Hardware access control locking
First Claim
Patent Images
1. An apparatus for protecting access to control code, data, and devices in a computer system, said apparatus comprising:
- a. means for generating a disabling signal upon completion of execution by said computer system of trusted code;
b. a state machine for determining when said computer system is in any of a number of trusted states, each trusted state being defined as a state in which said computer is executing trusted code in a correct context, said correct context being that the trusted code has been entered under a set of preselected conditions of operation of said processor, and wherein said state machine has an input for receiving said disabling signal and wherein said state machine determines that said computer system is no longer in any of said trusted states upon receiving said disabling signal;
c. means for allowing access by said system to said control code, data and devices when said state machine determines that said system is in one of said trusted states; and
d. means for preventing access to said control code, data and devices when said computer system exits any one of said trusted states.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus for permitting access to protected code, protected data or protected devices only when a computer system is in a trusted state, where said trusted state occurs only when said system is executing trusted code under a set of preselected conditions. This apparatus also has a device for exiting the trusted state and for preventing access to protected code, data and devices when the trusted state is exited. The computer system is also programmed to automatically generate a disabling signal upon the completion of execution of trusted code, and this disabling signal will result in the prevention of access to protected devices or code.
67 Citations
8 Claims
-
1. An apparatus for protecting access to control code, data, and devices in a computer system, said apparatus comprising:
-
a. means for generating a disabling signal upon completion of execution by said computer system of trusted code;
b. a state machine for determining when said computer system is in any of a number of trusted states, each trusted state being defined as a state in which said computer is executing trusted code in a correct context, said correct context being that the trusted code has been entered under a set of preselected conditions of operation of said processor, and wherein said state machine has an input for receiving said disabling signal and wherein said state machine determines that said computer system is no longer in any of said trusted states upon receiving said disabling signal;
c. means for allowing access by said system to said control code, data and devices when said state machine determines that said system is in one of said trusted states; and
d. means for preventing access to said control code, data and devices when said computer system exits any one of said trusted states. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An method for protecting access to control code, data, and devices in a computer system, said method comprising the steps of:
-
a. generating a disabling signal upon completion of execution by said computer system of trusted code;
b. determining when said computer system is in any of a number of trusted states, each trusted state being defined as a state in which said computer is executing trusted code in a correct context, said correct context being that the trusted code has been entered under a set of preselected conditions of operation of said processor, and wherein said state machine has an input for receiving said disabling signal and wherein said state machine determines that said computer system is no longer in any of said trusted states upon receiving said disabling signal;
c. allowing access by said system to said control code, data and devices when said state machine determines that said system is in one of said trusted states; and
d. preventing access to said control code, data and devices when said computer system exits any one of said trusted states.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsWeingart, Steve Harris, Bizzaro, Mario, Kravitz, Jeffrey Kenneth, Pedrina, Gianluca, Lindemann, Mark John, Hack, Michel Henri Theodore, Condorelli, Vincenzo, Smith, Sean William, Palmer, Elaine Rivette
-
Primary Examiner(s)Barron, Jr., Gilberto
-
Assistant Examiner(s)Revak, Christopher A.
-
Application NumberUS08/922,792Time in Patent Office1,505 DaysField of Search713/200, 713/201, 711/163, 714/39, 714/49, 714/50, 710/200, 709/100, 709/104, 709/108, 709/225, 709/226, 709/229US Class Current726/2CPC Class CodesG06F 21/57 Certifying or maintaining t...G06F 21/74 operating in dual or compar...G06F 2221/2105 Dual mode as a secondary as...
