公开(公告)号：US06820176B2

公开(公告)日：2004-11-16

申请号：US10138900

申请日：2002-05-02

Applicant: Randall Ray Heisch

Inventor： Randall Ray Heisch

IPC: G06F1214

CPC classification number: G06F11/3466 ,  G06F9/526 ,  G06F2201/825

Abstract: A system, method, and computer program product are disclosed for reducing overhead associated with software lock monitoring in a multiple-processor data processing system having a memory that is shared among the multiple processors. Multiple memory locations in the shared-memory are associated with one of multiple locks. Overhead is reduced by generating a trace hook only in response to activity associated with lock misses.

Abstract translation: 公开了一种系统，方法和计算机程序产品，用于在具有在多个处理器之间共享的存储器的多处理器数据处理系统中减少与软件锁监视相关的开销。 共享内存中的多个内存位置与多个锁之一相关联。 通过仅针对与锁定未命中相关的活动来生成跟踪钩来降低开销。

公开(公告)号：US06810470B1

公开(公告)日：2004-10-26

申请号：US09638550

申请日：2000-08-14

Applicant: John R. Wiseman ,  Glen Timothy McDonnell

Inventor： John R. Wiseman ,  Glen Timothy McDonnell

IPC: G06F1214

CPC classification number: G06F13/1631

Abstract: A memory controller for use in a computer system. The controller has a buffer having an input configured to receive read and write requests. Each request has an associated memory address. For a selected received request, prior received requests out of a set of the received requests are determined. For each determined prior received request, that request's memory address is compared to the selected request's memory address to see if they match. If a match exists, the selected request is prevented from being memory executed.

Abstract translation: 一种用于计算机系统的存储器控​​制器。 控制器具有缓冲器，其具有被配置为接收读取和写入请求的输入。 每个请求都有一个关联的内存地址。 对于所选择的接收到的请求，确定一组接收到的请求中的先前接收到的请求。 对于每个确定的先前接收到的请求，将该请求的存储器地址与所选择的请求的存储器地址进行比较，以查看它们是否匹配。 如果存在匹配，则禁止所选择的请求被执行。

公开(公告)号：US06804752B2

公开(公告)日：2004-10-12

申请号：US09823005

申请日：2001-04-02

Applicant: James Frank Patterson ,  Edward J Wallner

Inventor： James Frank Patterson ,  Edward J Wallner

IPC: G06F1214

CPC classification number: G05B19/0426 ,  G05B2219/23308 ,  G05B2219/23338 ,  G05B2219/24142 ,  G05B2219/24151 ,  G05B2219/25265

Abstract: A flash programmable microprocessor-based control module is operated in a manner to protect the integrity of event data stored in the programmable memory of the module while permitting authorized manufacturing and field alteration of the programmable memory with a Download and Execute routine. The Download and Execute routine is resident in a designated sector of the module's read-only memory, and download access to the module's random access memory after module manufacture has been completed is denied. During manufacture of the module, and during field programming of the controller prior to the writing of event data, the programmable memory may be externally altered by an authorized service tool by transferring the Download and Execute routine from read-only memory to random access memory for execution by the module's microprocessor, and downloading the new data or code over a data link coupling the service tool to the module. After event data has been written to the programmable memory, external requests to alter the programmable or read-only memories are denied, and the transfer of the Download and Execute routine to random access memory is not permitted.

