专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明授权

US07631160B2 Method and apparatus for securing portions of memory 有权
公开(公告)号：US07631160B2
公开(公告)日：2009-12-08
申请号：US09825905
申请日：2001-04-04
申请人： Geoffrey S. Strongin , Brian C. Barnes , Rodney Schmidt
发明人： Geoffrey S. Strongin , Brian C. Barnes , Rodney Schmidt
IPC分类号： G06F12/00 , G06F13/00 , G06F13/28 , G06F11/30 , G06F12/14
CPC分类号： G06F21/79 , G06F12/1483
摘要： The present invention provides a method and apparatus for securing portions of a memory. The method includes identifying information for protection and indicating at least one physical address of a memory that houses the information as at least one of read and write disabled. The method includes receiving a request from a program to access the information. The method further includes accessing the information in response to determining that the program has the authority to access the information. The apparatus includes a memory comprising a privileged code. The privileged code is capable of receiving a request to protect selected information and indicating at least one physical address of a memory housing the information as at least one of read and write disabled. The privileged code is capable of receiving a request from a program to access the information. The privileged code is further capable of accessing the information in response to determining that the program has the authority to access the information.

22. 发明授权

US07493498B1 Input/output permission bitmaps for compartmentalized security 有权
标题翻译：用于区隔安全性的输入/输出权限位图
公开(公告)号：US07493498B1
公开(公告)日：2009-02-17
申请号：US10107784
申请日：2002-03-27
申请人： Rodney W. Schmidt , Brian C. Barnes , Geoffrey S. Strongin
发明人： Rodney W. Schmidt , Brian C. Barnes , Geoffrey S. Strongin
IPC分类号： G06F12/14
CPC分类号： G06F21/52 , G06F12/1483 , G06F12/1491
摘要： A method and apparatus for selectively executing an I/O instruction. The method includes creating an I/O permission bitmap in a memory and receiving an I/O port number and a security context identification (SCID) value. The method also includes using the SCID value and the I/O port number to access the I/O permission bitmap stored to obtain a permission bit corresponding to the I/O port and executing the I/O instruction dependent upon a value of the permission bit corresponding to the I/O port. The I/O permission bitmap includes a plurality of permission bits. Each of the permission bits corresponds to a different one of a plurality of I/O ports. Each of the permission bits has a value indicating whether access to the corresponding I/O port is allowed. The I/O port number indicates the I/O port referenced by the I/O instruction. The SCID value indicates a security context level of a memory location including the I/O instruction.
摘要翻译：一种用于选择性地执行I / O指令的方法和装置。该方法包括在存储器中创建I / O许可位图并接收I / O端口号和安全上下文标识（SCID）值。该方法还包括使用SCID值和I / O端口号来访问存储的I / O许可位图，以获得对应于I / O端口的许可位，并根据许可的值执行I / O指令位对应于I / O端口。 I / O许可位图包括多个许可位。每个许可位对应于多个I / O端口中的不同的一个。每个许可位具有指示是否允许对对应的I / O端口的访问的值。 I / O端口号表示I / O指令引用的I / O端口。 SCID值指示包括I / O指令的存储器位置的安全上下文级别。

23. 发明授权

US07383584B2 System and method for controlling device-to-device accesses within a computer system 有权
标题翻译：用于控制计算机系统内的设备到设备访问的系统和方法
公开(公告)号：US07383584B2
公开(公告)日：2008-06-03
申请号：US10107776
申请日：2002-03-27
申请人： Geoffrey S. Strongin , Brian C. Barnes , Rodney Schmidt
发明人： Geoffrey S. Strongin , Brian C. Barnes , Rodney Schmidt
IPC分类号： G06F7/04
CPC分类号： G06F21/85 , G06F12/1483
摘要： A system apparatus and method for providing access security for a subject device. The apparatus includes a security check unit (SCU) configured to be coupled to a transmission medium. The SCU is configured to monitor signals on the transmission medium and to detect an attempt by a first device coupled to the transmission medium to access a second device coupled to the transmission medium based upon the signals. The SCU is also configured to determine an identity of the first device based upon the signals and to control access to the second device by the first device dependent upon the identity of the first device. The method includes monitoring signals and detecting an attempt by an additional device to access the subject device based upon the signals. The method also includes using the signals to determine an identity of the additional device and controlling access to the subject device dependent upon the identity of the additional device.
摘要翻译：一种用于为主体设备提供访问安全性的系统设备和方法。该装置包括被配置为耦合到传输介质的安全检查单元（SCU）。 SCU被配置为监视传输介质上的信号并且检测耦合到传输介质的第一设备的尝试以基于该信号来访问耦合到传输介质的第二设备。 SCU还被配置为基于信号来确定第一设备的身份，并且依赖于第一设备的身份来控制第一设备对第二设备的访问。该方法包括监视信号并且检测附加设备基于该信号访问主体设备的尝试。该方法还包括使用信号来确定附加设备的身份，并根据附加设备的身份来控制对主体设备的访问。

