公开(公告)号：US20130111551A1

公开(公告)日：2013-05-02

申请号：US13452754

申请日：2012-04-20

申请人： Richard Dellacona ,  Robert Arnon

发明人： Richard Dellacona ,  Robert Arnon

IPC分类号： G06F21/60

CPC分类号： G06F21/60 ,  G06F12/1433 ,  G06F21/50 ,  G06F21/53 ,  G06F21/567 ,  G06F21/70 ,  G06F21/78 ,  G06F21/85 ,  G06F2221/2153

摘要： A computer readable storage medium has instructions that, when executed by a host computer cause the host computer to perform a method of write protecting the storage medium and therefore preventing a non-registered user from changing the permissions log file. The instructions include: writing copies of control files of the host computer into the protected memory, writing a copy of a user permissions log file of the host computer into the protected memory, and changing a startup execute path function of the host computer to initially read the copy of the user permissions log file in the protected memory; and opening a write controlling circuit path to prevent access to changing the permissions log file.

摘要翻译： 计算机可读存储介质具有这样的指令：当由主计算机执行时，主计算机执行写保护存储介质的方法，并且因此防止非注册用户改变权限日志文件。 说明包括：将主机控制文件的副本写入受保护的内存，将主机的用户权限日志文件的副本写入受保护的内存，并更改主机的启动执行路径功能，以初始读取 在受保护的内存中的用户权限日志文件的副本; 并打开写入控制电路路径，以防止访问更改权限日志文件。

公开(公告)号：US08423789B1

公开(公告)日：2013-04-16

申请号：US12125670

申请日：2008-05-22

申请人： Tze Lei Poo ,  Gregory Burd ,  Phuc Thanh Tran ,  Saeed Azimi

发明人： Tze Lei Poo ,  Gregory Burd ,  Phuc Thanh Tran ,  Saeed Azimi

IPC分类号： G06F21/00

CPC分类号： G06F21/602 ,  G06F21/70 ,  G06F21/72 ,  G06F2221/2143 ,  G11B20/0021 ,  H04L9/0822 ,  H04L9/0866

摘要： In one or more embodiments, an integrated circuit includes a programmable memory, a key generation module and a module. The programmable memory is to maintain a first key portion. The key generation module is to generate a key using the first key portion from the programmable memory and a second key portion received via a memory interface. The module is to encrypt or decrypt data using the key.

公开(公告)号：US08384412B2

公开(公告)日：2013-02-26

申请号：US11461239

申请日：2006-07-31

申请人： Andrew Dellow

发明人： Andrew Dellow

IPC分类号： H03K19/00

CPC分类号： G06F21/70 ,  G06F21/73

摘要： A method distributes personalized circuits to one or more parties. The method distributes a generic circuit to each party, encrypts a unique personalization value using a secret encryption key, and transmits each encrypted personalization value to the corresponding party. Each party then stores the encrypted personalization value in their circuit. The stored encrypted personalization value allows a piece of software to be properly executed by the circuit. A semiconductor integrated circuit is arranged to execute a piece of software that inputs a personalization value as an input parameter. The circuit comprises a personalization memory arranged to store an encrypted personalization value; a key memory for storing a decryption key; a control unit comprising a cryptographic circuit arranged to decrypt the encrypted personalization value using the decryption key; and a processor arranged to receive the decrypted personalization value and execute the software using the decrypted personalization value.

摘要翻译： 一种方法将个性化电路分配给一个或多个方。 该方法将通用电路分配给每一方，使用秘密加密密钥加密唯一的个性化值，并将每个加密的个性化值发送给相应方。 各方然后将加密的个性化值存储在其电路中。 存储的加密个性化值允许一个软件被电路正确地执行。 半导体集成电路被布置为执行输入个性化值作为输入参数的软件。 该电路包括个人化存储器，其被布置成存储加密的个性化值; 用于存储解密密钥的密钥存储器; 控制单元，包括密码电路，其被设置为使用所述解密密钥对所述加密的个性化值进行解密; 以及被配置为接收解密的个性化值并使用解密的个性化值来执行软件的处理器。

公开(公告)号：US20130042329A1

公开(公告)日：2013-02-14

申请号：US13584680

申请日：2012-08-13

申请人： Jon Stevens

发明人： Jon Stevens

IPC分类号： G06F21/00

CPC分类号： G08B13/1409 ,  G06F21/70 ,  G06F21/88 ,  G06F2221/2137

摘要： An electronic device, prior to entering a distribution channel, is equipped with a loss prevention client which permits limited use of the device until correct authentication is provided by a legitimate purchaser. By permitting limited use before authentication, the device remains both useful to a legitimate purchaser and valuable to a thief. While allowing operation in the possession of a thief, options can be provided to permit tracking of the device or to allow proper purchase of the device.