Abstract translation: 基于闪存可编程微处理器的控制模块以保护存储在模块的可编程存储器中的事件数据的完整性的方式操作，同时通过下载和执行例程允许对可编程存储器的授权制造和现场改变。 下载和执行例程驻留在模块只读存储器的指定扇区中，模块制造完成后下载对模块随机存取存储器的访问被拒绝。 在模块的制造期间以及在写入事件数据之前的控制器的现场编程期间，可编程存储器可以由授权的服务工具通过将下载和执行例程从只读存储器传送到随机存取存储器来进行外部改变 由模块的微处理器执行，并通过将服务工具耦合到模块的数据链路下载新的数据或代码。 事件数据写入到可编程存储器之后，外部请求改变可编程或只读存储器被拒绝，并且不允许将下载和执行程序传送到随机存取存储器。

公开(公告)号：US06789177B2

公开(公告)日：2004-09-07

申请号：US10095937

申请日：2002-03-13

Applicant: Yoshiyuki Okada

Inventor： Yoshiyuki Okada

IPC: G06F1214

CPC classification number: H04N21/43615 ,  G06F21/10 ,  G06F21/78 ,  G06F2221/2129 ,  G11B20/00086 ,  G11B20/00188 ,  G11B20/00195 ,  G11B20/0021 ,  G11B20/00246 ,  H04N5/913 ,  H04N21/2541 ,  H04N21/4367 ,  H04N21/4408 ,  H04N21/4627 ,  H04N21/835 ,  H04N2005/91364

Abstract: A method to protect data of a drive from illegal accessing without increasing the load of processing on the drive side and to prevent not only illegal copying on the drive side but also an illegal action on the host unit side. Authentication of the drive is executed by the host unit. If the drive is authenticated, then a contents key is encrypted using a host ID registered in advance in a storage area of the host unit and a session key and first identification information read out from a storage area of the drive. Then, the encrypted contents key is transferred to the drive while contents data to be recorded and stored into the drive are encrypted with the contents key by the host unit. Thereafter, the encrypted contents data is transferred to the drive.

Abstract translation: 一种保护驱动器的数据免受非法访问的方法，而不增加驱动器侧的处理负载，并且不仅防止驱动器侧的非法复制，而且还防止主机单元侧的非法动作。 驱动器的认证由主机单元执行。 如果驱动器被认证，则使用在主机单元的存储区域中预先登记的主机ID和从驱动器的存储区域读出的会话密钥和第一识别信息来加密内容密钥。 然后，加密的内容密钥被传送到驱动器，而要被记录和存储在驱动器中的内容数据被主机单元用内容密钥加密。 此后，加密的内容数据被传送到驱动器。

公开(公告)号：US06782479B1

公开(公告)日：2004-08-24

申请号：US07691761

申请日：1991-04-26

Applicant: Ronald L. Williams ,  Alan G. Thiele

Inventor： Ronald L. Williams ,  Alan G. Thiele

IPC: G06F1214

CPC classification number: H01L23/576 ,  G06F21/75 ,  G11C5/00 ,  H01L2924/0002 ,  H01L2924/00

Abstract: A secure circuit is protected from reverse engineering by sensing radiation to which the circuit is normally not exposed, but which is present in its analysis. The circuit is modified in response to such radiation so that it is not compromised by subsequent analysis. The secure circuit can be implemented as a volatile memory having a power supply circuit that is interrupted in response to radiation exposure. Alternately, a circuit used to burn out the secure circuit, or to reprogram the circuit in the case of a programmable memory, could be actuated by the radiation exposure. Reprogramming mechanisms include an operational amplifier with its input state controlled by a photodiode, a random access memory cell with inherently photosensitive transistors, and a photosensitive transistor switch connecting a multi-vibrator to a memory address line.

Abstract translation: 通过感测电路通常不暴露于其中的辐射而保护安全电路免受逆向工程的影响，而在其分析中存在。 响应于这种辐射来修改电路，使得电路不会被随后的分析所影响。 安全电路可以被实现为具有响应于辐射曝光中断的电源电路的易失性存储器。 或者，用于烧毁安全电路或在可编程存储器的情况下重新编程电路的电路可以通过辐射曝光来启动。 重新编程机制包括其输入状态由光电二极管控制的运算放大器，具有固有感光晶体管的随机存取存储器单元和将多个振动器连接到存储器地址线的感光晶体管开关。

