JP4762494B2 - セキュア実行モードを実行可能なcpuおよび高信頼(セキュア)通信路を介して接続されたセキュリティサービスプロセッサを含むコンピュータシステム - Google Patents
セキュア実行モードを実行可能なcpuおよび高信頼(セキュア)通信路を介して接続されたセキュリティサービスプロセッサを含むコンピュータシステム Download PDFInfo
- Publication number
- JP4762494B2 JP4762494B2 JP2003586729A JP2003586729A JP4762494B2 JP 4762494 B2 JP4762494 B2 JP 4762494B2 JP 2003586729 A JP2003586729 A JP 2003586729A JP 2003586729 A JP2003586729 A JP 2003586729A JP 4762494 B2 JP4762494 B2 JP 4762494B2
- Authority
- JP
- Japan
- Prior art keywords
- transaction
- processor
- security
- bus
- secure
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000004891 communication Methods 0.000 title description 15
- 230000002093 peripheral effect Effects 0.000 claims description 36
- 238000000034 method Methods 0.000 claims description 9
- 230000004044 response Effects 0.000 claims description 8
- 230000000903 blocking effect Effects 0.000 claims description 3
- 230000015654 memory Effects 0.000 description 85
- 230000006870 function Effects 0.000 description 20
- 230000007246 mechanism Effects 0.000 description 15
- 238000010586 diagram Methods 0.000 description 11
- 238000013507 mapping Methods 0.000 description 10
- 230000001360 synchronised effect Effects 0.000 description 9
- 238000011144 upstream manufacturing Methods 0.000 description 8
- 238000012546 transfer Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 6
- 238000013519 translation Methods 0.000 description 6
- 101100221836 Arabidopsis thaliana CPL3 gene Proteins 0.000 description 5
- 101100065702 Arabidopsis thaliana ETC3 gene Proteins 0.000 description 5
- 230000001427 coherent effect Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 101100016034 Nicotiana tabacum APIC gene Proteins 0.000 description 4
- 238000006243 chemical reaction Methods 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 230000007717 exclusion Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000001419 dependent effect Effects 0.000 description 2
- 239000004744 fabric Substances 0.000 description 2
- 238000000926 separation method Methods 0.000 description 2
- 101100221835 Arabidopsis thaliana CPL2 gene Proteins 0.000 description 1
- 101150093240 Brd2 gene Proteins 0.000 description 1
- 101150016835 CPL1 gene Proteins 0.000 description 1
- 208000032826 Ring chromosome 3 syndrome Diseases 0.000 description 1
- 101100468774 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) RIM13 gene Proteins 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4403—Processor initialisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
Description
高信頼(Trusted)コンピューティングは、コンピュータシステム(例えば、パーソナルコンピュータ(PC))ユーザに対して、彼らのプライバシーに対する攻撃から保護されながら、電子マネーや映画をダウンロードできるといった新しい活動への参加を可能にしている。高信頼コンピューティング環境の一部となるためにはPCそれ自体がユーザおよび銀行、コンテンツ提供者といった外部組織の両方から信頼されなければならない。高信頼PCを作るのに必要な主要要素には、信頼性の高い実行環境(trusted processing environment)、プラットフォーム依存の秘密化、暗号化処理、セキュアな記憶装置およびセキュリティカーネル(SK)と呼ばれるセキュア・オペレーティングシステム・コードセグメントが含まれる。これらの要素を具体化する構成ブロックについて以下で詳述する。
高信頼PCを作成する中枢は独特の、プラットホーム依存の秘密事項である。実際には、この秘密事項は、公開/秘密暗号鍵ペアの秘密鍵であってもよい。この秘密事項はPCが高信頼環境内で動作しているときにのみ使用されなければならず、誰に対しても、つまりどのコードにも開示してはならない。この秘密事項を用いた暗号化動作の結果は開示することができるが、秘密事項それ自体は開示することはできない。これを機能させるために、それを使用する秘密事項および暗号処理装置は入力および出力が制限された密閉箱に配置しなければならない。実用では、密閉箱とはプロセッサ機能と不揮発性の記憶装置とを組み合わせた単一の集積回路(IC)パッケージを意味する。この装置はセキュリティサービスプロセッサ(SSP)と呼ばれる。一実施形態では、少なくとも1つのSSPが必要とされ、プラットホーム初期化プロセスには確実に1つのSSPが寄与する。
図2は、高信頼性コンピューティングプラットホームを採用したコンピュータシステムの一実施形態のブロック図である。コンピュータシステム10は、SEMプロセッサ100AおよびSEMプロセッサ100Bと呼ばれるSEMを実行可能な2つのプロセッサを含む。SEMプロセッサ100Aはプロセッサバス105を介してSEMプロセッサ100Bに結合される。さらにコンピュータシステム10は、SEMプロセッサ100AおよびSEMプロセッサ100Bに結合されたシステムメモリ110Bに結合されるシステムメモリ110Aを含む。SEMプロセッサ100Aはシステムバス125を介してI/Oインターフェイス120に結合される。I/Oインターフェイス120はペリフェラルバス145を介して記憶装置140および周辺装置150に結合される。さらにI/Oインターフェイス120はペリフェラルバス135を介してSSP130に結合される。別の実施形態では、ペリフェラルバス135の代わりに、点線で示すようにSSP130をペリフェラルバス145に結合してもよい。ここで2つのSEMプロセッサを示しているものの、他の実施形態では異なる数のSEMプロセッサを用いてもよいことに注意すべきである。さらに、同一の参照番号と一つの参照符号で示す要素は、単にその参照符号だけで参照することもあることに注意してもらいたい。例えば、SEMプロセッサ100Aを、場合によっては、単にSEMプロセッサ100と呼ぶこともある。
FD_F920_0000h-FD_F923_FFFFh Hash_Start
FD_F924_0000h-FD_F927_FFFFh 予約済み
FD_F928_0000h-FD_F928_0003h Hash_End
