Method for processing a transaction from a communications terminal
US-2017357960-A1 · Dec 14, 2017 · US
Exclusive execution environment within a system-on-a-chip computing system
US10628611B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10628611-B2 |
| Application number | US-201615344384-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 4, 2016 |
| Priority date | Nov 4, 2016 |
| Publication date | Apr 21, 2020 |
| Grant date | Apr 21, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Exemplary features pertain to establishing an Exclusive Execution Environment domain that Trusted Execution Zone components are forbidden to access. In one example, a system-on-a-chip (SoC) is equipped with a Reduced Instruction Set Computing (RISC) processor along with an application DSP (ADSP) and/or Graphics Processing Unit (GPU), where the ADSP and/or GPU is configured to provide and enforce the Exclusive Execution Environment domain. By forbidding access to Trusted Execution Zone components, security can be enhanced, especially within minimally-equipped devices that do not have the resources to implement a full Trust Execution Environment, such as low-power devices associated with the Internet of Things (IoT). Among other features, the systems and methods described herein allow application clients to build exclusive execution environments and claim exclusive access to buffer objects and hardware resource groups. Method and apparatus examples are provided.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for use by a processor for of a computing system equipped with a trusted execution environment, the method comprising: designating a portion of a memory space of the computing system as an exclusive execution environment domain that components of the trusted execution environment are forbidden to access; protecting the portion of the memory space against any compromised components of the trusted execution environment by preventing access by components of the trusted execution environment to the exclusive execution environment domain; and accessing the portion of the memory space of the exclusive execution environment domain using only components of the exclusive execution environment domain. 2. The method of claim 1 , wherein the computing system has a core processor and a digital signal processor (DSP) and the method is performed by the DSP to forbid access to the exclusive execution environment domain by components of the core processor. 3. The method of claim 2 , wherein the core processor is a reduced instruction set computing (RISC) processor and the method is performed by the DSP to forbid access to the exclusive execution environment domain by components of the RISC processor. 4. The method of claim 2 , wherein the exclusive execution environment domain is enforced by a hardware component of the DSP that provides slave-side protection of a memory device providing the memory space. 5. The method of claim 2 , further including providing a master-side bypass to a memory device providing the memory space to permit components of the DSP to access the exclusive execution environment domain. 6. The method of claim 2 , wherein the exclusive execution environment domain is designated by the DSP while bootstrapping from a local read only memory (ROM) without depending on a system software stack in the trusted execution environment for a Chain of Trust. 7. The method of claim 1 , further including confirming the exclusivity of the exclusive execution environment domain by having a component of the trusted execution environment attempt to access the exclusive execution environment domain. 8. A device comprising: a memory device; a trusted execution environment; and a processor coupled to the memory device, the processor configured to: designate a portion of a memory space of the memory device as an exclusive execution environment domain that the components of the trusted execution environment are forbidden to access; protect the portion of the memory space against any compromised components of the trusted execution environment by preventing access by components of the trusted execution environment to the exclusive execution environment domain; and access the portion of the memory space of the exclusive execution environment domain using only components of the exclusive execution environment domain. 9. The device of claim 8 , wherein the device has a core processor and a digital signal processor (DSP) and wherein the DSP is configured to forbid access to the exclusive execution environment domain by components of the core processor. 10. The device of claim 9 , wherein the core processor is a reduced instruction set computing (RISC) processor and wherein the DSP is configured to forbid access to the exclusive execution environment domain by components of the RISC processor. 11. The device of claim 9 , wherein the DSP is further configured to enforce the exclusive execution environment domain using a hardware component of the DSP that provides slave-side protection of the memory device providing the memory space. 12. The device of claim 9 , wherein the device includes a Memory Processor Unit (MPU) configured to provide a master-side bypass to the memory device to permit components of the DSP to access the exclusive execution environment domain. 13. The device of claim 9 , wherein the DSP is configured to designate the exclusive execution environment domain by bootstrapping from a local read only memory (ROM) without depending on a system software stack in the trusted execution environment for a Chain of Trust. 14. The device of claim 8 , wherein the processor is configured to confirm the exclusivity of the exclusive execution environment domain by controlling a component of the trusted execution environment to attempt to access the exclusive execution environment domain. 15. The device of claim 8 , wherein the processor does not implement a full version of the trusted execution environment. 16. A device for use with a processor of a computing system equipped with a trusted execution environment, the device comprising: means for designating a portion of a memory space of the computing system as an exclusive execution environment domain that components of the trusted execution environment are forbidden to access; means for protecting the portion of the memory space against any compromised components of the trusted execution environment by preventing access by components of the trusted execution environment to the exclusive execution environment domain; and means for accessing the portion of the memory space of the exclusive execution environment domain using only components of the exclusive execution environment domain. 17. The device of claim 16 , wherein the computing system has a core processor and a digital signal processor (DSP) and wherein the DSP includes means for forbidding access to the exclusive execution environment domain by components of the core processor. 18. The device of claim 17 , wherein the core processor is a reduced instruction set computing (RISC) processor and the DSP includes means for forbidding access to the exclusive execution environment domain by components of the RISC processor. 19. The device of claim 17 , further comprising means for slave-side protection of a memory device providing the exclusive execution environment domain. 20. The device of claim 17 , further comprising means for providing a master-side bypass to a memory device providing the memory space to permit components of the DSP to access the exclusive execution environment domain. 21. The device of claim 17 , wherein the DSP includes means for bootstrapping from a local read only memory (ROM) without depending on a system software stack in the trusted execution environment for a Chain of Trust. 22. The device of claim 16 , further comprising means for confirming the exclusivity of the exclusive execution environment domain by having a component of the trusted execution environment attempt to access the exclusive execution environment domain. 23. A non-transitory machine-readable storage medium for use with a computing system equipped with a trusted execution environment, the machine-readable storage medium having one or more instructions which when executed by at least one processing circuit of the computing system causes the at least one processing circuit to: designate a portion of a memory space of the computing system as an exclusive execution environment domain that components of the trusted execution environment are forbidden to access; protect the portion of the memory space against any compromised components of the trusted execution environment by preventing access by components of the trusted execution environment to the exclusive execution environment domain; and access the portion of the memory space of the exclusive execution environment domain using only components of the exclusive execution environment domain.
Assignees
Inventors
Classifications
- G06F21/71Primary
to assure secure computing or processing of information · CPC title
in semiconductor storage media, e.g. directly-addressable memories · CPC title
to assure secure storage of data (address-based protection against unauthorised use of memory G06F12/14; record carriers for use with machines and with at least a part designed to carry digital markings G06K19/00) · CPC title
Restricted operating environment · CPC title
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10628611B2 cover?
- Exemplary features pertain to establishing an Exclusive Execution Environment domain that Trusted Execution Zone components are forbidden to access. In one example, a system-on-a-chip (SoC) is equipped with a Reduced Instruction Set Computing (RISC) processor along with an application DSP (ADSP) and/or Graphics Processing Unit (GPU), where the ADSP and/or GPU is configured to provide and enforc…
- Who is the assignee on this patent?
- Qualcomm Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/71. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 21 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).