专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07849310B2 Switching between secure and non-secure processing modes 有权
标题翻译：在安全和非安全的处理模式之间切换
公开(公告)号：US07849310B2
公开(公告)日：2010-12-07
申请号：US10714518
申请日：2003-11-17
申请人： Simon Charles Watt , Christopher Bentley Dornan , Luc Orion , Nicolas Chaussade , Lionel Belnet , Stephane Eric Sebastien Brochier
发明人： Simon Charles Watt , Christopher Bentley Dornan , Luc Orion , Nicolas Chaussade , Lionel Belnet , Stephane Eric Sebastien Brochier
IPC分类号： H04L29/00 , H04L29/02 , H04L29/04 , H04L29/06
CPC分类号： G06F21/52 , G06F9/3012 , G06F9/30123 , G06F9/45558 , G06F21/74 , G06F2009/45587 , G06F2221/2105 , H04L67/125
摘要： A data processing system including a processor operable in a plurality of modes and in either a secure domain or a non-secure domain. The system includes at least one secure mode being a mode in the secure domain, at least one non-secure mode being a mode in the non-secure domain, and a monitor mode. When the processor is executing a program in a secure mode the program has access to secure data which is not accessible when the processor is operating in a non-secure mode. Switching between the secure and non-secure modes takes place via the monitor mode and the processor is operable at least partially in the monitor mode to execute a monitor program managing switching between the secure and non-secure modes.
摘要翻译：一种数据处理系统，包括可以以多种模式操作并且在安全域或非安全域中的处理器。该系统包括至少一个安全模式是安全域中的模式，至少一个非安全模式是非安全域中的模式，以及监视模式。当处理器以安全模式执行程序时，程序可以访问当处理器以非安全模式运行时无法访问的安全数据。在安全模式和非安全模式之间切换通过监视器模式进行，并且处理器至少部分地在监视器模式下操作，以执行管理安全模式和非安全模式之间的切换的监视器程序。

2. 发明授权

US07849296B2 Monitoring control for monitoring at least two domains of multi-domain processors 有权
标题翻译：用于监控多域处理器的至少两个域的监视控制
公开(公告)号：US07849296B2
公开(公告)日：2010-12-07
申请号：US10714483
申请日：2003-11-17
申请人： Simon Charles Watt , Luc Orion
发明人： Simon Charles Watt , Luc Orion
IPC分类号： G06F7/38 , G06F9/00 , G06F9/44 , G06F15/00
CPC分类号： G06F21/52 , G06F9/30076 , G06F21/74 , G06F2221/2101 , G06F2221/2105 , G06F2221/2141 , G06F2221/2149 , G06F2221/2153
摘要： There is provided a method of controlling a monitoring function of a processor, the processor being operable in at least two domains, comprising a first domain and a second domain, the first and second domains each comprising at least one mode, the method comprising the steps of: setting at least one control value, the at least one control value relating to a condition and being indicative of whether the monitoring function is allowable in the first domain; and only allowing initiation of the monitoring function in the first domain when the condition is present if its related control value indicates that the monitoring function is allowable. In some embodiments the first domain is a secure domain and the monitoring function is a debug or trace function.
摘要翻译：提供了一种控制处理器的监视功能的方法，所述处理器可在包括第一域和第二域的至少两个域中操作，所述第一域和第二域各自包括至少一个模式，所述方法包括步骤设置至少一个控制值，所述至少一个控制值与条件相关，并且指示所述监视功能是否在所述第一域中是可允许的; 并且仅当相关控制值指示监视功能是可允许时才允许在存在条件时启动第一域中的监视功能。在一些实施例中，第一域是安全域，监视功能是调试或跟踪功能。

3. 发明申请

US20090235092A1 Transferring data values via a data bus or storing data values using a selectable representation 有权
标题翻译：通过数据总线传输数据值或使用可选择的表示存储数据值
公开(公告)号：US20090235092A1
公开(公告)日：2009-09-17
申请号：US12453219
申请日：2009-05-01
申请人： Simon Charles Watt
发明人： Simon Charles Watt
IPC分类号： G06F11/30
CPC分类号： H04L12/417
摘要： Data values being stored and transferred within a data processing system 8 have a selectable representation, such as true and complement, as indicated by an accompanying representation specifying bit. This assists in obscuring the operation and the power signature of the device in a manner that improves security.
摘要翻译：在数据处理系统8内存储和传送的数据值具有如伴随的表示指定位所指示的可选表示，例如真和补。这有助于以提高安全性的方式掩盖设备的操作和功能签名。

