation Transparent loading of resources from read-only memory for an application program
US6301646B1 (en) 1999-07-30 2001-10-09 Curl Corporation Pointer verification system and method
EP1076279A1 (en) * 1999-08-13 2001-02-14 Hewlett-Packard Company Computer platforms and their methods of operation
US7124170B1 (en) * 1999-08-20 2006-10-17 Intertrust Technologies Corp. Secure processing unit systems and methods
US6457068B1 (en) * 1999-08-30 2002-09-24 Intel Corporation Graphics address relocation table (GART) stored entirely in a local memory of an expansion bridge for address translation
US6529909B1 (en) * 1999-08-31 2003-03-04 Accenture Llp Method for translating an object attribute converter in an information services patterns environment
EP1236097A4 (en) * 1999-09-01 2006-08-02 Intel Corp BRANCH COMMAND TO THE PROCESSOR
JP2001148344A (ja) * 1999-09-09 2001-05-29 Nikon Corp 露光装置、エネルギ源の出力制御方法、該方法を用いるレーザ装置、及びデバイス製造方法
EP1085396A1 (en) 1999-09-17 2001-03-21 Hewlett-Packard Company Operation of trusted state in computing platform
US6535988B1 (en) * 1999-09-29 2003-03-18 Intel Corporation System for detecting over-clocking uses a reference signal thereafter preventing over-clocking by reducing clock rate
WO2001026277A1 (en) * 1999-10-01 2001-04-12 Infraworks Corporation Method and apparatus for packaging and transmitting data
US6374317B1 (en) * 1999-10-07 2002-04-16 Intel Corporation Method and apparatus for initializing a computer interface
GB9923804D0 (en) 1999-10-08 1999-12-08 Hewlett Packard Co Electronic commerce system
GB9923802D0 (en) 1999-10-08 1999-12-08 Hewlett Packard Co User authentication
JP3749640B2 (ja) * 1999-10-15 2006-03-01 株式会社東芝 Icカード利用装置、icカード及び記憶媒体
US6292874B1 (en) 1999-10-19 2001-09-18 Advanced Technology Materials, Inc. Memory management method and apparatus for partitioning homogeneous memory and restricting access of installed applications to predetermined memory ranges
FR2801118B1 (fr) * 1999-11-17 2001-12-21 Bull Cp8 Procede de chargement d'applications dans un systeme embarque multi-application, systeme embarque correspondant, et procede d'execution d'une application du systeme embarque
KR100363839B1 (ko) 1999-12-24 2002-12-06 주식회사 하이닉스반도체 반도체 소자의 층간 절연막 형성 방법
CN1157660C (zh) * 2000-02-03 2004-07-14 英业达集团(上海)电子技术有限公司 多用户的安全性操作文件方法
AU2001239854A1 (en) 2000-02-23 2001-09-03 Iridian Technologies, Inc. Tamper proof case for electronic devices having memories with sensitive information
WO2001063567A2 (en) 2000-02-25 2001-08-30 Identix Incorporated Secure transaction system
US20010037450A1 (en) 2000-03-02 2001-11-01 Metlitski Evgueny A. System and method for process protection
JP3710671B2 (ja) 2000-03-14 2005-10-26 シャープ株式会社 1チップマイクロコンピュータ及びそれを用いたicカード、並びに1チップマイクロコンピュータのアクセス制御方法
CA2341931C (en) 2000-03-24 2006-05-30 Contentguard Holdings, Inc. System and method for protection of digital works
US6754815B1 (en) * 2000-03-31 2004-06-22 Intel Corporation Method and system for scrubbing an isolated area of memory after reset of a processor operating in isolated execution mode if a cleanup flag is set
US6678825B1 (en) * 2000-03-31 2004-01-13 Intel Corporation Controlling access to multiple isolated memories in an isolated execution environment
US6795905B1 (en) 2000-03-31 2004-09-21 Intel Corporation Controlling accesses to isolated memory using a memory controller for isolated execution
US6633963B1 (en) 2000-03-31 2003-10-14 Intel Corporation Controlling access to multiple memory zones in an isolated execution environment
