Secure processing unit systems and methods

US 20070124409A1
Filed: 09/27/2006
Published: 05/31/2007
Est. Priority Date: 08/20/1999
Status: Active Grant

First Claim

Patent Images

1-21. -21. (canceled)

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A hardware Secure Processing Unit (SPU) is described that can perform both security functions and other information appliance functions using the same set of hardware resources. Because the additional hardware required to support security functions is a relatively small fraction of the overall device hardware, this type of SPU can be competitive with ordinary non-secure CPUs or microcontrollers that perform the same functions. A set of minimal initialization and management hardware and software is added to, e.g., a standard CPU/microcontroller. The additional hardware and/or software creates an SPU environment and performs the functions needed to virtualize the SPU'"'"'s hardware resources so that they can be shared between security functions and other functions performed by the same CPU.

Citations

41 Claims

1-21. -21. (canceled)

22. In a secure processing unit comprising a memory management unit, an internal memory unit, and processor security registers, a method of restricting access to memory, the method comprising:
- using entries in a level-one page table to indicate whether corresponding entries in a level-two page table may designate certain predefined memory regions; and
  
  restricting access by certain software components or processor modes to predefined memory regions based on access control data, wherein the access control data are stored in a critical address register, the critical address register comprising one of the processor security registers.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The method of claim 22, wherein the internal memory unit includes secure random access memory, secure non-volatile memory, and secure read-only memory.
  - 24. The method of claim 23, wherein the secure non-volatile memory contains a cryptographic key.
  - 25. The method of claim 23, wherein the secure non-volatile memory is powered by a battery.
  - 26. The method of claim 25, wherein the secure non-volatile memory contains a cryptographic key.
  - 27. The method of claim 22, wherein the internal memory unit includes a unique identifier for the secure processing unit, a private cryptographic key, and a public cryptographic key.
  - 28. The method of claim 27, wherein the internal memory unit further includes a cryptographic certificate linking the unique identifier and the public cryptographic key.
  - 29. The method of claim 22, wherein one or more level-two page tables configured so as to be unable to designate the predefined memory regions are stored in memory locations other than the internal memory unit.

30. In an information appliance comprising a secure processing unit, the secure processing unit comprising a memory management unit, an internal memory unit, and processor security registers, a method comprising:
- Indicating, using entries in a level-one page table, whether corresponding entries in a level-two page table may designate certain predefined memory regions;
  
  restricting access by certain software components or processor modes to predefined memory regions based on access control data, wherein the access control data are stored in a critical address register, the critical address register comprising one of the processor security registers; and
  
  enabling performance, by the secure processing unit, of both secure processing operations and at least some processing operations performed by a conventional information appliance processing unit.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 31. The method of claim 30, wherein the information appliance is an appliance selected from:
    - a television set-top box, a portable audio player, a portable video player, a cellular telephone, a personal computer, and a workstation.
  - 32. The method of claim 30, wherein the secure processing unit is the information appliance'"'"'s primary processing unit.
  - 33. The method of claim 30, wherein the secure processing unit is the information appliance'"'"'s only processing unit.
  - 34. The method of claim 30, wherein the level-one page table and the level-two page tables that may designate the predefined memory regions are stored in the internal memory unit.
  - 35. The method of claim 30, wherein the internal memory unit includes secure random access memory, secure non-volatile memory, and secure read-only memory.
  - 36. The method of claim 35, wherein the secure non-volatile memory contains a cryptographic key.
  - 37. The method of claim 35, wherein the secure non-volatile memory is powered by a battery.
  - 38. The method of claim 37, wherein the secure non-volatile memory contains a cryptographic key.
  - 39. The method of claim 30, wherein the internal memory unit includes a unique identifier for the secure processing unit, a private cryptographic key, and a public cryptographic key.
  - 40. The method of claim 39, wherein the internal memory unit further includes a cryptographic certificate linking the unique identifier and the public cryptographic key.
  - 41. The method of claim 30, wherein one or more level-two page tables configured so as to be unable to designate the predefined memory regions are stored in memory locations other than the internal memory unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Sibert, W.

Granted Patent

US 7,430,585 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/216
CPC Class Codes

G06F 12/145   the protection being virtua...

G06F 12/1491   in a hierarchical protectio...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 21/71   to assure secure computing ...

G06F 21/86   Secure or tamper-resistant ...

G06F 2212/1044   Space efficiency improvement

G06Q 50/188   Electronic negotiation

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

Secure processing unit systems and methods

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Secure processing unit systems and methods

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links