[특허]Secure direct memory access

Secure direct memory access 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G06F-021/10 G11B-020/00 G06F-021/60 G06F-013/28 G06F-012/14
출원번호	US-0976951 (2011-12-21)
등록번호	US-9311458 (2016-04-12)
국제출원번호	PCT/US2011/066592 (2011-12-21)
§371/§102 date	20130627 (20130627)
국제공개번호	WO2013/095461 (2013-06-27)
발명자 / 주소	Mangalampalli, Jayant Gokulrangan, Venkat R.
출원인 / 주소	INTEL CORPORATION
대리인 / 주소	Kacvinsky Daisak Bluni PLLC
인용정보	피인용 횟수 : 6 인용 특허 : 17

초록 ▼

Examples are disclosed for establishing a secure destination address range responsive to initiation of a direct memory access (DMA) operation. The examples also include allowing decrypted content obtained as encrypted content from a source memory to be placed at a destination memory based on whether

대표청구항 ▼

1. A method implemented at host computing device comprising: establishing a secure destination address range responsive to initiation of a direct memory access (DMA) operation to be performed by a DMA module that includes obtaining encrypted content from a source memory, decrypting the encrypted content, and placing the decrypted content at a secure destination memory;receiving, at a controller of the DMA module, one or more destination addresses associated with the secure destination memory from an operating system executed by a host central processing unit (CPU) through a portion of memory shared between the controller and the operating system;validating, at the controller, whether the one or more destination addresses falls within the secure destination address range; andallowing, at the controller, the DMA module to place the decrypted content at the secure destination memory based on the one or more destination addresses falling within the secure destination address range. 2. The method of claim 1, comprising establishing the secure destination address range by setting both a valid destination start address register and a valid destination end address register at the DMA module configured to implement the DMA operation. 3. The method of claim 2, comprising resetting the valid destination start address register and the valid destination end address register responsive to completion of the DMA operation. 4. The method of claim 1, comprising receiving the one or more destination addresses includes receiving a destination DMA table as part of a scatter-gather list generated by an application requesting the DMA operation, the scatter-gather list to also include one or more source addresses associated with the source memory. 5. The method of claim 4, comprising setting source address and destination address registers at the DMA module based on the scatter-gather list and halting the setting of the source and destination address registers based on at least one destination address from among the one or more destination addresses falling outside of the secure destination address range. 6. The method of claim 1, the controller to flag the portion of the shared memory to indicate the portion's association with the DMA operation. 7. The method of claim 6, comprising the controller establishing the secure destination address range by setting a valid destination start address and setting a valid destination end address. 8. The method of claim 7, comprising the controller receiving one or more source addresses from the shared memory, the one or more source addresses constructed by an application requesting the DMA operation, the controller to set source address and destination address registers at the DMA module based on both the one or more source addresses and the one or more destination addresses, the controller to halt the setting of the source address and destination address registers based on at least one destination address from among the one or more destination addresses falling outside of the secure destination address range. 9. The method of claim 8, comprising the controller sending an error indication to the application requesting the DMA operation responsive to the at least one destination address falling outside the secure destination range. 10. The method of claim 7, comprising the controller receiving one or more source addresses from the shared memory, the one or more source addresses constructed by an application requesting the DMA operation, the controller to set source address and destination address registers at the DMA module based on both the one or more source addresses and the one or more destination addresses and based on whether all the destination addresses from among the one or more destinations fall within the secure destination address range. 11. An apparatus comprising: a processor circuit;a direct memory access (DMA) module communicatively coupled to the processor circuit; anda memory unit communicatively coupled to the processor circuit, the memory unit arranged to store a destination manager operative on the processor circuit to establish a secure destination address range responsive to initiation of a DMA operation to be performed by the DMA module to move encrypted content from a source memory, decrypt the encrypted content, and place the decrypted content at a secure destination memory, the destination manager also operative to receive one or more destination addresses associated with the secure destination memory from an operating system executed by a host central processing unit (CPU) through a portion of memory shared between the destination manager and the operating system, the destination manager further operative to validate whether the one or more destination addresses falls within the secure destination address range and to allow the DMA module to place the decrypted content at the secure destination memory based on the one or more destination addresses falling within the secure destination address range. 12. The apparatus of claim 11, comprising a display to visually play back a video content portion of the decrypted content placed at the secure destination memory. 13. The apparatus of claim 11, comprising the destination manager configured to set both a valid destination start address register and a valid destination end address register at the DMA module configured to implement the DMA operation in order to establish the secure destination address range. 