公开(公告)号：US08775824B2

公开(公告)日：2014-07-08

申请号：US12003858

申请日：2008-01-02

申请人： Daniel Kershaw ,  Nigel Charles Paver

发明人： Daniel Kershaw ,  Nigel Charles Paver

IPC分类号： G06F21/72 ,  G06F21/57

CPC分类号： G06F21/53 ,  G06F21/74 ,  G06F2221/2105

摘要： A data processing apparatus comprising: a data processor for processing data in a secure and a non-secure mode, said data processor processing data in said secure mode having access to secure data that is not accessible to said data processor in said non-secure mode, and processing data in said secure mode being performed under control of a secure operating system and processing data in said non-secure mode being performed under control of a non-secure operating system; and a further processing device for performing a task in response to a request from said data processor, said task comprising processing data at least some of which is secure data; wherein said further processing device is responsive to receipt of a signal to suspend said task to initiate: processing of said secure data using a secure key; and storage of said processed secure data to a non-secure data store; and is responsive to receipt of a signal to resume said task to initiate: retrieval of said processed secure data from said non-secure data store; and restoring of said processed secure data using said secure key; wherein said secure key is securely stored such that it is not accessible to other processes operating in said non-secure mode.

摘要翻译： 一种数据处理装置，包括：用于以安全和非安全模式处理数据的数据处理器，所述数据处理器处理所述安全模式中的数据，以访问在所述非安全模式下所述数据处理器不可访问的安全数据 并且在安全操作系统的控制下执行所述安全模式中的处理数据，并且在非安全操作系统的控制下执行所述非安全模式中的数据处理; 以及用于响应于来自所述数据处理器的请求执行任务的另一处理装置，所述任务包括处理数据，其中至少一些是安全数据; 其中所述另外的处理设备响应于收到信号以暂停所述任务以启动：使用安全密钥处理所述安全数据; 以及将所述处理的安全数据存储到非安全数据存储器; 并且响应于接收到信号以恢复所述任务以启动：从所述非安全数据存储中检索所述处理的安全数据; 以及使用所述安全密钥恢复所述处理的安全数据; 其中所述安全密钥被安全地存储，使得对于在所述非安全模式中操作的其他进程是不可访问的。

公开(公告)号：US20090172411A1

公开(公告)日：2009-07-02

申请号：US12003858

申请日：2008-01-02

申请人： Daniel Kershaw ,  Nigel Charles Paver

发明人： Daniel Kershaw ,  Nigel Charles Paver

IPC分类号： G06F12/14

CPC分类号： G06F21/53 ,  G06F21/74 ,  G06F2221/2105

摘要： A data processing apparatus comprising: a data processor for processing data in a secure and a non-secure mode, said data processor processing data in said secure mode having access to secure data that is not accessible to said data processor in said non-secure mode, and processing data in said secure mode being performed under control of a secure operating system and processing data in said non-secure mode being performed under control of a non-secure operating system; and a further processing device for performing a task in response to a request from said data processor, said task comprising processing data at least some of which is secure data; wherein said further processing device is responsive to receipt of a signal to suspend said task to initiate: processing of said secure data using a secure key; and storage of said processed secure data to a non-secure data store; and is responsive to receipt of a signal to resume said task to initiate: retrieval of said processed secure data from said non-secure data store; and restoring of said processed secure data using said secure key; wherein said secure key is securely stored such that it is not accessible to other processes operating in said non-secure mode.

摘要翻译： 一种数据处理装置，包括：用于以安全和非安全模式处理数据的数据处理器，所述数据处理器处理所述安全模式中的数据，以访问在所述非安全模式下所述数据处理器不可访问的安全数据 并且在安全操作系统的控制下执行所述安全模式中的处理数据，并且在非安全操作系统的控制下执行所述非安全模式中的数据处理; 以及用于响应于来自所述数据处理器的请求执行任务的另一处理装置，所述任务包括处理数据，其中至少一些是安全数据; 其中所述另外的处理设备响应于收到信号以暂停所述任务以启动：使用安全密钥处理所述安全数据; 以及将所述处理的安全数据存储到非安全数据存储器; 并且响应于接收到信号以恢复所述任务以启动：从所述非安全数据存储中检索所述处理的安全数据; 以及使用所述安全密钥恢复所述处理的安全数据; 其中所述安全密钥被安全地存储，使得对于在所述非安全模式中操作的其他进程是不可访问的。

公开(公告)号：US08850041B2

公开(公告)日：2014-09-30

申请号：US12472129

申请日：2009-05-26

申请人： Madan Appiah ,  Malcolm Erik Pearson ,  Daniel Kershaw

发明人： Madan Appiah ,  Malcolm Erik Pearson ,  Daniel Kershaw

IPC分类号： G06F15/16 ,  G06F9/46

CPC分类号： G06F9/468

摘要： Embodiments disclosed herein extend to the use of administrative roles in a multi-tenant environment. The administrative roles define administrative tasks defining privileged operations that may be performed on the resources or data of a particular tenant. In some embodiments, the administrative tasks are a subset of administrative tasks. The administrative role also defines target objects which may be subjected to the administrative tasks. In some embodiments, the target objects are a subset of target objects. An administrator may associate a user or group of users of the particular tenant with a given administrative role. In this way, the user or group of users are delegated permission to perform the subset of administrative tasks on the subset of target objects without having to be given permission to perform all administrative tasks on all target objects.