FD_F928_0004h-FD_F928_0007h Hash_Data
FD_F928_0008h-FD_F92F_FFFFh 予約済み
FED0_0000h-FED0_0003h Hash_End
FED0_0004h-FED0_0007h Hash_Data
FED0_0008h-FED0_000Bh Hash_Start
FED0_000Ch-FED0_00FFh 予約済み
FED0_0100h-FED0_0103h Device_ID-Vendor_ID(デバイスID・ベンダID)レジスタ
FED0_0104h-FED0_0107h Class_Code-Revision_ID(クラスコード・リビジョンID)レジスタ
FED0_0108h-FED0_010Bh Subsystem_ID-Subsystem_Vendor_ID(サブシステムID、サブシステムベンダID)レジスタ
FED0_010Ch-FED0_01FFh 予約済み
FED0_0200h-FED0_0FFFh SSPメモリマッピングされたI/Oウィンドウ
FED0_1000h-FEDF_FFFFh 予約済み
XXXX_XXX0h-XXXX_XXX3h Hash_End
XXXX_XXX4h-XXXX_XXX7h Hash_Data
XXXX_XXX8h-XXXX_XXXBh Hash_Start
XXXX_X00Ch-XXXX_X1FFh 予約済み
XXXX_X200h-XXXX_XFFFh SSPメモリマッピングされたI/Oウィンドウ
上述のとおり、パケットを、NC I/Oリンク225などのHyperTransport(商標)リンク上をアップストリームにもダウンストリームにも送信することができる。さらにある種のパケットは特定の宛先を持ち、その他のパケットはすべての装置に対してブロードキャストされる。図6から図8に、HyperTransport規格と互換性を持つSKINITトランザクションパケットの例を示す。図6はHash_Startパケットの一例を、図7はHash_Endパケットの一例を、図8はHash_Dataパケットの一例を示す。様々なHyperTransport(商標)パケットフォーマットとともに、リンク構造および信号の仕様についてのさらに詳細な情報は、HyperTransport(商標)技術コンソーシアムから出版されている、HyperTransport(商標)I/Oリンク規格書の最新版に記載されている。
Claims (8)
- セキュリティ初期化命令を実行することによって、セキュア実行モードを初期化するように構成され、セキュアオペレーティングシステムコードセグメントを実行することによって、前記セキュア実行モードで動作するように構成されたプロセッサ(100)と、
I/Oリンク(225)を介して前記プロセッサに結合され、前記セキュリティ初期化命令の実行の結果として実行されるトランザクションを受信して、前記トランザクションの発信元が前記プロセッサかどうかを判定するように構成された入力/出力(I/O)インターフェイス(120,220)と、
ペリフェラルバス(135)を介して、前記I/Oインターフェイスに結合されたセキュリティサービスプロセッサ(130)とを備え、
前記トランザクションは前記セキュアオペレーティングシステムコードセグメントの少なくとも一部を含み、前記I/Oインターフェイスは、前記プロセッサが前記トランザクションの発信元かどうかの判定に応じて、前記セキュリティサービスプロセッサに前記トランザクションを伝達するように構成されており、
前記セキュリティ初期化命令の実行の結果として実行される前記トランザクションが、Startトランザクション、対応するDataトランザクション、および対応するEndトランザクションを含み、前記Startトランザクションおよび前記Endトランザクションはブロードキャストパケットを含み、前記Dataトランザクションは非ポストサイズ調整されたライト要求パケットとそれに続くデータペイロードを含むデータパケットを含む、コンピュータシステム(20)。 - 前記I/Oインターフェイスは、前記プロセッサが前記トランザクションの唯一の発信元ではないとの判定に応答して、前記セキュリティサービスプロセッサへの前記トランザクションをブロックするように構成されている、請求項1記載のコンピュータシステム。
- 前記セキュリティサービスプロセッサは、前記プロセッサの前記セキュア実行モードへの前記初期化の際に、前記セキュアオペレーティングシステムコードセグメントの前記少なくとも一部が有効であるかどうかを検証すべく暗号ハッシュを実行し、その結果を前記セキュリティサービスプロセッサの内部記憶値と比較するように構成されている、請求項1記載のコンピュータシステム。
- 前記I/Oインターフェイスはさらに、ひとたび前記Startトランザクションを受信すると、前記Endトランザクションを受信するまでは、前記セキュリティサービスプロセッサへのすべてのピアトゥーピアのトランザクションをブロックするように構成されている、請求項1記載のコンピュータシステム。
- セキュアオペレーティングシステムコードセグメントを実行することによって、セキュア実行モードで動作するプロセッサ(100)を、前記セキュア実行モードでの動作のために初期化する方法であって、
前記プロセッサがセキュリティ初期化命令を実行するステップと、
入力/出力(I/O)インターフェイス(120,220)が、I/Oリンク(225)上で、前記プロセッサから、前記セキュリティ初期化命令の実行の結果として実行されるトランザクションを受信するステップであって、前記トランザクションは前記セキュアオペレーティングシステムコードセグメントの少なくとも一部を含むステップと、
前記I/Oインターフェイスが、前記プロセッサが前記トランザクションの発信元かどうかの判定するステップと、
前記I/Oインターフェイスが、前記プロセッサが前記トランザクションの発信元かどうかの判定に応じて、セキュリティサービスプロセッサ(130)に前記トランザクションを伝達するステップとを含み、
前記セキュリティ初期化命令の実行の結果として実行される前記トランザクションが、Startトランザクション、対応するDataトランザクション、および対応するEndトランザクションを含み、前記Startトランザクションおよび前記Endトランザクションはブロードキャストパケットを含み、前記Dataトランザクションは非ポストサイズ調整されたライト要求パケットとそれに続くデータペイロードを含むデータパケットを含む、方法。 - 前記I/Oインターフェイスが、前記プロセッサが前記トランザクションの唯一の発信元ではないとの判定に応答して、前記セキュリティサービスプロセッサへの前記トランザクションをブロックするステップをさらに含む、請求項5記載の方法。
- 前記セキュリティサービスプロセッサが、前記プロセッサの前記セキュア実行モードへの前記初期化の際に、前記セキュアオペレーティングシステムコードセグメントの前記少なくとも一部が有効であるかどうかを検証すべく暗号ハッシュを実行し、その結果を前記セキュリティサービスプロセッサの内部記憶値と比較するステップをさらに含む、請求項5記載の方法。
- 前記I/Oインターフェイスが、ひとたび前記Startトランザクションを受信すると、前記Endトランザクションを受信するまでは、前記セキュリティサービスプロセッサへのすべてのピアトゥーピアのトランザクションをブロックするステップをさらに含む、請求項5記載の方法。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US37357102P | 2002-04-18 | 2002-04-18 | |
US60/373,571 | 2002-04-18 | ||
PCT/US2003/012659 WO2003090052A2 (en) | 2002-04-18 | 2003-04-18 | A computer system including a secure execution mode - capable cpu and a security services processor connected via a secure communication path |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2005528677A JP2005528677A (ja) | 2005-09-22 |
JP4762494B2 true JP4762494B2 (ja) | 2011-08-31 |
Family
ID=29251047
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2003586729A Expired - Fee Related JP4762494B2 (ja) | 2002-04-18 | 2003-04-18 | セキュア実行モードを実行可能なcpuおよび高信頼(セキュア)通信路を介して接続されたセキュリティサービスプロセッサを含むコンピュータシステム |
Country Status (8)
Country | Link |
---|---|
US (3) | US7496966B1 (ja) |
EP (1) | EP1495394B1 (ja) |
JP (1) | JP4762494B2 (ja) |
KR (1) | KR100921779B1 (ja) |
