Secure and backward-compatible processor and secure software execution thereon
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-021/02
G06F-021/00
G06F-013/20
H04L-009/00
출원번호
US-0360827
(2003-02-07)
등록번호
US-7322042
(2008-01-22)
발명자
/ 주소
Srinivasan,Pramila
Princen,John
Berndt,Frank
Blythe,David
Saperstein,William
Yen,Wei
출원인 / 주소
BroadOn Communications Corp.
대리인 / 주소
Perkins Coie LLP
인용정보
피인용 횟수 :
41인용 특허 :
81
초록▼
A secure processor assuring application software is executed securely, and assuring only authorized software is executed, monitored modes and secure modes of operation. The former executes application software transparently to that software. The latter verifies execution of the application software
A secure processor assuring application software is executed securely, and assuring only authorized software is executed, monitored modes and secure modes of operation. The former executes application software transparently to that software. The latter verifies execution of the application software is authorized, performs any extraordinary services required by the application software, and verifies the processor has obtained rights to execute the content. The secure processor (1) appears hardware-identical to an ordinary processor, with the effect that application software written for ordinary processors can be executed on the secure processor without substantial change, (2) needs only a minimal degree of additional hardware over and above those portions appearing hardware-identical to an ordinary processor. The secure processor operates without substantial reduction in speed or other resources available to the application software. Functions operating in secure mode might reside in an on-chip non-volatile memory, or might be loaded from external storage with authentication.
대표청구항▼
The invention claimed is: 1. A method including steps of performing application software by a single-processor processing unit; verifying that said single-processor processing unit is authorized to perform said application software; distinguishing for said single-processor processing unit between a
The invention claimed is: 1. A method including steps of performing application software by a single-processor processing unit; verifying that said single-processor processing unit is authorized to perform said application software; distinguishing for said single-processor processing unit between a monitored mode and a secure mode; switching from said monitored mode to said secure mode in response to a non-maskable interrupt (NMI) signal; wherein in said monitored mode said single-processor processing unit is capable of performing said application software transparently to said application software, in said secure mode said single-processor processing unit is capable of verifying, using persistent memory internal to the single-processor processing unit, that said single-processor processing unit is authorized to perform said application software, wherein said single-processor processing unit performs the application software and verifies that said single-processor processing unit is authorized to perform said application software. 2. A method as in claim 1, including steps of in said monitored mode, performing by a portion of said single-processor processing unit instructions substantially identically to those performable by a semiconductor die for an ordinary processor otherwise not responsive to said secure mode. 3. A method as in claim 1, including steps of in said secure mode, performing by said single-processor processing unit extraordinary services requested by, and authorized for, said application software. 4. A method as in claim 1, including steps of interrupting said monitored mode and entering said secure mode in response to at least one of a plurality of techniques; and when in said secure mode, determining by which technique said secure mode was entered. 5. A method as in claim 1, including steps of generating the NMI signal using a timer, reset, or other programming. 6. A method as in claim 1, including steps of in said secure mode, exiting said secure mode and performing said application software in said monitored mode. 7. A method as in claim 6, including steps of performing said application software without substantial change in original code for that application software, whereby the application software sees a processor environment that is not substantially different from an ordinary processor. 8. A method as in claim 6, including steps of when said application software needs services the secure processor oversees, the application software generates an interrupt, causing the secure mode to be re-entered, the services to be delivered to the application software, and the secure mode to be exited, whereby the application software can continue to execute in monitored mode. 9. A method as in claim 1, including steps of performing instructions in said secure mode in a power-on state. 10. A method as in claim 9, including steps of in response to said power-on state, performing secure code maintained in a persistent memory internal to a chip including said single-processor processing unit, said steps of performing secure code including steps of loading additional code from one or more trusted sources; verifying authenticity of said trusted sources; and verifying content integrity of said additional code. 11. A method as in claim 9, including steps of in response to said power-on state, performing secure code maintained in a persistent memory internal to a chip including said single-processor processing unit, said steps of performing secure code including steps of loading additional code from one or more trusted sources; verifying authenticity of said trusted sources; and verifying content integrity of said additional code; wherein said steps of verifying authenticity and content integrity are performed in response to said persistent memory internal to said chip. 12. A method as in claim 9, including steps of in response to said power-on state, performing secure code maintained in a persistent memory internal to a chip including said single-processor processing unit, said steps of performing secure code including steps of loading additional code from one or more trusted sources; verifying authenticity of said trusted sources; verifying content integrity of said additional code; wherein said steps of verifying authenticity and content integrity are performed in response to said persistent memory internal to said chip, and said persistent memory internal to said chip includes at least one of: encryption keys, secure hash values, or other data for verification of said trusted sources and authentication of said additional code. 13. A method as in claim 1, wherein said application