-
1.发明授权Processing efficiency on secure systems having a host processor and smart card 有权具有主处理器和智能卡的安全系统的处理效率公开(公告)号:US09256732B2
公开(公告)日:2016-02-09
申请号:US11979358
申请日:2007-11-01
CPC分类号: G06F21/53 , G06F21/77 , G06F2221/2149 , G06F2221/2153
摘要: A smart card comprising a data store and a processor, said smart card being operable to connect with a host data processing apparatus, said smart card comprising authentication logic operable when connected to said host data processing apparatus to identify a secure data processing domain having predetermined properties within said host data processing apparatus and in response to identify said secure data processing domain, said smart card is operable to delegate at least some data processing operations to be processed within said secure data processing domain of said host data processing apparatus.
摘要翻译: 一种包括数据存储器和处理器的智能卡,所述智能卡可操作以与主机数据处理设备连接,所述智能卡包括当连接到所述主机数据处理设备时可操作的认证逻辑,以识别具有预定属性的安全数据处理域 在所述主机数据处理装置内,并且响应于识别所述安全数据处理域,所述智能卡可操作地委派在所述主机数据处理装置的所述安全数据处理域内处理的至少一些数据处理操作。
-
2.发明授权Data processing apparatus and method for managing access to a display buffer 有权用于管理对显示缓冲器的访问的数据处理装置和方法公开(公告)号:US08561169B2
公开(公告)日:2013-10-15
申请号:US11987903
申请日:2007-12-05
IPC分类号: G06F21/00
摘要: A data processing apparatus and method are provided for managing access to a display buffer. The data processing apparatus has a display buffer for storing an array of display elements for subsequent output to a display controller, with each display element having a security permission indication associated therewith identifying whether that display element is a secure display element or a non-secure display element. At least one processing unit is provided for executing a non-secure process and a secure process, each process issuing access requests when seeking to access display elements in the display buffer, and each access request specifying a location in the display buffer. Interface logic is associated with the display buffer for receiving each access request and is arranged for at least each access request issued by the non-secure process to determine the security permission indication associated with the display element currently stored at the location specified by that access request. Based on the security permission indication, the interface logic then determines how that access request should be processed. Accordingly, the interface logic can selectively prevent access to secure display elements by the non-secure process, so as to protect the security of secure display elements contained within the display buffer.
摘要翻译: 提供了一种用于管理对显示缓冲器的访问的数据处理装置和方法。 数据处理装置具有用于存储用于随后输出到显示控制器的显示元件阵列的显示缓冲器,每个显示元件具有与其相关联的安全许可指示,其中该安全许可指示是否是安全显示元件或非安全显示器 元件。 提供至少一个用于执行非安全处理和安全处理的处理单元,每个进程在寻求访问显示缓冲器中的显示元素时发出访问请求,并且每个访问请求指定显示缓冲器中的位置。 接口逻辑与用于接收每个访问请求的显示缓冲器相关联,并且被布置为由非安全过程发出的至少每个访问请求以确定与当前存储在由该访问请求指定的位置处的显示元件相关联的安全许可指示 。 基于安全许可指示,接口逻辑然后确定如何处理该访问请求。 因此,接口逻辑可以选择性地防止非安全处理对安全显示元件的访问,以便保护包含在显示缓冲器内的安全显示元件的安全性。
-
3.发明申请Processing efficiency on secure systems having a host processor and smart card 有权具有主处理器和智能卡的安全系统的处理效率公开(公告)号:US20080128494A1
公开(公告)日:2008-06-05
申请号:US11979358
申请日:2007-11-01
CPC分类号: G06F21/53 , G06F21/77 , G06F2221/2149 , G06F2221/2153
摘要: A smart card comprising a data store and a processor, said smart card being operable to connect with a host data processing apparatus, said smart card comprising authentication logic operable when connected to said host data processing apparatus to identify a secure data processing domain having predetermined properties within said host data processing apparatus and in response to identifying said secure data processing domain, said smart card is operable to delegate at least some data processing operations to be processed within said secure data processing domain of said host data processing apparatus.