公开(公告)号：US06766457B1

公开(公告)日：2004-07-20

申请号：US09456768

申请日：1999-12-07

Applicant: Donald Edward Baisley

Inventor： Donald Edward Baisley

IPC: G06F1214

CPC classification number: G06F21/6218 ,  Y10S707/99939

Abstract: A computer-implemented object-oriented method for controlling access to a multiplicity of objects is disclosed. The method includes creating specific access control object types, each including a pre-check method for implementing a pre-defined access control policy. Each one of the multiplicity of objects to be controlled is then associated with one of the access control objects. Next, upon an attempt to invoke a feature of any one of the multiplicity of objects, a determination is made if one of the multiplicity of objects is linked to an access control object, and if yes; the pre-check method for the access control object associated with the one of the multiplicity of objects is performed to determine whether to grant access.

Abstract translation: 公开了一种用于控制对多个对象的访问的计算机实现的面向对象的方法。 该方法包括创建特定的访问控制对象类型，每个类型包括用于实现预定义的访问控制策略的预检查方法。 然后将要控制的多个对象中的每一个与访问控制对象之一相关联。 接下来，在尝试调用多个对象中的任何一个的特征时，确定多个对象中的一个是否被链接到访问控制对象，如果是; 执行与多个对象中的一个对象相关联的访问控制对象的预检查方法，以确定是否允许访问。

公开(公告)号：US06763469B1

公开(公告)日：2004-07-13

申请号：US09914600

申请日：2001-08-30

Applicant: Gad Daniely

Inventor： Gad Daniely

IPC: G06F1214

CPC classification number: H04L63/0218 ,  H04L63/0272 ,  H04L63/0428 ,  H04L69/329

Abstract: Security systems for computers connected to networks transmitting packets are disclosed. One disclosed system includes a security agent and a local security device featuring a network hardware connector, a computer hardware connector, a flash memory and a microprocessor to perform a software instruction. The security agent closes the security device by altering a setting of a bit of the flash memory. Further disclosed is a firewall on a single chip for providing security to a network transmitting packets. The firewall includes a network hardware connector, a memory for storing a rule and a software instruction for examining each packet and a microprocessor. Preferably the rule is configurable by a user and the memory includes at least one displayable Web and Web server functionally for serving a Web page and accepting a command from a user such that said at least one rule is determined by the command.

Abstract translation: 公开了连接到网络传输数据包的计算机的安全系统。 一个公开的系统包括安全代理和具有网络硬件连接器，计算机硬件连接器，闪存和微处理器以执行软件指令的本地安全装置。 安全代理通过更改闪存的位的设置来关闭安全设备。 进一步披露的是在单个芯片上的防火墙，用于向发送分组的网络提供安全性。 防火墙包括网络硬件连接器，用于存储规则的存储器和用于检查每个分组的软件指令和微处理器。 优选地，该规则可由用户配置，并且存储器包括至少一个可显示的Web和Web服务器，用于服务网页并接受来自用户的命令，使得所述至少一个规则由该命令确定。

公开(公告)号：US06757829B1

公开(公告)日：2004-06-29

申请号：US09314289

申请日：1999-05-19

Applicant: Frank L. Laczko, Sr. ,  Edward Ferguson

Inventor： Frank L. Laczko, Sr. ,  Edward Ferguson

IPC: G06F1214

CPC classification number: H04N7/1675 ,  G06F21/71 ,  H04N21/42684 ,  H04N21/4405 ,  H04N21/4627

Abstract: The method of secure computing concerns the security of a debugger/emulator tool commonly employed in program development. A private encryption key is used to encrypt at least verification token for the program. A public decryption key corresponding to the private encryption key is stored at the secure computing system. Upon each initialization of the debugger/emulator the secure computer system decrypts the verification token employing public decryption key. This indicates whether the program is secure or nonsecure. If the program is secure, then the debugger/emulator is operated in a process mode permitting access to the program while prohibiting access to at least one security feature. If the program is nonsecure, then the debugger/emulator is operated in a raw mode permitting access to all features of the secure computing system.