摘要翻译： 电子设备在进入分发渠道之前配备有防止损失的客户端，该客户端允许有限的使用设备，直到合法购买者提供正确的认证。 通过在认证之前允许有限的使用，该设备对于合法购买者来说仍然是有用的并且对小偷是有价值的。 在允许操作窃贼的同时，可以提供选项以允许跟踪设备或允许适当地购买设备。

公开(公告)号：US20130013909A1

公开(公告)日：2013-01-10

申请号：US13620119

申请日：2012-09-14

申请人： Stephen Anthony Fischer ,  Varghese George ,  Sanjeev Jahagirdar ,  Stephen H. Gunther

发明人： Stephen Anthony Fischer ,  Varghese George ,  Sanjeev Jahagirdar ,  Stephen H. Gunther

IPC分类号： G06F1/28 ,  G06F9/00

CPC分类号： G06F21/57 ,  G06F1/324 ,  G06F1/3296 ,  G06F21/575 ,  G06F21/70 ,  G06F21/81 ,  G06F2221/2101 ,  Y02D10/126

摘要： A system and method is provided for establishing safe processor operating points. Some embodiments may include a tamper resistant storage element that stores information regarding one or more operating points of an adjustable processor operating parameter. Some embodiments may further include an element to determine what the current processor operating point is of the operating parameter, and an element to compare the current operating point of the operating parameter with the stored information.

摘要翻译： 提供了一种用于建立安全处理器工作点的系统和方法。 一些实施例可以包括防篡改存储元件，其存储关于可调节处理器操作参数的一个或多个操作点的信息。 一些实施例可以进一步包括用于确定当前处理器工作点是操作参数的元件，以及将操作参数的当前操作点与存储的信息进行比较的元件。

公开(公告)号：US20120250429A1

公开(公告)日：2012-10-04

申请号：US13435201

申请日：2012-03-30

申请人： FRANCOIS TAILLIET ,  Marc Battista ,  Luc Wuidart

发明人： FRANCOIS TAILLIET ,  Marc Battista ,  Luc Wuidart

IPC分类号： G11C7/00 ,  H01L21/66 ,  H01L27/02

CPC分类号： H04W12/04 ,  G01R31/31719 ,  G06F21/70 ,  H01L22/14 ,  H01L22/20 ,  H01L2924/0002 ,  H04W12/08 ,  H01L2924/00

摘要： A process is provided for fabricating a wafer including a plurality of chips separated by scribe lines. The method includes locking at least one chip on the wafer using a secret key, and writing the secret key into at least one memory present on the wafer.

摘要翻译： 提供了一种用于制造包括由划线分开的多个芯片的晶片的工艺。 该方法包括使用秘密密钥将晶片上的至少一个芯片锁定，并将秘密密钥写入存在于晶片上的至少一个存储器。

公开(公告)号：US20120137120A1

公开(公告)日：2012-05-31

申请号：US13365096

申请日：2012-02-02

申请人： Stephen Anthony FISCHER ,  Varghese GEORGE ,  Sanjeev JAHAGIRDAR ,  Stephen H. GUNTHER

发明人： Stephen Anthony FISCHER ,  Varghese GEORGE ,  Sanjeev JAHAGIRDAR ,  Stephen H. GUNTHER

IPC分类号： G06F1/24

CPC分类号： G06F21/57 ,  G06F1/324 ,  G06F1/3296 ,  G06F21/575 ,  G06F21/70 ,  G06F21/81 ,  G06F2221/2101 ,  Y02D10/126

摘要： A system and method is provided for establishing safe processor operating points. Some embodiments may include a tamper resistant storage element that stores information regarding one or more operating points of an adjustable processor operating parameter. Some embodiments may further include an element to determine what the current processor operating point is of the operating parameter, and an element to compare the current operating point of the operating parameter with the stored information.

摘要翻译： 提供了一种用于建立安全处理器工作点的系统和方法。 一些实施例可以包括防篡改存储元件，其存储关于可调节处理器操作参数的一个或多个操作点的信息。 一些实施例可以进一步包括用于确定当前处理器工作点是操作参数的元件，以及将操作参数的当前操作点与存储的信息进行比较的元件。

公开(公告)号：US20120102333A1

公开(公告)日：2012-04-26

申请号：US12975555

申请日：2010-12-22

申请人： Daniel W. Wong

发明人： Daniel W. Wong

IPC分类号： G06F21/22

CPC分类号： G06F21/70 ,  G06F21/00 ,  G06F21/10 ,  G06F21/575 ,  G06F21/60 ,  G06F21/72 ,  G06F2221/0797

摘要： A secure execution environment for execution of sensitive code and data including a secure asset management unit (SAMU) is described. The SAMU provides a secure execution environment to run multiple instances of separate program code or data code associated with copy protection schemes established for content consumption. The SAMU architecture allows for hardware-based secure boot and memory protection and provides on-demand code execution for multiple instances of separate program code or data provided by a host processor. The SAMU may boot from an encrypted and signed kernel code, and execute encrypted, signed code. The hardware-based security configuration facilitates the prevention of vertical or horizontal privilege violations.

