Method and system for preventing unauthorized processor mode switches

US 20070150730A1
Filed: 01/30/2006
Published: 06/28/2007
Est. Priority Date: 12/23/2005
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a processor adapted to activate multiple security levels for the system; and

a monitoring device coupled to the processor and employing security rules pertaining to said multiple security levels;

wherein the monitoring device restricts usage of the system if the processor activates said security levels in a sequence contrary to the security rules.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system comprising a processor adapted to activate multiple security levels for the system and a monitoring device coupled to the processor and employing security rules pertaining to the multiple security levels. The monitoring device restricts usage of the system if the processor activates the security levels in a sequence contrary to the security rules.

Citations

19 Claims

1. A system, comprising:
- a processor adapted to activate multiple security levels for the system; and
  
  a monitoring device coupled to the processor and employing security rules pertaining to said multiple security levels;
  
  wherein the monitoring device restricts usage of the system if the processor activates said security levels in a sequence contrary to the security rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the monitoring device determines that the processor has activated said security levels in the sequence contrary to the security rules by monitoring a plurality of bits stored on the processor, said bits indicative of a current security level.
  - 3. The system of claim 2, wherein the monitoring device restricts usage of the system if said bits are altered in a pattern contrary to a predetermined pattern stored on the system.
  - 4. The system of claim 1, wherein said security levels are partitioned into secure and non-secure modes with an intermediate mode between said secure and non-secure modes, and wherein the system switches between the secure and non-secure modes by adjusting a single bit stored on the processor, said bit adjusted only in the intermediate mode.
  - 5. The system of claim 4, wherein the monitoring device restricts usage of the system if said single bit is adjusted in a mode other than the intermediate mode.
  - 6. The system of claim 1, wherein the monitoring device restricts usage of the system by causing the system to be reset.
  - 7. The system of claim 1, wherein the monitoring device restricts usage of the system by blocking execution of software that causes the processor to activate the security levels in the sequence contrary to the security rules.
  - 8. The system of claim 1, wherein the system comprises a wireless communications device.

9. A device, comprising:
- a security bus port adapted to couple to a processing unit comprising bits which determine a security level of the processing unit;
  
  a security violation bus port coupled to the security bus port; and
  
  logic coupled to the security and security violation bus ports and adapted to monitor said bits via the security bus port;
  
  wherein, if the logic determines that the processing unit adjusted the bits in a sequence contrary to said security rules, the logic outputs an alert signal via the security violation bus.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The device of claim 9 further comprising:
    - wherein said security levels comprise a secure mode, a non-secure mode and an intermediate mode between the secure and non-secure modes;
      
      wherein the processing unit switches between the secure and non-secure modes by adjusting one of said bits stored on the processing unit;
      
      wherein the logic permits the processor to adjust the one of said bits only while in the intermediate mode.
  - 11. The device of claim 10, wherein the logic outputs said alert signal if the processor adjusts the one of said bits in a mode other than the intermediate mode.
  - 12. The device of claim 9, wherein said alert signal causes the processing unit to be reset.
  - 13. The device of claim 9, wherein said alert signal causes software running on the processing unit to be aborted.
  - 14. The device of claim 9, wherein the device comprises a mobile communication device.

15. A method, comprising:
- monitoring bits in a processing unit, said bits indicative of a security level of the processing unit; and
  
  determining whether said bits indicate a switch between security levels in a sequence contrary to a predetermined sequence stored on the processing unit.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15 further comprising restricting usage of the processing unit if said bits indicate the switch between security levels in the sequence contrary to the predetermined sequence.
  - 17. The method of claim 16, wherein restricting usage of the processing unit comprises resetting the processing unit.
  - 18. The method of claim 16, wherein restricting usage of the processing unit comprises preventing execution of software that causes said switch between security levels in the sequence contrary to the predetermined sequence.
  - 19. The method of claim 15, wherein said security levels are partitioned into secure and non-secure modes activated by adjusting a single bit, and wherein determining whether said bits indicate the switch between security levels in the sequence contrary to the predetermined sequence comprises determining whether said single bit is adjusted in a mode other than a monitor mode between the secure and non-secure modes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Texas Instruments, Inc.
Original Assignee
Texas Instruments, Inc.
Inventors
Conti, Gregory

Granted Patent

US 8,959,339 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/166
CPC Class Codes

G06F 1/24   Resetting means

G06F 1/3287   by switching off individual...

G06F 21/52   during program execution, e...

G06F 21/53   by executing in a restricte...

G06F 21/567   using dedicated hardware

G06F 21/74   operating in dual or compar...

G06F 21/81   by operating on the power s...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2115   Third party

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2153   Using hardware token as a s...

H04L 2463/102   applying security measure f...

H04L 63/105   Multiple levels of security

Method and system for preventing unauthorized processor mode switches

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for preventing unauthorized processor mode switches

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links