Method of making multi-project chip
US-2024394417-A1 · Nov 28, 2024 · US
Hardware-protective data processing systems and methods using an application executing in a secure domain
US9633231B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9633231-B2 |
| Application number | US-201514754898-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 30, 2015 |
| Priority date | Oct 31, 2014 |
| Publication date | Apr 25, 2017 |
| Grant date | Apr 25, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A data processing system supporting a secure domain and a non-secure domain comprises a hardware component, and a processor device having operating modes in the secure domain and non-secure domain, the processor device to execute a secure application in the secure domain. The hardware component has a property having a secure state. The property of the hardware component in the secure state may only be reconfigured responsive to instructions received from the secure domain. The secure application is operative to implement a configuration service to configure the property of the hardware component in the secure state, responsive to a request received from the non-secure domain according to an application programming interface associated with the secure application.
First claim
Opening claim text (preview).
The invention claimed is: 1. A data processing system supporting a secure domain and a non-secure domain, the system comprising: a processor device having operating modes in the secure domain and non-secure domain, the processor device to execute a secure application in the secure domain, and a hardware component with a property, said property having a secure state, wherein said property in the secure state can only be reconfigured responsive to instructions received from the secure domain, wherein said secure application is operative to implement a configuration service to configure the property of the hardware component in the secure state, responsive to a request received from the non-secure domain according to an application programming interface associated with the secure application, and wherein the hardware component comprises plural sub-components, the plural sub-components include a first subcomponent and a second sub-component, wherein the first sub-component has said property that can only be reconfigured responsive to instructions received from the secure domain and the second sub-component does not have a property that can only be reconfigured responsive to instructions received from the secure domain; wherein the hardware component has a set of configuration options and the application programming interface exposes only a sub-set of the configuration options of the hardware component to applications in the non-secure domain. 2. A system according to claim 1 , that supports a secure domain and a non-secure domain instantiated using domain-aware bus fabric and security extensions. 3. A system according to claim 1 , wherein said secure application is a trusted application and either: the only applications the processor device executes in the secure domain are trusted applications, or the processor device implements a restricted operating system environment, and any untrusted applications the processor executes in the secure domain are sandboxed in the restricted operating system environment. 4. A system according to claim 1 , wherein the secure application implemented by the processor device is operative to set said property of the hardware component to the secure state at selected times. 5. A system according to claim 4 , wherein the secure application is operative to set said property of the hardware component to the secure state responsive to a determination that a threat condition exists. 6. A system according to claim 1 , wherein the processor device implements an operating system in the non-secure domain, and said operating system issues a query that discovers the configuration service offered by said secure application and detects the associated application programming interface. 7. A method of securing a hardware component of a data processing system, the data processing system supporting a secure domain and a non-secure domain and comprising a processor device having operating modes in the secure domain and non-secure domain, the hardware component having a property, said property having a secure state, wherein said property in the secure state can only be reconfigured from the secure domain, the method comprising: causing the processor device of the data processing system to execute a secure application in the secure domain, wherein said secure application is operative to implement a configuration service to configure the property of the hardware component in the secure state, responsive to a request received from the non-secure domain according to an application programming interface associated with the secure application, and wherein the hardware component comprises plural sub-components, the plural sub-components include a first sub-component and a second sub-component, wherein the first sub-component has said property that can only be reconfigured responsive to instructions received from the secure domain and the second sub-component does not have a property that can only be reconfigured responsive to instructions received from the secure domain; wherein the hardware component has a set of configuration options and the application programming interface exposes only a sub-set of the configuration options of the hardware component to applications in the non-secure domain. 8. The method of securing a hardware component according to claim 7 , wherein said secure application is a trusted application and either: the only applications the processor device executes in the secure domain are trusted applications, or the processor device implements a restricted operating system environment and sandboxes untrusted applications in the restricted operating system environment. 9. The method of securing a hardware component according to claim 7 , and comprising: causing the processor device to implement an operating system in the non-secure domain, and said operating system issuing a query that discovers the configuration service offered by said secure application and detects the associated application programming interface. 10. A data center comprising plural processing nodes, wherein the plural processing nodes include a processing node supporting a secure domain and a non-secure domain and system comprising: a processor device having operating modes in the secure domain and non-secure domain, the processor device to execute a secure application in the secure domain, and a hardware component with a property, said property having a secure state, wherein said property in the secure state can only be reconfigured responsive to instructions received from the secure domain, wherein said secure application is operative to implement a configuration service to configure the property of the hardware component in the secure state, responsive to a request received from the non-secure domain according to an application programming interface associated with the secure application, and wherein the hardware component comprises plural sub-components, the plural sub-components include a first subcomponent and a second sub-component, wherein the first sub-component has said property that can only be reconfigured responsive to instructions received from the secure domain and the second sub-component does not have a property that can only be reconfigured responsive, to instructions received from the secure domain; wherein the hardware component has a set of configuration options and the application programming interface exposes only a sub-set of the configuration options of the hardware component to applications in the non-secure domain.
Assignees
Inventors
Classifications
at program execution time, where the protection is within the operating system · CPC title
- G06F21/74Primary
operating in dual or compartmented mode, i.e. at least one secure mode · CPC title
Multiprogramming arrangements · CPC title
to features or functions of an application · CPC title
Protecting access to data via a platform, e.g. using keys or access control rules · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9633231B2 cover?
- A data processing system supporting a secure domain and a non-secure domain comprises a hardware component, and a processor device having operating modes in the secure domain and non-secure domain, the processor device to execute a secure application in the secure domain. The hardware component has a property having a secure state. The property of the hardware component in the secure state may …
- Who is the assignee on this patent?
- Hewlett Packard Development Co Lp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/74. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 25 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).