公开(公告)号：US10452844B2

公开(公告)日：2019-10-22

申请号：US12323670

申请日：2008-11-26

申请人： William E. Hall ,  Stefan P. Jackowski

发明人： William E. Hall ,  Stefan P. Jackowski

IPC分类号： G06F21/55 ,  G06F21/78 ,  G06F21/81

摘要： A circuit arrangement, method, and design structure for controlling access to master secret data disposed in at least a portion of at least one persistent region of an integrated circuit device is disclosed. The circuit arrangement includes a clock circuit responsive to an external clock signal, a security state machine configured to control a security state of the integrated circuit device, and a master secret circuit in communication with the security state machine and configured to control access to the master secret data. The security state machine and master secret circuit are isolated from the clock circuit, and the master secret circuit is responsive to the security state machine to selectively erase at least a portion of the master secret data. The master secret circuit may be configured to erase the portion of the master secret data in response to a null or triggered security state.

公开(公告)号：US10255463B2

公开(公告)日：2019-04-09

申请号：US12272217

申请日：2008-11-17

申请人： William E. Hall ,  Guerney D. H. Hunt ,  Paul A. Karger ,  Mark F. Mergen ,  David R. Safford ,  David C. Toll

发明人： William E. Hall ,  Guerney D. H. Hunt ,  Paul A. Karger ,  Mark F. Mergen ,  David R. Safford ,  David C. Toll

IPC分类号： H04L12/28 ,  G06F21/85 ,  G06F21/60

摘要： A secure computer architecture is provided. With this architecture, data is received, in a component of an integrated circuit chip implementing the secure computer architecture, for transmission across a data communication link. The data is converted, by the component, to one or more first fixed length frames. The one or more first fixed length frames are then transmitted, by the component, on the data communication link in a continuous stream of frames. The continuous stream of frames includes one or more second fixed length frames generated when no data is available for inclusion in the frames of the continuous stream.

公开(公告)号：US20130019307A1

公开(公告)日：2013-01-17

申请号：US13613708

申请日：2012-09-13

申请人： William E. Hall ,  Guerney D.H. Hunt ,  Paul A. Karger ,  Mark F. Mergen ,  David R. Safford ,  David C. Toll

发明人： William E. Hall ,  Guerney D.H. Hunt ,  Paul A. Karger ,  Mark F. Mergen ,  David R. Safford ,  David C. Toll

IPC分类号： G06F21/00

CPC分类号： G06F21/85 ,  G06F21/606

摘要： A secure computer architecture is provided. With this architecture, data is received, in a component of an integrated circuit chip implementing the secure computer architecture, for transmission across a data communication link. The data is converted, by the component, to one or more first fixed length frames. The one or more first fixed length frames are then transmitted, by the component, on the data communication link in a continuous stream of frames. The continuous stream of frames includes one or more second fixed length frames generated when no data is available for inclusion in the frames of the continuous stream.

摘要翻译： 提供安全的计算机体系结构。 利用这种架构，在实现安全计算机架构的集成电路芯片的组件中接收数据，用于跨数据通信链路进行传输。 数据被组件转换成一个或多个第一固定长度的帧。 一个或多个第一固定长度帧然后由组件以连续的帧流在数据通信链路上发送。 连续的帧流包括当没有数据可用于包括在连续流的帧中时生成的一个或多个第二固定长度帧。

公开(公告)号：US20120331466A1

公开(公告)日：2012-12-27

申请号：US13603643

申请日：2012-09-05

申请人： William E. Hall ,  Guerney D. H. Hunt ,  Paul A. Karger ,  Suzanne K. McIntosh ,  Mark F. Mergen ,  David R. Safford ,  David C. Toll

发明人： William E. Hall ,  Guerney D. H. Hunt ,  Paul A. Karger ,  Suzanne K. McIntosh ,  Mark F. Mergen ,  David R. Safford ,  David C. Toll