4. 发明授权

US07340573B2 Apparatus and method for controlling access to a memory unit 有权
标题翻译：用于控制对存储器单元的访问的装置和方法
公开(公告)号：US07340573B2
公开(公告)日：2008-03-04
申请号：US10714481
申请日：2003-11-17
申请人： Simon Charles Watt
发明人： Simon Charles Watt
IPC分类号： G06F12/00
CPC分类号： G06F12/1491 , G06F12/0802
摘要： The present invention provides a data processing apparatus and method for controlling access to a memory unit. The data processing apparatus comprises a processor operable in a plurality of modes and a plurality of domains, said plurality of domains comprising a secure domain and a non-secure domain, said plurality of modes including at least one non-secure mode being a mode in the non-secure domain and at least one secure mode being a mode in the secure domain. The processor is operable such that when executing a program in a secure mode the program has access to secure data which is not accessible when the processor is operating in a non-secure mode. A memory unit is also provided that comprises a plurality of entries and is operable to store data required by the processor. Each entry is operable to store one or more data items consisting of either secure data or non-secure data, and a flag is associated with each entry in the memory unit to store a value indicating whether the one or more data items stored in the associated entry are secure data or non-secure data. When the processor is operating in the at least one non-secure mode, the memory unit is operable, upon receipt of a memory access request issued by the processor when access to an item of data is required, to prevent access to any data item within an entry of the memory unit that the associated flag indicates has secure data stored therein.
摘要翻译：本发明提供一种用于控制对存储器单元的访问的数据处理装置和方法。数据处理装置包括可以多个模式操作的处理器和多个域，所述多个域包括安全域和非安全域，所述多个模式包括至少一个非安全模式，非安全域和至少一个安全模式是安全域中的模式。处理器是可操作的，使得当以安全模式执行程序时，程序可以访问当处理器以非安全模式操作时不可访问的安全数据。还提供了一种存储单元，其包括多个条目并且可操作以存储处理器所需的数据。每个条目可操作以存储由安全数据或非安全数据组成的一个或多个数据项，并且标志与存储器单元中的每个条目相关联，以存储指示存储在相关联中的一个或多个数据项的值条目是安全数据或非安全数据。当处理器以至少一个非安全模式操作时，存储器单元可操作地在接收到需要访问数据项时由处理器发出的存储器访问请求，以防止访问任何数据项关联标志指示的存储单元的条目具有存储在其中的安全数据。

5. 发明授权

US07325083B2 Delivering data processing requests to a suspended operating system 有权
标题翻译：向挂起的操作系统提供数据处理请求
公开(公告)号：US07325083B2
公开(公告)日：2008-01-29
申请号：US10714516
申请日：2003-11-17
申请人： Simon Charles Watt , Christopher Bentley Dornan , Luc Orion , Nicolas Chaussade , Lionel Belnet , Stephane Eric Brochier , David Hennah Mansell , Dominic Hugo Symes
发明人： Simon Charles Watt , Christopher Bentley Dornan , Luc Orion , Nicolas Chaussade , Lionel Belnet , Stephane Eric Brochier , David Hennah Mansell , Dominic Hugo Symes
IPC分类号： G06F13/24
CPC分类号： G06F9/4812 , G06F9/45558 , G06F2009/45575 , G06F2009/45587
摘要： In a system supporting more than one operating system, a data processing thread executing on a first operating system may be subject to an interrupt which triggers interrupt handling on a second operating system. When that interrupt handling is completed on the second operating system, the first operating system is resumed using a return interrupt. The return interrupt specifies the data processing thread which is active on the second operating system such that an appropriate task switch or resumption may be made on the first operating system. The technique is particularly well suited to systems utilising a secure operating system and a non-secure operating system executing on the same hardware.
摘要翻译：在支持多个操作系统的系统中，在第一操作系统上执行的数据处理线程可能受到在第二操作系统上触发中断处理的中断。当在第二操作系统上完成该中断处理时，使用返回中断恢复第一操作系统。返回中断指定在第二操作系统上活动的数据处理线程，使得可以在第一操作系统上进行适当的任务切换或恢复。该技术特别适用于利用在相同硬件上执行的安全操作系统和非安全操作系统的系统。