摘要翻译: 一种包括数据存储器和处理器的智能卡,所述智能卡可操作以与主机数据处理设备连接,所述智能卡包括当连接到所述主机数据处理设备时可操作的认证逻辑,以识别具有预定属性的安全数据处理域 在所述主机数据处理装置内,并且响应于识别所述安全数据处理域,所述智能卡可操作地委派在所述主机数据处理装置的所述安全数据处理域内处理的至少一些数据处理操作。
-
4.发明申请Data processing apparatus and method for managing access to a display buffer 有权用于管理对显示缓冲器的访问的数据处理装置和方法公开(公告)号:US20080163368A1
公开(公告)日:2008-07-03
申请号:US11987903
申请日:2007-12-05
IPC分类号: H04L9/32
摘要: A data processing apparatus and method are provided for managing access to a display buffer. The data processing apparatus has a display buffer for storing an array of display elements for subsequent output to a display controller, with each display element having a security permission indication associated therewith identifying whether that display element is a secure display element or a non-secure display element. At least one processing unit is provided for executing a non-secure process and a secure process, each process issuing access requests when seeking to access display elements in the display buffer, and each access request specifying a location in the display buffer. Interface logic is associated with the display buffer for receiving each access request and is arranged for at least each access request issued by the non-secure process to determine the security permission indication associated with the display element currently stored at the location specified by that access request. Based on the security permission indication, the interface logic then determines how that access request should be processed. Accordingly, the interface logic can selectively prevent access to secure display elements by the non-secure process, so as to protect the security of secure display elements contained within the display buffer.
摘要翻译: 提供了一种用于管理对显示缓冲器的访问的数据处理装置和方法。 数据处理装置具有用于存储用于随后输出到显示控制器的显示元件阵列的显示缓冲器,每个显示元件具有与其相关联的安全许可指示,其中该安全许可指示是否是安全显示元件或非安全显示器 元件。 提供至少一个用于执行非安全处理和安全处理的处理单元,每个进程在寻求访问显示缓冲器中的显示元素时发出访问请求,并且每个访问请求指定显示缓冲器中的位置。 接口逻辑与用于接收每个访问请求的显示缓冲器相关联,并且被布置为由非安全过程发出的至少每个访问请求以确定与当前存储在由该访问请求指定的位置处的显示元件相关联的安全许可指示 。 基于安全许可指示,接口逻辑然后确定如何处理该访问请求。 因此,接口逻辑可以选择性地防止非安全处理对安全显示元件的访问,以便保护包含在显示缓冲器内的安全显示元件的安全性。
-
公开(公告)号:US20090210874A1
公开(公告)日:2009-08-20
申请号:US12071386
申请日:2008-02-20
IPC分类号: G06F9/455
CPC分类号: G06F9/4552
摘要: A data processing system 2 executes non-native program instructions using either a first execution environment 14 or a second execution environment 22. The first execution environment identifies at runtime if non-native program instructions to be executed are marked as intended for execution by the second execution environment. When such instructions are encountered the first execution environment triggers performance of data processing operations as specified by the one or more marked program instructions performed by the second execution environment. When those processing operations as specified by the one or more marked program instructions have been completed, a return is made to the first execution environment.
摘要翻译: 数据处理系统2使用第一执行环境14或第二执行环境22执行非本地程序指令。第一执行环境在运行时标识要执行的非本机程序指令被标记为由第二执行环境14执行。 执行环境。 当遇到这样的指令时,第一执行环境触发由第二执行环境执行的一个或多个标记的程序指令指定的数据处理操作的执行。 当由一个或多个标记的程序指令指定的那些处理操作已经完成时,返回到第一执行环境。
-
公开(公告)号:US08321861B2
公开(公告)日:2012-11-27
申请号:US12071386
申请日:2008-02-20
CPC分类号: G06F9/4552
摘要: A data processing system 2 executes non-native program instructions using either a first execution environment 14 or a second execution environment 22. The first execution environment identifies at runtime if non-native program instructions to be executed are marked as intended for execution by the second execution environment. When such instructions are encountered the first execution environment triggers performance of data processing operations as specified by the one or more marked program instructions performed by the second execution environment. When those processing operations as specified by the one or more marked program instructions have been completed, a return is made to the first execution environment.
