公开(公告)号：US20140086406A1

公开(公告)日：2014-03-27

申请号：US13626476

申请日：2012-09-25

Applicant: APPLE INC.

Inventor： R. Stephen Polzin ,  Fabrice L. Gautier ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Michael L.H. Brouwer

IPC: H04L9/00

CPC classification number: H04L9/0861 ,  G06F21/72 ,  G09C1/00 ,  H04L9/0822 ,  H04L9/0897 ,  H04L2209/24

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

Abstract translation: SOC实现安全飞地处理器（SEP）。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离（例如SOC中的一个或多个中央处理单元（CPU），或SOC中的应用处理器（AP））。 对SEP的访问可以由硬件严格控制。 例如，描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息，SEP可以读取并响应。 在一些实施例中，SEP可以包括以下一个或多个：使用包装密钥的安全密钥管理，引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。

公开(公告)号：US09766692B2

公开(公告)日：2017-09-19

申请号：US14729335

申请日：2015-06-03

Applicant: Apple Inc.

Inventor： Sanjay Dabral ,  R. Stephen Polzin

IPC: G06F1/32 ,  G06F13/42

CPC classification number: G06F1/3296 ,  G06F1/3253 ,  G06F1/3287 ,  G06F13/4221 ,  G06F13/4282 ,  G06F2213/0024 ,  Y02D10/151 ,  Y02D10/171 ,  Y02D10/172 ,  Y02D50/20

Abstract: An integrated circuit (IC) implements an industry standard-defined peripheral interconnect to connect to another integrated circuit or component in a system. The industry standard specification includes a software interface that is well-defined and implemented by various software in the system, and thus is desirable to retain. However, the physical interconnect in the systems employing the integrated circuit may be short, and thus the elaborate physical layer definition may consume more integrated circuit area and power than is otherwise desirable in the IC. The IC may implement a simpler and more power-efficient physical layer, reducing both power consumption and semiconductor substrate area consumption, in some embodiments.

公开(公告)号：US09419794B2

公开(公告)日：2016-08-16

申请号：US14493458

申请日：2014-09-23

Applicant: Apple Inc.

Inventor： R. Stephen Polzin ,  Fabrice L. Gautier ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Michael L. H. Brouwer

IPC: H04L29/06 ,  H04L9/08 ,  G09C1/00 ,  G06F21/72

CPC classification number: H04L9/0861 ,  G06F21/72 ,  G09C1/00 ,  H04L9/0822 ,  H04L9/0897 ,  H04L2209/24

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

Abstract translation: SOC实现安全飞地处理器（SEP）。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离（例如SOC中的一个或多个中央处理单元（CPU），或SOC中的应用处理器（AP））。 对SEP的访问可以由硬件严格控制。 例如，描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息，SEP可以读取并响应。 在一些实施例中，SEP可以包括以下一个或多个：使用包装密钥的安全密钥管理，引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。

公开(公告)号：US09202061B1

公开(公告)日：2015-12-01

申请号：US14696622

申请日：2015-04-27

Applicant: Apple Inc.

Inventor： R. Stephen Polzin ,  Fabrice L. Gautier ,  Mitchell D. Adler ,  Timothy R. Paaske ,  Michael J. Smith

IPC: G06F15/177 ,  G06F9/24 ,  G06F1/24 ,  G06F7/04 ,  H04N7/16 ,  G06F21/57 ,  G06F21/60 ,  G06F12/14 ,  G06F9/44 ,  G06F9/445 ,  G06F21/00

CPC classification number: G06F21/575 ,  G06F1/24 ,  G06F9/24 ,  G06F9/4401 ,  G06F9/44505 ,  G06F12/14 ,  G06F15/167 ,  G06F21/00 ,  G06F21/572 ,  G06F21/60 ,  G06F21/74 ,  G06F21/76 ,  G06F21/81

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

公开(公告)号：US20170364141A1

公开(公告)日：2017-12-21

申请号：US15676322

申请日：2017-08-14

Applicant: Apple Inc.

Inventor： Sanjay Dabral ,  R. Stephen Polzin

IPC: G06F1/32 ,  G06F13/42

CPC classification number: G06F1/3296 ,  G06F1/3253 ,  G06F1/3287 ,  G06F13/4221 ,  G06F13/4282 ,  G06F2213/0024 ,  Y02D10/151 ,  Y02D10/171 ,  Y02D10/172 ,  Y02D50/20

Abstract: An integrated circuit (IC) implements an industry standard-defined peripheral interconnect to connect to another integrated circuit or component in a system. The industry standard specification includes a software interface that is well-defined and implemented by various software in the system, and thus is desirable to retain. However, the physical interconnect in the systems employing the integrated circuit may be short, and thus the elaborate physical layer definition may consume more integrated circuit area and power than is otherwise desirable in the IC. The IC may implement a simpler and more power-efficient physical layer, reducing both power consumption and semiconductor substrate area consumption, in some embodiments.

公开(公告)号：US20160034025A1

公开(公告)日：2016-02-04

申请号：US14729335

申请日：2015-06-03

Applicant: Apple Inc.

