Policies for secrets in trusted execution environments
US-2016350561-A1 · Dec 1, 2016 · US
Secure asset management system
US10970401B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10970401-B2 |
| Application number | US-201715594122-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 12, 2017 |
| Priority date | May 17, 2016 |
| Publication date | Apr 6, 2021 |
| Grant date | Apr 6, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In a general aspect, a system can include a processor having a secure mode and a non-secure mode, and a secure module configured to respond to tokens posted by the processor in the secure mode. Each token can identify a secure asset, and source and destination addresses within secure and public address spaces. The secure module can include a memory storing secure assets identifiable by the tokens and a memory access circuit to read data from source addresses and write processed data to destination addresses. The system can further include a cryptography engine configured to process the read data using identified secure assets. The secure module can respond to tokens posted in the non-secure mode. The memory can store, with each secure asset, a respective rule defining the address spaces where the memory access circuit may read and write data. The secure module can ignore tokens that do not satisfy respective rules.
First claim
Opening claim text (preview).
What is claimed is: 1. A data processing system with a trusted execution environment, the data processing system comprising: a host processor configured to operate in a secure mode associated with the trusted execution environment and a non-secure mode; a system bus operationally coupled with the host processor; a resource connected to the system bus, wherein the resource is partitioned into a secure area and a non-secure area, wherein the secure area is accessible using a first set of addresses within a secure address space of the secure area, and wherein the non-secure area is accessible by the host processor operating in the secure mode and the non-secure mode using a second set of addresses within a public address space of the non-secure area; and a secure module connected to the system bus, the secure module being configured to respond to tokens posted by the host processor in the secure mode, wherein a given token of the tokens identifies: a respective secure asset of a plurality of secure assets; respective source addresses within the secure address space of the secure area of the resource; and respective destination addresses within the public address space of the non-secure area of the resource, the secure module including: an internal memory storing the plurality of secure assets identifiable by the tokens; a memory access circuit configured to, for the given token, read data from the resource connected to the system bus using the respective source addresses and write processed data to the resource connected to the system bus using the respective destination addresses; and a cryptography engine configured to, for a given token, process the read data using the respective secure asset, the secure module being further configured to respond to tokens posted by the host processor in the non-secure mode, the internal memory of the secure module storing a respective rule with each secure asset of the plurality of secure assets, the respective rule defining permissions as to the public address space and the secure address space where the memory access circuit is authorized to read data and write data, and the secure module ignores tokens that do not satisfy the permissions defined in the respective rule. 2. The data processing system of claim 1 , further comprising cross-domain rules for tokens posted by the host processor in the non-secure mode, the cross-domain rules allowing for reading data from one of the public address space or the secure address space and writing resulting data to an other of the public address space or the secure address space. 3. The data processing system of claim 2 , wherein a cross-domain rule of the cross-domain rules allows for reading the data from the public address space and writing the resulting data to the secure address space in response to a decryption token. 4. The data processing system of claim 2 , wherein a cross-domain rule of the cross-domain rules allows for reading the data from the secure address space and writing the resulting data to the public address space in response to an encryption token. 5. The data processing system of claim 1 , wherein all rules for the plurality of secure assets, in the non-secure mode, constrain access to the public address space. 6. The data processing system of claim 1 , wherein the respective rule includes a flag identifying one of the secure address space or the public address space, indicating where source data is located, and the respective rule constrains read access to the one of the secure address space or the public address space identified by the flag. 7. The data processing system of claim 1 , wherein the resource is part of a plurality of resources that comprise a system memory area and a secure peripheral.
Assignees
Inventors
Classifications
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
interconnection devices, e.g. bus-connected or in-line devices · CPC title
in semiconductor storage media, e.g. directly-addressable memories · CPC title
Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms · CPC title
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10970401B2 cover?
- In a general aspect, a system can include a processor having a secure mode and a non-secure mode, and a secure module configured to respond to tokens posted by the processor in the secure mode. Each token can identify a secure asset, and source and destination addresses within secure and public address spaces. The secure module can include a memory storing secure assets identifiable by the toke…
- Who is the assignee on this patent?
- Inside Secure, Rambus Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 06 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).