CN (1) | CN100339780C (ja) |
AU (1) | AU2003231070A1 (ja) |
DE (1) | DE60322366D1 (ja) |
WO (1) | WO2003090052A2 (ja) |
Families Citing this family (116)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7334123B2 (en) * | 2003-05-02 | 2008-02-19 | Advanced Micro Devices, Inc. | Computer system including a bus bridge for connection to a security services processor |
US20040226015A1 (en) * | 2003-05-09 | 2004-11-11 | Leonard Ozgur C. | Multi-level computing resource scheduling control for operating system partitions |
US20040226017A1 (en) * | 2003-05-09 | 2004-11-11 | Leonard Ozgur C. | Mechanism for associating resource pools with operating system partitions |
US7461080B1 (en) | 2003-05-09 | 2008-12-02 | Sun Microsystems, Inc. | System logging within operating system partitions using log device nodes that are access points to a log driver |
US7389512B2 (en) * | 2003-05-09 | 2008-06-17 | Sun Microsystems, Inc. | Interprocess communication within operating system partitions |
US8892878B2 (en) * | 2003-05-09 | 2014-11-18 | Oracle America, Inc. | Fine-grained privileges in operating system partitions |
US7437556B2 (en) * | 2003-05-09 | 2008-10-14 | Sun Microsystems, Inc. | Global visibility controls for operating system partitions |
US8171252B2 (en) * | 2004-04-09 | 2012-05-01 | Proton World International N.V. | Sharing of non-divisible files |
WO2005106678A1 (en) * | 2004-04-30 | 2005-11-10 | Research In Motion Limited | System and method of operation control on an electronic device |
EP1619572A1 (en) * | 2004-07-23 | 2006-01-25 | Texas Instruments Incorporated | System and method of identifying and preventing security violations within a computing system |
US8145816B2 (en) | 2004-09-15 | 2012-03-27 | Intel Corporation | System and method for deadlock free bus protection of resources during search execution |
US7502928B2 (en) * | 2004-11-12 | 2009-03-10 | Sony Computer Entertainment Inc. | Methods and apparatus for secure data processing and transmission |
US8181182B1 (en) | 2004-11-16 | 2012-05-15 | Oracle America, Inc. | Resource allocation brokering in nested containers |
US7457960B2 (en) * | 2004-11-30 | 2008-11-25 | Analog Devices, Inc. | Programmable processor supporting secure mode |
US20060136338A1 (en) * | 2004-12-16 | 2006-06-22 | Intel Corporation | Techniques for filtering attempts to access component core logic |
US7979702B2 (en) * | 2004-12-29 | 2011-07-12 | Intel Corporation | Protecting privacy of networked devices containing management subsystems |
US8799428B2 (en) * | 2004-12-30 | 2014-08-05 | Intel Corporation | Automated provisioning of new networked devices |
JP2006203564A (ja) * | 2005-01-20 | 2006-08-03 | Nara Institute Of Science & Technology | マイクロプロセッサ、ノード端末、コンピュータシステム及びプログラム実行証明方法 |
US7917753B2 (en) * | 2005-05-16 | 2011-03-29 | Texas Instruments Incorporated | Transferring control between programs of different security levels |
US8806224B2 (en) * | 2005-06-28 | 2014-08-12 | Intel Corporation | Low cost trusted platform |
US20070067826A1 (en) * | 2005-09-19 | 2007-03-22 | Texas Instruments Incorporated | Method and system for preventing unsecure memory accesses |
CN101283332A (zh) * | 2005-10-04 | 2008-10-08 | 日本电气株式会社 | 信息处理装置、信息处理方法及程序 |
US8112798B2 (en) * | 2005-11-09 | 2012-02-07 | Microsoft Corporation | Hardware-aided software code measurement |
US7616218B1 (en) * | 2005-12-05 | 2009-11-10 | Nvidia Corporation | Apparatus, system, and method for clipping graphics primitives |
US8959339B2 (en) * | 2005-12-23 | 2015-02-17 | Texas Instruments Incorporated | Method and system for preventing unauthorized processor mode switches |
US7882227B2 (en) | 2006-02-23 | 2011-02-01 | Oracle America, Inc. | Mechanism for implementing file access control across a network using labeled containers |
US7885975B2 (en) | 2006-02-23 | 2011-02-08 | Oracle America, Inc. | Mechanism for implementing file access control using labeled containers |
US8938473B2 (en) | 2006-02-23 | 2015-01-20 | Oracle America, Inc. | Secure windowing for labeled containers |
