-
公开(公告)号:US20120079590A1
公开(公告)日:2012-03-29
申请号:US12890040
申请日:2010-09-24
IPC分类号: G06F12/14
CPC分类号: H04L63/10 , G06F12/1458 , G06F21/6218 , G06F21/78
摘要: A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.
摘要翻译: 一种执行对系统资源和资产的访问控制的方法和系统。 与系统中发起事务的设备相关联的安全属性将自动生成并使用事务消息进行转发。 安全属性传达分配给每个启动器的访问权限。 在系统中实现一个或多个安全执行机制以根据访问策略要求评估安全属性以访问诸如存储器,寄存器,地址范围等的各种系统资产和资源。如果由安全属性标识的特权指示访问 允许请求,允许交易进行。 启动器方案的安全属性提供跨系统设计的模块化,一致的安全访问实施方案。
-
公开(公告)号:US20140298408A1
公开(公告)日:2014-10-02
申请号:US14304307
申请日:2014-06-13
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , G06F12/1458 , G06F21/6218 , G06F21/78
摘要: A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.
摘要翻译: 一种执行对系统资源和资产的访问控制的方法和系统。 与系统中发起事务的设备相关联的安全属性将自动生成并使用事务消息进行转发。 安全属性传达分配给每个启动器的访问权限。 在系统中实现一个或多个安全执行机制以根据访问策略要求评估安全属性以访问诸如存储器,寄存器,地址范围等的各种系统资产和资源。如果由安全属性标识的特权指示访问 允许请求,允许交易进行。 启动器方案的安全属性提供跨系统设计的模块化,一致的安全访问实施方案。
-
3.发明申请METHOD, APPARATUS, SYSTEM FOR QUALIFYING CPU TRANSACTIONS WITH SECURITY ATTRIBUTES 有权方法,装置,用于对具有安全属性的CPU交易进行质量评估的系统公开(公告)号:US20140282819A1
公开(公告)日:2014-09-18
申请号:US13828676
申请日:2013-03-14
IPC分类号: G06F21/62
摘要: Method, apparatus, and system for qualifying CPU transactions with security attributes. Immutable security attributes are generated for transactions initiator by a CPU or processor core that identifying the execution mode of the CPU/core being trusted or untrusted. The transactions may be targeted to an Input/Output (I/O) device or system memory via which a protected asset may be accessed. Policy enforcement logic blocks are implemented at various points in the apparatus or system that allow or deny transactions access to protected assets based on the immutable security attributes generated for the transactions. In one aspect, a multiple-level security scheme is implemented under which a mode register is updated via a first transaction to indicate the CPU/core is operating in a trusted execution mode, and security attributes are generated for a second transaction using execution mode indicia in the mode register to verify the transaction is from a trusted initiator.
摘要翻译: 用于对具有安全属性的CPU事务进行限定的方法,设备和系统。 由CPU或处理器核心为事务发起者生成不可变的安全属性,用于识别CPU /核心被信任或不可信任的执行模式。 这些事务可以被定向到可被访问受保护资产的输入/输出(I / O)设备或系统存储器。 策略执行逻辑块在设备或系统中的不同点实现,其允许或拒绝事务基于为事务生成的不可变安全属性而访问被保护资产。 在一个方面,实现多级安全方案,在该级别下,通过第一事务来更新模式寄存器以指示CPU /核心以可信执行模式运行,并且使用执行模式标记为第二事务生成安全属性 在模式寄存器中验证事务来自可信发起者。
-
公开(公告)号:US08789170B2
公开(公告)日:2014-07-22
申请号:US12890040
申请日:2010-09-24
IPC分类号: G06F12/14
CPC分类号: H04L63/10 , G06F12/1458 , G06F21/6218 , G06F21/78
摘要: A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.
摘要翻译: 一种执行对系统资源和资产的访问控制的方法和系统。 与系统中发起事务的设备相关联的安全属性将自动生成并使用事务消息进行转发。 安全属性传达分配给每个启动器的访问权限。 在系统中实现一个或多个安全执行机制以根据访问策略要求评估安全属性以访问诸如存储器,寄存器,地址范围等的各种系统资产和资源。如果由安全属性标识的特权指示访问 允许请求,允许交易进行。 启动器方案的安全属性提供跨系统设计的模块化,一致的安全访问实施方案。
-
公开(公告)号:US09805221B2
公开(公告)日:2017-10-31
申请号:US13995659
申请日:2011-12-21
申请人: Manoj R. Sastry , Ioannis T. Schoinas , Robert J. Toepfer , Alpa T. Narendra Trivedi , Men Long
发明人: Manoj R. Sastry , Ioannis T. Schoinas , Robert J. Toepfer , Alpa T. Narendra Trivedi , Men Long
CPC分类号: G06F21/76 , G06F13/385
摘要: In one embodiment, the present invention includes a system on a chip (SoC) that has a first agent with an intellectual property (IP) logic, an interface to a fabric including a target interface, a master interface and a sideband interface, and an access control plug-in unit to handle access control policy for the first agent with respect to incoming and outgoing transactions. This access control plug-in unit can be incorporated into the SoC at integration time and without any modification to the IP logic. Other embodiments are described and claimed.
