Secure Processing Unit Systems and Methods

US 20110173409A1
Filed: 03/23/2011
Published: 07/14/2011
Est. Priority Date: 08/20/1999
Status: Abandoned Application

First Claim

Patent Images

1. A secure processing unit comprising:

a memory unit;

a processor comprising a memory management unit and a plurality of security registers, the memory management unit storing a level-one page table, the level-one page table including a plurality of level-one page table entries, wherein the level-one page table entries each correspond to at least one level-two page table, and wherein the level-one page table entries each contain a predefined attribute, the predefined attribute being configured to indicate to the memory management unit whether entries in a corresponding level-two page table designate certain predefined memory regions; and

one or more busses configured to communicatively couple the memory unit and the processor.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A hardware Secure Processing Unit (SPU) is described that can perform both security functions and other information appliance functions using the same set of hardware resources. Because the additional hardware required to support security functions is a relatively small fraction of the overall device hardware, this type of SPU can be competitive with ordinary non-secure CPUs or microcontrollers that perform the same functions. A set of minimal initialization and management hardware and software is added to, e.g., a standard CPU/microcontroller. The additional hardware and/or software creates an SPU environment and performs the functions needed to virtualize the SPU'"'"'s hardware resources so that they can be shared between security functions and other functions performed by the same CPU.

38 Citations

View as Search Results

18 Claims

1. A secure processing unit comprising:
- a memory unit;
  
  a processor comprising a memory management unit and a plurality of security registers, the memory management unit storing a level-one page table, the level-one page table including a plurality of level-one page table entries, wherein the level-one page table entries each correspond to at least one level-two page table, and wherein the level-one page table entries each contain a predefined attribute, the predefined attribute being configured to indicate to the memory management unit whether entries in a corresponding level-two page table designate certain predefined memory regions; and
  
  one or more busses configured to communicatively couple the memory unit and the processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The secure processing unit of claim 1 further comprising:
    - tamper detection and response logic,wherein the one or more busses are further configured to communicatively couple the tamper detection and response logic with the memory unit and the processor.
  - 3. The secure processing unit of claim 1 further comprising:
    - an interface configured to communicatively couple the secure processing unit with external systems or components,wherein the one or more busses are further configured to communicatively couple the interface with the memory unit and the processor.
  - 4. The secure processing unit of claim 1 further comprising a tamper-resistant housing.
  - 5. The secure processing unit of claim 1, wherein the memory unit further comprises one or more of:
    - secure random access memory;
      
      secure non-volatile memory; and
      
      secure read-only memory.
  - 6. The secure processing unit of claim 5, wherein the secure non-volatile memory is powered by a battery.
  - 7. The secure processing unit of claim 5, wherein the secure non-volatile memory is configured to store at least one cryptographic key.
  - 8. The secure processing unit of claim 1, wherein the memory unit is configured to store one or more of:
    - a unique identifier associated with the secure processing unit;
      
      a private cryptographic key;
      
      a public cryptographic key; and
      
      a cryptographic certificate linking the unique identifier and the public cryptographic key.
  - 9. The secure processing unit of claim 1, wherein the plurality of security registers are configured to store access control data, the access control data being configured to indicate whether access to predefined memory regions is restricted to certain software components or within certain processor modes.
  - 10. The secure processing unit of claim 9, wherein the access control data is stored in a critical address register, the critical address register being one of the plurality of security registers.
  - 11. The secure processing unit of claim 1, wherein level-two page table entries that do not designate certain predefined memory regions are stored external to the memory unit.

12. An information appliance, the information appliance comprising:
- a memory unit; and
  
  a secure processing unit communicatively coupled to the memory unit, the secure processing unit comprising;
  
  a secure memory unit; and
  
  a processor communicatively coupled to the secure memory unit, the processor comprising a memory management unit and a plurality of security registers, the memory management unit storing a level-one page table, the level-one page table including a plurality of level-one page table entries, wherein the level-one page table entries each correspond to at least one level-two page table, and wherein the level-one page table entries each contain a predefined attribute, the predefined attribute being configured to indicate to the memory management unit whether entries in a corresponding level-two page table designate certain predefined memory regions.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The information appliance of claim 12, wherein the memory unit and the secure processing unit are communicatively coupled by at least one bus.
  - 14. The information appliance of claim 12, wherein the secure processing unit further comprises tamper detection and response logic.
  - 15. The information appliance of claim 12, wherein the secure processing unit further comprises a tamper resistant housing.
  - 16. The information appliance of claim 12, wherein the information appliance is comprises one or more of:
    - a television set-top box, a portable audio player, a portable video player, a cellular telephone, a personal computer, and a workstation.
  - 17. The information appliance of claim 12, wherein the secure processing unit is the primary process unit included in the information appliance.
  - 18. The information appliance of claim 12, wherein the secure processing unit further comprises:
    - a critical address register, the critical address register storing a plurality of access control bits, the access control bits being configured to indicate whether to access to memory regions associate with the access control bits is restricted to certain software components or processor modes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Sibert, W. Olin

Application Number

US13/070,379
Publication Number

US 20110173409A1
Time in Patent Office

Days
Field of Search
US Class Current

711/163
CPC Class Codes

G06F 12/145   the protection being virtua...

G06F 12/1491   in a hierarchical protectio...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 21/71   to assure secure computing ...

G06F 21/86   Secure or tamper-resistant ...

G06F 2212/1044   Space efficiency improvement

G06Q 50/188   Electronic negotiation

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

Secure Processing Unit Systems and Methods

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Processing Unit Systems and Methods

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links