14. The apparatus of claim 13, comprising the destination manager configured to receive the one or more destination addresses in a destination DMA table as a scatter-gather list generated by an application requesting the DMA operation, the scatter-gather list also including one or more source addresses associated with the source memory. 15. The apparatus of claim 14, comprising the destination manager configured to set source address and destination address registers at the DMA module based on the scatter-gather list and also configured to halt the setting of the source address and destination address registers based on at least one destination address from among the one or more destination addresses falls outside of the secure destination address range. 16. The apparatus of claim 11, comprising the destination manager configured to flag the portion of the shared memory to indicate the portion's association with the DMA operation. 17. The apparatus of claim 16, comprising the destination manager configured to set a valid destination start address and a valid destination end address in order to establish the secure destination address range. 18. The apparatus of claim 16, comprising the destination manager configured to set the valid destination start address and the valid destination end address at registers maintained at the DMA module configured to implement the DMA operation. 19. The apparatus of claim 17, comprising the destination manager configured to receive one or more source addresses from the shared memory, the one or more source addresses constructed by an application requesting the DMA operation, the destination manager to set source address and destination address registers at the DMA module based on both the one or more source addresses and the one or more destination addresses, the destination manager also configured to halt the setting of the source address and destination address registers based on at least one destination address from among the one or more destination addresses falling outside of the secure destination address range. 20. The apparatus of claim 19, comprising the destination manager configured to send an error indication to the application requesting the DMA operation responsive to the at least one destination address being an invalid destination address. 21. An article of manufacture comprising a non-transitory storage medium containing instructions that when executed cause a direct memory access (DMA) system for a host computing device to: establish a secure destination address range responsive to initiation of a DMA operation to be performed by a DMA module of the DMA system that includes obtaining encrypted content from a source memory, decrypting the encrypted content, and placing the decrypted content at a secure destination memory;receive, at the DMA system, one or more destination addresses associated with the secure destination memory from an operating system executed by a host central processing unit (CPU) through a portion of memory shared between the destination manager and the operating system;validate, at the DMA system, whether the one or more destination addresses falls within the secure destination address range; andcause the DMA module to place the decrypted content at the secure destination memory based on the one or more destination addresses falling within the secure destination address range. 22. The article of manufacture of claim 21, comprising the instructions to cause the DMA system to establish the secure destination address range by the DMA system setting both a valid destination start address register and a valid destination end address register at the DMA module configured to implement the DMA operation. 23. The article of manufacture of claim 22, comprising the instructions to cause the DMA system to receive the one or more destination addresses in a DMA table as part of a scatter-gather list generated by an application requesting the DMA operation, the scatter-gather list to also include one or more source addresses associated with the source memory. 24. The article of manufacture of claim 23, comprising the instructions to cause the DMA system to set source address and destination address registers at the DMA module based on the scatter-gather list and the instructions to also cause the DMA system to halt the setting of the source and destination address registers based on at least one destination address from among the one or more destination addresses falls outside of the secure destination address range. 25. The article of manufacture of claim 21, comprising the instructions to cause the DMA system to flag the portion of the shared memory to indicate the portion's association with the DMA operation. 26. The article of manufacture of claim 25, comprising the instructions to cause the DMA system to establish the secure destination address range by setting a valid destination end address to establish the secure destination address range. 27. The article of manufacture of claim 26, comprising the instructions to cause the DMA system to receive a one or more source addresses from the shared memory, the one or more source addresses constructed by an application requesting the DMA operation, the instructions to also cause the DMA system to set source address and destination address registers at the DMA module based on both the one or more source addresses and the one or more destination addresses, the instructions to also cause the DMA system to halt the setting of the source address and destination address registers based on at least one destination address from among the one or more destination addresses falling outside of the secure destination address range. 28. The article of manufacture of claim 27, comprising the instructions to cause the DMA system to send an error indication to the application requesting the DMA operation based on the at least one destination address falling outside the secure destination address range.