US20070234330A1 (en) * | 2006-03-01 | 2007-10-04 | Microsoft Corporation | Prevention of executable code modification |
US8938554B2 (en) * | 2006-03-02 | 2015-01-20 | Oracle America, Inc. | Mechanism for enabling a network address to be shared by multiple labeled containers |
EP1845470B1 (en) * | 2006-04-13 | 2016-11-09 | STMicroelectronics (Research & Development) Limited | Multiple purpose integrated circuit |
US7925815B1 (en) * | 2006-06-29 | 2011-04-12 | David Dunn | Modifications to increase computer system security |
US8661265B1 (en) | 2006-06-29 | 2014-02-25 | David Dunn | Processor modifications to increase computer system security |
US8543792B1 (en) | 2006-09-19 | 2013-09-24 | Nvidia Corporation | Memory access techniques including coalesing page table entries |
US8347064B1 (en) | 2006-09-19 | 2013-01-01 | Nvidia Corporation | Memory access techniques in an aperture mapped memory space |
US8601223B1 (en) | 2006-09-19 | 2013-12-03 | Nvidia Corporation | Techniques for servicing fetch requests utilizing coalesing page table entries |
US8352709B1 (en) | 2006-09-19 | 2013-01-08 | Nvidia Corporation | Direct memory access techniques that include caching segmentation data |
US8700883B1 (en) | 2006-10-24 | 2014-04-15 | Nvidia Corporation | Memory access techniques providing for override of a page table |
US8707011B1 (en) | 2006-10-24 | 2014-04-22 | Nvidia Corporation | Memory access techniques utilizing a set-associative translation lookaside buffer |
US8504794B1 (en) | 2006-11-01 | 2013-08-06 | Nvidia Corporation | Override system and method for memory access management |
US8706975B1 (en) | 2006-11-01 | 2014-04-22 | Nvidia Corporation | Memory access management block bind system and method |
US8607008B1 (en) | 2006-11-01 | 2013-12-10 | Nvidia Corporation | System and method for independent invalidation on a per engine basis |
US8347065B1 (en) * | 2006-11-01 | 2013-01-01 | Glasco David B | System and method for concurrently managing memory access requests |
US8533425B1 (en) | 2006-11-01 | 2013-09-10 | Nvidia Corporation | Age based miss replay system and method |
US8700865B1 (en) | 2006-11-02 | 2014-04-15 | Nvidia Corporation | Compressed data access system and method |
JP5161791B2 (ja) * | 2006-12-22 | 2013-03-13 | パナソニック株式会社 | 情報処理装置、集積回路、方法、およびプログラム |
US7610426B1 (en) * | 2006-12-22 | 2009-10-27 | Dunn David A | System management mode code modifications to increase computer system security |
US7949834B2 (en) * | 2007-01-24 | 2011-05-24 | Qualcomm Incorporated | Method and apparatus for setting cache policies in a processor |
US8677457B2 (en) * | 2007-02-09 | 2014-03-18 | Marvell World Trade Ltd. | Security for codes running in non-trusted domains in a processor core |
US8276201B2 (en) * | 2007-03-22 | 2012-09-25 | International Business Machines Corporation | Integrity protection in data processing systems |
CN100464339C (zh) * | 2007-04-25 | 2009-02-25 | 深圳兆日技术有限公司 | 一种多兼容性可信计算系统及方法 |
US20080282341A1 (en) * | 2007-05-09 | 2008-11-13 | Sony Computer Entertainment Inc. | Methods and apparatus for random number generation in a multiprocessor system |
US8001390B2 (en) * | 2007-05-09 | 2011-08-16 | Sony Computer Entertainment Inc. | Methods and apparatus for secure programming and storage of data using a multiprocessor in a trusted mode |
US8726041B2 (en) * | 2007-05-09 | 2014-05-13 | Sony Corporation | Methods and apparatus for generating a random number in one or more isolated processors |
US20090144332A1 (en) * | 2007-11-29 | 2009-06-04 | Wallace Paul Montgomery | Sideband access based method and apparatus for determining software integrity |
US8250354B2 (en) * | 2007-11-29 | 2012-08-21 | GlobalFoundries, Inc. | Method and apparatus for making a processor sideband interface adhere to secure mode restrictions |
US8117642B2 (en) * | 2008-03-21 | 2012-02-14 | Freescale Semiconductor, Inc. | Computing device with entry authentication into trusted execution environment and method therefor |
US7831816B2 (en) * | 2008-05-30 | 2010-11-09 | Globalfoundries Inc. | Non-destructive sideband reading of processor state information |
CN102077204B (zh) * | 2008-06-24 | 2013-06-12 | 纳格拉影像股份有限公司 | 安全内存管理系统和方法 |
