Secure and backward-compatible processor and secure software execution thereon
First Claim
1. A method including steps ofperforming application software by a single-processor processing unit;
- verifying that said single-processor processing unit is authorized to perform said application software;
distinguishing for said single-processor processing unit between a monitored mode and a secure mode;
switching from said monitored mode to said secure mode in response to a non-maskable interrupt (NMI) signal;
whereinin said monitored mode said single-processor processing unit is capable of performing said application software transparently to said application software,in said secure mode said single-processor processing unit is capable of verifying, using persistent memory internal to the single-processor processing unit, that said single-processor processing unit is authorized to perform said application software,wherein said single-processor processing unit performs the application software and verifies that said single-processor processing unit is authorized to perform said application software.
4 Assignments
0 Petitions
Accused Products
Abstract
A secure processor assuring application software is executed securely, and assuring only authorized software is executed, monitored modes and secure modes of operation. The former executes application software transparently to that software. The latter verifies execution of the application software is authorized, performs any extraordinary services required by the application software, and verifies the processor has obtained rights to execute the content. The secure processor (1) appears hardware-identical to an ordinary processor, with the effect that application software written for ordinary processors can be executed on the secure processor without substantial change, (2) needs only a minimal degree of additional hardware over and above those portions appearing hardware-identical to an ordinary processor. The secure processor operates without substantial reduction in speed or other resources available to the application software. Functions operating in secure mode might reside in an on-chip non-volatile memory, or might be loaded from external storage with authentication.
-
Citations
115 Claims
-
1. A method including steps of
performing application software by a single-processor processing unit; -
verifying that said single-processor processing unit is authorized to perform said application software; distinguishing for said single-processor processing unit between a monitored mode and a secure mode; switching from said monitored mode to said secure mode in response to a non-maskable interrupt (NMI) signal; wherein in said monitored mode said single-processor processing unit is capable of performing said application software transparently to said application software, in said secure mode said single-processor processing unit is capable of verifying, using persistent memory internal to the single-processor processing unit, that said single-processor processing unit is authorized to perform said application software, wherein said single-processor processing unit performs the application software and verifies that said single-processor processing unit is authorized to perform said application software. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method including steps of
performing instructions by a single-processor processing unit, said single-processor processing unit including a security signal having at least a secure mode and a monitored mode; -
switching from said monitored mode to said secure mode in response to a non-maskable interrupt (NMI) signal; accessing, by said single-processor processing unit, at least one secure function in response to said security signal when said security signal indicates said secure mode, and refusing to access said secure function in response to said security signal when said security signal indicates said monitored mode; wherein said secure function includes steps of recording external instructions in response to an external source, a measure of trustworthiness of said external source being verifiable by said single-processor processing unit, using persistent memory internal to the single-processor processing unit; wherein said performing instructions and said accessing at least one secure function are performed by said single-processor processing unit. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A method embodied on a single processor, including steps of
performing instructions on a processor, said processor having a secure mode and a monitored mode; -
wherein when said processor executes in said secure mode, said processor has access to at least one secure function to which said processor does not have access to when said processor executes in said monitored mode; wherein said processor executes in said secure mode during an interrupted state, said interrupted state being responsive to a non-maskable interrupt (NMI); wherein when said processor enters said secure mode, said processor transfers control to a set of secure code, said secure code not being alterable when said processor executes in said monitored mode; and wherein a set of said secure code associated with said startup state includes instructions performable by said processor and directing said processor to add external instructions to secure code in response to an external source of said external instructions, a measure of trustworthiness of said external source being verifiable by said processor in response to a set of secure information; wherein said single processor performs the instructions and has access to the at least one secure function.
-
-
37. Apparatus including
a single-processor processing unit capable of performing application software, and capable of verifying that said single-processor processing unit is authorized to perform said application software; -
said single-processor processing unit having a monitored mode and a secure mode, wherein in said monitored mode said single-processor processing unit is capable of performing said application software transparently to said application software, and wherein in said secure mode said single-processor processing unit is capable of verifying, using persistent memory internal to the single-processor processing unit, that said single-processor processing unit is authorized to perform said application software; a secure mode switch that generates a non-maskable interrupt (NMI) signal, wherein the single-processor processing unit enters secure mode in response to the NMI signal; wherein said single-processor processing unit performs the application software and verifies that said single-processor processing unit is authorized to perform said application software. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
-
-
55. Apparatus including
a single-processor processing unit capable of performing instructions; -
a security signal having at least a secure mode and a monitored mode; a circuit for switching from said monitored mode to said secure mode in response to a non-maskable interrupt (NMI) signal; said single-processor processing unit being responsive to said security signal, wherein said single-processor processing unit has access to at least one secure function when performing instructions in said secure mode that said single-processor processing unit does not have access to when performing instructions in said monitored mode; wherein at least one said secure function includes instructions directing said single-processor processing unit to record external instructions in response to an external source, a measure of trustworthiness of said external source being verifiable by said single-processor processing unit; wherein said single processor performs instructions and has access to the at least one secure function. - View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84)
-
-
85. Memory or mass storage in a processing unit including instructions capable of being interpreted by a computing device to perform steps of
performing application software by a single-processor processing unit; -
verifying, using persistent memory internal to the single-processor processing unit, that said single-processor processing unit is authorized to perform said application software; distinguishing for said single-processor processing unit between a monitored mode and a secure mode, wherein in said monitored mode said single-processor processing unit is capable of performing said application software transparently to said application software, and wherein in said secure mode said single-processor processing unit is capable of verifying that said single-processor processing unit is authorized to perform said application software, switching from said monitored mode to said secure mode in response to a non-maskable interrupt (NMI) signal; wherein said single processor performs the application software and verifies that said single-processor processing unit is authorized to perform said application software. - View Dependent Claims (86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99)
-
-
100. Memory or mass storage in a processing unit including instructions capable of being interpreted by a computing device to perform steps of
performing instructions by a single-processor processing unit, said single-processor processing unit including a security signal having at least a secure mode and a monitored mode; -
switching from said monitored mode to said secure mode in response to a non-maskable interrupt (NMI) signal; accessing, by said single-processor processing unit, at least one secure function in response to said security signal when said security signal indicates said secure mode, and refusing to access said secure function in response to said security signal when said security signal indicates said monitored mode; wherein said secure function includes steps of recording external instructions in response to an external source, a trustworthiness of said external source being verifiable by said single-processor processing unit, wherein said single processor performs instructions and has access to the at least one secure function. - View Dependent Claims (101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114)
-
-
115. Memory or mass storage in a processing unit including instructions capable of being interpreted by a computing device to perform steps of
performing instructions on a processor, said processor having a secure mode and a monitored mode; -
wherein when said processor executes in said secure mode, said processor has access to at least one secure function for which said processor does not have access to when said processor executes in said monitored mode; wherein said processor executes in said secure mode during an interrupted state, said interrupted state being responsive to a non-maskable interrupt (NMI); wherein when said processor enters said secure mode, said processor transfers control to a set of secure code, said secure code not being alterable when said processor executes in said monitored mode; wherein a set of said secure code associated with said startup state includes instructions performable by said processor and directing said processor to add external instructions to secure code in response to an external source of said external instructions, a trustworthiness of said external source being verifiable by said processor in response to a set of secure information, wherein said single processor performs instructions and has access to the at least one secure function.
-
Specification