公开(公告)号：US08255673B2

公开(公告)日：2012-08-28

申请号：US12149088

申请日：2008-04-25

申请人： Daniel Kershaw ,  Daren Croxford

发明人： Daniel Kershaw ,  Daren Croxford

IPC分类号： G06F12/00

CPC分类号： G06F12/1491 ,  G06F21/52

摘要： Apparatus for processing data is provided comprising processing circuitry and monitoring circuitry for monitoring write transactions and performing transaction authorizations of certain transactions in dependence upon associated memory addresses. The processing circuitry is configured to enable execution of a write instruction corresponding to a write transaction to be monitored to continue to completion while the monitoring circuitry is performing monitoring of the write transactions and the monitoring circuitry is arranged to cause storage of write transaction data in an intermediate storage element for those transactions for which an authorization is required. Storage of write transaction data in an intermediate storage element enables the write transaction to be reissued in dependence upon the result of the transaction authorization although the corresponding write instruction has already completed.

摘要翻译： 提供了用于处理数据的装置，其包括处理电路和监控电路，用于根据相关的存储器地址来监视写事务和执行某些事务的交易授权。 处理电路被配置为使得能够执行与待监视的写事务相对应的写指令以继续完成，同时监视电路正在执行对写事务的监视，并且监视电路被布置成使写事务数据存储在 需要授权的那些交易的中间存储元件。 将写入事务数据存储在中间存储元件中使得能够根据交易授权的结果重新发行写入事务，尽管相应的写入指令已经完成。

公开(公告)号：US09158941B2

公开(公告)日：2015-10-13

申请号：US11376733

申请日：2006-03-16

申请人： Daren Croxford ,  Donald Felton ,  Daniel Kershaw ,  Peter Brian Wilson

发明人： Daren Croxford ,  Donald Felton ,  Daniel Kershaw ,  Peter Brian Wilson

IPC分类号： G06F17/30 ,  G06F21/79 ,  G06F12/14 ,  G06F21/74

CPC分类号： G06F21/79 ,  G06F12/145 ,  G06F21/74

摘要： A data processing apparatus and method are provided for managing access to content within the data processing apparatus. The data processing apparatus has a secure domain and a non-secure domain and comprises at least one device which is operable when seeking to access content stored in memory to issue a memory access request pertaining to either the secure domain or the non-secure domain. Further, writeable memory is provided which can store content required by the at least one device, with the writeable memory having at least one read only region whose content is stored therein under control of a secure task, the secure task being a task executed by one of the devices in the secure domain. Protection logic is then used in association with the writeable memory, which on receipt of a memory access request seeking to access content in the at least one read only region, prevents access to that read only region if that memory access request pertains to the non-secure domain and is seeking to write content to the read only region. This enables the speed, power and flexibility benefits of placing content in writeable memory to be achieved without prejudicing the security of that content, by ensuring that that content cannot be modified from the non-secure domain.

摘要翻译： 提供了一种用于管理对数据处理装置内的内容的访问的数据处理装置和方法。 数据处理装置具有安全域和非安全域，并且包括至少一个设备，当设法访问存储在存储器中的内容以发布与安全域或非安全域相关的存储器访问请求时可操作。 此外，提供可写存储器，其可以存储至少一个设备所需的内容，其中可写存储器具有至少一个只读区域，其内容在安全任务的控制下存储在其中，该安全任务是由一个执行的任务 的安全域中的设备。 然后，与可写存储器相关联地使用保护逻辑，其在接收到寻求访问所述至少一个只读区域中的内容的存储器访问请求时，如果该存储器访问请求涉及非可读存储器访问请求， 并且正在寻求将内容写入只读区域。 这使得通过确保不能从非安全域修改该内容，可以实现将内容放置在可写入内存中的速度，功率和灵活性，而不会影响该内容的安全性。

公开(公告)号：US20070220276A1

公开(公告)日：2007-09-20

申请号：US11376733

申请日：2006-03-16

申请人： Daren Croxford ,  Donald Felton ,  Daniel Kershaw ,  Peter Wilson

发明人： Daren Croxford ,  Donald Felton ,  Daniel Kershaw ,  Peter Wilson

IPC分类号： H04N7/16 ,  H04L9/32 ,  G06F12/14 ,  G06F17/30 ,  G06F7/04 ,  H04L9/00 ,  G06F11/30 ,  G06K9/00 ,  H04K1/00 ,  H03M1/68

CPC分类号： G06F21/79 ,  G06F12/145 ,  G06F21/74

摘要： A data processing apparatus and method are provided for managing access to content within the data processing apparatus. The data processing apparatus has a secure domain and a non-secure domain and comprises at least one device which is operable when seeking to access content stored in memory to issue a memory access request pertaining to either the secure domain or the non-secure domain. Further, writeable memory is provided which can store content required by the at least one device, with the writeable memory having at least one read only region whose content is stored therein under control of a secure task, the secure task being a task executed by one of the devices in the secure domain. Protection logic is then used in association with the writeable memory, which on receipt of a memory access request seeking to access content in the at least one read only region, prevents access to that read only region if that memory access request pertains to the non-secure domain and is seeking to write content to the read only region. This enables the speed, power and flexibility benefits of placing content in writeable memory to be achieved without prejudicing the security of that content, by ensuring that that content cannot be modified from the non-secure domain.