software includes at least one instruction for execution in said secure mode. 14. A method as in claim 13, wherein said at least one instruction for execution in said secure mode includes an additional function performable by said single-processor processing unit on behalf of a set of secure kernel code. 15. A method as in claim 13, wherein said at least one instruction for execution in said secure mode includes an additional function performable by said single-processor processing unit on behalf of a set of secure kernel code, said additional function including authenticating additional secure kernel code. 16. A method as in claim 1, wherein said steps of verifying include performing a set of secure software, said set of secure software including determining whether said single-processor processing unit is authorized to perform a set of additional secure software for execution in said secure mode. 17. A method as in claim 16, wherein said additional secure software includes at least one function for loading additional secure software; and at least one function for verifying that said single-processor processing unit is authorized to perform said additional secure software. 18. A method as in claim 16, wherein said additional secure software includes at least one function for loading application software; and at least one function for verifying that said single-processor processing unit is authorized to perform said application software. 19. A method including steps of performing instructions by a single-processor processing unit, said single-processor processing unit including a security signal having at least a secure mode and a monitored mode; switching from said monitored mode to said secure mode in response to a non-maskable interrupt (NMI) signal; accessing, by said single-processor processing unit, at least one secure function in response to said security signal when said security signal indicates said secure mode, and refusing to access said secure function in response to said security signal when said security signal indicates said monitored mode; wherein said secure function includes steps of recording external instructions in response to an external source, a measure of trustworthiness of said external source being verifiable by said single-processor processing unit, using persistent memory internal to the single-processor processing unit; wherein said performing instructions and said accessing at least one secure function are performed by said single-processor processing unit. 20. A method as in claim 19, including steps of allowing said single-processor processing unit to access at least one secure circuit coupled to said single-processor processing unit only when said security signal indicates said secure mode. 21. A method as in claim 19, including steps of performing a set of application code maintained in memory or mass storage, said memory or mass storage coupled to said single-processor processing unit, said steps of performing being done without substantial change from said application code being performed on a substantially identical non-secure processing unit not responsive to said security signal. 22. A method as in claim 19, including steps of performing, by said single-processor processing unit, a set of application code maintained in memory or mass storage, coupled to said single-processor processing unit, when said single-processor processing unit is operating in said monitored mode. 23. A method as in claim 19, wherein said one secure function includes steps of receiving said external instructions from said external source; and verifying said external instructions as substantially accurate. 24. A method as in claim 19, including steps of monitoring access by said single-processor processing unit to an external device; said steps of monitoring being responsive to said security signal and to a set of access rules, wherein when said single-processor processing unit attempts to access said external device in violation of said access rules, performing at least one secure function in response thereto. 25. A method as in claim 24, wherein said steps of monitoring are responsive to access by said single-processor processing unit, in response to at least one of a number of accesses requested by said single-processor processing unit; a number of instructions which said single-processor processing unit performs; a parameter set by said single-processor processing unit which operating in said secure mode; or an interval during which said single-processor processing unit is operating. 26. A method as in claim 19, including steps of maintaining a set of secure information for read-only access by said single-processor processing unit. 27. A method as in claim 26, wherein said steps of maintaining include steps of reading said set of secure information from a non-volatile memory. 28. A method as in claim 26, wherein said steps of maintaining include steps of reading said set of secure information from a non-volatile memory, and including steps of disabling writing of said non-volatile memory when said secure processor is packaged. 29. A method as in claim 26, wherein said steps of maintaining include steps of reading said set of secure information from a non-volatile memory, and including steps of disabling writing of said non-volatile memory when said secure processor is packaged, said steps of disabling including making substantially inaccessible a non-bonded pin. 30. A method as in claim 26, wherein said steps of maintaining include steps of reading said set of secure information from a non-volatile memory, and wherein said set of secure information is unique to said secure processor. 31. A method as in claim 19, wherein said one secure function includes steps of receiving said external instructions from said external source; constructing data responsive to said external instructions; and comparing said data responsive to said external instructions with at least some of said secure information, whereby said single-processor processing unit is capable of verifying that said external instructions are accurate. 32. A method as in claim 31, wherein said steps of constructing include determining a computed signature value in response to said external instructions; and said steps of comparing include attempting to match said computed signature value against a recorded signature value included in said secure information. 33. A method as in claim 31, wherein said steps of receiving include at least one of receiving a set of messages, said set of messages collectively including said external instructions; or receiving a set of storage media, said set of storage media collectively including said external instructions. 