A hardware Secure Processing Unit (SPU) is described that can perform both security functions and other information appliance functions using the same set of hardware resources. Because the additional hardware required to support security functions is a relatively small fraction of the overall devic
A hardware Secure Processing Unit (SPU) is described that can perform both security functions and other information appliance functions using the same set of hardware resources. Because the additional hardware required to support security functions is a relatively small fraction of the overall device hardware, this type of SPU can be competitive with ordinary non-secure CPUs or microcontrollers that perform the same functions. A set of minimal initialization and management hardware and software is added to, e.g., a standard CPU/microcontroller. The additional hardware and/or software creates an SPU environment and performs the functions needed to virtualize the SPU's hardware resources so that they can be shared between security functions and other functions performed by the same CPU.
대표청구항▼
What is claimed is: 1. In a secure processing unit comprising a memory management unit, an internal memory unit, and processor security registers, a method of restricting access to memory, the method comprising: using one or more level-one page table entries of a plurality of page table entries in
What is claimed is: 1. In a secure processing unit comprising a memory management unit, an internal memory unit, and processor security registers, a method of restricting access to memory, the method comprising: using one or more level-one page table entries of a plurality of page table entries in a level-one page table to indicate whether entries in a level-two page table corresponding with the one or more level-one page table entries may designate certain predefined memory regions based on one or more predefined attributes respectively contained in the one or more level-one page table entries; and restricting access by certain software components or processor modes to predefined memory regions based on access control data, wherein the access control data are stored in a critical address register, the critical address register comprising one of the processor security registers. 2. The method of claim 1, wherein the internal memory unit includes secure random access memory, secure non-volatile memory, and secure read-only memory. 3. The method of claim 2, wherein the secure non-volatile memory contains a cryptographic key. 4. The method of claim 2, wherein the secure non-volatile memory is powered by a battery. 5. The method of claim 4, wherein the secure non-volatile memory contains a cryptographic key. 6. The method of claim 1, wherein the internal memory unit includes a unique identifier for the secure processing unit, a private cryptographic key, and a public cryptographic key. 7. The method of claim 6, wherein the internal memory unit further includes a cryptographic certificate linking the unique identifier and the public cryptographic key. 8. The method of claim 1, wherein one or more level-two page tables are configured so as to be unable to designate the predefined memory regions are stored in memory locations other than the internal memory unit. 9. In an information appliance comprising a secure processing unit, the secure processing unit comprising a memory management unit, an internal memory unit, and processor security registers, a method comprising: indicating, using one or more level-one page table entries of a plurality of page table entries in a level-one page table, whether entries in a level-two page table corresponding with the one or more level-one page table entries may designate certain predefined memory regions based on one or more predefined attributes respectively contained in the one or more level-one page table entries; restricting access by certain software components or processor modes to predefined memory regions based on access control data, wherein the access control data are stored in a critical address register, the critical address register comprising one of the processor security registers; and enabling performance, by the secure processing unit, of both secure processing operations and at least some processing operations performed by a conventional information appliance processing unit. 10. The method of claim 9, wherein the information appliance is an appliance selected from: a television set-top box, a portable audio player, a portable video player, a cellular telephone, a personal computer, and a workstation. 11. The method of claim 9, wherein the secure processing unit is the information appliance's primary processing unit. 12. The method of claim 9, wherein the secure processing unit is the information appliance's only processing unit. 13. The method of claim 9, wherein the level-one page table and the level-two page tables that may designate the predefined memory regions are stored in the internal memory unit. 14. The method of claim 9, wherein the internal memory unit includes secure random access memory, secure non-volatile memory, and secure read-only memory. 15. The method of claim 14, wherein the secure non-volatile memory contains a cryptographic key. 16. The method of claim 14, wherein the secure non-volatile memory is powered by a battery. 17. The method of claim 16, wherein the secure non-volatile memory contains a cryptographic key. 18. The method of claim 9, wherein the internal memory unit includes a unique identifier for the secure processing unit, a private cryptographic key, and a public cryptographic key. 19. The method of claim 18, wherein the internal memory unit further includes a cryptographic certificate linking the unique identifier and the public cryptographic key. 20. The method of claim 9, wherein one or more level-two page tables are configured so as to be unable to designate the predefined memory regions are stored in memory locations other than the internal memory unit.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (18)
Shear Victor H. (Bethesda MD), Database usage metering and protection system and method.
Stefik Mark J. (Woodside CA) Russell Daniel M. (Palo Alto CA) Bobrow Daniel G. (Palo Alto CA) Henderson ; Jr. D. Austin (La Honda CA), Document processing system utilizing document service cards to provide document processing services.
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Card Stuart K. (Los Altos CA) Casey Michalene M. (Morgan Hill CA) Goldstein Richard J. (San Francisco CA) Lamming Michael G. (Cambridge CA, Interactive contents revealing storage device.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of composite digital works.
Stefik Mark J. (Woodside CA) Merkle Ralph C. (Sunnyvale CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of digital works having a fee reporting mechanism.
Shear Victor H. ; Van Wie David M. ; Weber Robert P., Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.