摘要翻译： 本文公开的实施例扩展到在多租户环境中使用管理角色。 管理角色定义了可以对特定租户的资源或数据执行的特权操作的管理任务。 在一些实施例中，管理任务是管理任务的子集。 管理角色还定义了可能受到管理任务的目标对象。 在一些实施例中，目标对象是目标对象的子集。 管理员可以将特定租户的用户或一组用户与给定的管理角色相关联。 以这种方式，用户或用户组被授予在目标对象子集上执行管理任务子集的权限，而不必被授予在所有目标对象上执行所有管理任务的权限。

公开(公告)号：US08694862B2

公开(公告)日：2014-04-08

申请号：US13451728

申请日：2012-04-20

申请人： Yiannakis Sazeides ,  Emre Özer ,  Daniel Kershaw ,  Jean-Baptiste Brelot

发明人： Yiannakis Sazeides ,  Emre Özer ,  Daniel Kershaw ,  Jean-Baptiste Brelot

IPC分类号： G11C29/00 ,  G06F11/00 ,  H03M13/00

CPC分类号： H03M13/033 ,  G06F11/1008 ,  H03M13/13 ,  H03M13/19

摘要： A data processing apparatus is provided having error code generation circuitry configured to generate an error code associated with a received data value, such that a bit change in the received data value can be known about by reference to the error code. Stored data values are stored in a data store and associated error codes are stored in an error code store. Error checking circuitry performs a verification operation on a stored data value and an associated error code to determine if an error has occurred in at least one of the stored data value and the associated error code during storage. The received data value comprises at least one additional bit with respect to the stored data value and the error checking circuitry is configured to reconstruct the at least one additional bit by reference to the stored data value and the associated error code.

摘要翻译： 提供了一种数据处理装置，其具有错误代码产生电路，其被配置为生成与接收的数据值相关联的错误代码，使得可以通过参考错误代码了解接收的数据值中的位改变。 存储的数据值存储在数据存储中，相关的错误代码存储在错误代码存储中。 错误检查电路对存储的数据值和相关联的错误代码执行验证操作，以确定存储期间存储的数据值和相关联的错误代码中的至少一个中是否已经发生错误。 所接收的数据值包括相对于存储的数据值的至少一个附加位，并且错误检查电路被配置为通过参考所存储的数据值和相关联的错误代码来重建该至少一个附加位。

公开(公告)号：US08255673B2

公开(公告)日：2012-08-28

申请号：US12149088

申请日：2008-04-25

申请人： Daniel Kershaw ,  Daren Croxford

发明人： Daniel Kershaw ,  Daren Croxford

IPC分类号： G06F12/00

CPC分类号： G06F12/1491 ,  G06F21/52

摘要： Apparatus for processing data is provided comprising processing circuitry and monitoring circuitry for monitoring write transactions and performing transaction authorizations of certain transactions in dependence upon associated memory addresses. The processing circuitry is configured to enable execution of a write instruction corresponding to a write transaction to be monitored to continue to completion while the monitoring circuitry is performing monitoring of the write transactions and the monitoring circuitry is arranged to cause storage of write transaction data in an intermediate storage element for those transactions for which an authorization is required. Storage of write transaction data in an intermediate storage element enables the write transaction to be reissued in dependence upon the result of the transaction authorization although the corresponding write instruction has already completed.

摘要翻译： 提供了用于处理数据的装置，其包括处理电路和监控电路，用于根据相关的存储器地址来监视写事务和执行某些事务的交易授权。 处理电路被配置为使得能够执行与待监视的写事务相对应的写指令以继续完成，同时监视电路正在执行对写事务的监视，并且监视电路被布置成使写事务数据存储在 需要授权的那些交易的中间存储元件。 将写入事务数据存储在中间存储元件中使得能够根据交易授权的结果重新发行写入事务，尽管相应的写入指令已经完成。

