Protecting Isolated Secret Data of Integrated Circuit Devices
    1.
    发明申请
    Protecting Isolated Secret Data of Integrated Circuit Devices 审中-公开
    保护集成电路器件的隔离秘密数据

    公开(公告)号:US20100132048A1

    公开(公告)日:2010-05-27

    申请号:US12323670

    申请日:2008-11-26

    IPC分类号: G06F21/00

    摘要: A circuit arrangement, method, and design structure for controlling access to master secret data disposed in at least a portion of at least one persistent region of an integrated circuit device is disclosed. The circuit arrangement includes a clock circuit responsive to an external clock signal, a security state machine configured to control a security state of the integrated circuit device, and a master secret circuit in communication with the security state machine and configured to control access to the master secret data. The security state machine and master secret circuit are isolated from the clock circuit, and the master secret circuit is responsive to the security state machine to selectively erase at least a portion of the master secret data. The master secret circuit may be configured to erase the portion of the master secret data in response to a null or triggered security state.

    摘要翻译: 公开了一种用于控制对设置在集成电路装置的至少一个持续区域的至少一部分中的主秘密数据的访问的电路装置,方法和设计结构。 电路装置包括响应于外部时钟信号的时钟电路,被配置为控制集成电路装置的安全状态的安全状态机以及与安全状态机通信并被配置为控制对主机的访问的主秘密电路 秘密资料。 安全状态机和主秘密电路与时钟电路隔离,并且主秘密电路响应于安全状态机来选择性地擦除主秘密数据的至少一部分。 主秘密电路可以被配置为响应于空或触发的安全状态来擦除主秘密数据的部分。

    Protecting isolated secret data of integrated circuit devices

    公开(公告)号:US10452844B2

    公开(公告)日:2019-10-22

    申请号:US12323670

    申请日:2008-11-26

    IPC分类号: G06F21/55 G06F21/78 G06F21/81

    摘要: A circuit arrangement, method, and design structure for controlling access to master secret data disposed in at least a portion of at least one persistent region of an integrated circuit device is disclosed. The circuit arrangement includes a clock circuit responsive to an external clock signal, a security state machine configured to control a security state of the integrated circuit device, and a master secret circuit in communication with the security state machine and configured to control access to the master secret data. The security state machine and master secret circuit are isolated from the clock circuit, and the master secret circuit is responsive to the security state machine to selectively erase at least a portion of the master secret data. The master secret circuit may be configured to erase the portion of the master secret data in response to a null or triggered security state.

    Secure recursive virtualization
    4.
    发明授权
    Secure recursive virtualization 失效
    安全的递归虚拟化

    公开(公告)号:US08286164B2

    公开(公告)日:2012-10-09

    申请号:US12537808

    申请日:2009-08-07

    IPC分类号: G06F9/455 G06F21/00

    摘要: A mechanism is provided for performing secure recursive virtualization of a computer system. A portion of memory is allocated by a virtual machine monitor (VMM) or an operating system (OS) to a new domain. An initial program for the new domain is loaded into the portion of memory. Secure recursive virtualization firmware (SVF) in the data processing system is called to request that the new domain be generated. A determination is made as to whether the call is from a privileged domain or a non-privileged domain. Responsive to the request being from a privileged domain, all access to the new domain is removed from any other domain in the data processing system. Responsive to receiving an indication that the new domain has been generated, an execution of the initial program is scheduled.

    摘要翻译: 提供了一种用于执行计算机系统的安全递归虚拟化的机制。 内存的一部分由虚拟机监视器(VMM)或操作系统(OS)分配给新域。 新域的初始程序被加载到内存部分。 调用数据处理系统中的安全递归虚拟化固件(SVF)来请求生成新的域。 确定呼叫是来自特权域还是非特权域。 响应于来自特权域的请求,对数据处理系统中的任何其他域的所有对新域的访问都将被删除。 响应于接收到新域已被生成的指示,调度初始程序的执行。

    E-fuses for storing security version data
    5.
    发明授权
    E-fuses for storing security version data 失效
    用于存储安全版本数据的电子保险丝

    公开(公告)号:US07461268B2

    公开(公告)日:2008-12-02

    申请号:US10892431

    申请日:2004-07-15

    IPC分类号: G06F12/14 H04L9/32

    摘要: Methods and devices that may be utilized in systems to dynamically update a security version parameter used to encrypt secure data are provided. The version may be maintained in persistent storage located on a device implementing the encryption, such as a system on a chip (SOC). The persistent storage does not require battery backing and, thus, the cost and complexity associated with conventional systems utilizing battery backed storage may be reduced.

    摘要翻译: 提供了可用于系统动态更新用于加密安全数据的安全版本参数的方法和设备。 该版本可以被维护在位于实现加密的设备上的持久存储器中,诸如片上系统(SOC)。 永久存储器不需要电池背衬,因此,与使用电池支持的存储器的常规系统相关联的成本和复杂度可能会降低。

    Control function implementing selective transparent data authentication within an integrated system
    7.
    发明授权
    Control function implementing selective transparent data authentication within an integrated system 有权
    集成系统中实现选择性透明数据认证的控制功能

    公开(公告)号:US07266842B2

    公开(公告)日:2007-09-04

    申请号:US10125708

    申请日:2002-04-18

    CPC分类号: G06F21/85 G06F21/64

    摘要: A data authentication technique is provided for a data access control function of an integrated system. The technique includes passing a data request from a functional master of the integrated system through the data access control function, and responsive to the data request, selectively authenticating requested data. The selective authentication, which can occur transparent to the functional master initiating the data request, includes employing integrity value generation on the requested data when originally stored and when retrieved, in combination with encryption and decryption thereof to ensure the authenticity of the requested data. As an enhancement, cascading integrity values may be employed to facilitate data authentication.

