公开(公告)号：US08239603B2

公开(公告)日：2012-08-07

申请号：US11417391

申请日：2006-05-03

Applicant: Drew J. Dutton ,  Alan D. Berenbaum ,  Raphael Weiss

Inventor： Drew J. Dutton ,  Alan D. Berenbaum ,  Raphael Weiss

IPC: G06F13/40

CPC classification number: G06F13/4027

Abstract: A system including a serialized secondary bus architecture. The system may include an LPC bus, an I/O controller, a serialized secondary bus, and at least one slave device. The LPC bus may be connected to the I/O controller, and the at least one slave device may be connected to the I/O controller via the serialized secondary bus. The serialized secondary bus has a reduced pin count relative to the LPC bus. The I/O controller may receive bus transactions from the LPC bus. The I/O controller may translate and forward LPC bus transactions to the at least one device over the secondary bus. The I/O controller may include a processing unit. The processing unit may initiate bus transactions intended for the at least one slave device. The I/O controller may also include a bus arbitration unit. The bus arbitration unit may arbitrate ownership of the secondary bus between the processing unit and the LPC bus.

Abstract translation: 一种包括序列化二次总线架构的系统。 该系统可以包括LPC总线，I / O控制器，串行化辅助总线和至少一个从设备。 LPC总线可以连接到I / O控制器，并且至少一个从设备可以经由串行辅助总线连接到I / O控制器。 串行次级总线相对于LPC总线的引脚数量减少。 I / O控制器可以从LPC总线接收总线事务。 I / O控制器可以通过辅助总线将LPC总线事务转换和转发到至少一个设备。 I / O控制器可以包括处理单元。 处理单元可以启动用于至少一个从设备的总线事务。 I / O控制器还可以包括总线仲裁单元。 总线仲裁单元可以仲裁处理单元和LPC总线之间的辅助总线的所有权。

公开(公告)号：US07917741B2

公开(公告)日：2011-03-29

申请号：US11733599

申请日：2007-04-10

Applicant: Drew J. Dutton ,  Alan D. Berenbaum ,  Richard E. Wahler ,  Raphael Weiss

Inventor： Drew J. Dutton ,  Alan D. Berenbaum ,  Richard E. Wahler ,  Raphael Weiss

IPC: G06F9/00 ,  G06F15/177 ,  G06F1/24 ,  G06F21/00 ,  G06F12/14 ,  G06F7/04 ,  G06F17/30 ,  G08B29/00

CPC classification number: G06F21/575

Abstract: System and method for performing pre-boot security verification in a system that includes a host processor and memory, an embedded microcontroller with an auxiliary memory, e.g., an on-chip ROM, or memory controlled to prohibit user-tampering with the contents of the memory, and one or more pre-boot security components coupled to the embedded microcontroller. Upon power-up, but before host processor boot-up, the embedded microcontroller accesses the auxiliary memory and executes the program instructions to verify system security using the one or more pre-boot security components. The one or more pre-boot security components includes at least one identity verification component, e.g., a smart card, or a biometric sensor, e.g., a fingerprint sensor, a retinal scanner, and/or a voiceprint sensor, etc., and/or at least one system verification component, e.g., TPM, to query the system for system state information, and verify that the system has not been compromised.

Abstract translation: 用于在包括主处理器和存储器的系统中执行预引导安全验证的系统和方法，具有辅助存储器的嵌入式微控制器，例如片上ROM或被控制以禁止用户篡改内容的内存的存储器 存储器以及耦合到嵌入式微控制器的一个或多个预引导安全组件。 上电后，但在主机处理器启动之前，嵌入式微控制器访问辅助存储器并执行程序指令，以使用一个或多个预引导安全组件来验证系统的安全性。 一个或多个预引导安全组件包括至少一个身份验证组件，例如智能卡或生物测定传感器，例如指纹传感器，视网膜扫描器和/或声纹印刷传感器等，和/ 或至少一个系统验证组件（例如TPM）来查询系统的系统状态信息，并验证系统是否未被泄露。

公开(公告)号：US20090327678A1

公开(公告)日：2009-12-31

申请号：US11733599

申请日：2007-04-10

Applicant: Drew J. Dutton ,  Alan D. Berenbaum ,  Richard E. Wahler ,  Raphael Weiss

Inventor： Drew J. Dutton ,  Alan D. Berenbaum ,  Richard E. Wahler ,  Raphael Weiss