24. 发明授权

US07206933B2 Software modem with privileged mode driver authentication 有权
标题翻译：具有特权模式驱动程序认证的软件调制解调器
公开(公告)号：US07206933B2
公开(公告)日：2007-04-17
申请号：US09901212
申请日：2001-07-09
申请人： Geoffrey S. Strongin , David W. Smith , Brian C. Barnes , Terry L. Cole , Rodney Schmidt , Michael Barclay
发明人： Geoffrey S. Strongin , David W. Smith , Brian C. Barnes , Terry L. Cole , Rodney Schmidt , Michael Barclay
IPC分类号： H04L9/00 , G06F7/04 , H04K1/00
CPC分类号： H04L63/08 , G06F21/85 , H04W12/06
摘要： A computer system includes a peripheral device and a processing unit. The processing unit is adapted to execute a driver for interfacing with the peripheral device in a standard mode of operation and an authentication agent in a privileged mode of operation, wherein the authentication agent includes program instructions adapted to authenticate the driver. The peripheral device may comprise a communications device, such as a software modem. A method for identifying security violations in a computer system includes executing a driver in a standard processing mode of a processing unit; transitioning the processing unit into a privileged processing mode; and authenticating the driver in the privileged processing mode. The driver may be adapted for interfacing with a communications peripheral device, such as a software modem.
摘要翻译：计算机系统包括外围设备和处理单元。所述处理单元适于执行用于以标准操作模式与所述外围设备进行接口的驱动程序，以及特权操作模式的认证代理，其中所述认证代理包括适于认证所述驱动程序的程序指令。外围设备可以包括诸如软件调制解调器的通信设备。一种用于识别计算机系统中的安全违规的方法包括以处理单元的标准处理模式执行驱动程序; 将处理单元转换为特权处理模式; 并以特权处理模式认证驾驶员。驱动器可以适于与诸如软件调制解调器的通信外围设备进行接口。

25. 发明授权

US07096353B2 Software modem with privileged mode decryption of control codes 有权
标题翻译：软件调制解调器，具有控制代码的特权模式解密
公开(公告)号：US07096353B2
公开(公告)日：2006-08-22
申请号：US09901520
申请日：2001-07-09
申请人： David W. Smith , Brian C. Barnes , Terry L. Cole , Rodney Schmidt , Geoffrey S. Strongin , Michael Barclay
发明人： David W. Smith , Brian C. Barnes , Terry L. Cole , Rodney Schmidt , Geoffrey S. Strongin , Michael Barclay
IPC分类号： H04L9/00
CPC分类号： H04L63/04 , H04L63/08
摘要： A communications system includes a physical layer hardware unit and a processing unit. The physical layer hardware unit is adapted to communicate data over a communications channel in accordance with assigned transmission parameters and receive an incoming signal over the communications channel and sample the incoming signal to generate a digital received signal. The processing unit is adapted to execute a standard mode driver in a standard mode of operation and a privileged mode driver in a privileged mode of operation. The standard mode driver includes program instructions adapted to extract encrypted data from the digital received signal and pass the encrypted data to the privileged mode driver. The privileged mode driver includes program instructions adapted to decrypt the encrypted data to generate decrypted data including control codes and transfer the control codes to the physical layer hardware unit.
摘要翻译：通信系统包括物理层硬件单元和处理单元。物理层硬件单元适于根据分配的传输参数在通信信道上传送数据，并通过通信信道接收输入信号并对输入信号进行采样以产生数字接收信号。处理单元适于在标准操作模式下执行标准模式驱动器，并且在特权操作模式下执行特权模式驱动器。标准模式驱动器包括适于从数字接收信号中提取加密数据并将加密数据传递给特权模式驱动程序的程序指令。特权模式驱动器包括适于解密加密数据以产生包括控制代码的解密数据并将控制代码传送到物理层硬件单元的程序指令。

