公开(公告)号：US07822993B2

公开(公告)日：2010-10-26

申请号：US10927729

申请日：2004-08-27

申请人： Dinarte R. Morais ,  Jeffrey A. Andrews ,  William E. Hall

发明人： Dinarte R. Morais ,  Jeffrey A. Andrews ,  William E. Hall

IPC分类号： G06F11/30

CPC分类号： G06F12/1408 ,  G06F12/1475

摘要： A computing environment maintains the confidentiality of data stored in system memory. The computing environment has an encryption circuit in communication with a CPU. The system memory is also in communication with the encryption circuit. An address bus having a plurality of address lines forms part of the system and a value of at least one of the address lines determines a key selected from a plurality of keys to use in the encryption circuit to encrypt data being transferred by the CPU to the memory.

摘要翻译： 计算环境维护存储在系统存储器中的数据的机密性。 计算环境具有与CPU通信的加密电路。 系统存储器也与加密电路通信。 具有多个地址线的地址总线形成系统的一部分，并且至少一个地址线的值确定从多个密钥中选择的密钥以在加密电路中使用以将由CPU传送的数据加密到 记忆。

公开(公告)号：US07802110B2

公开(公告)日：2010-09-21

申请号：US10925657

申请日：2004-08-25

申请人： Dinarte R. Morais

发明人： Dinarte R. Morais

IPC分类号： G06F12/14

CPC分类号： G06F21/51

摘要： A system comprises a memory and a processor that supports different privilege levels. Only program code executing at a certain privilege level is permitted to map memory and to assign access permission to the mapped memory, such as read-only, writable, and executable. Control code executing on the processor at that privilege level, in response to a request from other code executing at a different privilege level, maps a portion of memory for loading an executable file. After the executable file has been loaded into the mapped memory, the control code then verifies a signature associated with the executable file. If the signature is verified, the control code permits the executable file to be executed by the processor at a privilege level other than the one at which the control code executes. Otherwise, the control code prevents the executable file from being executed on the processor.

摘要翻译： 系统包括支持不同权限级别的存储器和处理器。 仅允许在特定权限级别执行的程序代码映射存储器并为映射的存储器分配访问权限，例如只读，可写和可执行。 响应于在不同权限级别执行的其他代码的请求，在该特权级别处理器上执行的控制代码映射用于加载可执行文件的一部分存储器。 在将可执行文件加载到映射的存储器中之后，控制代码然后验证与可执行文件相关联的签名。 如果签名被验证，则控制代码允许处理器以除控制代码执行的特权级别之外的特权级别执行可执行文件。 否则，控制代码防止可执行文件在处理器上执行。

公开(公告)号：US07356668B2

公开(公告)日：2008-04-08

申请号：US10928519

申请日：2004-08-27

申请人： Dinarte R. Morais ,  Jeffrey A. Andrews

发明人： Dinarte R. Morais ,  Jeffrey A. Andrews

IPC分类号： G06F9/26 ,  G06F9/34 ,  G06F12/00

CPC分类号： G06F12/1408 ,  G06F21/57

摘要： A integrity control system uses the address bits to enable protection of data stored in a system memory. An address bus that determines the location of data to be stored or retrieved from system memory has a plurality of address lines. A subset of the address lines enables the protection mechanism to generate an integrity control value representative of the data and determine where the integrity check value is stored in a secure memory.

摘要翻译： 完整性控制系统使用地址位来保护存储在系统存储器中的数据。 确定要从系统存储器存储或检索的数据的位置的地址总线具有多个地址线。 地址线的子集使得保护机制能够生成表示数据的完整性控制值，并确定完整性校验值存储在安全存储器中的位置。

公开(公告)号：US07734926B2

公开(公告)日：2010-06-08

申请号：US10929036

申请日：2004-08-27

申请人： Dinarte R. Morais

发明人： Dinarte R. Morais

IPC分类号： H04L9/32

CPC分类号： G06F12/1408 ,  G06F12/145 ,  H04L9/0872 ,  H04L2209/125 ,  H04L2209/80

摘要： A computing environment maintains the integrity of data stored in system memory. The system has an address bus that comprises a plurality of address lines. The value of at least a portion of the address line is determined by a real page number stored in a page table. The system also comprises an encryption circuit that converts data from plaintext to ciphertext as a function of a key value. A circuit derives the key value as a function of at least a portion of the address line that is set by the real page number.

摘要翻译： 计算环境维护存储在系统存储器中的数据的完整性。 该系统具有包括多个地址线的地址总线。 地址行的至少一部分的值由存储在页表中的真实页码确定。 该系统还包括作为密钥值的函数将数据从明文转换为密文的加密电路。 电路根据真实页码设置的地址线的至少一部分，将键值作为函数。

公开(公告)号：US08726042B2

公开(公告)日：2014-05-13

申请号：US12040654

申请日：2008-02-29

申请人： Sebastian Lange ,  Dinarte R. Morais ,  Victor Tan ,  Adam G. Poulos

发明人： Sebastian Lange ,  Dinarte R. Morais ,  Victor Tan ,  Adam G. Poulos

IPC分类号： G06F12/14

CPC分类号： G06F21/64

摘要： Various mechanisms are disclosed for protecting the security of memory in a computing environment. A security layer can have an encryption layer and a hashing layer that can dynamically encrypt and then dynamically hash sensitive information, as it is being loaded to dynamic memory of a computing device. For example, a memory unit that can correspond to a memory page can be processed by the security layer, and header data, code, and protect-worthy data can be secured, while other non-sensitive data can be left alone. Once such information is secured and stored in dynamic memory, it can be accessed at a later time by a processor and unencrypted and hash checked. Then, it can be loaded back onto the dynamic memory, thereby preventing direct memory access attacks.