US8954696B2 (en) | 2008-06-24 | 2015-02-10 | Nagravision S.A. | Secure memory management system and method |
US8151077B1 (en) * | 2008-06-30 | 2012-04-03 | Emc Corporation | Application aware cache management |
JP5228938B2 (ja) | 2009-01-21 | 2013-07-03 | ソニー株式会社 | アクセスキー生成装置および情報処理装置 |
US8151027B2 (en) * | 2009-04-08 | 2012-04-03 | Intel Corporation | System management mode inter-processor interrupt redirection |
EP2433238B1 (en) * | 2009-05-18 | 2015-10-07 | Hewlett-Packard Development Company, L.P. | Systems and methods of determining a trust level from system management mode |
US8972746B2 (en) * | 2010-12-17 | 2015-03-03 | Intel Corporation | Technique for supporting multiple secure enclaves |
KR101734199B1 (ko) * | 2010-12-29 | 2017-05-24 | 삼성전자주식회사 | 멀티-비트 메모리 장치를 포함한 데이터 저장 시스템 및 그것의 동작 방법 |
US10496824B2 (en) | 2011-06-24 | 2019-12-03 | Microsoft Licensing Technology, LLC | Trusted language runtime on a mobile platform |
US8707289B2 (en) * | 2011-07-20 | 2014-04-22 | Google Inc. | Multiple application versions |
US8631212B2 (en) * | 2011-09-25 | 2014-01-14 | Advanced Micro Devices, Inc. | Input/output memory management unit with protection mode for preventing memory access by I/O devices |
US8973144B2 (en) * | 2011-10-13 | 2015-03-03 | Mcafee, Inc. | System and method for kernel rootkit protection in a hypervisor environment |
US9069586B2 (en) | 2011-10-13 | 2015-06-30 | Mcafee, Inc. | System and method for kernel rootkit protection in a hypervisor environment |
US9448867B2 (en) | 2011-12-31 | 2016-09-20 | Intel Corporation | Processor that detects when system management mode attempts to reach program code outside of protected space |
US10146545B2 (en) | 2012-03-13 | 2018-12-04 | Nvidia Corporation | Translation address cache for a microprocessor |
US9880846B2 (en) | 2012-04-11 | 2018-01-30 | Nvidia Corporation | Improving hit rate of code translation redirection table with replacement strategy based on usage history table of evicted entries |
US10241810B2 (en) | 2012-05-18 | 2019-03-26 | Nvidia Corporation | Instruction-optimizing processor with branch-count table in hardware |
KR101373542B1 (ko) * | 2012-08-06 | 2014-03-12 | (주)소만사 | 가상화 기반 논리적 망 분리 기법을 이용한 개인정보 보호 시스템 |
US9043632B2 (en) | 2012-09-25 | 2015-05-26 | Apple Inc. | Security enclave processor power control |
US8775757B2 (en) | 2012-09-25 | 2014-07-08 | Apple Inc. | Trust zone support in system on a chip having security enclave processor |
US8873747B2 (en) | 2012-09-25 | 2014-10-28 | Apple Inc. | Key management using security enclave processor |
US9047471B2 (en) | 2012-09-25 | 2015-06-02 | Apple Inc. | Security enclave processor boot control |
US8832465B2 (en) | 2012-09-25 | 2014-09-09 | Apple Inc. | Security enclave processor for a system on a chip |
US9558006B2 (en) * | 2012-12-20 | 2017-01-31 | Intel Corporation | Continuous automatic tuning of code regions |
US20140189310A1 (en) | 2012-12-27 | 2014-07-03 | Nvidia Corporation | Fault detection in instruction translations |
US10108424B2 (en) | 2013-03-14 | 2018-10-23 | Nvidia Corporation | Profiling code portions to generate translations |
US9411600B2 (en) * | 2013-12-08 | 2016-08-09 | Intel Corporation | Instructions and logic to provide memory access key protection functionality |
US9772953B2 (en) | 2014-02-03 | 2017-09-26 | Samsung Electronics Co., Ltd. | Methods and apparatus for protecting operating system data |
US8756417B1 (en) | 2014-02-04 | 2014-06-17 | Sypris Electronics, Llc | Multi-level assurance trusted computing platform |
GB2522906B (en) * | 2014-02-10 | 2021-07-14 | Advanced Risc Mach Ltd | Region identifying operation for identifying a region of a memory attribute unit corresponding to a target memory address |
US10152331B2 (en) | 2014-05-16 | 2018-12-11 | Wind River Systems, Inc. | Method and system for enforcing kernel mode access protection |
CN104021104B (zh) * | 2014-06-12 | 2017-11-07 | 国家电网公司 | 一种基于双总线结构的协同系统及其通信方法 |
US9720868B2 (en) * | 2014-07-07 | 2017-08-01 | Xilinx, Inc. | Bridging inter-bus communications |
