An electronic device, such as, a computer, may be adapted for self-monitoring for compliance to an operating policy. The operating policy may specify a pay-per-use or subscription business model and measurements associated with compliant usage. A secure execution environment may measure usage in acc
An electronic device, such as, a computer, may be adapted for self-monitoring for compliance to an operating policy. The operating policy may specify a pay-per-use or subscription business model and measurements associated with compliant usage. A secure execution environment may measure usage in accordance with the business model as well as monitor and enforce compliance to the operating policy. To increase the difficulty of attacking or otherwise disabling the secure execution environment, elements of the secure execution environment may be distributed. The distribution points may include other functional elements of the computer, such as interface circuits, or may even be remotely located over a network. An implementation method for disaggregating the secure execution environment is also disclosed.
대표청구항▼
1. A computer adapted for use in limited function operating modes comprising: a secure hardware interface providing an interface between a secure execution environment and a plurality of functional circuits of the computer;the plurality of functional circuits including at least two or more of a proc
1. A computer adapted for use in limited function operating modes comprising: a secure hardware interface providing an interface between a secure execution environment and a plurality of functional circuits of the computer;the plurality of functional circuits including at least two or more of a processor, a graphics processor, an I/O interface, a BIOS memory, a non-volatile storage memory, and an external bus interface, each of the plurality of functional circuits connected via a bus external to the plurality of functional circuits;a secure execution environment having secure storage and controlling disaggregated enforcement functions in each of the respective functional circuits, the secure execution environment including at least a metering function that monitors usage of the computer according to a policy at least partly secured in the secure execution environment;the metering function measuring usage against a stored value in the secure storage; andat least a first of the enforcement functions in a first of the functional circuits, when activated by the enforcement function, in turn activates a limited function mode in the first functional circuit when the metering function determines usage is not in compliance with the policy, the limited function mode removing or reducing some but not all functionality of the first functional circuit such that at least some functionality of the first functional circuit continues to be available for use by the computer. 2. The computer of claim 1, wherein the secure execution environment comprises a circuit of the computer and further comprising: a secure memory storing at least a hardware identifier;a clock providing monotonically increasing time;a cryptography function; anda policy management function for updating the policy. 3. The computer of claim 2, wherein the secure memory, clock, cryptography function, and policy management function are each communicatively coupled with one or more of the plurality of functional circuits. 4. The computer of claim 1, wherein secure execution environment includes a dedicated data bus physically separate from the bus external to the plurality of functional circuits and providing communication between components of the secure execution environment. 5. The computer of claim 1, wherein the secure execution environment further comprises a core for managing communication between the components of the secure execution environment. 6. The computer of claim 5, wherein the core is part of the processor. 7. The computer of claim 5, wherein the plurality of functional circuits comprises an interface chip that supports memory access and the core is part of the interface chip. 8. The computer of claim 5, wherein the plurality of functional circuits comprises an interface chip that supports peripheral component access and the core is part of the interface chip. 9. The computer of claim 5, wherein the core is a standalone chip. 10. The computer of claim 1, wherein the first enforcement function comprises a memory bus reduction function located in a graphics/memory interface and reducing throughput of the memory bus. 11. The computer of claim 1, further comprising an input/output interface and a graphics/memory interface, wherein the first functional circuit is part of the input/output interface and a second functional circuit is part of the graphics/memory interface. 12. The computer of claim 1, further comprising an input/output interface and a graphics processor, wherein the first security function is part of the input/output interface. 13. The computer of claim 1, further comprising a graphics/memory interface and a graphics processor, wherein the first security function is part of the graphics/memory interface. 14. The computer of claim 1, further comprising a graphics/memory interface and an input/output interface, wherein the first security function is part of the input/output interface. 15. The computer of claim 1, wherein the first security function is part of the external bus interface. 16. The computer of claim 1, wherein the secure execution environment restores functionality in response to validating a restoration code received after activation of the limited function mode. 17. The computer of claim 1, wherein the activated enforcement function changes a speed of the processor.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (19)
Spivey, Gary E., Communication and control model for field programmable gate arrays and other programmable logic devices.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Milland, Managing a secure platform using a hierarchical executive architecture in isolated execution mode.
Barnes, Brian C.; Strongin, Geoffrey S.; Schmidt, Rodney W., Memory management system and method for providing physical address based memory access security.
Gillespie Byron ; Goldschmidt Marc ; Sych Terry ; Young Bruce, Method and apparatus for interfacing a device compliant to a first bus protocol to an external bus having a second bus.
Solari Edward L. (Monmouth OR) Heckenberg Thomas A. (Forest Grove OR) Vanka Subbarao (Portland OR), Method of slowing down code execution in a microprocessor including an internal cache memory.
Barlow Doug ; Dillaway Blair ; Fox Barbara ; Lipscomb Terry ; Spies Terrence, System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.