摘要翻译: 数据处理系统2使用第一执行环境14或第二执行环境22执行非本地程序指令。第一执行环境在运行时标识要执行的非本机程序指令被标记为由第二执行环境14执行。 执行环境。 当遇到这样的指令时,第一执行环境触发由第二执行环境执行的一个或多个标记的程序指令指定的数据处理操作的执行。 当由一个或多个标记的程序指令指定的那些处理操作已经完成时,返回到第一执行环境。
-
公开(公告)号:US20090307770A1
公开(公告)日:2009-12-10
申请号:US12309915
申请日:2006-08-17
IPC分类号: G06F11/36
CPC分类号: G06F11/3644 , G06F21/52
摘要: An apparatus and method are provided for performing integrity checking of software code executing on a processing unit of the apparatus. The apparatus further includes debug logic used when debugging program code executed by the processing unit, and trusted logic for performing trusted integrity checking operations on less-trusted program code executed by the processing unit. The debug logic has an interface via which the trusted logic can program one or more control registers, that interface not being accessible by the less-trusted program code. The trusted logic programs the control registers so as to cause the debug logic to be re-used to detect one or more activities of the processing logic during execution of the less-trusted program code, and the trusted integrity checking operations performed by the trusted logic are influenced by the activities detected by the debug logic. Such an approach has been found to provide an efficient and secure technique for performing run-time integrity checking of program code.
摘要翻译: 提供了一种用于对在装置的处理单元上执行的软件代码执行完整性检查的装置和方法。 该装置还包括当调试由处理单元执行的程序代码时使用的调试逻辑,以及用于对由处理单元执行的不太可信程序代码执行可信完整性检查操作的可信逻辑。 调试逻辑具有接口,通过该接口,可信逻辑可以编程一个或多个控制寄存器,该接口不被不太可信的程序代码访问。 可信逻辑对控制寄存器进行编程,以便在执行不太可信的程序代码期间使调试逻辑重新用于检测处理逻辑的一个或多个活动,以及可信逻辑执行的可信完整性检查操作 受到调试逻辑检测到的活动的影响。 已经发现这种方法提供了一种用于执行程序代码的运行时完整性检查的有效和安全的技术。
-
公开(公告)号:US08448251B2
公开(公告)日:2013-05-21
申请号:US12382871
申请日:2009-03-25
IPC分类号: G06F17/30
CPC分类号: G06F21/84 , G06F21/74 , G06F21/83 , G06F2221/2105
摘要: A data processing apparatus is disclosed that comprises: at least one processor; a display for displaying data processed by said at least one processor; at least one display buffer for storing an array of display elements for subsequent output to said display, said display elements being secure display elements for displaying secure data and non-secure display elements; and a user interface; wherein said at least one processor is operable to execute at least one untrusted process and at least one secure process, said at least one secure process having access to secure data; said data processing apparatus further comprising: a secure user input for receiving a user input, said received user input not being accessible to said at least one untrusted process; and said data processing apparatus being responsive to an input received at said secure user input to transform data to be displayed on said display such that said secure display elements and said non-secure display elements are transformed differently to each other.
-
公开(公告)号:US20080288789A1
公开(公告)日:2008-11-20
申请号:US12149525
申请日:2008-05-02
IPC分类号: G06F12/14
CPC分类号: G06F21/79 , G06F12/0802 , G06F21/556
摘要: A method of impeding leakage of cache access behavioural information of a section of a sensitive process to an untrusted process, said sensitive and untrusted processes being performed by a processor within a data processing apparatus, said data processing apparatus further comprising at least one cache operable to store information required by said processor while performing said sensitive and untrusted processes, the method comprising the steps of: prior to commencing processing of a section of said sensitive process by said processor, evicting information stored in locations of said at least one cache which may otherwise be evicted by said sensitive process loading information that may be required by said section of said sensitive process in said at least one cache; commencing processing of said section of said sensitive process by said processor; switching said processor during processing of said section of said sensitive process to said untrusted process in response to a switching request; on switching back to said section of said sensitive process from said untrusted process, evicting information stored in locations of said at least one cache which may otherwise be evicted by said sensitive process loading information that may be required by said section of said sensitive process in said at least one cache prior to recommencing processing of said section of said sensitive process.