US10101936B2 (en) | 2014-07-28 | 2018-10-16 | Hewlett Packard Enterprise Development Lp | Memory access control |
US10191680B2 (en) * | 2014-07-28 | 2019-01-29 | Hewlett Packard Enterprise Development Lp | Memory access control |
US9547778B1 (en) | 2014-09-26 | 2017-01-17 | Apple Inc. | Secure public key acceleration |
US10140457B2 (en) * | 2015-07-31 | 2018-11-27 | Intel Corporation | Secure input/output device management |
US10102391B2 (en) | 2015-08-07 | 2018-10-16 | Qualcomm Incorporated | Hardware enforced content protection for graphics processing units |
US9767320B2 (en) * | 2015-08-07 | 2017-09-19 | Qualcomm Incorporated | Hardware enforced content protection for graphics processing units |
US20170060783A1 (en) * | 2015-09-01 | 2017-03-02 | Mediatek Inc. | Apparatus for performing secure memory allocation control in an electronic device, and associated method |
US10628192B2 (en) * | 2015-12-24 | 2020-04-21 | Intel Corporation | Scalable techniques for data transfer between virtual machines |
CN108292339B (zh) | 2016-01-26 | 2022-02-11 | 惠普发展公司,有限责任合伙企业 | 系统管理模式特权架构 |
US10572687B2 (en) * | 2016-04-18 | 2020-02-25 | America as represented by the Secretary of the Army | Computer security framework and hardware level computer security in an operating system friendly microprocessor architecture |
US10277561B2 (en) | 2016-07-22 | 2019-04-30 | International Business Machines Corporation | Database management system shared ledger support |
US10382436B2 (en) * | 2016-11-22 | 2019-08-13 | Daniel Chien | Network security based on device identifiers and network addresses |
US10360353B2 (en) * | 2017-02-08 | 2019-07-23 | International Business Machines Corporation | Execution control of computer software instructions |
US20180365425A1 (en) * | 2017-06-15 | 2018-12-20 | Qualcomm Incorporated | Systems and methods for securely booting a system on chip via a virtual collated internal memory pool |
EP3506143B1 (en) * | 2017-12-27 | 2024-02-14 | Siemens Aktiengesellschaft | Interface for a hardware security module |
US11188622B2 (en) | 2018-09-28 | 2021-11-30 | Daniel Chien | Systems and methods for computer security |
US11544069B2 (en) * | 2018-10-25 | 2023-01-03 | Micron Technology, Inc. | Universal pointers for data exchange in a computer system having independent processors |
US11741196B2 (en) | 2018-11-15 | 2023-08-29 | The Research Foundation For The State University Of New York | Detecting and preventing exploits of software vulnerability using instruction tags |
US10826912B2 (en) | 2018-12-14 | 2020-11-03 | Daniel Chien | Timestamp-based authentication |
US10848489B2 (en) | 2018-12-14 | 2020-11-24 | Daniel Chien | Timestamp-based authentication with redirection |
US11251942B2 (en) | 2019-01-09 | 2022-02-15 | Alibaba Group Holding Limited | Secure communication channel between encryption/decryption component and trusted execution environment |
GB2591978B (en) * | 2019-10-07 | 2023-06-21 | Siemens Ind Software Inc | Message Monitoring |
US11677754B2 (en) | 2019-12-09 | 2023-06-13 | Daniel Chien | Access control systems and methods |
US11509463B2 (en) | 2020-05-31 | 2022-11-22 | Daniel Chien | Timestamp-based shared key generation |
US11438145B2 (en) | 2020-05-31 | 2022-09-06 | Daniel Chien | Shared key generation based on dual clocks |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003271254A (ja) * | 2002-03-08 | 2003-09-26 | Internatl Business Mach Corp <Ibm> | 認証システム、ファームウェア装置、電気機器、及び認証方法 |
Family Cites Families (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4858138A (en) * | 1986-09-02 | 1989-08-15 | Pitney Bowes, Inc. | Secure vault having electronic indicia for a value printing system |
US5615263A (en) * | 1995-01-06 | 1997-03-25 | Vlsi Technology, Inc. | Dual purpose security architecture with protected internal operating system |
US5784592A (en) * | 1995-09-11 | 1998-07-21 | Advanced Micro Devices, Inc. | Computer system which includes a local expansion bus and a dedicated real-time bus for increased multimedia performance |
US5692211A (en) * | 1995-09-11 | 1997-11-25 | Advanced Micro Devices, Inc. | Computer system and method having a dedicated multimedia engine and including separate command and data paths |