US7082615B1 (en) 2000-03-31 2006-07-25 Intel Corporation Protecting software environment in isolated execution
US6769058B1 (en) * 2000-03-31 2004-07-27 Intel Corporation Resetting a processor in an isolated execution environment
US7013484B1 (en) * 2000-03-31 2006-03-14 Intel Corporation Managing a secure environment using a chipset in isolated execution mode
US6760441B1 (en) * 2000-03-31 2004-07-06 Intel Corporation Generating a key hieararchy for use in an isolated execution environment
US6507904B1 (en) * 2000-03-31 2003-01-14 Intel Corporation Executing isolated mode instructions in a secure system running in privilege rings
US6990579B1 (en) 2000-03-31 2006-01-24 Intel Corporation Platform and method for remote attestation of a platform
JP2001309350A (ja) 2000-04-17 2001-11-02 Sony Corp 情報提供システム、情報受信装置及びその方法。
JP3630087B2 (ja) * 2000-05-10 2005-03-16 日本電気株式会社 自動データ処理装置
US6990663B1 (en) * 2000-06-08 2006-01-24 International Business Machines Corporation Hypervisor virtualization of OS console and operator panel
US6510508B1 (en) 2000-06-15 2003-01-21 Advanced Micro Devices, Inc. Translation lookaside buffer flush filter
US6604187B1 (en) 2000-06-19 2003-08-05 Advanced Micro Devices, Inc. Providing global translations with address space numbers
US6981281B1 (en) 2000-06-21 2005-12-27 Microsoft Corporation Filtering a permission set using permission requests associated with a code assembly
US6976162B1 (en) 2000-06-28 2005-12-13 Intel Corporation Platform and method for establishing provable identities while maintaining privacy
US6986052B1 (en) 2000-06-30 2006-01-10 Intel Corporation Method and apparatus for secure execution using a secure memory partition
US20020062452A1 (en) 2000-08-18 2002-05-23 Warwick Ford Countering credentials copying
GB0020416D0 (en) * 2000-08-18 2000-10-04 Hewlett Packard Co Trusted system
EP1182568A3 (en) 2000-08-21 2004-07-21 Texas Instruments Incorporated TLB operation based on task-id
JP3576945B2 (ja) * 2000-09-13 2004-10-13 エヌイーシーコンピュータテクノ株式会社 マルチプロセッサシステムにおける命令実行方法及びその装置
US7793111B1 (en) 2000-09-28 2010-09-07 Intel Corporation Mechanism to handle events in a machine with isolated execution
US6938164B1 (en) * 2000-11-22 2005-08-30 Microsoft Corporation Method and system for allowing code to be securely initialized in a computer
US6907600B2 (en) 2000-12-27 2005-06-14 Intel Corporation Virtual translation lookaside buffer
US6948065B2 (en) 2000-12-27 2005-09-20 Intel Corporation Platform and method for securely transmitting an authorization secret
US7631160B2 (en) 2001-04-04 2009-12-08 Advanced Micro Devices, Inc. Method and apparatus for securing portions of memory
US8909555B2 (en) 2001-04-24 2014-12-09 Hewlett-Packard Development Company, L.P. Information security system
US6976136B2 (en) 2001-05-07 2005-12-13 National Semiconductor Corporation Flash memory protection scheme for secured shared BIOS implementation in personal computers with an embedded controller
US7676430B2 (en) 2001-05-09 2010-03-09 Lenovo (Singapore) Ptd. Ltd. System and method for installing a remote credit card authorization on a system with a TCPA complaint chipset
US7065654B1 (en) 2001-05-10 2006-06-20 Advanced Micro Devices, Inc. Secure execution box
US20020184520A1 (en) * 2001-05-30 2002-12-05 Bush William R. Method and apparatus for a secure virtual machine
EP1271277A3 (en) 2001-06-26 2003-02-05 Redstrike B.V. Security system and software to prevent unauthorized use of a computing device