26. 发明授权

US06985519B1 Software modem for communicating data using separate channels for data and control codes 失效
标题翻译：用于使用数据和控制代码的单独通道传送数据的软件调制解调器
公开(公告)号：US06985519B1
公开(公告)日：2006-01-10
申请号：US09901547
申请日：2001-07-09
申请人： Brian C. Barnes , Terry L. Cole , David W. Smith , Rodney Schmidt , Geoffrey S. Strongin , Michael Barclay
发明人： Brian C. Barnes , Terry L. Cole , David W. Smith , Rodney Schmidt , Geoffrey S. Strongin , Michael Barclay
IPC分类号： H04L5/16
CPC分类号： H04L63/18 , G06F21/606 , H04L63/0428 , H04W12/02
摘要： A communications system includes a physical layer hardware unit and a processing unit. The physical layer hardware unit is adapted to receive user data over a first communications channel and control codes over a second communications channel. The physical layer hardware unit is further adapted to transmit an upstream data signal over the first communications channel based on transmission assignments defined by the control codes. The processing unit is adapted to execute a software driver for interfacing with the physical layer hardware unit. The software driver includes program instructions for implementing a protocol layer to decrypt the user data and provide upstream data to the physical layer hardware unit for generation of the upstream data signal. A method for configuring a transceiver includes receiving user data over a first communications channel; receiving control codes over a second communications channel; and transmitting an upstream signal over the first communications channel based on transmission assignments defined by the control codes.
摘要翻译：通信系统包括物理层硬件单元和处理单元。物理层硬件单元适于通过第一通信信道接收用户数据，并通过第二通信信道控制代码。物理层硬件单元还适于基于由控制码定义的传输分配，通过第一通信信道发送上行数据信号。处理单元适于执行用于与物理层硬件单元接口的软件驱动器。软件驱动器包括用于实现协议层以解密用户数据的程序指令，并向物理层硬件单元提供上行数据以产生上行数据信号。一种用于配置收发器的方法包括：经由第一通信信道接收用户数据; 在第二通信信道上接收控制码; 以及基于由所述控制码定义的传输分配，通过所述第一通信信道发送上行信号。

27. 发明授权

US06973566B2 Software modem with privileged mode oversight of control parameters 有权
标题翻译：具有特权模式监控控制参数的软件调制解调器
公开(公告)号：US06973566B2
公开(公告)日：2005-12-06
申请号：US09901158
申请日：2001-07-09
申请人： David W. Smith , Brian C. Barnes , Terry L. Cole , Rodney Schmidt , Geoffrey S. Strongin , Michael Barclay
发明人： David W. Smith , Brian C. Barnes , Terry L. Cole , Rodney Schmidt , Geoffrey S. Strongin , Michael Barclay
IPC分类号： H04Q7/38 , G06F21/00 , H04B7/26 , H04L29/06 , H04M11/00 , H04L9/00 , G06F15/16 , H04K1/00
CPC分类号： H04L63/04 , G06F21/55 , H04L63/08
摘要： A communications system includes a physical layer hardware unit and a processing unit. The physical layer hardware unit is adapted to communicate data over a communications channel in accordance with assigned transmission parameters. The physical layer hardware unit is adapted to receive an incoming signal over the communications channel and sample the incoming signal to generate a digital received signal. The processing unit is adapted to execute a standard mode driver in a standard mode of operation and a privileged mode driver in a privileged mode of operation. The standard mode driver includes program instructions adapted to extract control codes from the digital received signal and configure the physical layer hardware assigned transmission parameters based on the control codes. The privileged mode driver includes program instructions adapted to independently extract secure control codes from the digital received signal, determine an operational characteristic of the physical layer hardware unit, and signal a security violation in response to the operational characteristic being inconsistent with the secure control codes.
摘要翻译：通信系统包括物理层硬件单元和处理单元。物理层硬件单元适于根据分配的传输参数在通信信道上传送数据。物理层硬件单元适于通过通信信道接收输入信号并对输入信号进行采样以产生数字接收信号。处理单元适于在标准操作模式下执行标准模式驱动器，并且在特权操作模式下执行特权模式驱动器。标准模式驱动器包括适于从数字接收信号中提取控制代码的程序指令，并且基于控制代码配置分配了传输参数的物理层硬件。特权模式驱动器包括适于从数字接收信号独立地提取安全控制代码的程序指令，确定物理层硬件单元的操作特性，并且响应于与安全控制代码不一致的操作特性来发出安全冲突信号。