6. 发明授权

US07305712B2 Security mode switching via an exception vector 有权
标题翻译：安全模式通过异常向量切换
公开(公告)号：US07305712B2
公开(公告)日：2007-12-04
申请号：US10714563
申请日：2003-11-17
申请人： Simon Charles Watt , Christopher Bentley Dornan , Luc Orion , Nicolas Chaussade , Lionel Belnet , Stephane Eric Sebastien Brochier
发明人： Simon Charles Watt , Christopher Bentley Dornan , Luc Orion , Nicolas Chaussade , Lionel Belnet , Stephane Eric Sebastien Brochier
IPC分类号： G06F17/30 , G06F15/00
CPC分类号： G06F9/4812 , G06F9/30123 , G06F21/74 , G06F21/79 , G06F2221/2105 , G06F2221/2149
摘要： There is a provided a data processing system comprising: a processor operable in a plurality of modes and either a secure domain or a non-secure domain including: at least one secure mode being a mode in said secure domain; and at least one non-secure mode being a mode in said non-secure domain; wherein when said processor is executing a program in a secure mode said program has access to secure data which is not accessible when said processor is operating in a non-secure mode; and wherein said processor is responsive to a switching request to initiate a switch between a secure mode and a non-secure mode under control of a mode switching program starting at a location specified by an exception vector associated with said switching request.
摘要翻译：提供了一种数据处理系统

7. 发明授权

US07231476B2 Function control for a processor 有权
标题翻译：一个处理器的功能控制
公开(公告)号：US07231476B2
公开(公告)日：2007-06-12
申请号：US10714480
申请日：2003-11-17
申请人： Simon Charles Watt , Luc Orion , Nicolas Chaussade
发明人： Simon Charles Watt , Luc Orion , Nicolas Chaussade
IPC分类号： G06F11/30
CPC分类号： G06F9/468
摘要： A processor operable to perform a plurality of functions, the processor comprising: an input port; a storage element operable to receive and to store an input signal input via the input port, the input signal comprising at least one control value; control logic operable to control at least one of the functions of the processor in dependence on the at least one control value; and access logic operable to receive an access control signal and to disable access via the input port to the at least one control value stored in the storage element in dependence upon the access control signal.
摘要翻译：一种可操作以执行多个功能的处理器，所述处理器包括：输入端口; 存储元件，其可操作以接收并存储经由所述输入端口输入的输入信号，所述输入信号包括至少一个控制值; 控制逻辑可操作以根据所述至少一个控制值来控制所述处理器的功能中的至少一个; 以及访问逻辑，其可操作以接收访问控制信号，并且根据访问控制信号禁止通过输入端口访问存储在存储元件中的至少一个控制值。

8. 发明授权

US06272033B1 Status bits for cache memory 有权
标题翻译：高速缓存的状态位
公开(公告)号：US06272033B1
公开(公告)日：2001-08-07
申请号：US09512329
申请日：2000-02-24
申请人： Simon Charles Watt
发明人： Simon Charles Watt
IPC分类号： G11C1500
CPC分类号： G11C15/00 , G06F12/0802 , G06F12/0891 , G11C15/04
摘要： Data processing apparatuses provided comprising a memory operable to store a plurality of data words, each data word being associated with at least one status bit giving information regarding a status of said data word; a status bit store operable to store said status bits within a hierarchical relationship such that a combined status relating to a plurality of first level status bits at a first level within said hierarchical relationship is indicated by a second level status bit at a second level within said hierarchical relationship, said second level being higher in said hierarchical relationship than said first level; and status querying logic operative to determine a status of a data word within said memory by examining status bits within said status bit store starting at a top level within said hierarchical relationship and working down through said hierarchical relationship until a status bit is reached that indicates said status of said data word independently of any status bits lower in said hierarchical relationship. In this way a global or large-scale change to status bits may be made by modifying relatively few higher level status bits within the hierarchical relationship thereby achieving a high speed change with reduced levels of special purpose hardware being required.
摘要翻译：提供的数据处理装置包括可操作以存储多个数据字的存储器，每个数据字与至少一个提供关于所述数据字状态的信息的状态位相关联; 状态位存储器，用于将所述状态位存储在分级关系中，使得与所述分级关系中的第一级的多个第一级状态位有关的组合状态由所述分层关系中的第二级的第二级状态位指示所述第二级别在所述层级关系中高于所述第一级别; 以及状态查询逻辑，用于通过从所述层级关系中的顶层开始检查所述状态位存储中的状态位，并通过所述分级关系来确定所述存储器内的数据字的状态，直到达到表示所述层级关系的状态位所述数据字的状态与所述分级关系中的任何状态位无关。以这种方式，可以通过修改分层关系内的相对较少的较高级别的状态位来进行对状态位的全局或大规模改变，从而实现需要降低专用硬件水平的高速变化。