US20030018892A1 (en) * 2001-07-19 2003-01-23 Jose Tello Computer with a modified north bridge, security engine and smart card having a secure boot capability and method for secure booting a computer
US7036020B2 (en) 2001-07-25 2006-04-25 Antique Books, Inc Methods and systems for promoting security in a computer system employing attached storage devices
EP1436937B1 (en) 2001-09-21 2008-01-09 Telefonaktiebolaget LM Ericsson (publ) Arrangement and method for execution of code
US7103529B2 (en) * 2001-09-27 2006-09-05 Intel Corporation Method for providing system integrity and legacy environment emulation
WO2003029963A2 (en) 2001-09-28 2003-04-10 Codagen Technologies Corp. A system and method for managing architectural layers within a software model
US7191464B2 (en) * 2001-10-16 2007-03-13 Lenovo Pte. Ltd. Method and system for tracking a secure boot in a trusted computing environment
US7024555B2 (en) * 2001-11-01 2006-04-04 Intel Corporation Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment
US7103771B2 (en) * 2001-12-17 2006-09-05 Intel Corporation Connecting a virtual token to a physical token
US20030126454A1 (en) 2001-12-28 2003-07-03 Glew Andrew F. Authenticated code method and apparatus
US7308576B2 (en) 2001-12-31 2007-12-11 Intel Corporation Authenticated code module
US20030126453A1 (en) 2001-12-31 2003-07-03 Glew Andrew F. Processor supporting execution of an authenticated code instruction
US7305675B1 (en) 2002-01-11 2007-12-04 Advanced Micro Devices, Inc. Processing tasks with failure recovery
US7313705B2 (en) * 2002-01-22 2007-12-25 Texas Instrument Incorporated Implementation of a secure computing environment by using a secure bootloader, shadow memory, and protected memory
US7107460B2 (en) 2002-02-15 2006-09-12 International Business Machines Corporation Method and system for securing enablement access to a data security device
US7111086B1 (en) * 2002-02-22 2006-09-19 Vmware, Inc. High-speed packet transfer in computer systems with multiple interfaces
US7631196B2 (en) 2002-02-25 2009-12-08 Intel Corporation Method and apparatus for loading a trustable operating system
US7343493B2 (en) 2002-03-28 2008-03-11 Lenovo (Singapore) Pte. Ltd. Encrypted file system using TCPA
US7069442B2 (en) * 2002-03-29 2006-06-27 Intel Corporation System and method for execution of a secured environment initialization instruction
US7127548B2 (en) 2002-04-16 2006-10-24 Intel Corporation Control register access virtualization performance improvement in the virtual-machine architecture
US7073042B2 (en) 2002-12-12 2006-07-04 Intel Corporation Reclaiming existing fields in address translation data structures to extend control over memory accesses
US7318141B2 (en) * 2002-12-17 2008-01-08 Intel Corporation Methods and systems to control virtual machines
US7409487B1 (en) 2003-06-30 2008-08-05 Vmware, Inc. Virtualization system for computers that use address space indentifiers
US7552254B1 (en) 2003-07-30 2009-06-23 Intel Corporation Associating address space identifiers with active contexts
US7552255B1 (en) 2003-07-30 2009-06-23 Intel Corporation Dynamically partitioning pipeline resources
US8312452B2 (en) 2005-06-30 2012-11-13 Intel Corporation Method and apparatus for a guest to access a privileged register
EP2118182B1 (en) * 2007-02-12 2012-08-08 Porex Corporation Porous barrier media comprising color change indicators
JP2011155064A (ja) * 2010-01-26 2011-08-11 Elpida Memory Inc 半導体装置およびその製造方法