Abstract translation: 安全计算的方法涉及程序开发中常用的调试器/仿真器工具的安全性。 私有加密密钥至少用于加密程序的验证令牌。 对应于私有加密密钥的公开解密密钥存储在安全计算系统中。 在调试器/仿真器的每次初始化之后，安全计算机系统使用公共解密密钥解密验证令牌。 这表示程序是安全的还是非安全的。 如果程序是安全的，则调试器/仿真器以允许访问程序的过程模式运行，同时禁止访问至少一个安全特征。 如果程序不安全，则调试器/仿真器以原始模式运行，允许访问安全计算系统的所有功能。

公开(公告)号：US06748536B1

公开(公告)日：2004-06-08

申请号：US09482456

申请日：2000-01-13

Applicant: Adrian Madau

Inventor： Adrian Madau

IPC: G06F1214

CPC classification number: G07C9/00182 ,  G07B15/00 ,  G07C5/0858 ,  G07C9/00563 ,  G07C2009/00261 ,  G07C2009/00603 ,  G07C2009/00761 ,  G07C2009/00769 ,  G07C2009/00928 ,  G07C2009/00992

Abstract: A system for providing a key-based access to data stored on a vehicle allows the vehicle to be a critical link as a platform for mobile computing while preserving data security. Multiple hierarchies of key codes allow all users to have access to all vehicle functions but different memory partitions for storing data. The partitions may be used for storing user specific data including passwords, preference settings, and driving log data. The data may be encrypted by the key code to be secure even if the memory system is removed from the vehicle or the vehicle is stolen.

Abstract translation: 用于提供对存储在车辆上的数据的基于密钥的访问的系统允许车辆作为移动计算的平台的关键链路，同时保持数据安全性。 密钥代码的多层次结构允许所有用户访问所有车辆功能，但存储数据的不同存储器分区。 分区可以用于存储用户特定的数据，包括密码，偏好设置和驾驶日志数据。 即使存储器系统从车辆中移除或车辆被盗，数据可以被密钥代码加密以被保密。

公开(公告)号：US06745306B1

公开(公告)日：2004-06-01

申请号：US09520203

申请日：2000-03-07

Applicant: Bryan M. Willman ,  Paul England ,  John D. DeTreville

Inventor： Bryan M. Willman ,  Paul England ,  John D. DeTreville

IPC: G06F1214

CPC classification number: G06F12/145 ,  G06F12/1027 ,  G06F12/1081 ,  G06F12/1491

Abstract: A method and system for protecting data on a computer system uses one or more restricted areas of memory to store proprietary or confidential data. The translation lookaside buffer (TLB) is used to regulate access to the restricted memory. When a TLB miss occurs during the execution of a program, the TLB miss handling logic determines whether the program is attempting to access restricted memory. If so, then the TLB miss handling logic determines whether the program is authorized to have access. If the program is not authorized to have access, then the TLB miss handling logic generates an exception, such as an invalid page fault, and the TLB is not loaded. If the program is authorized to have access to the restricted page, then the TLB is loaded with the appropriate address translation. As long as the translation remains in the TLB, future accesses to the page by an authorized program will require no additional checks and no additional CPU time.

Abstract translation: 用于在计算机系统上保护数据的方法和系统使用存储器的一个或多个限制区域来存储专用或机密数据。 翻译后备缓冲器（TLB）用于调节对受限内存的访问。 当在程序执行期间出现TLB未命中时，TLB未命中处理逻辑确定程序是否尝试访问受限存储器。 如果是这样，则TLB未命中处理逻辑确定该程序是否被授权进行访问。 如果程序没有权限访问，则TLB未命中处理逻辑会产生异常，例如无效页错误，TLB未加载。 如果该程序被授权访问受限制的页面，则TLB将加载适当的地址转换。 只要转换保留在TLB中，未来的授权程序对页面的访问将不需要额外的检查，也不需要额外的CPU时间。