Inventor： Sanjay Dabral ,  R. Stephen Polzin

IPC: G06F1/32 ,  G06F13/42

CPC classification number: G06F1/3296 ,  G06F1/3253 ,  G06F1/3287 ,  G06F13/4221 ,  G06F13/4282 ,  G06F2213/0024 ,  Y02D10/151 ,  Y02D10/171 ,  Y02D10/172 ,  Y02D50/20

Abstract: An integrated circuit (IC) implements an industry standard-defined peripheral interconnect to connect to another integrated circuit or component in a system. The industry standard specification includes a software interface that is well-defined and implemented by various software in the system, and thus is desirable to retain. However, the physical interconnect in the systems employing the integrated circuit may be short, and thus the elaborate physical layer definition may consume more integrated circuit area and power than is otherwise desirable in the IC. The IC may implement a simpler and more power-efficient physical layer, reducing both power consumption and semiconductor substrate area consumption, in some embodiments.

Abstract translation: 集成电路（IC）实现工业标准定义的外围互连以连接到系统中的另一集成电路或组件。 行业标准规范包括由系统中的各种软件明确定义和实现的软件接口，因此是可取的。 然而，采用集成电路的系统中的物理互连可能很短，因此精细的物理层定义可能消耗比IC中其它方面所需要的更集成的电路面积和功率。 在一些实施例中，IC可以实现更简单和更节能的物理层，从而降低功耗和半导体衬底面积消耗。

公开(公告)号：US20140089617A1

公开(公告)日：2014-03-27

申请号：US13626546

申请日：2012-09-25

Applicant: APPLE INC.

Inventor： R. Stephen Polzin ,  James B. Keller ,  Gerard R. Williams, III

IPC: G06F12/14

CPC classification number: G06F12/14 ,  G06F12/1441 ,  G06F21/575 ,  G06F21/74

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

Abstract translation: SOC实现安全飞地处理器（SEP）。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离（例如SOC中的一个或多个中央处理单元（CPU），或SOC中的应用处理器（AP））。 对SEP的访问可以由硬件严格控制。 例如，描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息，SEP可以读取并响应。 在一些实施例中，SEP可以包括以下一个或多个：使用包装密钥的安全密钥管理，引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。

公开(公告)号：US08775757B2

公开(公告)日：2014-07-08

申请号：US13626546

申请日：2012-09-25

Applicant: Apple Inc.

Inventor： R. Stephen Polzin ,  James B. Keller ,  Gerard R. Williams, III

IPC: G06F12/14

CPC classification number: G06F12/14 ,  G06F12/1441 ,  G06F21/575 ,  G06F21/74

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

Abstract translation: SOC实现安全飞地处理器（SEP）。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离（例如SOC中的一个或多个中央处理单元（CPU），或SOC中的应用处理器（AP））。 对SEP的访问可以由硬件严格控制。 例如，描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息，SEP可以读取并响应。 在一些实施例中，SEP可以包括以下一个或多个：使用包装密钥的安全密钥管理，引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。

公开(公告)号：US09047471B2

公开(公告)日：2015-06-02

申请号：US13626585

申请日：2012-09-25

Applicant: Apple Inc.

Inventor： R. Stephen Polzin ,  Fabrice L. Gautier ,  Mitchell D. Adler ,  Timothy R. Paaske ,  Michael J. Smith

IPC: G06F9/24 ,  G06F1/24 ,  G06F15/177 ,  G06F7/04 ,  H04N7/16 ,  G06F21/57 ,  G06F21/74 ,  G06F21/76 ,  G06F21/00 ,  G06F9/44 ,  G06F12/14 ,  G06F9/445 ,  G06F15/167

CPC classification number: G06F21/575 ,  G06F1/24 ,  G06F9/24 ,  G06F9/4401 ,  G06F9/44505 ,  G06F12/14 ,  G06F15/167 ,  G06F21/00 ,  G06F21/572 ,  G06F21/60 ,  G06F21/74 ,  G06F21/76 ,  G06F21/81

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

Abstract translation: SOC实现安全飞地处理器（SEP）。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离（例如SOC中的一个或多个中央处理单元（CPU），或SOC中的应用处理器（AP））。 对SEP的访问可以由硬件严格控制。 例如，描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息，SEP可以读取并响应。 在一些实施例中，SEP可以包括以下一个或多个：使用包装密钥的安全密钥管理，引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。

公开(公告)号：US20150010148A1

公开(公告)日：2015-01-08

申请号：US14493458

申请日：2014-09-23

Applicant: Apple Inc.

Inventor： R. Stephen Polzin ,  Fabrice L. Gautier ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Michael L. H. Brouwer

IPC: H04L9/08

CPC classification number: H04L9/0861 ,  G06F21/72 ,  G09C1/00 ,  H04L9/0822 ,  H04L9/0897 ,  H04L2209/24

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

Abstract translation: SOC实现安全飞地处理器（SEP）。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离（例如SOC中的一个或多个中央处理单元（CPU），或SOC中的应用处理器（AP））。 对SEP的访问可以由硬件严格控制。 例如，描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息，SEP可以读取并响应。 在一些实施例中，SEP可以包括以下一个或多个：使用包装密钥的安全密钥管理，引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。