专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20090193230A1 COMPUTER SYSTEM INCLUDING A MAIN PROCESSOR AND A BOUND SECURITY COPROCESSOR 审中-公开
标题翻译：包括一个主处理器和一个重要的安全性共同计算机的计算机系统
公开(公告)号：US20090193230A1
公开(公告)日：2009-07-30
申请号：US12022446
申请日：2008-01-30
申请人： Ralf Findeisen , Geoffrey S. Strongin , Andrew R. Rawson , Garth D. Hillman , Gary H. Simpson
发明人： Ralf Findeisen , Geoffrey S. Strongin , Andrew R. Rawson , Garth D. Hillman , Gary H. Simpson
IPC分类号： G06F15/80
CPC分类号： G06F21/74 , G06F21/445 , G06F21/575 , G06F21/71 , G06F2221/2101 , G06F2221/2105
摘要： A computer system includes a main processor and a security control processor that is coupled to the main processor and configured to control and monitor an operational state of the main processor. To ensure the computer system may be trusted, the security control processor may be configured to hold the main processor in a slave mode during initialization of the security control processor such that the main processor is not operable to fetch and execute instructions from an instruction source external to the main processor, for example. In addition, the security control processor may be configured to initialize the operational state of the main processor to a predetermined state by transferring to the main processor via a control interface one or more instructions and to cause the main processor to execute the one or more instructions while the main processor is held in the slave mode.
摘要翻译：计算机系统包括主处理器和安全控制处理器，其连接到主处理器并且被配置为控制和监视主处理器的操作状态。为了确保计算机系统可以被信任，安全控制处理器可以被配置为在安全控制处理器的初始化期间将主处理器保持在从模式，使得主处理器不可操作地从指令源外部获取和执行指令以主处理器为例。此外，安全控制处理器可以被配置为通过经由控制接口将一个或多个指令传送到主处理器来将主处理器的操作状态初始化到预定状态，并且使主处理器执行一个或多个指令而主处理器则保持在从模式。

2. 发明授权

US07739498B2 Method and apparatus for multi-table accessing of input/output devices using target security 有权
标题翻译：使用目标安全性对输入/输出设备进行多表访问的方法和装置
公开(公告)号：US07739498B2
公开(公告)日：2010-06-15
申请号：US10047188
申请日：2002-01-15
申请人： Brian C. Barnes , Geoffrey S. Strongin , Rodney W. Schmidt
发明人： Brian C. Barnes , Geoffrey S. Strongin , Rodney W. Schmidt
IPC分类号： H04L9/32
CPC分类号： G06F12/1491
摘要： A method and an apparatus for performing an I/O device access using targeted security. A software object is executed. A security level for the software object is established. A multi-table input/output (I/O) space access is performed using at least one of the security levels. The function of the object is executed.
摘要翻译：一种使用目标安全性执行I / O设备访问的方法和装置。执行软件对象。建立软件对象的安全级别。使用至少一个安全级别来执行多表输入/输出（I / O）空间访问。执行对象的功能。

3. 发明授权

US07543131B2 Controlling an I/O MMU 有权
标题翻译：控制I / O MMU
公开(公告)号：US07543131B2
公开(公告)日：2009-06-02
申请号：US11503390
申请日：2006-08-11
申请人： Mark D. Hummel , Andrew W. Lueck , Geoffrey S. Strongin , Mitchell Alsup , Michael J. Haertel
发明人： Mark D. Hummel , Andrew W. Lueck , Geoffrey S. Strongin , Mitchell Alsup , Michael J. Haertel
IPC分类号： G06F12/08
CPC分类号： G06F12/1081 , G06F12/1027 , G06F12/145
摘要： In an embodiment, a computer system comprises a processor; a memory management module comprising a plurality of instructions executable on the processor; a memory coupled to the processor; and an input/output memory management unit (IOMMU) coupled to the memory. The IOMMU is configured to implement address translation and memory protection for memory operations sourced by one or more input/output (I/O) devices. The memory stores a command queue during use. The memory management module is configured to write one or more control commands to the command queue, and the IOMMU is configured to read the control commands from the command queue and execute the control commands.
摘要翻译：在一个实施例中，计算机系统包括处理器; 存储器管理模块，包括可在所述处理器上执行的多个指令; 耦合到处理器的存储器; 以及耦合到存储器的输入/输出存储器管理单元（IOMMU）。 IOMMU被配置为对由一个或多个输入/输出（I / O）设备提供的存储器操作实现地址转换和存储器保护。内存在使用过程中存储命令队列。存储器管理模块被配置为将一个或多个控制命令写入命令队列，并且IOMMU被配置为从命令队列读取控制命令并执行控制命令。