-
公开(公告)号:US20150331043A1
公开(公告)日:2015-11-19
申请号:US14279007
申请日:2014-05-15
申请人: Manoj R. Sastry , Enrico D. Carrieri , Michael Neve de Mevergnies , Ioannis T. Schoinas , Michael J. Wiznerowicz
发明人: Manoj R. Sastry , Enrico D. Carrieri , Michael Neve de Mevergnies , Ioannis T. Schoinas , Michael J. Wiznerowicz
IPC分类号: G01R31/3177 , G06F21/76
CPC分类号: G06F21/76 , G01R31/31705 , G01R31/3177 , G06F21/31
摘要: A system on chip (SOC) includes a policy generator to identify lifecycle data that identifies a lifecycle of the SOC and identify authentication data that identifies a particular user that is to debug the SoC. A particular policy is determined based on the lifecycle and identification of the particular user, and policy data is sent to at least one block of the SoC, the policy data identifying the particular policy. Debug access at the block is based on the particular policy.
摘要翻译: 片上系统(SOC)包括一个策略生成器,用于识别识别SOC的生命周期的生命周期数据,并识别识别要调试SoC的特定用户的认证数据。 特定策略基于特定用户的生命周期和标识来确定,策略数据被发送到SoC的至少一个块,该策略数据标识特定策略。 该块的调试访问是基于特定策略。
-
7.发明申请公开(公告)号:US20140137231A1
公开(公告)日:2014-05-15
申请号:US13995659
申请日:2011-12-21
申请人: Manoj R. Sastry , Ioannis T. Schoinas , Robert J. Toepfer , Alpa T. Narendra Trivedi , Men Long
发明人: Manoj R. Sastry , Ioannis T. Schoinas , Robert J. Toepfer , Alpa T. Narendra Trivedi , Men Long
IPC分类号: G06F21/76
CPC分类号: G06F21/76 , G06F13/385
摘要: In one embodiment, the present invention includes a system on a chip (SoC) that has a first agent with an intellectual property (IP) logic, an interface to a fabric including a target interface, a master interface and a sideband interface, and an access control plug-in unit to handle access control policy for the first agent with respect to incoming and outgoing transactions. This access control plug-in unit can be incorporated into the SoC at integration time and without any modification to the IP logic. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括具有知识产权(IP)逻辑的第一代理的芯片系统(SoC),包括目标接口,主接口和边带接口的结构的接口,以及 访问控制插件单元来处理关于传入和传出事务的第一代理的访问控制策略。 该访问控制插件单元可以集成在SoC中,并且不对IP逻辑进行任何修改。 描述和要求保护其他实施例。
-
8.发明申请公开(公告)号:US20200280842A1
公开(公告)日:2020-09-03
申请号:US16729077
申请日:2019-12-27
摘要: Embodiments of the present disclosure describe methods, apparatuses, storage media, and systems for a device disposed at an edge of a vehicular communication network or vehicles within a coverage area of the device. The device is to generate a list of vehicle security data to be distributed to vehicles currently within a coverage area of the device, based at least in part on a context related to the vehicles. The device is further to announce, on a control channel communicatively coupling the device and the vehicles, that the list of vehicle security data are available and a service channel to receive the list of vehicle security data. The list of vehicle security data are to be provided to the vehicles via the service channel. Other embodiments may be described and claimed.
-
公开(公告)号:US20170187752A1
公开(公告)日:2017-06-29
申请号:US14998084
申请日:2015-12-24
申请人: Steffen Schulz , Manoj R. Sastry , Li Zhao , Patrick Koeberl
发明人: Steffen Schulz , Manoj R. Sastry , Li Zhao , Patrick Koeberl
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , H04L63/0263
摘要: Systems, apparatuses and methods may provide for changing the execution mode of a device based on policy enforcement request that is received when the device is located proximately to a specific area. The policy enforcement request is verified with respect to a System on Chip (SoC) platform. An enforcement manager of the SoC platform may enforce the received policy enforcement request if verification is successful, and an attestation controller may report the enforced policy request and a status of the platform to an external device from which the policy request originates.
-
10.发明授权Entity self-clustering and host-entity communication such as via shared memory 失效实体自聚类和主机实体通信,如通过共享内存公开(公告)号:US06993566B2
公开(公告)日:2006-01-31
申请号:US09952592
申请日:2001-09-13
申请人: Brad A. Davis , Henry J. DiVincenzo , Richard A. Lary , Thomas E. Malone , Patrick D. Mason , Lee G. Rosenbaum , Manoj R. Sastry , Patrick W. White
发明人: Brad A. Davis , Henry J. DiVincenzo , Richard A. Lary , Thomas E. Malone , Patrick D. Mason , Lee G. Rosenbaum , Manoj R. Sastry , Patrick W. White
IPC分类号: G06F15/167
CPC分类号: G06F9/5061 , G06F9/544 , G06F2209/505 , H04L67/16 , H04L69/329
摘要: The self-clustering of entities within a system is disclosed. The system can also include a host. Each entity self-discovers all the other entities, such that the entities are aggregated as a cluster. The host communicates with the cluster of entities, where the entities are self-clustered or otherwise, such as through a memory shared by all the entities. The host therefore need not be aware which of the entities performs a given function.
摘要翻译: 公开了系统内实体的自聚类。 该系统还可以包括主机。 每个实体自发现所有其他实体,使得实体被聚合为一个集群。 主机与实体集群进行通信,其中实体是自聚类的或其他实体,例如通过所有实体共享的存储器。 因此,主机不需要知道哪个实体执行给定的功能。
-
-
-
-
-
-
-
-
-
搜索结果
27 条记录 (耗时 0.023 秒)
