METHOD AND APPARATUS FOR INCLUDING ARCHITECTURE FOR PROTECTING MULTI-USER SENSITIVE CODE AND DATA
First Claim
1. A method for providing a secure execution environment for multiple instances of separate program code or data, comprising:
- offloading multiple instances of separate code or data from a host processor to a secure asset management unit (SAMU) in an encrypted format for authenticating and for maintaining confidentiality of the multiple instances of separate code or data.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure execution environment for execution of sensitive code and data including a secure asset management unit (SAMU) is described. The SAMU provides a secure execution environment to run multiple instances of separate program code or data code associated with copy protection schemes established for content consumption. The SAMU architecture allows for hardware-based secure boot and memory protection and provides on-demand code execution for multiple instances of separate program code or data provided by a host processor. The SAMU may boot from an encrypted and signed kernel code, and execute encrypted, signed code. The hardware-based security configuration facilitates the prevention of vertical or horizontal privilege violations.
-
Citations
22 Claims
-
1. A method for providing a secure execution environment for multiple instances of separate program code or data, comprising:
offloading multiple instances of separate code or data from a host processor to a secure asset management unit (SAMU) in an encrypted format for authenticating and for maintaining confidentiality of the multiple instances of separate code or data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A system for providing a secure execution unit for multiple instances of separate program code or data, comprising:
-
a host processor configured to execute a plurality of applications including code or data; a secure asset management unit (SAMU) configured to execute program code, wherein the SAMU is connected to the host processor and is configured to offload multiple instances of separate code or data from the host processor in an encrypted format for authenticating and for maintaining confidentiality of the multiple instances of separate code or data. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer-readable storage medium storing a set of instructions for execution by one or more processors to facilitate manufacture of a secure asset management unit (SAMU), the SAMU configured to:
-
execute program code; and offload multiple instances of separate code or data from a processor in an encrypted format to authenticate and to maintain confidentiality of the multiple instances of separate code or data. - View Dependent Claims (22)
-
Specification