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112740122A (zh) * 2018-08-21 2021-04-30 皮尔茨公司 用于监视安全关键过程的自动化系统
CN112740122B (zh) * 2018-08-21 2024-03-15 皮尔茨公司 用于监视安全关键过程的自动化系统

Also Published As

Publication number Publication date
US9361121B2 (en) 2016-06-07
US9043594B2 (en) 2015-05-26
US20120216025A1 (en) 2012-08-23
US7069442B2 (en) 2006-06-27
GB2402788A (en) 2004-12-15
HK1068430A1 (en) 2005-04-29
TW201419150A (zh) 2014-05-16
GB0601323D0 (en) 2006-03-01
CN102708333A (zh) 2012-10-03
JP5852145B2 (ja) 2016-02-03
US20050182940A1 (en) 2005-08-18
CN102841995A (zh) 2012-12-26
GB2419986B (en) 2006-09-27
WO2003085497A2 (en) 2003-10-16
CN103559448B (zh) 2017-04-12
GB0422078D0 (en) 2004-11-03
TW200405200A (en) 2004-04-01
JP2011243216A (ja) 2011-12-01
CN102708333B (zh) 2016-03-16
US8185734B2 (en) 2012-05-22
US20160056960A1 (en) 2016-02-25
JP6404283B2 (ja) 2018-10-10
GB2402788B (en) 2006-04-05
US10031759B2 (en) 2018-07-24
JP2015028809A (ja) 2015-02-12
CN101410772B (zh) 2011-04-13
GB2419987A (en) 2006-05-10
JP2005535005A (ja) 2005-11-17
CN105608384B (zh) 2021-12-10
JP2012155746A (ja) 2012-08-16
JP5714437B2 (ja) 2015-05-07
KR20040101378A (ko) 2004-12-02
CN106845249A (zh) 2017-06-13
CN101833632B (zh) 2013-11-06
AU2003224737A8 (en) 2009-10-15
CN102855441A (zh) 2013-01-02
CN105608384A (zh) 2016-05-25
US20170147359A1 (en) 2017-05-25
US10042649B2 (en) 2018-08-07
CN102841994A (zh) 2012-12-26
GB0601322D0 (en) 2006-03-01
US20140281467A1 (en) 2014-09-18
JP2013235612A (ja) 2013-11-21
WO2003085497A3 (en) 2009-09-11
CN102855441B (zh) 2015-12-16
JP5944461B2 (ja) 2016-07-05
CN106845249B (zh) 2020-12-22
CN101833632A (zh) 2010-09-15
GB0601321D0 (en) 2006-03-01
GB2419986A (en) 2006-05-10
CN103559448A (zh) 2014-02-05
DE10392470T5 (de) 2005-04-07
CN102841994B (zh) 2016-06-29
JP6033828B2 (ja) 2016-11-30
CN101410772A (zh) 2009-04-15
CN102841995B (zh) 2016-01-06
US8645688B2 (en) 2014-02-04
DE10392470B4 (de) 2007-02-15
US20130205127A1 (en) 2013-08-08
TWI315487B (en) 2009-10-01
JP4823481B2 (ja) 2011-11-24
TWI433033B (zh) 2014-04-01
US20090259845A1 (en) 2009-10-15
US20030188165A1 (en) 2003-10-02
TWI518593B (zh) 2016-01-21
JP5452656B2 (ja) 2014-03-26
CN105184172B (zh) 2018-06-01
GB2419988A (en) 2006-05-10
KR100634933B1 (ko) 2006-10-17
JP2016224975A (ja) 2016-12-28
TW200945198A (en) 2009-11-01
CN105184172A (zh) 2015-12-23
JP2015043240A (ja) 2015-03-05
AU2003224737A1 (en) 2003-10-20
GB2419989A (en) 2006-05-10
US9990208B2 (en) 2018-06-05
US20170115993A1 (en) 2017-04-27
GB2419989B (en) 2006-09-27
US10175994B2 (en) 2019-01-08
GB0601326D0 (en) 2006-03-01
US20170132014A1 (en) 2017-05-11
JP2009054164A (ja) 2009-03-12
JP5020911B2 (ja) 2012-09-05
CN102103671B (zh) 2013-10-16
GB2419988B (en) 2006-09-27
JP2014089753A (ja) 2014-05-15
US7546457B2 (en) 2009-06-09
GB2419987B (en) 2006-09-27

Similar Documents

Publication Publication Date Title
CN101410772B (zh) 用于执行安全环境起始指令的系统

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term

Granted publication date: 20131016

CX01 Expiry of patent term