4. 发明授权

US07516247B2 Avoiding silent data corruption and data leakage in a virtual environment with multiple guests 有权
标题翻译：避免在具有多个guest虚拟机的虚拟环境中静默的数据损坏和数据泄露
公开(公告)号：US07516247B2
公开(公告)日：2009-04-07
申请号：US11503391
申请日：2006-08-11
申请人： Mark D. Hummel , Andrew W. Lueck , Geoffrey S. Strongin , Mitchell Alsup , Michael J. Haertel
发明人： Mark D. Hummel , Andrew W. Lueck , Geoffrey S. Strongin , Mitchell Alsup , Michael J. Haertel
IPC分类号： G06F3/00 , G06F5/00 , G06F13/00
CPC分类号： G06F12/1081 , G06F12/1027 , G06F2212/683
摘要： In an embodiment, an input/output memory management unit (IOMMU) is configured to receive a completion wait command defined to ensure that one or more preceding invalidation commands are completed by the IOMMU prior to a completion of the completion wait command. The IOMMU is configured to respond to the completion wait command by delaying completion of the completion wait command until: (1) a read response corresponding to each outstanding memory read operation that depends on a translation entry that is invalidated by the preceding invalidation commands is received; and (2) the control unit transmits one or more operations upstream to ensure that each memory write operation that depends on the translation table entry that is invalidated by the preceding invalidation commands has at least reached a bridge to a coherent fabric in the computer system and has become visible to the system.
摘要翻译：在一个实施例中，输入/输出存储器管理单元（IOMMU）被配置为接收定义的完成等待命令，以在完成等待命令完成之前确保由IOMMU完成一个或多个以前的无效命令。 IOMMU被配置为通过延迟完成等待命令的完成来响应完成等待命令，直到：（1）接收与取决于由前述无效命令无效的转换条目的每个未完成存储器读操作对应的读响应 ; （2）控制单元向上游发送一个或多个操作，以确保依赖于由前述无效命令无效的转换表项的每个存储器写入操作至少达到计算机系统中的相干结构的桥接，以及已经变得对系统可见。

5. 发明授权

US07426644B1 System and method for handling device accesses to a memory providing increased memory access security 有权
标题翻译：用于处理对存储器的设备访问的系统和方法，其提供增加的存储器访问安全性
公开(公告)号：US07426644B1
公开(公告)日：2008-09-16
申请号：US10011151
申请日：2001-12-05
申请人： Geoffrey S. Strongin , Brian C. Barnes , Rodney W. Schmidt
发明人： Geoffrey S. Strongin , Brian C. Barnes , Rodney W. Schmidt
IPC分类号： G06F21/00 , G06F21/22
CPC分类号： G06F12/1441 , G06F12/1491
摘要： A host bridge is described including a memory controller and a security check unit. The memory controller is adapted for coupling to a memory storing data arranged within a multiple memory pages. The memory controller receives memory access signals (e.g., during a memory access), and responds to the memory access signals by accessing the memory. The security check unit receives the memory access signals, wherein the memory access signals convey a physical address within a target memory page. The security check unit uses the physical address to access one or more security attribute data structures located in the memory to obtain a security attribute of the target memory page. The security check unit provides the memory access signals to the memory controller dependent upon the security attribute of the target memory page. A computer system is described including a memory storing data arranged within a multiple memory pages, a device operably coupled to the memory and configurable to produce memory access signals, the above described host bridge. The computer system may have, for example, a central processing unit (CPU) including a memory management unit (MMU) operably coupled to the memory and configured to manage the memory. The memory management unit (MMU) may manage the memory such that the memory stores the data arranged within the multiple memory pages. A method is disclosed for providing access security for a memory used to store data arranged within a multiple memory pages.
摘要翻译：描述了主桥，包括存储器控制器和安全检查单元。存储器控制器适于耦合到存储多个存储器页中布置的数据的存储器。存储器控制器接收存储器访问信号（例如，在存储器访问期间），并且通过访问存储器来响应存储器访问信号。安全检查单元接收存储器访问信号，其中存储器访问信号传达目标存储器页面内的物理地址。安全检查单元使用物理地址访问位于存储器中的一个或多个安全属性数据结构，以获得目标存储器页面的安全属性。安全检查单元根据目标存储器页面的安全属性向存储器控制器提供存储器访问信号。描述了一种计算机系统，包括存储布置在多个存储器页内的数据的存储器，可操作地耦合到存储器并且可配置为产生存储器访问信号的设备，上述主机桥。计算机系统可以具有例如包括可操作地耦合到存储器并被配置为管理存储器的存储器管理单元（MMU）的中央处理单元（CPU）。存储器管理单元（MMU）可以管理存储器，使得存储器存储布置在多个存储器页面中的数据。公开了一种用于提供用于存储布置在多个存储器页内的数据的存储器的访问安全性的方法。

