公开(公告)号：US08424071B2

公开(公告)日：2013-04-16

申请号：US12621570

申请日：2009-11-19

申请人： Mariette Awad ,  Deanna C. Lim ,  Pascal A. Nsame ,  Daneyand J. Singley ,  Sebastian T. Ventrone

发明人： Mariette Awad ,  Deanna C. Lim ,  Pascal A. Nsame ,  Daneyand J. Singley ,  Sebastian T. Ventrone

IPC分类号： G06F7/04

CPC分类号： G06F21/55 ,  G06F21/31

摘要： In one embodiment, the invention is a method and apparatus for secure and reliable computing. One embodiment of an end-to-end security system for protecting a computing system includes a processor interface coupled to at least one of an application processor and an accelerator of the computing system, for receiving requests from the at least one of the application processor and the accelerator, a security processor integrating at least one embedded storage unit and connected to the processor interface with a tightly coupled memory unit for performing at least one of: authenticating, managing, monitoring, and processing the requests, and a data interface for communicating with a display, a network, and at least one embedded storage unit for securely holding at least one of data and programs used by the at least one of the application processor and the accelerator.

公开(公告)号：US20100269166A1

公开(公告)日：2010-10-21

申请号：US12621570

申请日：2009-11-19

申请人： Mariette Awad ,  Deanna C. Lim ,  Pascal A. Nsame ,  Dancyand J. Singley ,  Sebastian T. Ventrone

发明人： Mariette Awad ,  Deanna C. Lim ,  Pascal A. Nsame ,  Dancyand J. Singley ,  Sebastian T. Ventrone

IPC分类号： G06F21/20

CPC分类号： G06F21/55 ,  G06F21/31

摘要： In one embodiment, the invention is a method and apparatus for secure and reliable computing. One embodiment of an end-to-end security system for protecting a computing system includes a processor interface coupled to at least one of an application processor and an accelerator of the computing system, for receiving requests from the at least one of the application processor and the accelerator, a security processor integrating at least one embedded storage unit and connected to the processor interface with a tightly coupled memory unit for performing at least one of: authenticating, managing, monitoring, and processing the requests, and a data interface for communicating with a display, a network, and at least one embedded storage unit for securely holding at least one of data and programs used by the at least one of the application processor and the accelerator.

摘要翻译： 在一个实施例中，本发明是用于安全和可靠计算的方法和装置。 用于保护计算系统的端到端安全系统的一个实施例包括耦合到计算系统的应用处理器和加速器中的至少一个的处理器接口，用于接收来自应用处理器的至少一个和 加速器，集成至少一个嵌入式存储单元并且与处理器接口连接的紧密耦合的存储器单元的安全处理器，用于执行以下至少一个：认证，管理，监视和处理请求，以及数据接口，用于与 显示器，网络和至少一个嵌入式存储单元，用于安全地保持应用处理器和加速器中的至少一个使用的数据和程序中的至少一个。

公开(公告)号：US20090119772A1

公开(公告)日：2009-05-07

申请号：US11935601

申请日：2007-11-06

申请人： Mariette Awad ,  Adam E. Trojunowski

发明人： Mariette Awad ,  Adam E. Trojunowski

IPC分类号： G06F7/04

CPC分类号： G06F21/6218

摘要： In one method, the embodiments herein providing secure file access when a user opens an application and uses the application to make a request to open a data file on a secure file system. The method checks a trusted application list, by kernel extension, to determine if the application comprises a trusted application. The method also checks the user's permission to access the secure file system. The embodiments herein pass an “extended” permission to any applications that are trusted applications. Therefore, the methods herein control access to the secure file system based not only on the user's permission, but also on the “extended” permission, such that the kernel extension allows access to files. With embodiments herein, the trusted application performs the extended permission management.

摘要翻译： 在一种方法中，本文的实施例在用户打开应用程序时提供安全文件访问，并使用该应用程序作出请求以在安全文件系统上打开数据文件。 该方法通过内核扩展来检查受信任的应用程序列表，以确定应用程序是否包含受信任的应用程序。 该方法还检查用户访问安全文件系统的权限。 本文的实施例将“扩展”权限传递给任何被信任应用的应用。 因此，这里的方法不仅基于用户的许可而且基于“扩展”权限来控制对安全文件系统的访问，使得内核扩展允许访问文件。 利用这里的实施例，可信应用执行扩展许可管理。