28. 发明授权

US06889308B1 Method and apparatus for protecting page translations 失效
标题翻译：用于保护页面翻译的方法和装置
公开(公告)号：US06889308B1
公开(公告)日：2005-05-03
申请号：US10051448
申请日：2002-01-18
申请人： Rodney W. Schmidt , Brian C. Barnes , Geoffrey S. Strongin
发明人： Rodney W. Schmidt , Brian C. Barnes , Geoffrey S. Strongin
IPC分类号： G06F12/10 , G06F12/14 , G06F12/00
CPC分类号： G06F12/145 , G06F12/10
摘要： In one aspect of the present invention, an apparatus for converting a virtual address to a physical address is provided. The apparatus comprises a comparator, a first mechanism, and a second mechanism. The comparator is adapted to receive the virtual address and deliver a first signal indicating that the virtual address is outside a first preselected range, and a second signal indicating that the virtual address is within the first preselected range. The first mechanism is adapted to generate a first physical address from the virtual address in response to receiving the first signal, and the second mechanism is adapted to generate a second physical address from the virtual address in response to receiving the second signal.
摘要翻译：在本发明的一个方面，提供一种用于将虚拟地址转换为物理地址的装置。该装置包括比较器，第一机构和第二机构。比较器适于接收虚拟地址并传送指示虚拟地址在第一预选范围之外的第一信号，以及指示虚拟地址在第一预选范围内的第二信号。第一机制适于响应于接收到第一信号而从虚拟地址生成第一物理地址，并且第二机制适于响应于接收第二信号而从虚拟地址生成第二物理地址。

29. 发明授权

US06823433B1 Memory management system and method for providing physical address based memory access security 有权
标题翻译：用于提供基于物理地址的内存访问安全性的内存管理系统和方法
公开(公告)号：US06823433B1
公开(公告)日：2004-11-23
申请号：US10010569
申请日：2001-11-13
申请人： Brian C. Barnes , Geoffrey S. Strongin , Rodney W. Schmidt
发明人： Brian C. Barnes , Geoffrey S. Strongin , Rodney W. Schmidt
IPC分类号： G06F1208
CPC分类号： G06F12/1491
摘要： A memory management unit (MMU) is disclosed for managing a memory storing data arranged within a plurality of memory pages. The MMU includes a security check unit (SCU) receiving a physical address generated during execution of a current instruction. The physical address resides within a selected memory page. The SCU uses the physical address to access one or more security attribute data structures located in the memory to obtain a security attribute of the selected memory page, compares a numerical value conveyed by a security attribute of the current instruction to a numerical value conveyed by the security attribute of the selected memory page, and produces an output signal dependent upon a result of the comparison. The MMU accesses the selected memory page dependent upon the output signal. The security attribute of the selected memory page may include a security context identification (SCID) value indicating a security context level of the selected memory page. The security attribute of the current instruction may include an SCID value indicating a security context level of a memory page containing the current instruction. A central processing unit (CPU) is described including an execution unit and the MMU. A computer system is described including the memory, the CPU, and the MMU. A method is described for providing access security for a memory used to store data arranged within a plurality of memory pages. The method may be embodied within the MMU.
摘要翻译：公开了一种存储器管理单元（MMU），用于管理存储布置在多个存储器页内的数据的存储器。 MMU包括接收当前指令执行期间产生的物理地址的安全检查单元（SCU）。物理地址驻留在选定的存储器页面中。 SCU使用物理地址来访问位于存储器中的一个或多个安全属性数据结构，以获得所选择的存储器页面的安全属性，将由当前指令的安全属性传递的数值与由所选择的存储器页面的安全属性，并且根据比较的结果产生输出信号。 MMU根据输出信号访问所选择的存储器页面。所选择的存储器页面的安全属性可以包括指示所选择的存储器页面的安全上下文级别的安全上下文标识（SCID）值。当前指令的安全属性可以包括指示包含当前指令的存储器页的安全上下文级别的SCID值。描述包括执行单元和MMU的中央处理单元（CPU）。描述了包括存储器，CPU和MMU的计算机系统。描述了一种用于提供用于存储布置在多个存储器页内的数据的存储器的访问安全性的方法。该方法可以体现在MMU内。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式