摘要翻译: 一种阻止敏感过程的一部分的高速缓存访问行为信息泄漏到不可信过程的方法,所述敏感和非信任过程由数据处理设备内的处理器执行,所述数据处理设备还包括至少一个高速缓存,其可操作以 存储所述处理器在执行所述敏感和不信任过程时所需的信息,所述方法包括以下步骤:在所述处理器开始对所述敏感处理的一部分进行处理之前,将存储在所述至少一个高速缓存的位置的信息进行逐出 由所述敏感过程加载信息驱逐出所述敏感过程的所述部分在所述至少一个高速缓存中可能需要的信息; 由所述处理器开始处理所述敏感处理的所述部分; 在所述敏感过程的所述部分处理期间,响应于切换请求将所述处理器切换到所述不可信过程; 在从所述不信任过程切换回所述敏感过程的所述部分时,驱逐存储在所述至少一个高速缓存的位置的信息,所述信息可能由所述敏感过程加载信息驱除,所述敏感过程加载信息可能由所述敏感过程的所述部分在所述 在重新处理所述敏感过程的所述部分之前的至少一个缓存。
-
公开(公告)号:US08549325B2
公开(公告)日:2013-10-01
申请号:US12149525
申请日:2008-05-02
IPC分类号: G06F11/30
CPC分类号: G06F21/79 , G06F12/0802 , G06F21/556
摘要: A method of impeding leakage of cache access behavioral information of a section of a sensitive process to an untrusted process, said sensitive and untrusted processes being performed by a processor within a data processing apparatus, said data processing apparatus further comprising at least one cache operable to store information required by said processor while performing said sensitive and untrusted processes, the method comprising the steps of prior to commencing processing of a section of said sensitive process by said processor, evicting information stored in locations of said at least one cache which may otherwise be evicted by said sensitive process loading information that may be required by said section of said sensitive process in said at least one cache; commencing processing of said section of said sensitive process by said processor; switching said processor during processing of said section of said sensitive process to said untrusted process in response to a switching request; on switching back to said section of said sensitive process from said untrusted process, evicting information stored in locations of said at least one cache which may otherwise be evicted by said sensitive process loading information that may be required by said section of said sensitive process in said at least one cache prior to recommencing processing of said section of said sensitive process.
摘要翻译: 一种阻止敏感过程的一部分的高速缓存访问行为信息泄漏到不可信过程的方法,所述敏感和非信任过程由数据处理设备内的处理器执行,所述数据处理设备还包括至少一个高速缓存,其可操作以 存储所述处理器在执行所述敏感和非信任过程时所需的信息,所述方法包括以下步骤:在所述处理器开始对所述敏感处理的一部分进行处理之前,将存储在所述至少一个高速缓存的位置的信息进行逐出 由所述敏感过程加载信息驱逐,所述信息可能在所述至少一个缓存中的所述敏感进程的所述部分可能需要; 由所述处理器开始对所述敏感处理的所述部分进行处理; 在所述敏感过程的所述部分处理期间,响应于切换请求将所述处理器切换到所述不可信过程; 在从所述不信任过程切换回所述敏感过程的所述部分时,驱逐存储在所述至少一个高速缓存的位置的信息,所述信息可能由所述敏感过程加载信息驱除,所述敏感过程加载信息可能由所述敏感过程的所述部分在所述 在重新处理所述敏感过程的所述部分之前的至少一个缓存。
-
-
-
-
-
-
-
-
-
搜索结果
15 条记录 (耗时 0.028 秒)