US5758177A (en) * | 1995-09-11 | 1998-05-26 | Advanced Microsystems, Inc. | Computer system having separate digital and analog system chips for improved performance |
US5873127A (en) * | 1996-05-03 | 1999-02-16 | Digital Equipment Corporation | Universal PTE backlinks for page table accesses |
US5860144A (en) * | 1996-08-09 | 1999-01-12 | Oracle Corporation | Addressing method and system for providing access of a very large size physical memory buffer to a number of processes |
US5987582A (en) * | 1996-09-30 | 1999-11-16 | Cirrus Logic, Inc. | Method of obtaining a buffer contiguous memory and building a page table that is accessible by a peripheral graphics device |
US5937063A (en) * | 1996-09-30 | 1999-08-10 | Intel Corporation | Secure boot |
GB9626241D0 (en) | 1996-12-18 | 1997-02-05 | Ncr Int Inc | Secure data processing method and system |
US6073226A (en) * | 1997-03-19 | 2000-06-06 | Microsoft Corporation | System and method for minimizing page tables in virtual memory systems |
JP3293760B2 (ja) * | 1997-05-27 | 2002-06-17 | 株式会社エヌイーシー情報システムズ | 改ざん検知機能付きコンピュータシステム |
US5987604A (en) | 1997-10-07 | 1999-11-16 | Phoenix Technologies, Ltd. | Method and apparatus for providing execution of system management mode services in virtual mode |
US6735696B1 (en) * | 1998-08-14 | 2004-05-11 | Intel Corporation | Digital content protection using a secure booting method and apparatus |
US6330670B1 (en) * | 1998-10-26 | 2001-12-11 | Microsoft Corporation | Digital rights management operating system |
US6327652B1 (en) * | 1998-10-26 | 2001-12-04 | Microsoft Corporation | Loading and identifying a digital rights management operating system |
US7225333B2 (en) * | 1999-03-27 | 2007-05-29 | Microsoft Corporation | Secure processor architecture for use with a digital rights management (DRM) system on a computing device |
US6651171B1 (en) * | 1999-04-06 | 2003-11-18 | Microsoft Corporation | Secure execution of program code |
AU7735600A (en) * | 1999-10-01 | 2001-05-10 | Infraworks Corporation | Port blocking method and system |
US6477612B1 (en) * | 2000-02-08 | 2002-11-05 | Microsoft Corporation | Providing access to physical memory allocated to a process by selectively mapping pages of the physical memory with virtual memory allocated to the process |
US6507904B1 (en) * | 2000-03-31 | 2003-01-14 | Intel Corporation | Executing isolated mode instructions in a secure system running in privilege rings |
US7039801B2 (en) | 2000-06-30 | 2006-05-02 | Microsoft Corporation | System and method for integrating secure and non-secure software objects |
US6938164B1 (en) | 2000-11-22 | 2005-08-30 | Microsoft Corporation | Method and system for allowing code to be securely initialized in a computer |
US20020066039A1 (en) * | 2000-11-30 | 2002-05-30 | Dent Paul W. | Anti-spoofing password protection |
US6854046B1 (en) | 2001-08-03 | 2005-02-08 | Tensilica, Inc. | Configurable memory management unit |
US7272832B2 (en) * | 2001-10-25 | 2007-09-18 | Hewlett-Packard Development Company, L.P. | Method of protecting user process data in a secure platform inaccessible to the operating system and other tasks on top of the secure platform |
US7003607B1 (en) * | 2002-03-20 | 2006-02-21 | Advanced Micro Devices, Inc. | Managing a controller embedded in a bridge |
US7069442B2 (en) * | 2002-03-29 | 2006-06-27 | Intel Corporation | System and method for execution of a secured environment initialization instruction |
US6986006B2 (en) | 2002-04-17 | 2006-01-10 | Microsoft Corporation | Page granular curtained memory via mapping control |
US7058768B2 (en) | 2002-04-17 | 2006-06-06 | Microsoft Corporation | Memory isolation through address translation data edit control |
-
2003
- 2003-04-18 WO PCT/US2003/012659 patent/WO2003090052A2/en active Application Filing
- 2003-04-18 US US10/419,120 patent/US7496966B1/en active Active
- 2003-04-18 US US10/419,038 patent/US7401358B1/en not_active Expired - Fee Related
- 2003-04-18 DE DE60322366T patent/DE60322366D1/de not_active Expired - Lifetime