摘要翻译： 提供了一种用于管理对数据处理装置内的内容的访问的数据处理装置和方法。 数据处理装置具有安全域和非安全域，并且包括至少一个设备，当设法访问存储在存储器中的内容以发布与安全域或非安全域相关的存储器访问请求时可操作。 此外，提供可写存储器，其可以存储至少一个设备所需的内容，其中可写存储器具有至少一个只读区域，其内容在安全任务的控制下存储在其中，该安全任务是由一个执行的任务 的安全域中的设备。 然后，与可写存储器相关联地使用保护逻辑，其在接收到寻求访问所述至少一个只读区域中的内容的存储器访问请求时，如果该存储器访问请求涉及非可读存储器访问请求， 并且正在寻求将内容写入只读区域。 这使得通过确保不能从非安全域修改该内容，可以实现将内容放置在可写入内存中的速度，功率和灵活性，而不会影响该内容的安全性。

公开(公告)号：US20090271583A1

公开(公告)日：2009-10-29

申请号：US12149088

申请日：2008-04-25

申请人： Daniel Kershaw ,  Daren Croxford

发明人： Daniel Kershaw ,  Daren Croxford

IPC分类号： G06F12/06

CPC分类号： G06F12/1491 ,  G06F21/52

摘要： Apparatus for processing data is provided comprising processing circuitry and monitoring circuitry for monitoring write transactions and performing transaction authorisations of certain transactions in dependence upon associated memory addresses. The processing circuitry is configured to enable execution of a write instruction corresponding to a write transaction to be monitored to continue to completion whilst the monitoring circuitry is performing monitoring of the write transactions and the monitoring circuitry is arranged to cause storage of write transaction data in an intermediate storage element for those transactions for which an authorisation is required. Storage of write transaction data in an intermediate storage element enables the write transaction to be reissued in dependence upon the result of the transaction authorisation although the corresponding write instruction has already completed.

摘要翻译： 提供了用于处理数据的装置，其包括处理电路和监控电路，用于根据相关的存储器地址来监视写事务和执行某些事务的交易授权。 处理电路被配置为使得能够执行与待监视的写事务相对应的写指令以继续完成，同时监视电路正在执行对写事务的监视，并且监视电路被布置为使写事务数据存储在 需要授权的那些交易的中间存储元件。 将写入事务数据存储在中间存储元件中使得能够根据交易授权的结果重新发行写入事务，尽管相应的写入指令已经完成。

公开(公告)号：US08850041B2

公开(公告)日：2014-09-30

申请号：US12472129

申请日：2009-05-26

申请人： Madan Appiah ,  Malcolm Erik Pearson ,  Daniel Kershaw

发明人： Madan Appiah ,  Malcolm Erik Pearson ,  Daniel Kershaw

IPC分类号： G06F15/16 ,  G06F9/46

CPC分类号： G06F9/468

摘要： Embodiments disclosed herein extend to the use of administrative roles in a multi-tenant environment. The administrative roles define administrative tasks defining privileged operations that may be performed on the resources or data of a particular tenant. In some embodiments, the administrative tasks are a subset of administrative tasks. The administrative role also defines target objects which may be subjected to the administrative tasks. In some embodiments, the target objects are a subset of target objects. An administrator may associate a user or group of users of the particular tenant with a given administrative role. In this way, the user or group of users are delegated permission to perform the subset of administrative tasks on the subset of target objects without having to be given permission to perform all administrative tasks on all target objects.