IPC: G06F15/177

CPC classification number: G06F21/575

Abstract: System and method for performing pre-boot security verification in a system that includes a host processor and memory, an embedded microcontroller with an auxiliary memory, e.g., an on-chip ROM, or memory controlled to prohibit user-tampering with the contents of the memory, and one or more pre-boot security components coupled to the embedded microcontroller. Upon power-up, but before host processor boot-up, the embedded microcontroller accesses the auxiliary memory and executes the program instructions to verify system security using the one or more pre-boot security components. The one or more pre-boot security components includes at least one identity verification component, e.g., a smart card, or a biometric sensor, e.g., a fingerprint sensor, a retinal scanner, and/or a voiceprint sensor, etc., and/or at least one system verification component, e.g., TPM, to query the system for system state information, and verify that the system has not been compromised.

Abstract translation: 用于在包括主处理器和存储器的系统中执行预引导安全验证的系统和方法，具有辅助存储器的嵌入式微控制器，例如片上ROM或被控制以禁止用户篡改内容的内存的存储器 存储器以及耦合到嵌入式微控制器的一个或多个预引导安全组件。 上电后，但在主机处理器启动之前，嵌入式微控制器访问辅助存储器并执行程序指令，以使用一个或多个预引导安全组件来验证系统的安全性。 一个或多个预引导安全组件包括至少一个身份验证组件，例如智能卡或生物测定传感器，例如指纹传感器，视网膜扫描器和/或声纹印刷传感器等，和/ 或至少一个系统验证组件（例如TPM）来查询系统的系统状态信息，并验证系统是否未被泄露。

公开(公告)号：US07991943B2

公开(公告)日：2011-08-02

申请号：US11924826

申请日：2007-10-26

Applicant: Alan D. Berenbaum ,  Richard E. Wahler ,  Raphael Weiss

Inventor： Alan D. Berenbaum ,  Richard E. Wahler ,  Raphael Weiss

IPC: G06F12/02

CPC classification number: G06F12/1433 ,  G06F2212/2022

Abstract: System and method for implementing one time programmable (OTP) memory using embedded flash memory. A system-on-chip (SoC) includes a cleared flash memory array that includes an OTP block, including an OTP write inhibit field that is initially deasserted, a flash memory controller, and a controller. Data are written to the OTP block, including setting the OTP write inhibit field to signify prohibition of subsequent writes to the OTP block. The SoC is power cycled, and, in response, at least a portion of the OTP block is latched in a volatile memory, including asserting an OTP write inhibit bit based on the OTP write inhibit field, after which the OTP block is not writeable. In response to each subsequent power cycling, the controller is held in reset, the latching is performed, the controller is released from reset, and the flash array, now write protected, is configured to be controlled by the controller.

Abstract translation: 使用嵌入式闪存实现一次可编程（OTP）存储器的系统和方法。 片上系统（SoC）包括一个清除的闪存阵列，其中包括一个OTP块，包括一个最初被禁止的OTP写禁止字段，一个闪存控制器和一个控制器。 数据被写入OTP块，包括设置OTP写禁止字段以表示禁止对OTP块的后续写操作。 SoC是电源循环，并且作为响应，OTP块的至少一部分被锁存在易失性存储器中，包括基于OTP写禁止字段来断言OTP写禁止位，之后OTP块不可写。 响应于每次随后的电力循环，控制器保持复位，执行锁存，控制器从复位释放，并且现在写保护的闪存阵列被配置为由控制器控制。

公开(公告)号：US20090063799A1

公开(公告)日：2009-03-05

申请号：US11848808

申请日：2007-08-31

Applicant: Alan D. Berenbaum ,  Raphael Weiss

Inventor： Alan D. Berenbaum ,  Raphael Weiss

IPC: G06F12/00

CPC classification number: G06F12/1441

Abstract: System and method for protecting data in a system including a main processor, an embedded controller, and a memory. In response to a power-on-reset (POR), access to the memory is enabled, e.g., access by the embedded controller. First data is read from the memory (e.g., by the embedded controller) in response to the enabling, where the first data are usable to perform security operations for the system prior to boot-up of the main processor. The first data are used, e.g., by the embedded controller, to perform one or more security operations for the system, then access to the memory, e.g., by the embedded controller, is disabled, where after the disabling the memory is not accessible, e.g., until the next POR initiates enablement.

