METHOD AND APPARATUS INCLUDING ARCHITECTURE FOR PROTECTING SENSITIVE CODE AND DATA
First Claim
1. A method for providing a secure execution environment for program code or data, comprising:
- offloading code or data from a host processor to a secure asset management unit (SAMU) in an encrypted format for authenticating and for maintaining confidentiality of the code or data.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure execution environment for execution of sensitive code and data including a secure asset management unit (SAMU) is described. The SAMU provides a secure execution environment to run sensitive code, for example, code associated with copy protection schemes established for content consumption. The SAMU architecture allows for hardware-based secure boot and memory protection and provides on-demand code execution for code provided by a host processor. The SAMU may boot from an encrypted and signed kernel code, and execute encrypted, signed code. The hardware-based security configuration facilitates preventing vertical or horizontal privilege violations.
166 Citations
16 Claims
-
1. A method for providing a secure execution environment for program code or data, comprising:
offloading code or data from a host processor to a secure asset management unit (SAMU) in an encrypted format for authenticating and for maintaining confidentiality of the code or data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A system for providing a secure execution environment for program code or data, comprising:
-
a computer configured to execute at least one application including code or data on a host processor; a secure asset management unit (SAMU) configured to execute program code, wherein the SAMU is connected to the computer and is configured to offload code or data from the host processor in an encrypted format to authenticate and to maintain confidentiality of the code or data. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable storage medium storing a set of instructions for execution by one or more processors to facilitate manufacture of a secure asset management unit (SAMU), the SAMU configured to:
-
execute program code; and offload sensitive program code or data from a processor in an encrypted format to authenticate and to maintain confidentiality of the program code or data. - View Dependent Claims (16)
-
Specification