摘要翻译： 本文公开的实施例扩展到在多租户环境中使用管理角色。 管理角色定义了可以对特定租户的资源或数据执行的特权操作的管理任务。 在一些实施例中，管理任务是管理任务的子集。 管理角色还定义了可能受到管理任务的目标对象。 在一些实施例中，目标对象是目标对象的子集。 管理员可以将特定租户的用户或一组用户与给定的管理角色相关联。 以这种方式，用户或用户组被授予在目标对象子集上执行管理任务子集的权限，而不必被授予在所有目标对象上执行所有管理任务的权限。

公开(公告)号：US08775824B2

公开(公告)日：2014-07-08

申请号：US12003858

申请日：2008-01-02

申请人： Daniel Kershaw ,  Nigel Charles Paver

发明人： Daniel Kershaw ,  Nigel Charles Paver

IPC分类号： G06F21/72 ,  G06F21/57

CPC分类号： G06F21/53 ,  G06F21/74 ,  G06F2221/2105

摘要： A data processing apparatus comprising: a data processor for processing data in a secure and a non-secure mode, said data processor processing data in said secure mode having access to secure data that is not accessible to said data processor in said non-secure mode, and processing data in said secure mode being performed under control of a secure operating system and processing data in said non-secure mode being performed under control of a non-secure operating system; and a further processing device for performing a task in response to a request from said data processor, said task comprising processing data at least some of which is secure data; wherein said further processing device is responsive to receipt of a signal to suspend said task to initiate: processing of said secure data using a secure key; and storage of said processed secure data to a non-secure data store; and is responsive to receipt of a signal to resume said task to initiate: retrieval of said processed secure data from said non-secure data store; and restoring of said processed secure data using said secure key; wherein said secure key is securely stored such that it is not accessible to other processes operating in said non-secure mode.

摘要翻译： 一种数据处理装置，包括：用于以安全和非安全模式处理数据的数据处理器，所述数据处理器处理所述安全模式中的数据，以访问在所述非安全模式下所述数据处理器不可访问的安全数据 并且在安全操作系统的控制下执行所述安全模式中的处理数据，并且在非安全操作系统的控制下执行所述非安全模式中的数据处理; 以及用于响应于来自所述数据处理器的请求执行任务的另一处理装置，所述任务包括处理数据，其中至少一些是安全数据; 其中所述另外的处理设备响应于收到信号以暂停所述任务以启动：使用安全密钥处理所述安全数据; 以及将所述处理的安全数据存储到非安全数据存储器; 并且响应于接收到信号以恢复所述任务以启动：从所述非安全数据存储中检索所述处理的安全数据; 以及使用所述安全密钥恢复所述处理的安全数据; 其中所述安全密钥被安全地存储，使得对于在所述非安全模式中操作的其他进程是不可访问的。

公开(公告)号：US08694862B2

公开(公告)日：2014-04-08

申请号：US13451728

申请日：2012-04-20

申请人： Yiannakis Sazeides ,  Emre Özer ,  Daniel Kershaw ,  Jean-Baptiste Brelot

发明人： Yiannakis Sazeides ,  Emre Özer ,  Daniel Kershaw ,  Jean-Baptiste Brelot

IPC分类号： G11C29/00 ,  G06F11/00 ,  H03M13/00

CPC分类号： H03M13/033 ,  G06F11/1008 ,  H03M13/13 ,  H03M13/19

摘要： A data processing apparatus is provided having error code generation circuitry configured to generate an error code associated with a received data value, such that a bit change in the received data value can be known about by reference to the error code. Stored data values are stored in a data store and associated error codes are stored in an error code store. Error checking circuitry performs a verification operation on a stored data value and an associated error code to determine if an error has occurred in at least one of the stored data value and the associated error code during storage. The received data value comprises at least one additional bit with respect to the stored data value and the error checking circuitry is configured to reconstruct the at least one additional bit by reference to the stored data value and the associated error code.

摘要翻译： 提供了一种数据处理装置，其具有错误代码产生电路，其被配置为生成与接收的数据值相关联的错误代码，使得可以通过参考错误代码了解接收的数据值中的位改变。 存储的数据值存储在数据存储中，相关的错误代码存储在错误代码存储中。 错误检查电路对存储的数据值和相关联的错误代码执行验证操作，以确定存储期间存储的数据值和相关联的错误代码中的至少一个中是否已经发生错误。 所接收的数据值包括相对于存储的数据值的至少一个附加位，并且错误检查电路被配置为通过参考所存储的数据值和相关联的错误代码来重建该至少一个附加位。