6. 发明授权

US07325250B1 Method and apparatus for preventing radio communication system access by an unauthorized modem 失效
标题翻译：用于防止未经授权的调制解调器的无线电通信系统接入的方法和装置
公开(公告)号：US07325250B1
公开(公告)日：2008-01-29
申请号：US09901421
申请日：2001-07-09
申请人： Michael Barclay , Brian C. Barnes , Terry L. Cole , Rodney Schmidt , David W. Smith , Geoffrey S. Strongin
发明人： Michael Barclay , Brian C. Barnes , Terry L. Cole , Rodney Schmidt , David W. Smith , Geoffrey S. Strongin
IPC分类号： G06F17/00 , H04L9/00 , H04L1/00 , H04M1/66 , H04B7/00 , H04B1/02
CPC分类号： H04W12/08 , H04W92/10
摘要： A method and apparatus for preventing radio communication system access by an unauthorized modem. The apparatus comprises a signal detector that determines if an authorization signal has been received from the base station within a specified period of time. The authorization signal authorizes the apparatus to communicate with the base station. A transmitter transmits information to the base station, and a controller disables the transmitter of the apparatus providing that the authorization signal has not been received within the specified period of time.
摘要翻译：一种用于防止未经授权的调制解调器接入无线电通信系统的方法和装置。该装置包括信号检测器，该信号检测器确定在指定的时间段内是否已经从基站接收到授权信号。授权信号授权设备与基站进行通信。发射机向基站发送信息，并且控制器禁止设备的发射机，只要在指定的时间段内没有接收到授权信号。

7. 发明申请

US20070168641A1 Virtualizing an IOMMU 有权
标题翻译：虚拟化IOMMU
公开(公告)号：US20070168641A1
公开(公告)日：2007-07-19
申请号：US11623626
申请日：2007-01-16
申请人： Mark D. Hummel , Andrew W. Lueck , Geoffrey S. Strongin , Mitchell Alsup , Michael Haertel
发明人： Mark D. Hummel , Andrew W. Lueck , Geoffrey S. Strongin , Mitchell Alsup , Michael Haertel
IPC分类号： G06F12/00
CPC分类号： G06F9/45558 , G06F2009/45579 , G06F2009/45583
摘要： In one embodiment, a system comprises one or more input/output (I/O) devices; an I/O memory management unit (IOMMU) coupled to receive memory requests sourced by the I/O devices and configured to provide address translation for the memory requests; and a virtual machine monitor (VMM) configured to manage one or more virtual machines on the system, wherein the VMM is configured to virtualize the IOMMU, providing one or more virtual IOMMUs for use by one or more virtual machines.
摘要翻译：在一个实施例中，系统包括一个或多个输入/输出（I / O）设备; I / O存储器管理单元（IOMMU），其耦合以接收由所述I / O设备提供的存储器请求，并被配置为提供所述存储器请求的地址转换; 以及被配置为管理所述系统上的一个或多个虚拟机的虚拟机监视器（VMM），其中所述VMM被配置为虚拟化所述IOMMU，提供一个或多个虚拟IOMMU供一个或多个虚拟机使用。

8. 发明授权

US07065654B1 Secure execution box 有权
标题翻译：安全执行箱
公开(公告)号：US07065654B1
公开(公告)日：2006-06-20
申请号：US09852372
申请日：2001-05-10
申请人： Dale E. Gulick , Geoffrey S. Strongin
发明人： Dale E. Gulick , Geoffrey S. Strongin
IPC分类号： H04L9/00
CPC分类号： G06F21/85 , G06F21/72
摘要： A system and method for secure computing. The system includes a processor, one or more secured assets coupled to the processor, and security hardware. The processor is configured to operate in various operating modes, including a secure operating mode. The security hardware is configured to control access to the secured assets dependant upon the operating mode of the processor. The security hardware is configured to allow access to the secure assets in the secure operating mode, preferably only in the secure operating mode. The method includes switching the computer system between operating modes, while allowing or restricting access to the secured assets based on the operating modes. The second operating mode comprises a secure operating mode. The method restricts access to the secured assets in the first operating mode and permits access to the secured assets in the secure operating mode.
摘要翻译：一种用于安全计算的系统和方法。该系统包括处理器，耦合到处理器的一个或多个安全资产以及安全硬件。处理器被配置为在各种操作模式下操作，包括安全操作模式。安全硬件被配置为根据处理器的操作模式控制对安全资产的访问。安全硬件被配置为允许以安全操作模式访问安全资产，优选仅在安全操作模式下。该方法包括在操作模式之间切换计算机系统，同时基于操作模式允许或限制对安全资产的访问。第二操作模式包括安全操作模式。该方法限制了在第一操作模式下对安全资产的访问，并允许以安全操作模式访问安全资产。