9. 发明授权

US5903732A Trusted gateway agent for web server programs 失效
标题翻译： Web服务器程序的可信网关代理
公开(公告)号：US5903732A
公开(公告)日：1999-05-11
申请号：US675132
申请日：1996-07-03
申请人： Mark Joseph Reed , David A. Arnovitz , Charles Watt , William Reese Jacobs
发明人： Mark Joseph Reed , David A. Arnovitz , Charles Watt , William Reese Jacobs
IPC分类号： H04L29/06 , H04L29/08 , G06F13/38 , G06F15/17
CPC分类号： H04L29/06 , H04L63/102 , H04L67/02 , H04L67/42
摘要： The present invention is a secure Web platform (SWP) implementing a mandatory access control policy to enable a plurality of remote users operating Web browsers Internet access to CGI applications in response to HyperText Transfer Protocol (HTTP) requests. The SWP employs a computer having a compartmentalized process and file structure separated in accordance with a mandatory access control policy into an outside compartment comprising a Web server having a root directory chrooted to a directory tree containing only the minimal set of files required to interface the SWP with the Internet, and an inside compartment comprising a plurality of CGI applications having root directories chrooted to a directory separate from the Web server such that the Web server cannot communicate directly with the CGI applications, and a trusted gateway agent for communicating between the Web server and the CGI applications.
摘要翻译：本发明是一种安全的Web平台（SWP），其实施强制性访问控制策略，以使多个远程用户能够响应于超文本传输协议（HTTP）请求来操作Web浏览器对CGI应用的因特网访问。 SWP使用具有根据强制性访问控制策略分离的划分的进程和文件结构的计算机到外部隔间，该外部隔间包括具有根目录的根服务器的Web服务器，该目录树仅包含接口SWP所需的最小文件集以及包含多个CGI应用程序的内部隔间，所述CGI应用程序具有根目录，该根目录被链接到与Web服务器分离的目录，使得Web服务器不能与CGI应用程序直接通信，以及用于在Web服务器之间进行通信的信任网关代理和CGI应用程序。

10. 发明授权

US5802598A Data memory access control and method using fixed size memory sections that are sub-divided into a fixed number of variable size sub-sections 失效
标题翻译：数据存储器访问控制和使用固定大小的存储器部分的方法，其被细分为固定数量的可变大小子部分
公开(公告)号：US5802598A
公开(公告)日：1998-09-01
申请号：US538291
申请日：1995-10-02
申请人： Simon Charles Watt
发明人： Simon Charles Watt
IPC分类号： G06F12/02 , G06F12/14 , G06F12/00
CPC分类号： G06F12/0292
摘要： A data processing system and method include an address space which is controlled by a memory management unit and which is treated as being divided into main-sections (chunks) and sub-sections (grains). The grains may be configured to be of one of a selected number of sizes. Irrespective of the grain size, there is a fixed number of grains within each chunk. A bank of grain registers 20 stores access control parameters for each grain. In operation, a memory address (va�31:0!) is decoded to determine which chunk it relates to so that the grain size for that chunk may be determined. Having determined the grain size, the rest of the address may be decoded to pick out the grain in which the address is located, and then the access control parameters for that grain are recovered.
摘要翻译：数据处理系统和方法包括由存储器管理单元控制并被分为主要部分（块）和子部分（颗粒））的地址空间。颗粒可以被配置为选定数量的尺寸之一。不管颗粒大小，每个块内都有固定数量的颗粒。一批谷物寄存器20存储每个谷物的访问控制参数。在操作中，对存储器地址（va [31：0]）进行解码以确定其相关的块，从而可以确定该块的粒度。确定了粒度后，地址的其余部分可以被解码以拾取地址所在的粒度，然后恢复该粒度的访问控制参数。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式