摘要翻译： 描述了用于执行敏感代码和数据的安全执行环境，包括安全资产管理单元（SAMU）。 SAMU提供了一个安全的执行环境来运行独立程序代码或与为内容消费建立的复制保护方案相关联的数据代码的多个实例。 SAMU架构允许基于硬件的安全引导和内存保护，并为主处理器提供的单独程序代码或数据的多个实例提供按需代码执行。 SAMU可以从加密和签名的内核代码引导，并执行加密的签名代码。 基于硬件的安全配置有助于防止垂直或横向特权违规。

公开(公告)号：US20120023576A1

公开(公告)日：2012-01-26

申请号：US12841332

申请日：2010-07-22

申请人： Amanda Sorensen ,  Allan Byers

发明人： Amanda Sorensen ,  Allan Byers

IPC分类号： G06F21/22

CPC分类号： G06F21/577 ,  G06F21/50 ,  G06F21/55 ,  G06F21/6218 ,  G06F21/70 ,  G06F21/78 ,  H04L63/10

摘要： Systems and methods for calculating threat scores for individuals within an organization or domain are provided. Aspects of the invention relate to computer-implemented methods that form a predictive threat rating for user accounts. In one implementation, a threat score representing a first time period may be calculated. The first threat score may be calculated from a quantification of a plurality of activity violations across a plurality of control groups. Weighting schemes may be applied to certain activities, controls, and/or user accounts. Further embodiments may be configured to consider additional indicators. Further aspects relate to apparatuses configured to execute methods for ranking individual user accounts. Certain embodiments may not block transmissions that violate predefine rules, however, indications of such improper transmission may be considered when constructing a threat rating.

摘要翻译： 提供了用于计算组织或域内个人威胁分数的系统和方法。 本发明的方面涉及形成用户帐户的预测威胁等级的计算机实现的方法。 在一个实现中，可以计算表示第一时间段的威胁分数。 可以从多个控制组中的多个活动违规的量化来计算第一威胁分数。 加权方案可能适用于某些活动，控制和/或用户帐户。 其他实施例可以被配置为考虑附加的指示符。 另外的方面涉及被配置为执行用于对各个用户帐户进行排名的方法的装置。 某些实施例可能不会阻止违反预定义规则的传输，然而，当构建威胁等级时可以考虑这种不正确传输的指示。

公开(公告)号：US20110231633A1

公开(公告)日：2011-09-22

申请号：US13064257

申请日：2011-03-14

申请人： Richard Roy Grisenthwaite ,  David James Seal ,  Philippe Jean-Pierre Raphalen ,  Lee Douglas Smith

发明人： Richard Roy Grisenthwaite ,  David James Seal ,  Philippe Jean-Pierre Raphalen ,  Lee Douglas Smith

IPC分类号： G06F9/30

CPC分类号： G06F9/3016 ,  G06F9/3001 ,  G06F9/30112 ,  G06F9/3861 ,  G06F21/577 ,  G06F21/70 ,  G06F2221/2145

摘要： A data processing system 2 is provided with processing circuitry 8, 10, 12 as well as a bank of 64-bit registers 6. An instruction decoder 14 decodes arithmetic instructions and logical instruction specifying arithmetic operations and logical operations to be performed upon operands stored within the 64-bit registers 6. The instruction decoder 14 is responsive to an operand size field SF within the arithmetic instructions and the logical instructions specifying whether the operands are 64-bit operands or 32-bit operands. Each 64-bit register stores either a single 64-bit operand or a single 32-bit operand. For a given arithmetic instruction and logical instruction either all of the operands are 64-bit operands or all of the operands are 32-bit operands. A plurality of exception levels arranged in a hierarchy of exception levels may be supported. If a switch is made to a lower exception level, then a check is made as to whether or not a register being used was previously subject to a 64-bit write to that register. If such a 64-bit write had previously taken place to that register, then the upper 32-bits are flushed so as to avoid data leakage from the higher exception level.

摘要翻译： 数据处理系统2设置有处理电路8,10,12以及一组64位寄存器6.指令译码器14解码算术指令和指定算术运算的逻辑指令和对存储在其中的操作数执行的逻辑运算 64位寄存器6.指令解码器14响应于算术指令内的操作数大小字段SF，逻辑指令指定操作数是64位操作数还是32位操作数。 每个64位寄存器存储单个64位操作数或单个32位操作数。 对于给定的算术指令和逻辑指令，所有操作数都是64位操作数，或者所有操作数都是32位操作数。 可以支持以异常级别分层布置的多个异常级别。 如果将交换机设置为较低的异常级别，则检查所使用的寄存器是否先前对该寄存器进行64位写操作。 如果先前对该寄存器进行了这样的64位写操作，则高位32位被刷新，以避免数据从较高异常级别泄漏。