34. A method as in claim 19, wherein said one secure function includes steps of requesting said external instructions from said external source; sending data responsive to said secure information to said external source, whereby said external source is capable of verifying that said single-processor processing unit is authorized to perform said external instructions; and receiving said external instructions from said external source. 35. A method as in claim 34, wherein said external instructions include at least one of: application software, additional secure code. 36. A method embodied on a single processor, including steps of performing instructions on a processor, said processor having a secure mode and a monitored mode; wherein when said processor executes in said secure mode, said processor has access to at least one secure function to which said processor does not have access to when said processor executes in said monitored mode; wherein said processor executes in said secure mode during an interrupted state, said interrupted state being responsive to a non-maskable interrupt (NMI); wherein when said processor enters said secure mode, said processor transfers control to a set of secure code, said secure code not being alterable when said processor executes in said monitored mode; and wherein a set of said secure code associated with said startup state includes instructions performable by said processor and directing said processor to add external instructions to secure code in response to an external source of said external instructions, a measure of trustworthiness of said external source being verifiable by said processor in response to a set of secure information; wherein said single processor performs the instructions and has access to the at least one secure function. 37. Apparatus including a single-processor processing unit capable of performing application software, and capable of verifying that said single-processor processing unit is authorized to perform said application software; said single-processor processing unit having a monitored mode and a secure mode, wherein in said monitored mode said single-processor processing unit is capable of performing said application software transparently to said application software, and wherein in said secure mode said single-processor processing unit is capable of verifying, using persistent memory internal to the single-processor processing unit, that said single-processor processing unit is authorized to perform said application software; a secure mode switch that generates a non-maskable interrupt (NMI) signal, wherein the single-processor processing unit enters secure mode in response to the NMI signal; wherein said single-processor processing unit performs the application software and verifies that said single-processor processing unit is authorized to perform said application software. 38. Apparatus as in claim 37, wherein a portion of said single-processor processing unit capable of performing instructions in said monitored mode is substantially identical to a semiconductor die for an ordinary processor otherwise not responsive to said secure mode. 39. Apparatus as in claim 37, wherein in said secure mode said single-processor processing unit is capable of performing extraordinary services requested by, and authorized for, said application software. 40. Apparatus as in claim 37, wherein said single-processor processing unit is capable of interrupting said monitored mode and entering said secure mode in response to at least one of a plurality of techniques, wherein when in said secure mode said single-processor processing unit is capable of determining by which technique said secure mode was entered. 41. Apparatus as in claim 37, wherein said single-processor processing unit is capable of interrupting said monitored mode and entering said secure mode in response to at least one of: an interrupt, a reset signal, or a timer. 42. Apparatus as in claim 37, wherein in said secure mode said single-processor processing unit is capable of exiting said secure mode and performing said application software in said monitored mode. 43. Apparatus as in claim 42, wherein said application software executes without substantial change in original code for that application software, whereby the application software sees a processor environment that is not substantially different from an ordinary processor. 44. Apparatus as in claim 42, wherein when said application software needs services the secure processor oversees, the application software generates an interrupt, causing the secure mode to be re-entered, the services to be delivered to the application software, and the secure mode to be exited, whereby the application software can continue to execute in monitored mode. 45. Apparatus as in claim 37, wherein said application software includes at least one instruction for execution in said secure mode. 46. Apparatus as in claim 45, wherein said at least one instruction for execution in said secure mode includes an additional function performable by said single-processor processing unit on behalf of a set of secure kernel code. 47. Apparatus as in claim 45, wherein said at least one instruction for execution in said secure mode includes an additional function performable by said single-processor processing unit on behalf of a set of secure kernel code, said additional function including authenticating additional secure kernel code. 48. Apparatus as in claim 37, wherein said single-processor processing unit is capable of performing secure software, said secure software including at least one function for authenticating additional software for execution in said secure mode. 49. Apparatus as in claim 48, wherein said secure software includes at least one function for loading additional secure software; and at least one function for verifying that said single-processor processing unit is authorized to perform said additional secure software. 50. Apparatus as in claim 48, wherein said secure software includes at least one function for loading application software; and at least one function for verifying that said single-processor processing unit is authorized to perform said application software. 51. Apparatus as in claim 37, wherein said single-processor processing unit performs instructions in said secure mode in a power-on state. 