Abstract translation: 用于在包括主处理器，嵌入式控制器和存储器的系统中保护数据的系统和方法。 响应于上电复位（POR），启用对存储器的访问，例如，嵌入式控制器的访问。 响应于启用，第一数据从存储器（例如，由嵌入式控制器）读取，其中第一数据可用于在主处理器启动之前对系统执行安全操作。 例如，嵌入式控制器使用第一数据来对系统执行一个或多个安全操作，则例如由嵌入式控制器访问存储器被禁用，在禁止存储器不可访问之后， 例如，直到下一个POR启动启用。

公开(公告)号：US07707437B2

公开(公告)日：2010-04-27

申请号：US11417855

申请日：2006-05-03

Applicant: Alan D. Berenbaum ,  Raphael Weiss

Inventor： Alan D. Berenbaum ,  Raphael Weiss

IPC: G06F1/00

CPC classification number: G06F13/42 ,  G06F1/3209

Abstract: A power state broadcast mechanism. A master device may broadcast a message through the use of a protocol to each of one or more slave devices to inform the slave devices of the power state of a computer system. The broadcast message may include a protocol header indicating the start of the broadcast transaction, a function type parameter indicating the type of broadcast transaction, and power state data indicating the power state of the computer system. Each of the slave devices may read the protocol header to detect the start of a broadcast transaction, and the function type parameter to determine the type of broadcast transaction. If the function type parameter indicates a power state broadcast transaction, each of the slave devices may read the power state data included in the broadcast message and determine whether to adjust the current power state of the slave device.

Abstract translation: 电力状态广播机制。 主设备可以通过使用协议向一个或多个从设备中的每一个广播消息，以向从设备通知计算机系统的电源状态。 广播消息可以包括指示广播事务的开始的协议头，指示广播事务的类型的功能类型参数，以及指示计算机系统的电源状态的电源状态数据。 每个从设备可以读取协议报头以检测广播事务的开始，以及功能类型参数来确定广播事务的类型。 如果功能类型参数指示功率状态广播事务，则每个从设备可以读取广播消息中包括的功率状态数据，并确定是否调整从设备的当前功率状态。

公开(公告)号：US07631110B2

公开(公告)日：2009-12-08

申请号：US11417775

申请日：2006-05-03

Applicant: Alan D. Berenbaum ,  Raphael Weiss

Inventor： Alan D. Berenbaum ,  Raphael Weiss

IPC: G06F3/00 ,  G06F13/00

CPC classification number: G06F13/42 ,  G06F2213/0052

Abstract: An address assignment mechanism. A computer system may include one or more types of slave devices. Each slave device includes an internal device ID. Slave devices of the same type include the same internal device ID. The master device may broadcast a message through the use of a protocol to each of the slave devices to initiate an address assignment operation. Each of the slave devices determines whether the broadcast device ID included in the broadcast message matches the internal device ID associated with the slave device. If the broadcast device ID matches the internal device ID, the linear bus address included in the broadcast message is assigned to the slave device. The bit size of the linear bus address may be smaller than that of the broadcast device ID. After the address assignment operation, the master device may communicate with the slave device using the assigned linear bus address rather than the device ID.

Abstract translation: 地址分配机制。 计算机系统可以包括一种或多种类型的从设备。 每个从设备包括一个内部设备ID。 相同类型的从设备包括相同的内部设备ID。 主设备可以通过使用协议向每个从设备广播消息以发起地址分配操作。 每个从设备确定广播消息中包括的广播设备ID是否与从设备相关联的内部设备ID匹配。 如果广播设备ID与内部设备ID匹配，则广播消息中包括的线性总线地址被分配给从设备。 线性总线地址的位大小可能小于广播设备ID的位大小。 在地址分配操作之后，主设备可以使用分配的线性总线地址而不是设备ID与从设备进行通信。

公开(公告)号：US08006095B2

公开(公告)日：2011-08-23

申请号：US11848854

申请日：2007-08-31

Applicant: Alan D. Berenbaum ,  Raphael Weiss

Inventor： Alan D. Berenbaum ,  Raphael Weiss

IPC: H04L9/32

CPC classification number: H04L9/3247

Abstract: System and method for authenticating data or program code via a configurable signature. Configuration information is retrieved from a protected first memory, e.g., an on-chip register, where the configuration information specifies a plurality of non-contiguous memory locations that store the signature, e.g., in an on-chip memory trailer. The signature is retrieved from the plurality of non-contiguous memory locations based on the configuration information, where the signature is useable to verify security for a system. The signature corresponds to specified data and/or program code stored in a second memory, e.g., in off-chip ROM. The specified data and/or program code may be copied from the second memory to a third memory, and a signature for the specified data and/or program code calculated based on the configuration information. The calculated signature may be compared with the retrieved signature to verify the specified data and/or program code.