摘要翻译： 公开了用于在计算环境中保护存储器的安全性的各种机制。 安全层可以具有加密层和散列层，其可以在被加载到计算设备的动态存储器时动态加密然后动态地散列敏感信息。 例如，可以由安全层处理可对应于存储器页面的存储单元，并且可以确保头数据，代码和保护值数据，而其他非敏感数据可以单独存在。 一旦这样的信息被保护并存储在动态存储器中，它可以在稍后的时间被处理器访问，并且进行未加密和散列检查。 然后，它可以加载回动态内存，从而防止直接的内存访问攻击。

公开(公告)号：US07653802B2

公开(公告)日：2010-01-26

申请号：US10928786

申请日：2004-08-27

申请人： Dinarte R. Morais ,  Jeffrey A. Andrews

发明人： Dinarte R. Morais ,  Jeffrey A. Andrews

IPC分类号： G06F9/32

CPC分类号： G06F12/10 ,  G06F12/1027 ,  G06F12/145

摘要： A computing environment maintains the integrity of data stored in system memory. The system has a memory management unit that maintains a plurality of real page numbers. The system also comprises an address bus in communication with the memory management unit. The address bus comprises a plurality of address lines, wherein a value of at least one address line is set by a real page number from the memory management unit. The system has an operating system that controls memory usage by controlling the real page numbers stored in said page table that is accessed by the memory management unit. At least one security feature such as data encryption is selectively applied to data stored in a page of said memory as enabled by a value of said address line set by said real page number.

摘要翻译： 计算环境维护存储在系统存储器中的数据的完整性。 该系统具有维持多个真实页码的存储器管理单元。 该系统还包括与存储器管理单元通信的地址总线。 地址总线包括多个地址线，其中至少一个地址线的值由来自存储器管理单元的实际页号设置。 该系统具有通过控制由存储器管理单元访问的存储在所述页表中的真实页码来控制存储器使用的操作系统。 至少一个诸如数据加密的安全特征被选择性地应用于由所述真实页码设置的所述地址线的值所启用的存储在所述存储器的页面中的数据。

公开(公告)号：US07496495B2

公开(公告)日：2009-02-24

申请号：US11128460

申请日：2005-05-12

申请人： Andrew R. Solomon ,  Dinarte R. Morais

发明人： Andrew R. Solomon ,  Dinarte R. Morais

IPC分类号： G06F9/455

CPC分类号： G06F21/78 ,  G06F9/45537

摘要： Attempts by drivers of a virtualized legacy computer game to communicate with nonexistent legacy game system hardware are converted into calls to actual hardware of the host computer game system. An access control list (ACL) restricting and/or reducing page permissions is used to explicitly forbid the drivers of the legacy computer game operating on the virtualized legacy computer game platform from writing to the MMIO addresses of the legacy computer game system. When the operating system of the virtualized legacy computer game platform attempts to touch its driver memory by writing to the MMIO addresses, the operating system of the host computer game system perceives a memory access violation, suspends the virtual machine implementing the virtualized computer game platform, and passes the intended write to an exception handler of the host operating system. The exception handler of the host operating system translates the attempted hardware access command into the command language of the host operating system and then returns control to the operating system of the virtualized legacy computer game platform. The legacy game is completely unaware of this address translation in that it sees only a successful hardware result and proceeds.

摘要翻译： 虚拟化旧式电脑游戏的驱动程序尝试与不存在的传统游戏系统硬件进行通信，转换为主机计算机游戏系统的实际硬件的调用。 使用限制和/或减少页面许可的访问控制列表（ACL）来明确地禁止在虚拟化旧式计算机游戏平台上运行的旧式计算机游戏的驱动程序从写入传统计算机游戏系统的MMIO地址。 当虚拟化旧式电脑游戏平台的操作系统通过写入MMIO地址来尝试触摸其驱动器存储器时，主机游戏系统的操作系统感知存储器访问冲突，暂停实现虚拟化计算机游戏平台的虚拟机， 并将预期的写入传递给主机操作系统的异常处理程序。 主机操作系统的异常处理程序将尝试的硬件访问命令转换为主机操作系统的命令语言，然后将控制权返回到虚拟化旧式计算机游戏平台的操作系统。 遗留的游戏完全不知道这个地址翻译，因为它只看到一个成功的硬件结果并且继续进行。

公开(公告)号：US07444523B2

公开(公告)日：2008-10-28

申请号：US10928970

申请日：2004-08-27

申请人： Dinarte R. Morais ,  Jeffrey A. Andrews

发明人： Dinarte R. Morais ,  Jeffrey A. Andrews

IPC分类号： H04L9/32 ,  H04L9/00

CPC分类号： G06F21/85 ,  G06F21/78

摘要： A integrity control system uses the address bits to enable encryption and/or protection of data stored in a system memory. The encryption and protection mechanisms are coupled to the CPU by way of a data bus and to the memory by way of a data bus. An address bus that determines the location of data to be stored or retrieved from system memory has a plurality of address lines. At least one of the address lines enabling the encryption mechanism to encrypt data before storage in the memory and to decrypt data after retrieval from memory. Another address line enables the protection mechanism to generate a hash of the data. The hash is stored and used to determine whether data has been altered while stored in system memory.

摘要翻译： 完整性控制系统使用地址位来启用对存储在系统存储器中的数据的加密和/或保护。 加密和保护机制通过数据总线和数据总线连接到CPU。 确定要从系统存储器存储或检索的数据的位置的地址总线具有多个地址线。 至少一个地址线使加密机制能够在存储器中存储之前对数据进行加密，并且在从存储器检索之后解密数据。 另一个地址线使得保护机制能够生成数据的散列。 哈希存储并用于确定在存储在系统内存中数据是否已更改。