52. Apparatus as in claim 51, wherein said single-processor processing unit, in response to said power-on state, performs secure code maintained in a persistent memory internal to a chip including said single-processor processing unit, wherein said secure code includes instructions directing said single-processor processing unit to perform steps of loading additional code from one or more trusted sources; verifying authenticity of said trusted sources; and verifying content integrity of said additional code. 53. Apparatus as in claim 51, wherein said single-processor processing unit, in response to said power-on state, performs secure code maintained in a persistent memory internal to a chip including said single-processor processing unit, wherein said secure code includes instructions directing said single-processor processing unit to perform steps of loading additional code from one or more trusted sources; verifying authenticity of said trusted sources; and verifying content integrity of said additional code; wherein said steps of verifying authenticity and content integrity are performed in response to said persistent memory internal to said chip. 54. Apparatus as in claim 51, wherein said single-processor processing unit, in response to said power-on state, performs secure code maintained in a persistent memory internal to a chip including said single-processor processing unit, wherein said secure code includes instructions directing said single-processor processing unit to perform steps of loading additional code from one or more trusted sources; verifying authenticity of said trusted sources; and verifying content integrity of said additional code; wherein said steps of verifying authenticity and content integrity are performed in response to said persistent memory internal to said chip, and said persistent memory internal to said chip includes at least one of: encryption keys, secure hash values, or other data for verification of said trusted sources and authentication of said additional code. 55. Apparatus including a single-processor processing unit capable of performing instructions; a security signal having at least a secure mode and a monitored mode; a circuit for switching from said monitored mode to said secure mode in response to a non-maskable interrupt (NMI) signal; said single-processor processing unit being responsive to said security signal, wherein said single-processor processing unit has access to at least one secure function when performing instructions in said secure mode that said single-processor processing unit does not have access to when performing instructions in said monitored mode; wherein at least one said secure function includes instructions directing said single-processor processing unit to record external instructions in response to an external source, a measure of trustworthiness of said external source being verifiable by said single-processor processing unit; wherein said single processor performs instructions and has access to the at least one secure function. 56. Apparatus as in claim 55, including a security element responsive to said security signal and coupled to at least one secure circuit coupled to said single-processor processing unit, wherein said security element allows said single-processor processing unit to access said secure circuit only when said security signal indicates said secure mode. 57. Apparatus as in claim 55, including a set of application code maintained in memory or mass storage, coupled to said single-processor processing unit; whereby said single-processor processing unit performs said application code in said monitored mode. 58. Apparatus as in claim 55, including a set of application code maintained in memory or mass storage, coupled to said single-processor processing unit, said application code being capable of being performed on a substantially identical non-secure processing unit not responsive to said security signal; whereby said single-processor processing unit is capable of performing said application code without substantial change, in response to said security signal indicating said secure mode. 59. Apparatus as in claim 55, wherein said one secure function includes instructions directing said single-processor processing unit to perform steps of receiving said external instructions from said external source; and verifying said external instructions as accurate. 60. Apparatus as in claim 55, including a monitoring circuit coupled to said single-processor processing unit, said monitoring circuit capable of monitoring access by said single-processor processing unit to an external device; said monitoring circuit being responsive to said security signal and to a set of access rules, wherein when said single-processor processing unit attempts to access said external device in violation of said access rules, said monitoring circuit is capable of performing at least one secure function in response thereto. 61. Apparatus as in claim 60, wherein said monitoring circuit is responsive to access by said by said single-processor processing unit, in response to at least one of a number of accesses requested by said single-processor processing unit; a number of instructions which said single-processor processing unit performs; a parameter set by said single-processor processing unit which operating in said secure mode; or an interval during which said single-processor processing unit is operating. 62. Apparatus as in claim 55, including a set of secure information available for read-only access by said single-processor processing unit. 63. Apparatus as in claim 62, wherein said set of secure information includes information maintained in a non-volatile memory. 64. Apparatus as in claim 62, wherein said set of secure information includes information maintained in a non-volatile memory and unique to said secure processor. 65. Apparatus as in claim 62, wherein said set of secure information includes information maintained in a non-volatile memory, said non-volatile memory having a circuit capable of enabling writing of said non-volatile memory, said circuit being disabled when said secure processor is packaged. 66. Apparatus as in claim 62, wherein said set of secure information includes information maintained in a non-volatile memory, said non-volatile memory having a circuit capable of enabling writing of said non-volatile memory, said circuit including a pin which is substantially inaccessible when said secure processor is packaged. 67. Apparatus as in claim 66, wherein said set of secure information includes an identity value substantially unique to said chip, or a set of private key information substantially unique to said chip; whereby said chip can assure that a selected set of content or software can only be executed by said chip when said chip is authorized to consume said content or execute said software. 