    摘要翻译: 为集成系统的数据访问控制功能提供数据认证技术。 该技术包括通过数据访问控制功能从集成系统的功能主机传递数据请求,并响应于数据请求,选择性地认证所请求的数据。 可以对启动数据请求的功能主机透明的选择性认证包括在原始存储时和当检索时对所请求的数据进行完整性值生成,结合其加密和解密,以确保所请求数据的真实性。 作为增强,可以采用级联完整性值来促进数据认证。

    Optical wavelength division multiplexer for high speed,
protocol-independent serial data sources
    8.
    发明授权
    Optical wavelength division multiplexer for high speed, protocol-independent serial data sources 失效
    用于高速,协议无关串行数据源的光波分复用器

    公开(公告)号:US5487120A

    公开(公告)日:1996-01-23

    申请号:US193969

    申请日:1994-02-09

    摘要: A wavelength division multiplexer (WDM) unit (12) includes a plurality of Input/Output cards (IOCs 14). Each IOC is bidirectionally coupled to I/O specific media (fiber or copper) and to two coaxial cables. Also bidirectionally coupled to the coaxial cables are a plurality of Laser/Receiver Cards (LRC 20). The interface between the IOCs and the LRCs is an Emitter Coupled Logic (ECL) electrical interface that is conveyed over the coaxial cables. Each LRC is bidirectionally coupled by two single mode fibers to an optical multiplexer and demultiplexer, embodied within a grating (24). An input/output port of the grating is coupled to a fiber link (28) that enables bidirectional, full duplex data communications with a second WDM. Each WDM also includes a Diagnostic Processor Card (DPC 28) that receives status signals from the IOCs and LRCs, that forwards the status signals on to an external processor, and which generates control information for the IOCs and LRCs.

    摘要翻译: 波分复用器(WDM)单元(12)包括多个输入/输出卡(IOC 14)。 每个IOC双向耦合到I / O特定介质(光纤或铜)和两根同轴电缆。 还双向耦合到同轴电缆的是多个激光/接收卡(LRC 20)。 IOC和LRC之间的接口是通过同轴电缆传送的发射极耦合逻辑(ECL)电接口。 每个LRC通过两个单模光纤双向耦合到光学多路复用器和解复用器中,体现在光栅(24)内。 光栅的输入/输出端口耦合到能够与第二WDM进行双向全双工数据通信的光纤链路(28)。 每个WDM还包括诊断处理器卡(DPC 28),其接收来自IOC和LRC的状态信号,将状态信号转发到外部处理器,并且产生IOC和LRC的控制信息。

    Workholder
    9.
    发明授权
    Workholder 失效
    工作人员

    公开(公告)号:US4685687A

    公开(公告)日:1987-08-11

    申请号:US773322

    申请日:1985-09-06

    摘要: A workholder for a machine tool or the like having a power assembly and a work gripping assembly that are separable to permit use of a plurality of work gripping assemblies and associated work gripping jaws of a size and shape to accommodate different workpieces. Work gripping assemblies with jaws pre-qualified to different workpieces can be exchanged quickly and automatically, as by use of a robot, when different parts are to be machined, while a single power assembly remains connected to the machine tool.

    摘要翻译: 一种具有动力组件和工件夹紧组件的机床等的工作夹具,其可分离以允许使用尺寸和形状的多个工件夹持组件和相关联的作业夹爪以适应不同的工件。 通过使用机器人,当要加工不同的零件时,同时单个动力组件保持连接到机床上,可以快速自动地更换具有预先通过不同工件的夹爪的工件夹紧组件。

    Processor and data processing method with non-hierarchical computer security enhancements for context states
    10.
    发明授权
    Processor and data processing method with non-hierarchical computer security enhancements for context states 有权
    处理器和数据处理方法,用于上下文状态的非分层计算机安全增强

    公开(公告)号:US08850557B2

    公开(公告)日:2014-09-30

    申请号:US13408170

    申请日:2012-02-29

    IPC分类号: G06F12/14 G06F21/31

    摘要: Disclosed are a processor and processing method that provide non-hierarchical computer security enhancements for context states. The processor can comprise a context control unit that uses context identifier tags associated with corresponding contexts to control access by the contexts to context information (i.e., context states) contained in the processor's non-stackable and/or stackable registers. For example, in response to an access request, the context control unit can grant a specific context access to a register only when that register is tagged with a specific context identifier tag. If the register is tagged with another context identifier tag, the contents of the specific register are saved in a context save area of memory and the previous context states of the specific context are restored to the specific register before access can be granted. The context control unit can also provide such computer security enhancements while still facilitating authorized cross-context and/or cross-level communications.

    摘要翻译: 公开了一种为上下文状态提供非分层计算机安全增强的处理器和处理方法。 处理器可以包括上下文控制单元,其使用与相应上下文相关联的上下文标识符标签来控制上下文对包含在处理器的不可堆叠和/或可堆叠寄存器中的上下文信息(即上下文状态)的访问。 例如,响应于访问请求,上下文控制单元可以仅在该寄存器被标记有特定上下文标识符标签时才向该寄存器授予特定上下文访问。 如果寄存器用另一个上下文标识符标记,则将特定寄存器的内容保存在存储器的上下文保存区域中,并且特定上下文的先前上下文状态将被恢复到特定寄存器,然后才能授予访问权限。 上下文控制单元还可以提供这样的计算机安全增强,同时还促进授权的交叉上下文和/或跨级通信。