Abstract translation: 通过可配置的签名来验证数据或程序代码的系统和方法。 从受保护的第一存储器（例如片上寄存器）检索配置信息，其中配置信息指定存储签名的多个不连续存储器位置，例如在片上存储器预告中。 基于配置信息从多个非连续存储器位置检索签名，其中签名可用于验证系统的安全性。 签名对应于存储在第二存储器中的指定数据和/或程序代码，例如在片外ROM中。 可以将指定的数据和/或程序代码从第二存储器复制到第三存储器，以及基于配置信息计算的用于指定数据和/或程序代码的签名。 计算的签名可以与检索到的签名进行比较，以验证指定的数据和/或程序代码。

公开(公告)号：US07966379B2

公开(公告)日：2011-06-21

申请号：US11469267

申请日：2006-08-31

Applicant: Alan D. Berenbaum ,  Raphael Weiss

Inventor： Alan D. Berenbaum ,  Raphael Weiss

IPC: G06F15/16

CPC classification number: G06F13/22 ,  G06F13/4031

Abstract: In-band event polling mechanism. A master device may initiate a polling transaction to poll at least a subset of a plurality of slave devices for event information. In response to the polling transaction, at least one of the subset of slave devices may transmit event information to the master device. The event information may correspond to at least one of a plurality of asynchronous event types. If the event type associated with the received event information is an event notification for an embedded processor of the master device, the master device may forward the event information to the embedded processor. Otherwise, if the event type associated with the received event information is an event notification for a device external to the master device (e.g., a host processor), the master device may translate the event information to a protocol associated with the event type and forward the event information to the external device.

Abstract translation: 带内事件轮询机制。 主设备可以启动轮询事务以轮询多个从设备的至少一个子集以用于事件信息。 响应于轮询事务，子设备的子集中的至少一个可以将事件信息发送到主设备。 事件信息可以对应于多个异步事件类型中的至少一个。 如果与接收的事件信息相关联的事件类型是主设备的嵌入式处理器的事件通知，则主设备可以将事件信息转发到嵌入式处理器。 否则，如果与接收到的事件信息相关联的事件类型是用于主设备外部的设备（例如，主机处理器）的事件通知，则主设备可以将事件信息转换为与事件类型相关联的协议并且转发 事件信息到外部设备。

公开(公告)号：US20080005379A1

公开(公告)日：2008-01-03

申请号：US11469267

申请日：2006-08-31

Applicant: Alan D. Berenbaum ,  Raphael Weiss

Inventor： Alan D. Berenbaum ,  Raphael Weiss

IPC: G06F3/00

CPC classification number: G06F13/22 ,  G06F13/4031

Abstract: In-band event polling mechanism. A master device may initiate a polling transaction to poll at least a subset of a plurality of slave devices for event information. In response to the polling transaction, at least one of the subset of slave devices may transmit event information to the master device. The event information may correspond to at least one of a plurality of asynchronous event types. If the event type associated with the received event information is an event notification for an embedded processor of the master device, the master device may forward the event information to the embedded processor. Otherwise, if the event type associated with the received event information is an event notification for a device external to the master device (e.g., a host processor), the master device may translate the event information to a protocol associated with the event type and forward the event information to the external device.

Abstract translation: 带内事件轮询机制。 主设备可以启动轮询事务以轮询多个从设备的至少一个子集以用于事件信息。 响应于轮询事务，子设备的子集中的至少一个可以将事件信息发送到主设备。 事件信息可以对应于多个异步事件类型中的至少一个。 如果与接收的事件信息相关联的事件类型是主设备的嵌入式处理器的事件通知，则主设备可以将事件信息转发到嵌入式处理器。 否则，如果与接收到的事件信息相关联的事件类型是用于主设备外部的设备（例如，主机处理器）的事件通知，则主设备可以将事件信息转换为与事件类型相关联的协议并且转发 事件信息到外部设备。