68. Apparatus as in claim 67, wherein said chip can verify authenticity of a purchase receipt or license or other digital rights management data, whereby said chip can verify that a selected set of content or software is authentic and authorized for said chip. 69. Apparatus as in claim 68, wherein said secure chip is capable of permitting consumption of said content or execution of said software in response to an attempt to verify authenticity of a purchase receipt or license or other digital rights management data. 70. Apparatus as in claim 68, wherein said receipt includes information sufficient to substantially identify said chip; information sufficient to substantially identify an identity value substantially unique to said content or software. 71. Apparatus as in claim 66, including means for combining said key information and said substantially unique identity value, with the effect of implementing a digital rights management scheme for enforcing intellectual property. 72. Apparatus as in claim 66, wherein at least a portion of said secure information is digitally signed using either a public key/secret private key system or a symmetric encryption/decryption key. 73. Apparatus as in claim 72, wherein said secure chip is capable of permitting consumption of said content or execution of said software in response to verifying said digital signature. 74. Apparatus as in claim 66, wherein at least a portion of said secure information is encrypted using either a public key/secret private key system or a symmetric encryption/decryption key. 75. Apparatus as in claim 74, wherein said secure chip is capable of permitting consumption of said content or execution of said software in response to an attempt to decrypt said portion of said secure information. 76. Apparatus as in claim 55, wherein said one secure function includes instructions directing said single-processor processing unit to perform steps of receiving said external instructions from said external source; constructing data responsive to said external instructions; and comparing said data responsive to said external instructions with at least some of said secure information, whereby said single-processor processing unit is capable of verifying that said external instructions are accurate. 77. Apparatus as in claim 76, wherein said steps of constructing include determining a computed signature value in response to said external instructions; and said steps of comparing include attempting to match said computed signature value against a recorded signature value included in said secure information. 78. Apparatus as in claim 76, wherein said steps of receiving include at least one of receiving a set of messages, said set of messages collectively including said external instructions; or receiving a set of storage media, said set of storage media collectively including said external instructions. 79. Apparatus as in claim 55, wherein said one secure function includes instructions directing said single-processor processing unit to perform steps of requesting said external instructions from said external source; sending data responsive to said secure information to said external source, whereby said external source is capable of verifying that said single-processor processing unit is authorized to perform said external instructions; and receiving said external instructions from said external source. 80. Apparatus as in claim 79, wherein said external instructions include at least one of: application software, additional secure code. 81. Apparatus as in claim 55, wherein said security signal is responsive to either a reset state or an interrupt state, said interrupt state being responsive to either a non-maskable interrupt or a timer interrupt; and in response to said security signal, said single-processor processing unit transfers control to said secure function, said secure function not being alterable when said single-processor processing unit performs instructions in said monitored mode. 82. Apparatus as in claim 81, wherein, in response to said secure function, said single-processor processing unit transfers control to an exit function, said exit function being capable of removing any secure information from use by said single-processor processing unit when in said monitored mode. 83. Apparatus as in claim 81, wherein said single-processor processing unit is capable of passing parameters for said secure function, whereby in response to said non-maskable interrupt, said secure function performs at least one said secure function at the behest of application software, said application software being performed by said single-processor processing unit in said monitored mode. 84. Apparatus as in claim 81, wherein said single-processor processing unit is capable of passing parameters for said secure function, whereby in response to said non-maskable interrupt, said secure function performs at least one said secure function at the behest of application software, said application software being performed by said single-processor processing unit in said monitored mode; and wherein said secure function includes at least one of the following functions: a cryptographic authentication function, a cryptographic signature function, a cryptographically secure function, an encryption or decryption function, a function including an encryption or decryption key, a secure hash function. 85. Memory or mass storage in a processing unit including instructions capable of being interpreted by a computing device to perform steps of performing application software by a single-processor processing unit; verifying, using persistent memory internal to the single-processor processing unit, that said single-processor processing unit is authorized to perform said application software; distinguishing for said single-processor processing unit between a monitored mode and a secure mode, wherein in said monitored mode said single-processor processing unit is capable of performing said application software transparently to said application software, and wherein in said secure mode said single-processor processing unit is capable of verifying that said single-processor processing unit is authorized to perform said application software, switching from said monitored mode to said secure mode in response to a non-maskable interrupt (NMI) signal; wherein said single processor performs the application software and verifies that said single-processor processing unit is authorized to perform said application software. 86. Memory or mass storage as in claim 85, including instructions capable of being interpreted by a computing device to perform steps of in said monitored mode, performing by a portion of said single-processor processing unit instructions substantially identically to those performable by a semiconductor die for an ordinary processor otherwise not responsive to said secure mode. 87. Memory or mass storage as in claim 85, including instructions capable of being interpreted by a computing device to perform steps of in said secure mode, performing by said single-processor processing unit extraordinary services requested by, and authorized for, said application software. 