公开(公告)号：US08255446B2

公开(公告)日：2012-08-28

申请号：US11987323

申请日：2007-11-29

申请人： Daniel Kershaw ,  Mladen Wilder ,  Dominic Hugo Symes

发明人： Daniel Kershaw ,  Mladen Wilder ,  Dominic Hugo Symes

IPC分类号： G06F7/38

CPC分类号： G06F7/768 ,  G06F9/30032 ,  G06F9/30036 ,  G06F9/30109 ,  G06F9/30112 ,  G06F9/3013 ,  G06F9/3885 ,  G06F9/3887

摘要： An apparatus and method are provided for performing rearrangement operations and arithmetic operations on data. The data processing apparatus has processing circuitry for performing Single Instruction Multiple Data (SIMD) processing operations and scalar processing operations, a register bank for storing data and control circuitry responsive to program instructions to control the processing circuitry to perform data processing operations. The control circuitry is arranged to responsive to a combined rearrangement arithmetic instruction to control the processing circuitry to perform a rearrangement operation and at least one SIMD arithmetic operation on a plurality of data elements stored in the register bank. The rearrangement operation is configurable by a size parameter derived at least in part from the register bank. The size parameter provides an indication of a number of data elements forming a rearrangement element for the purposes of the rearrangement operation. The associated method involves controlling processing circuitry to perform a rearrangement operation and at least one SIMD arithmetic operation in response to a combined rearrangement arithmetic instruction and providing the scalar logic size parameter to configure the rearrangement operation. A computer program product is also provided comprising at least one combined rearrangement arithmetic instruction.

摘要翻译： 提供了一种用于对数据执行重新排列操作和算术运算的装置和方法。 数据处理装置具有用于执行单指令多数据（SIMD）处理操作和标量处理操作的处理电路，响应于程序指令来存储数据和控制电路的寄存器组，以控制处理电路执行数据处理操作。 控制电路被布置为响应于组合重排算术指令来控制处理电路对存储在寄存器组中的多个数据元素执行重新排列操作和至少一个SIMD算术运算。 重新布置操作可以由至少部分地从寄存器库导出的尺寸参数来配置。 尺寸参数提供形成用于重排操作的重新排列元件的数量元素的数量的指示。 相关联的方法涉及控制处理电路以响应于组合重排算术指令执行重排操作和至少一个SIMD算术运算，并提供标量逻辑大小参数以配置重新排列操作。 还提供了包括至少一个组合重排算术指令的计算机程序产品。

公开(公告)号：US08010772B2

公开(公告)日：2011-08-30

申请号：US12068448

申请日：2008-02-06

申请人： Daniel Kershaw ,  Lee Douglas Smith ,  David James Seal ,  Richard Roy Grisenthwaite

发明人： Daniel Kershaw ,  Lee Douglas Smith ,  David James Seal ,  Richard Roy Grisenthwaite

IPC分类号： G06F7/38 ,  G06F9/00 ,  G06F9/44

CPC分类号： G06F9/322 ,  G06F9/30054 ,  G06F9/30076 ,  G06F9/30101 ,  G06F12/145 ,  G06F2212/1004

摘要： Memory address space is divided into domains and instruction access control circuitry is used to detect when the memory address from which an instruction to be executed is fetched has crossed a domain boundary and changed and in such cases to conduct a check to ensure that the instruction within the new domain is a permitted instruction of a permitted form. The permitted instruction can be arranged to be a no operation instruction other than in respect of the instruction access control circuitry, in order to assist backward compatibility.

摘要翻译： 存储器地址空间被划分为域，并且指令访问控制电路用于检测何时提取要执行的指令的存储器地址已经越过域边界并被改变，并且在这种情况下进行检查以确保在 新域名是允许的表单的允许指令。 允许的指令可以被布置为除指令访问控制电路之外的不操作指令，以便有助于向后兼容性。

公开(公告)号：US20100306775A1

公开(公告)日：2010-12-02

申请号：US12472129

申请日：2009-05-26

申请人： Madan R. Appiah ,  Malcolm E. Pearson ,  Daniel Kershaw

发明人： Madan R. Appiah ,  Malcolm E. Pearson ,  Daniel Kershaw

IPC分类号： G06F9/46

CPC分类号： G06F9/468

摘要： Embodiments disclosed herein extend to the use of administrative roles in a multi-tenant environment. The administrative roles define administrative tasks defining privileged operations that may be performed on the resources or data of a particular tenant. In some embodiments, the administrative tasks are a subset of administrative tasks. The administrative role also defines target objects which may be subjected to the administrative tasks. In some embodiments, the target objects are a subset of target objects. An administrator may associate a user or group of users of the particular tenant with a given administrative role. In this way, the user or group of users are delegated permission to perform the subset of administrative tasks on the subset of target objects without having to be given permission to perform all administrative tasks on all target objects.