이 특허에 인용된 특허 (17)

Kershaw, Daniel; Felton, Donald; Stevens, Ashley Miles; Thompson, Anthony Paul, Data processing apparatus and method for controlling access to memory.
상세보기
Nakai, Yoshiyuki; Sumida, Koichi; Yamanouchi, Takao; Shimazawa, Yohichi, Data processing apparatus for selecting either a PIO data transfer method or a DMA data transfer method.
상세보기
Kurauchi, Nobukazu, Data processing device, data processing method, data processing program, recording medium containing the data processing program and integrated circuit.
상세보기
Hori, Yoshihiro; Ohno, Ryoji; Ohishi, Takeo; Tozaki, Akihiro; Tada, Kenichiro; Hirai, Tatsuya; Tsuru, Masafumi; Hasebe, Takayuki, Data storing device for classified data.
상세보기
De Perthuis, Hugues; Mutz, Stephane, Establishing a secure memory path in a unitary memory architecture.
상세보기
Futa, Yuichi; Haga, Tomoyuki; Ito, Takayuki; Matsushima, Hideki; Ito, Yoshikatsu, Memory control apparatus, content playback apparatus, control method and recording medium.
상세보기
Hatakeyama, Tetsuo, Memory protection during direct memory access.
상세보기
Xu, Kun; Jokinen, Tommi M.; Kramer, David B., Message passing using direct memory access unit in a data processing system.
상세보기
Noehring,Lee P.; Mercer,Chad W.; Cassetti,David; Privett,Michael; Anand,Satish, Method and system for high-speed processing IPSec security protocol packets.
상세보기
Blumrich Matthias Augustin (208 E. Stanworth Dr. Princeton NJ 08540) Dubnicki Cezary (110 Prospect St. ; Apt. E2 Princeton NJ 08540) Felten Edward William (20 Lake La. Princeton NJ 08540) Li Kai (73 , Method and system for initiating and loading DMA controller registers by using user-level programs.
상세보기
Wyatt, David, Method and system for protecting content in graphics memory.
상세보기
Hatakeyama, Akiyuki, Methods and apparatus for secure programming and storage of data using a multiprocessor in a trusted mode.
상세보기
Muth, Robert; Schmipf, Karl; Sehr, David C.; Biffle, Clifford L., Predicated control flow and store instructions for native code module security.
상세보기
Takahashi Richard ; Heer Daniel N., Secure memory management unit for microprocessor.
상세보기
Goto, Seiji, Secure processor and system.
상세보기
Morais, Dinarte R., System and method for applying security to memory reads and writes.
상세보기
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기

이 특허를 인용한 특허 (6)

Boivie, Richard Harold, Cache structure for a computer system providing support for secure objects.
상세보기
Boivie, Richard Harold, Enhanced security mechanism for authentication of users of a system.
상세보기
Yoon, Ji Yong, Multi-processor system including memory shared by multi-processor and method thereof.
상세보기
Boivie, Richard H.; Pendarakis, Dimitrios, Protecting application programs from malicious software or malware.
상세보기
Boivie, Richard Harold; Pendarakis, Dimitrios, Protecting application programs from malicious software or malware.
상세보기
Boivie, Richard Harold; Williams, Peter T., Secure object having protected region, integrity tree, and unprotected region.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Secure direct memory access 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (17)

이 특허를 인용한 특허 (6)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Secure direct memory access 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (17)

이 특허를 인용한 특허 (6)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트