88. Memory or mass storage as in claim 85, including instructions capable of being interpreted by a computing device to perform steps of interrupting said monitored mode and entering said secure mode in response to at least one of a plurality of techniques; and when in said secure mode, determining by which technique said secure mode was entered. 89. Memory or mass storage as in claim 85, including instructions capable of being interpreted by a computing device to perform steps of interrupting said monitored mode and entering said secure mode in response to at least one of: an interrupt, a reset signal, or a timer. 90. Memory or mass storage including instructions capable of being interpreted by a computing device to perform steps as in claim 85, including steps of in said secure mode, exiting said secure mode and performing said application software in said monitored mode. 91. Memory or mass storage as in claim 90, including instructions capable of being interpreted by a computing device to perform steps of performing said application software without substantial change in original code for that application software, whereby the application software sees a processor environment that is not substantially different from an ordinary processor. 92. Memory or mass storage as in claim 90, including instructions capable of being interpreted by a computing device to perform steps of when said application software needs services the secure processor oversees, the application software generates an interrupt, causing the secure mode to be re-entered, the services to be delivered to the application software, and the secure mode to be exited, whereby the application software can continue to execute in monitored mode. 93. Memory or mass storage as in claim 85, including instructions capable of being interpreted by a computing device to perform steps of performing instructions in said secure mode in a power-on state. 94. Memory or mass storage as in claim 93, including instructions capable of being interpreted by a computing device to perform steps of in response to said power-on state, performing secure code maintained in a persistent memory internal to a chip including said single-processor processing unit, said steps of performing secure code including steps of loading additional code from one or more trusted sources; verifying authenticity of said trusted sources; and verifying content integrity of said additional code. 95. Memory or mass storage as in claim 93, including instructions capable of being interpreted by a computing device to perform steps of in response to said power-on state, performing secure code maintained in a persistent memory internal to a chip including said single-processor processing unit, said steps of performing secure code including steps of loading additional code from one or more trusted sources; verifying authenticity of said trusted sources; and verifying content integrity of said additional code; wherein said steps of verifying authenticity and content integrity are performed in response to said persistent memory internal to said chip. 96. Memory or mass storage as in claim 93, including instructions capable of being interpreted by a computing device to perform steps of in response to said power-on state, performing secure code maintained in a persistent memory internal to a chip including said single-processor processing unit, said steps of performing secure code including steps of loading additional code from one or more trusted sources; verifying authenticity of said trusted sources; and verifying content integrity of said additional code; wherein said steps of verifying authenticity and content integrity are performed in response to said persistent memory internal to said chip; and said persistent memory internal to said chip includes at least one of: encryption keys, secure hash values, or other data for verification of said trusted sources and authentication of said additional code. 97. Memory or mass storage as in claim 85, wherein said application software includes at least one instruction for execution in said secure mode. 98. Memory or mass storage as in claim 97, wherein said at least one instruction for execution in said secure mode includes an additional function performable by said single-processor processing unit on behalf of a set of secure kernel code. 99. Memory or mass storage as in claim 97, wherein said at least one instruction for execution in said secure mode includes an additional function performable by said single-processor processing unit on behalf of a set of secure kernel code, said additional function including authenticating additional secure kernel code. 100. Memory or mass storage in a processing unit including instructions capable of being interpreted by a computing device to perform steps of performing instructions by a single-processor processing unit, said single-processor processing unit including a security signal having at least a secure mode and a monitored mode; switching from said monitored mode to said secure mode in response to a non-maskable interrupt (NMI) signal; accessing, by said single-processor processing unit, at least one secure function in response to said security signal when said security signal indicates said secure mode, and refusing to access said secure function in response to said security signal when said security signal indicates said monitored mode; wherein said secure function includes steps of recording external instructions in response to an external source, a trustworthiness of said external source being verifiable by said single-processor processing unit, wherein said single processor performs instructions and has access to the at least one secure function. 101. Memory or mass storage as in claim 100, including instructions capable of being interpreted by a computing device to perform steps of allowing said single-processor processing unit to access at least one secure circuit coupled to said single-processor processing unit only when said security signal indicates said secure mode. 102. Memory or mass storage as in claim 100, including instructions capable of being interpreted by a computing device to perform steps of performing a set of application code maintained in memory or mass storage, said memory or mass storage coupled to said single-processor processing unit, said steps of performing being done without substantial change from said application code being performed on a substantially identical non-secure processing unit not responsive to said security signal. 