IPC分类号： G06F9/455

CPC分类号： G06F9/45533 ,  G06F9/5077 ,  G06F21/57 ,  G06F2009/4557 ,  G06F2009/45579

摘要： A mechanism is provided for performing secure recursive virtualization of a computer system. A portion of memory is allocated by a virtual machine monitor (VMM) or an operating system (OS) to a new domain. An initial program for the new domain is loaded into the portion of memory. Secure recursive virtualization firmware (SVF) in the data processing system is called to request that the new domain be generated. A determination is made as to whether the call is from a privileged domain or a non-privileged domain. Responsive to the request being from a privileged domain, all access to the new domain is removed from any other domain in the data processing system. Responsive to receiving an indication that the new domain has been generated, an execution of the initial program is scheduled.

摘要翻译： 提供了一种用于执行计算机系统的安全递归虚拟化的机制。 内存的一部分由虚拟机监视器（VMM）或操作系统（OS）分配给新域。 新域的初始程序被加载到内存部分。 调用数据处理系统中的安全递归虚拟化固件（SVF）来请求生成新的域。 确定呼叫是来自特权域还是非特权域。 响应于来自特权域的请求，对数据处理系统中的任何其他域的所有对新域的访问都将被删除。 响应于接收到新域已被生成的指示，调度初始程序的执行。

公开(公告)号：US07822993B2

公开(公告)日：2010-10-26

申请号：US10927729

申请日：2004-08-27

申请人： Dinarte R. Morais ,  Jeffrey A. Andrews ,  William E. Hall

发明人： Dinarte R. Morais ,  Jeffrey A. Andrews ,  William E. Hall

IPC分类号： G06F11/30

CPC分类号： G06F12/1408 ,  G06F12/1475

摘要： A computing environment maintains the confidentiality of data stored in system memory. The computing environment has an encryption circuit in communication with a CPU. The system memory is also in communication with the encryption circuit. An address bus having a plurality of address lines forms part of the system and a value of at least one of the address lines determines a key selected from a plurality of keys to use in the encryption circuit to encrypt data being transferred by the CPU to the memory.

摘要翻译： 计算环境维护存储在系统存储器中的数据的机密性。 计算环境具有与CPU通信的加密电路。 系统存储器也与加密电路通信。 具有多个地址线的地址总线形成系统的一部分，并且至少一个地址线的值确定从多个密钥中选择的密钥以在加密电路中使用以将由CPU传送的数据加密到 记忆。

公开(公告)号：US07451310B2

公开(公告)日：2008-11-11

申请号：US10307673

申请日：2002-12-02

申请人： William E. Hall ,  Charanjit S. Jutla

发明人： William E. Hall ,  Charanjit S. Jutla

IPC分类号： H04L9/00

CPC分类号： H04L9/0836 ,  H04L9/3215 ,  H04L2209/30

摘要： This invention relates to a method and apparatus for generating a cryptographic authentication code of a set of plaintext blocks, while allowing incremental updates to the set of plaintext blocks. Additionally, an aspect of the invention, allows the updated authentication code to be computed in a highly parallelizable manner.Another embodiment of the present invention defines a new class of authentication trees in which the updated authentication tree, although requiring log(n) block cryptographic operations, allows for the log(n) block cryptographic operations to be computed in parallel.Another embodiment of the present invention provides encryption and verification authentication tree schemes, as well as, an apparatus that generates, updates, and verifies such authentication trees.Another embodiment of the present invention provides authentication tree schemes in which the individual cryptographic operations are block cipher invocations as opposed to hash function invocations.A method according to an embodiment of the present invention, for implementing a parallelizable authentication tree is provided within the application. The method comprises the steps of recursively initializing an authentication tree to include nodes, inputting plaintext blocks into an authentication tree modifier, inputting the initialized authentification tree into the authentification tree modifier, processing the plaintext blocks and the initialized authentication tree by the authentication tree modifier, and outputting a modified authentication tree from the authentication tree modifier. tree modifier, inputting the initialized authentication tree into the authentication tree modifier, processing the plaintext blocks and the initialized authentication tree by the authentication tree modifier, and outputting a modified authentication tree from the authentication tree modifier.