- 2003-04-18 JP JP2003586729A patent/JP4762494B2/ja not_active Expired - Fee Related
- 2003-04-18 CN CNB038087049A patent/CN100339780C/zh not_active Expired - Fee Related
- 2003-04-18 AU AU2003231070A patent/AU2003231070A1/en not_active Abandoned
- 2003-04-18 KR KR1020047016769A patent/KR100921779B1/ko not_active IP Right Cessation
- 2003-04-18 EP EP03724195A patent/EP1495394B1/en not_active Expired - Lifetime
- 2003-04-18 US US10/419,082 patent/US7603550B2/en not_active Expired - Fee Related
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003271254A (ja) * | 2002-03-08 | 2003-09-26 | Internatl Business Mach Corp <Ibm> | 認証システム、ファームウェア装置、電気機器、及び認証方法 |
Also Published As
Publication number | Publication date |
---|---|
AU2003231070A1 (en) | 2003-11-03 |
CN1647011A (zh) | 2005-07-27 |
CN100339780C (zh) | 2007-09-26 |
JP2005528677A (ja) | 2005-09-22 |
KR20040099459A (ko) | 2004-11-26 |
KR100921779B1 (ko) | 2009-10-15 |
US7401358B1 (en) | 2008-07-15 |
DE60322366D1 (de) | 2008-09-04 |
WO2003090052A3 (en) | 2004-08-12 |
WO2003090052A2 (en) | 2003-10-30 |
EP1495394B1 (en) | 2008-07-23 |
US7496966B1 (en) | 2009-02-24 |
EP1495394A2 (en) | 2005-01-12 |
US7603550B2 (en) | 2009-10-13 |
US20040210760A1 (en) | 2004-10-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4762494B2 (ja) | セキュア実行モードを実行可能なcpuおよび高信頼(セキュア)通信路を介して接続されたセキュリティサービスプロセッサを含むコンピュータシステム | |
US7334123B2 (en) | Computer system including a bus bridge for connection to a security services processor | |
US7603551B2 (en) | Initialization of a computer system including a secure execution mode-capable processor | |
JP4564756B2 (ja) | セキュア実行モードで動作し得るプロセッサを含むコンピュータシステムの初期化方法 | |
US7130951B1 (en) | Method for selectively disabling interrupts on a secure execution mode-capable processor | |
US7210009B2 (en) | Computer system employing a trusted execution environment including a memory controller configured to clear memory | |
US9934139B2 (en) | Virtualization in a multi-host environment | |
US7165135B1 (en) | Method and apparatus for controlling interrupts in a secure execution mode-capable processor | |
US7640543B2 (en) | Memory isolation and virtualization among virtual machines | |
US8850098B2 (en) | Direct memory access (DMA) address translation between peer input/output (I/O) devices | |
US7146477B1 (en) | Mechanism for selectively blocking peripheral device accesses to system memory |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20060201 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20090818 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20091118 |
|
A602 | Written permission of extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A602 Effective date: 20091126 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20091218 |
|
A602 | Written permission of extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A602 Effective date: 20091228 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20100118 |
|
RD03 | Notification of appointment of power of attorney |
Free format text: JAPANESE INTERMEDIATE CODE: A7423 Effective date: 20100421 |
|
RD05 | Notification of revocation of power of attorney |
Free format text: JAPANESE INTERMEDIATE CODE: A7425 Effective date: 20100902 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20101110 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20110210 |
|
A602 | Written permission of extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A602 Effective date: 20110218 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20110310 |
|
A602 | Written permission of extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A602 Effective date: 20110317 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20110408 |
|
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20110511 |
|
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20110608 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20140617 Year of fee payment: 3 |
|
R150 | Certificate of patent or registration of utility model |
Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
LAPS | Cancellation because of no payment of annual fees |