9. 发明授权

US06219769B1 Method and system for origin-sensitive memory control and access in data processing systems 有权
标题翻译：数据处理系统中原点敏感存储器控制和访问的方法和系统
公开(公告)号：US06219769B1
公开(公告)日：2001-04-17
申请号：US09208305
申请日：1998-12-09
申请人： Geoffrey S. Strongin , Qadeer A. Qureshi
发明人： Geoffrey S. Strongin , Qadeer A. Qureshi
IPC分类号： G06F1318
CPC分类号： G06F13/1626
摘要： A method and system which improve data processing system memory access. The method and system provide a memory controller having an origin-sensitive memory request reordering device. The origin-sensitive memory request reordering device includes one or more reorder and bank select engines, with at least one of such reorder and bank select engines associated with at least one origin of one or more memory access requests. In one embodiment, the origin of the memory access request is a bus (bus over which one or more memory access requests travel); in another embodiment the origin is a source. The reorder buffers are structured such that the reorder buffers can receive origin information related to specific memory access requests, where such information can include the identity of a source of a specific request, and various attributes of the specific request, such as the priority of the source associated with the request, an ordinal number of the request, the nature of the request, etc. The reorder and bank select engines reorder the requests on the basis of origin and/or origin information related to specific memory access requests in order to present the memory access requests in an efficient memory utilization fashion. In another embodiment, best choice registers communicate with the reorder and bank select engines and select from the reorder buffers the operations which should be next executed in addition to, or in the alternative of, reordering the requests in the reorder buffers.
摘要翻译：改进数据处理系统存储器访问的方法和系统。该方法和系统提供具有原点敏感存储器请求重新排序装置的存储器控制器。原点敏感存储器请求重新排序装置包括一个或多个重新排序和库选择引擎，其中至少一个这样的重新排序和存储体选择引擎与一个或多个存储器访问请求的至少一个来源相关联。在一个实施例中，存储器访问请求的来源是总线（一个或多个存储器访问请求行进的总线）; 在另一个实施例中，起点是源。重排序缓冲器被构造成使得重排序缓冲器可以接收与特定存储器访问请求相关的原始信息，其中这样的信息可以包括特定请求的来源的身份以及特定请求的各种属性，诸如与请求相关联的源，请求的序号，请求的性质等。重新排序和银行选择引擎基于与特定存储器访问请求相关的原始和/或原始信息来重新排序请求，以便呈现存储器访问请求以有效的存储器利用方式。在另一个实施例中，最佳选择寄存器与重新排序和存储库选择引擎进行通信，并且从重新排序缓冲器中选择除了重新排序重排序缓冲器中的请求之外还是替代地，下一步执行的操作。

10. 发明授权

US08135962B2 System and method providing region-granular, hardware-controlled memory encryption 有权
标题翻译：系统和方法提供区域细粒度的硬件控制的存储器加密
公开(公告)号：US08135962B2
公开(公告)日：2012-03-13
申请号：US10108253
申请日：2002-03-27
申请人： Geoffrey S. Strongin , Brian C. Barnes , Rodney Schmidt
发明人： Geoffrey S. Strongin , Brian C. Barnes , Rodney Schmidt
IPC分类号： G06F11/30
CPC分类号： G06F21/6218 , G06F12/1009 , G06F12/1408 , G06F12/1441 , G06F2221/2143
摘要： A memory, system, and method for providing security for data stored within a memory and arranged within a plurality of memory regions. The method includes receiving an address within a selected memory region and using the address to access an encryption indicator. The encryption indicator indicates whether data stored in the selected memory page are encrypted. The method also includes receiving a block of data from the selected memory region and the encryption indicator and decrypting the block of data dependent upon the encryption indicator.
摘要翻译：一种用于为存储在存储器中并被布置在多个存储器区域内的数据提供安全性的存储器，系统和方法。该方法包括在所选择的存储器区域内接收地址并使用地址来访问加密指示符。加密指示符指示存储在所选择的存储器页面中的数据是否被加密。该方法还包括从所选择的存储器区域和加密指示符接收数据块，并依赖于加密指示符解密数据块。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式