摘要翻译： 本发明涉及一种用于生成一组明文块的密码认证码的方法和装置，同时允许对该组明文块的增量更新。 另外，本发明的一个方面允许以高度可并行化的方式来计算更新的认证码。 本发明的另一个实施例定义了一类新的认证树，其中更新的认证树虽然需要日志（n）块加密操作，但允许并行计算日志（n）块密码操作。 本发明的另一实施例提供加密和验证认证树方案，以及生成，更新和验证这种认证树的装置。 本发明的另一个实施例提供了认证树方案，其中各个密码操作是与散列函数调用相反的块密码调用。 在应用中提供了一种用于实现可并行化认证树的根据本发明实施例的方法。 该方法包括以下步骤：递归地初始化认证树以包括节点，将明文块输入到认证树修改器中，将初始化的认证树输入到认证树修饰符中，通过认证树修饰符处理明文块和初始化认证树， 并从认证树修改器输出修改的认证树。 树修改器，将初始化的认证树输入认证树修饰符，通过认证树修饰符处理明文块和初始化认证树，并从认证树修饰符输出修改后的认证树。

公开(公告)号：US06851056B2

公开(公告)日：2005-02-01

申请号：US10125527

申请日：2002-04-18

申请人： Edward K. Evans ,  Eric M. Foster ,  Dennis E. Franklin ,  William E. Hall

发明人： Edward K. Evans ,  Eric M. Foster ,  Dennis E. Franklin ,  William E. Hall

IPC分类号： G06F21/24 ,  G06F12/14 ,  G06F13/36 ,  G06F21/00 ,  G06F13/00 ,  H04L9/00

CPC分类号： G06F21/6218 ,  G06F12/1483 ,  G06F21/78 ,  G06F21/85 ,  G06F2221/2129 ,  G06F2221/2141 ,  G06F2221/2143

摘要： An access control function for an integrated system is provided which determines data access based on the master id of a requesting master within the system and the address of the data. The access control function can be inserted, for example, into the data transfer path between bus control logic and one or more slaves. In addition to determining whether to grant access to the data, the access control function can further qualify the access by selectively implementing encryption and decryption of data, again dependent on the data authorization level for the particular functional master initiating the request for data.

摘要翻译： 提供了一种用于集成系统的访问控制功能，其基于系统内的请求主机的主机ID和数据的地址来确定数据访问。 访问控制功能可以插入到例如总线控制逻辑和一个或多个从站之间的数据传输路径中。 除了确定是否允许对数据的访问之外，访问控制功能还可以通过选择性地实现数据的加密和解密来进一步限定访问，这又取决于启动数据请求的特定功能主体的数据授权级别。

公开(公告)号：US5226171A

公开(公告)日：1993-07-06

申请号：US802643

申请日：1991-12-03

申请人： William E. Hall ,  Dale A. Stigers ,  Leslie F. Decker

发明人： William E. Hall ,  Dale A. Stigers ,  Leslie F. Decker

IPC分类号： G06F15/78 ,  G06F17/16

CPC分类号： G06F15/8076 ,  G06F17/16

摘要： A parallel processing system utilizes a plurality of simultaneously operable arithmetic units to provide matrix-vector products, with each of the arithmetic units implementing the matrix-vector product calculations for plural rows of a matrix stored as vectors in an arithmetic unit. A column of a second matrix is broadcast to the respective arithmetic units whereby the products may be developed in all the arithmetic units simultaneously. The broadcasting of the matrix elements is accomplished via a memory bus which may be employed for selectively or simultaneously accessing registers in the various arithmetic units whereby vector information may be written into memory addresses and calculation results retrieved therefrom.