103. Memory or mass storage as in claim 100, including instructions capable of being interpreted by a computing device to perform steps of performing, by said single-processor processing unit, a set of application code maintained in memory or mass storage, coupled to said single-processor processing unit, when said single-processor processing unit is operating in said monitored mode. 104. Memory or mass storage as in claim 100, wherein said one secure function includes steps of requesting said external instructions from said external source; sending data responsive to said secure information to said external source, whereby said external source is capable of verifying that said single-processor processing unit is authorized to perform said external instructions; and receiving said external instructions from said external source. 105. Memory or mass storage as in claim 100, including instructions capable of being interpreted by a computing device to perform steps of monitoring access by said single-processor processing unit to an external device; said steps of monitoring being responsive to said security signal and to a set of access rules, wherein when said single-processor processing unit attempts to access said external device in violation of said access rules, performing at least one secure function in response thereto. 106. Memory or mass storage as in claim 105, wherein said steps of monitoring are responsive to access by said by said single-processor processing unit, in response to at least one of a number of accesses requested by said single-processor processing unit; a number of instructions which said single-processor processing unit performs; a parameter set by said single-processor processing unit which operating in said secure mode; or an interval during which said single-processor processing unit is operating. 107. Memory or mass storage as in claim 100, including instructions capable of being interpreted by a computing device to perform steps of maintaining a set of secure information for read only access by said single-processor processing unit. 108. Memory or mass storage as in claim 107, wherein said steps of maintaining include steps of reading said set of secure information from a non-volatile memory. 109. Memory or mass storage as in claim 107, wherein said steps of maintaining include steps of reading said set of secure information from a non-volatile memory, and including steps of disabling writing of said non-volatile memory when said secure processor is packaged. 110. Memory or mass storage as in claim 107, wherein said steps of maintaining include steps of reading said set of secure information from a non-volatile memory, and including steps of disabling writing of said non-volatile memory when said secure processor is packaged, said steps of disabling including making substantially inaccessible a non-bonded pin. 111. Memory or mass storage as in claim 107, wherein said steps of maintaining include steps of reading said set of secure information from a non-volatile memory, and wherein said set of secure information is unique to said secure processor. 112. Memory or mass storage as in claim 100, wherein said one secure function includes steps of receiving said external instructions from said external source constructing data responsive to said external instructions; and comparing said data responsive to said external instructions with at least some of said secure information, whereby said single-processor processing unit is capable of verifying that said external instructions are accurate. 113. Memory or mass storage as in claim 112, wherein said steps of constructing include determining a computed signature value in response to said external instructions; and said steps of comparing include attempting to match said computed signature value against a recorded signature value included in said secure information. 114. Memory or mass storage as in claim 112, wherein said steps of receiving include at least one of receiving a set of messages, said set of messages collectively including said external instructions; or receiving a set of storage media, said set of storage media collectively including said external instructions. 115. Memory or mass storage in a processing unit including instructions capable of being interpreted by a computing device to perform steps of performing instructions on a processor, said processor having a secure mode and a monitored mode; wherein when said processor executes in said secure mode, said processor has access to at least one secure function for which said processor does not have access to when said processor executes in said monitored mode; wherein said processor executes in said secure mode during an interrupted state, said interrupted state being responsive to a non-maskable interrupt (NMI); wherein when said processor enters said secure mode, said processor transfers control to a set of secure code, said secure code not being alterable when said processor executes in said monitored mode; wherein a set of said secure code associated with said startup state includes instructions performable by said processor and directing said processor to add external instructions to secure code in response to an external source of said external instructions, a trustworthiness of said external source being verifiable by said processor in response to a set of secure information, wherein said single processor performs instructions and has access to the at least one secure function.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (81)
Hogan, Kenneth; Polucha, Micheal; Pham, Trieu; Vollum, Steve; Johnston, Jessee, Airborne e-mail data transfer protocol.
Peterson, Leonard J.; Freedman, Steven J.; Partovi, Hadi; Endres, Raymond E.; D'Souza, David J.; Ellerman, Erik Castedo; Jiggins, Julian P., Client-side system for scheduling delivery of web content and locally managing the web content.
Karolak Dale W. (Ft. Wayne IN) Shirey Carl L. (Ft. Wayne IN) Steiner Wesley D. (Ft. Wayne IN) Rue Robert T. (Ft. Wayne IN), Communications management system architecture.
Acharya, Swarup; Korth, Henry F.; Poosala, Viswanath, Computer implemented method and apparatus for fulfilling a request for information content with a user-selectable version of a file containing that information content.
Hatakeyama, Takahisa; Yoshioka, Makoto; Miyazawa, Yuji, Content usage control system, content usage apparatus, computer readable recording medium with program recorded for computer to execute usage method.
Ikuta Masanao,JPX ; Kambe Tomoaki,JPX ; Takida Satoshi,JPX, Data caching apparatus, data caching method and medium recorded with data caching program in client/server distributed system.
Blatter Harold ; Horlander Thomas Edward ; Bridgewater Kevin Elliott ; Deiss Michael Scott, Decoding system and data format for processing and storing encrypted broadcast, cable or satellite video data.