摘要翻译： 本文公开的实施例扩展到在多租户环境中使用管理角色。 管理角色定义了可以对特定租户的资源或数据执行的特权操作的管理任务。 在一些实施例中，管理任务是管理任务的子集。 管理角色还定义了可能受到管理任务的目标对象。 在一些实施例中，目标对象是目标对象的子集。 管理员可以将特定租户的用户或一组用户与给定的管理角色相关联。 以这种方式，用户或用户组被授予在目标对象子集上执行管理任务子集的权限，而不必被授予在所有目标对象上执行所有管理任务的权限。

公开(公告)号：US20100306393A1

公开(公告)日：2010-12-02

申请号：US12472120

申请日：2009-05-26

申请人： Madan R. Appiah ,  Malcolm E. Pearson ,  Daniel Kershaw

发明人： Madan R. Appiah ,  Malcolm E. Pearson ,  Daniel Kershaw

IPC分类号： G06F15/16

CPC分类号： G06Q10/10

摘要： Embodiments disclosed herein extend to the use of external access objects in a multi-tenant environment. First and second tenants contract for operations that users of the second tenant will perform in the first tenant. Identity criteria for the users are determined. These users are mapped to an external access object that represents the second tenant users when performing the operations in the first tenant. The external access object is also associated with the resources and/or data that the users of the second tenant will be allowed access to when performing the operations. The users of the second tenant provide a request for access to the resources and/or data to perform operations. Identity criteria are determined and the users are mapped to an external access object based on the identity criteria. It is determined if the user has permission to access the resources and/or data and perform the operations.

摘要翻译： 本文公开的实施例扩展到在多租户环境中使用外部访问对象。 第一和第二租户合同第二租户的用户将在第一租户中履行业务。 确定用户的身份标准。 这些用户被映射到在第一租户执行操作时表示第二租户用户的外部访问对象。 外部访问对象也与在执行操作时允许第二租户的用户访问的资源和/或数据相关联。 第二租户的用户提供访问资源和/或数据以执行操作的请求。 确定身份标准，并且基于身份标准将用户映射到外部访问对象。 确定用户是否具有访问资源和/或数据并执行操作的许可。

公开(公告)号：US06490655B1

公开(公告)日：2002-12-03

申请号：US09394424

申请日：1999-09-13

申请人： Daniel Kershaw

发明人： Daniel Kershaw

IPC分类号： G06F1200

CPC分类号： G06F12/127 ,  G06F12/0804 ,  G06F13/18

摘要： A data processing system 2 is described including a cache memory 8 and a plurality of DRAM banks 16, 18, 20, 22. A victim select circuit 32 within a cache controller 10 selects victim cache storage lines 28 upon a cache miss such that unlocked cache storage lines are selected in preference to locked cache storage lines, non-dirty cache storage lines are selected in preference to dirty cache storage lines, and cache storage lines requiring a write back to a non-busy DRAM bank are selected in preference to cached storage lines requiring a write back to a busy DRAM storage bank. A DRAM controller 24 is provided that continuously performs a background processing operation whereby dirty cache storage lines 28 within a cache memory 8 are written back to their respective DRAM banks 16, 18, 20, 22 when these are not busy performing other operations and when the cache storage line has a least recently used value below a certain threshold. A bus arbitration circuit 12 is provided that re-arbitrates bus master priorities in dependence upon determined latencies for respective memory access requests. As an example, if a high priority memory access request results a cache miss, with a lower priority memory access request resulting in a cache hit, then the lower priority memory access request will be re-arbitrated to be performed ahead of the normally higher priority memory access request and may be finished before that higher priority memory access request starts to return data words to a data bus 14.

摘要翻译： 描述了数据处理系统2，其包括高速缓存存储器8和多个DRAM组16,18,20,22。高速缓存控制器10内的受害者选择电路32在高速缓存未命中时选择受害者高速缓存存储线28，使得未锁定的高速缓存 存储线优先于锁定的高速缓存存储线，优先选择非脏高速缓冲存储器存储线，并且优先于缓存存储线选择需要写入非忙DRAM库的高速缓存存储线 需要写回繁忙的DRAM存储库的行。 提供DRAM控制器24，其连续执行后台处理操作，由此当高速缓存存储器8内的脏高速缓存存储线28在其不忙于执行其他操作时被写回到它们各自的DRAM存储体16,18,20,22，并且当 高速缓存存储线具有低于一定阈值的最近最近使用的值。 提供总线仲裁电路12，其根据对于各个存储器访问请求的确定的延迟重新仲裁总线主机优先级。 作为示例，如果高优先级存储器访问请求导致高速缓存未命中，则优先级较低的存储器访问请求导致高速缓存命中，则优先级较低的存储器访问请求将被重新仲裁以在正常较高优先级之前执行 存储器访问请求，并且可以在更高优先级的存储器访问请求开始将数据字返回到数据总线14之前完成。