公开(公告)号：US08255446B2

公开(公告)日：2012-08-28

申请号：US11987323

申请日：2007-11-29

申请人： Daniel Kershaw ,  Mladen Wilder ,  Dominic Hugo Symes

发明人： Daniel Kershaw ,  Mladen Wilder ,  Dominic Hugo Symes

IPC分类号： G06F7/38

CPC分类号： G06F7/768 ,  G06F9/30032 ,  G06F9/30036 ,  G06F9/30109 ,  G06F9/30112 ,  G06F9/3013 ,  G06F9/3885 ,  G06F9/3887

摘要： An apparatus and method are provided for performing rearrangement operations and arithmetic operations on data. The data processing apparatus has processing circuitry for performing Single Instruction Multiple Data (SIMD) processing operations and scalar processing operations, a register bank for storing data and control circuitry responsive to program instructions to control the processing circuitry to perform data processing operations. The control circuitry is arranged to responsive to a combined rearrangement arithmetic instruction to control the processing circuitry to perform a rearrangement operation and at least one SIMD arithmetic operation on a plurality of data elements stored in the register bank. The rearrangement operation is configurable by a size parameter derived at least in part from the register bank. The size parameter provides an indication of a number of data elements forming a rearrangement element for the purposes of the rearrangement operation. The associated method involves controlling processing circuitry to perform a rearrangement operation and at least one SIMD arithmetic operation in response to a combined rearrangement arithmetic instruction and providing the scalar logic size parameter to configure the rearrangement operation. A computer program product is also provided comprising at least one combined rearrangement arithmetic instruction.

摘要翻译： 提供了一种用于对数据执行重新排列操作和算术运算的装置和方法。 数据处理装置具有用于执行单指令多数据（SIMD）处理操作和标量处理操作的处理电路，响应于程序指令来存储数据和控制电路的寄存器组，以控制处理电路执行数据处理操作。 控制电路被布置为响应于组合重排算术指令来控制处理电路对存储在寄存器组中的多个数据元素执行重新排列操作和至少一个SIMD算术运算。 重新布置操作可以由至少部分地从寄存器库导出的尺寸参数来配置。 尺寸参数提供形成用于重排操作的重新排列元件的数量元素的数量的指示。 相关联的方法涉及控制处理电路以响应于组合重排算术指令执行重排操作和至少一个SIMD算术运算，并提供标量逻辑大小参数以配置重新排列操作。 还提供了包括至少一个组合重排算术指令的计算机程序产品。

公开(公告)号：US08010772B2

公开(公告)日：2011-08-30

申请号：US12068448

申请日：2008-02-06

申请人： Daniel Kershaw ,  Lee Douglas Smith ,  David James Seal ,  Richard Roy Grisenthwaite

发明人： Daniel Kershaw ,  Lee Douglas Smith ,  David James Seal ,  Richard Roy Grisenthwaite

IPC分类号： G06F7/38 ,  G06F9/00 ,  G06F9/44

CPC分类号： G06F9/322 ,  G06F9/30054 ,  G06F9/30076 ,  G06F9/30101 ,  G06F12/145 ,  G06F2212/1004

摘要： Memory address space is divided into domains and instruction access control circuitry is used to detect when the memory address from which an instruction to be executed is fetched has crossed a domain boundary and changed and in such cases to conduct a check to ensure that the instruction within the new domain is a permitted instruction of a permitted form. The permitted instruction can be arranged to be a no operation instruction other than in respect of the instruction access control circuitry, in order to assist backward compatibility.

摘要翻译： 存储器地址空间被划分为域，并且指令访问控制电路用于检测何时提取要执行的指令的存储器地址已经越过域边界并被改变，并且在这种情况下进行检查以确保在 新域名是允许的表单的允许指令。 允许的指令可以被布置为除指令访问控制电路之外的不操作指令，以便有助于向后兼容性。

公开(公告)号：US20100306775A1

公开(公告)日：2010-12-02

申请号：US12472129

申请日：2009-05-26

申请人： Madan R. Appiah ,  Malcolm E. Pearson ,  Daniel Kershaw

发明人： Madan R. Appiah ,  Malcolm E. Pearson ,  Daniel Kershaw

IPC分类号： G06F9/46

CPC分类号： G06F9/468

摘要： Embodiments disclosed herein extend to the use of administrative roles in a multi-tenant environment. The administrative roles define administrative tasks defining privileged operations that may be performed on the resources or data of a particular tenant. In some embodiments, the administrative tasks are a subset of administrative tasks. The administrative role also defines target objects which may be subjected to the administrative tasks. In some embodiments, the target objects are a subset of target objects. An administrator may associate a user or group of users of the particular tenant with a given administrative role. In this way, the user or group of users are delegated permission to perform the subset of administrative tasks on the subset of target objects without having to be given permission to perform all administrative tasks on all target objects.

摘要翻译： 本文公开的实施例扩展到在多租户环境中使用管理角色。 管理角色定义了可以对特定租户的资源或数据执行的特权操作的管理任务。 在一些实施例中，管理任务是管理任务的子集。 管理角色还定义了可能受到管理任务的目标对象。 在一些实施例中，目标对象是目标对象的子集。 管理员可以将特定租户的用户或一组用户与给定的管理角色相关联。 以这种方式，用户或用户组被授予在目标对象子集上执行管理任务子集的权限，而不必被授予在所有目标对象上执行所有管理任务的权限。