Secure processing unit systems and methods
4 Assignments
0 Petitions
Accused Products
Abstract
A hardware Secure Processing Unit (SPU) is described that can perform both security functions and other information appliance functions using the same set of hardware resources. Because the additional hardware required to support security functions is a relatively small fraction of the overall device hardware, this type of SPU can be competitive with ordinary non-secure CPUs or microcontrollers that perform the same functions. A set of minimal initialization and management hardware and software is added to, e.g., a standard CPU/microcontroller. The additional hardware and/or software creates an SPU environment and performs the functions needed to virtualize the SPU'"'"'s hardware resources so that they can be shared between security functions and other functions performed by the same CPU.
-
Citations
41 Claims
-
1-21. -21. (canceled)
-
22. In a secure processing unit comprising a memory management unit, an internal memory unit, and processor security registers, a method of restricting access to memory, the method comprising:
-
using entries in a level-one page table to indicate whether corresponding entries in a level-two page table may designate certain predefined memory regions; and
restricting access by certain software components or processor modes to predefined memory regions based on access control data, wherein the access control data are stored in a critical address register, the critical address register comprising one of the processor security registers. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
-
30. In an information appliance comprising a secure processing unit, the secure processing unit comprising a memory management unit, an internal memory unit, and processor security registers, a method comprising:
-
Indicating, using entries in a level-one page table, whether corresponding entries in a level-two page table may designate certain predefined memory regions;
restricting access by certain software components or processor modes to predefined memory regions based on access control data, wherein the access control data are stored in a critical address register, the critical address register comprising one of the processor security registers; and
enabling performance, by the secure processing unit, of both secure processing operations and at least some processing operations performed by a conventional information appliance processing unit. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
Specification