摘要翻译： 并行处理系统利用多个可同时操作的算术单元来提供矩阵向量积，其中每个运算单元对于运算单元中作为向量存储的矩阵的多行执行矩阵向量积计算。 将第二矩阵的列广播到相应的算术单元，从而可以在所有算术单元中同时开发产品。 矩阵元素的广播通过存储器总线来实现，该存储器总线可用于选择性地或同时访问各种算术单元中的寄存器，由此向量信息可以被写入存储器地址和从其中检索的计算结果。

公开(公告)号：US4624644A

公开(公告)日：1986-11-25

申请号：US678292

申请日：1984-12-05

申请人： William E. Hall

发明人： William E. Hall

IPC分类号： B63H23/34 ,  F02B61/04 ,  B63H1/14

CPC分类号： B63H23/34 ,  F02B61/045 ,  Y10T29/49822 ,  Y10T29/53687

摘要： A stop device for application to an outboard marine engine to retain the propeller against rotation while the prop nut is being tightened or loosened. The device is T-shaped and includes side wings and a vertical leg. The wings have slots which permit the device to be slipped onto a tail plate located above the propeller. The leg extends downwardly between the blades of the propeller and engages the blades to prevent propeller rotation.

摘要翻译： 一种用于舷外船用发动机的停止装置，用于在支撑螺母被紧固或松动时保持螺旋桨不旋转。 该装置是T形的，包括侧翼和垂直腿。 机翼具有允许装置滑入位于螺旋桨上方的尾板上的槽。 该支腿在螺旋桨的叶片之间向下延伸并与叶片接合以防止螺旋桨旋转。

公开(公告)号：US4442488A

公开(公告)日：1984-04-10

申请号：US468506

申请日：1983-02-22

申请人： William E. Hall

发明人： William E. Hall

IPC分类号： G06F9/38 ,  G06F12/08 ,  G06F9/00 ,  G06F13/00

CPC分类号： G06F9/3814 ,  G06F12/0862 ,  G06F9/3802

摘要： A memory system includes a high-speed, multi-region instruction cache, each region of which stores a variable number of instructions received from a main data memory said instructions forming part of a program. An instruction is transferred to a region from the main data memory in response to a program address and may be executed without waiting for simultaneous transfer of a large block or number of instructions. Meanwhile, instructions at consecutively subsequent addresses in the main data memory are transferred to the same region for building an expanding cache of rapidly accessible instructions. The expansion of a given region is brought about as a result of the addressing of that region, such that a cache region receiving a main line of the aforementioned program will be expanded in preference to a region receiving an occasionally used sub-routine. When a new program address is presented, a simultaneous comparison is made with pointers which are provided to be indicative of addresses of instructions currently stored in the various cache regions, and stored information is gated from a region which produces a favorable comparison. When a new address is presented to which no cache region is responsive, the least recently used region, that is the region that has been accessed least recently, is immediately invalidated and reused by writing thereover, starting with the new address to which no cache region was responsive, for accumulating a substituted cache of information from the main data memory.

摘要翻译： 存储器系统包括高速多区域指令高速缓存，每个区域存储从主数据存储器接收到的可变数目的指令，所述指令形成程序的一部分。 响应于程序地址将指令从主数据存储器传送到区域，并且可以在不等待大块或多个指令的同时传送的情况下执行指令。 同时，主数据存储器中连续的后续地址的指令被传送到相同的区域，用于构建快速可访问的指令的扩展缓存。 作为对该区域的寻址的结果，导致给定区域的扩展，使得接收上述程序的主线的高速缓存区域将优先于接收到偶尔使用的子例程的区域而扩展。 当呈现新的节目地址时，使用指示符进行同时比较，指针被提供以指示当前存储在各种高速缓存区域中的指令的地址，并且存储的信息从产生有利的比较的区域中选通。 当没有高速缓存区域被响应的新地址被呈现时，最近最少使用的区域（即最近被访问的区域）立即被无效并且通过写入来重用，从没有高速缓存区域的新地址开始 用于从主数据存储器累积替换的信息缓存。