Downs Edgar ; Gruse George Gregory ; Hurtado Marco M. ; Lehman Christopher T. ; Milsted Kenneth Louis ; Lotspiech Jeffrey B., Electronic content delivery system.
Shaw David E. ; Ardai Charles E. ; Marsh Brian D. ; Moraes Mark A. ; Rudolph Dana B. ; Mc Auliffe Jon D., Electronic mail system for displaying advertisement at local computer received from remote system while the local compu.
Traversat Bernard A. ; Saulpaugh Tom ; Schmidt Jeffrey A. ; Slaughter Gregory L. ; Tracey William J. ; Woodward Steve, Generic schema for storing configuration information on a server computer.
Christopher H. Stewart ; Svilen B. Pronev ; Darrell J. Starnes, Method and apparatus for efficient storage and retrieval of objects in and from an object storage device.
Lambert Mark L. ; van der Rijn Daniel J. G. ; Kemper David J. ; Verkler Jay L., Method and apparatus for storing and delivering documents on the internet.
Sanjay Agraharam ; Robert Edward Markowitz ; Kenneth H. Rosen ; David Hilton Shur ; Joel A. Winthrop, Method and apparatus to enhance a multicast information stream in a communication network.
Arnold Thomas Andrew ; Pettitt John Philip ; Rendleman ; Jr. Jesse Noel ; Lewis ; Jr. Robert Lincoln, Method and system for delivering digital products electronically.
Fields, Duane Kimbell; Gregg, Thomas Preston; Hassinger, Sebastian Daniel; Hurley, II, William Walter; Kolb, Mark Andrew; Vu, Stacy Braden, Method and system for distributing image-based content on the internet.
Uesaka Yasushi,JPX ; Yamauchi Kazuhiko,JPX ; Kozuka Masayuki,JPX ; Higaki Nobuo,JPX ; Horiuchi Koichi,JPX ; Haruna Syusuke,JPX, Microprocessor suitable for reproducing AV data while protecting the AV data from illegal copy and image information processing system using the microprocessor.
Webber Neil F. (Hudson MA) Israel Robert K. (Westford MA) Kenley Gregory (Northborough MA) Taylor Tracy M. (Upton MA) Foster Antony W. (Framingham MA), Network file migration system.
Lin Mengjou, Process scheduling for streaming data through scheduling of disk jobs and network jobs and the relationship of the scheduling between these types of jobs.
Theriault Roger ; Lockhart Thomas Wayne,CAX ; Battin Robert D., Proxy host computer and method for accessing and retrieving information between a browser and a proxy.
Tso Michael Man-Hak ; Jing Jin ; Knauerhase Robert Conrad ; Romrell David Alfred ; Gillespie Daniel Joshua ; Bakshi Bikram Singh ; Sathyanarayan Seshardi, Scaling proxy server sending to the client a graphical user interface for establishing object encoding preferences after receiving the client's request for the object.
Vaitzblit Lev (Concord MA) Ramakrishnan Kadangode K. (Maynard MA) Tzelnic Percy (Concord MA), Scheduling and admission control policy for a continuous media server.
Doherty, Robert J.; Tierney, Peter L.; Arnaoutoglou-Andreou, Marios, System and embedded license control mechanism for the creation and distribution of digital content files and enforcement of licensed use of the digital content files.
Duane Kimbell Fields ; Thomas Preston Gregg ; Sebastian Daniel Hassinger ; William Walter Hurley, System and method for cooperative client/server customization of web pages.
Pasquali Sandro, System and method for providing a dynamic advertising content window within a window based content manifestation environment provided in a browser.
Ford, Daniel A.; Kraft, Reiner; Tewari, Gaurav, System and technique for dynamic information gathering and targeted advertising in a web based model using a live information selection and analysis tool.
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of composite digital works.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Nakamura Hiroki,JPX ; Kusumi Yuki,JPX ; Oashi Masahiro,JPX ; Shimoji Tatsuya,JPX, Video on demand system with a transmission schedule table in the video server including entries for client identifiers,.
Belknap William R. (San Jose CA) Henley Martha R. (Morgan Hill CA) Falcon ; Jr. Lorenzo (San Jose CA) Frayne Thomas E. (San Jose CA) Luo Mei-Lan (San Jose CA) Saxena Ashok R. (San Jose CA), Video optimized media streamer with cache management.
O'Brien, Terence W.; Schmalbach, Richard; Blessing, John; Murray, Jeffrey, Computer architecture for an electronic device providing SLS access to MLS file system with trusted loading and protection of program execution memory.
Yen, Wei; Princen, John; Lo, Raymond; Srinivasan, Pramila, Delivery of license information using a short messaging system protocol in a closed content distribution system.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.