公开(公告)号：WO2003060696A2

公开(公告)日：2003-07-24

申请号：PCT/US2002/029042

申请日：2002-09-12

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： BARNES, Brian, C. ,  STRONGIN, Geoffrey, S. ,  SCHMIDT, Rodney, W.

IPC: G06F9/00

CPC classification number: G06F12/1491

Abstract: A method and an apparatus for performing an I/O device access using targeted security. A software object (350) is executed. A security level for the software object (350) is established. A multi-table input/output (I/O) space access is performed using at least one of the security levels. The function of the software object (350) is executed.

Abstract translation: 一种使用目标安全性执行I / O设备访问的方法和装置。 执行软件对象（350）。 建立软件对象（350）的安全级别。 使用至少一个安全级别来执行多表输入/输出（I / O）空间访问。 执行软件对象（350）的功能。

公开(公告)号：WO2003007642A1

公开(公告)日：2003-01-23

申请号：PCT/US2002/018852

申请日：2002-06-12

Applicant: ADVANCED MICRO DEVICES, INC. ,  SMITH, David, W. ,  BARNES, Brian, C. ,  COLE, Terry, L. ,  SCHMIDT, Rodney ,  STRONGIN, Geoffrey, S. ,  BARCLAY, Michael

Inventor： SMITH, David, W. ,  BARNES, Brian, C. ,  COLE, Terry, L. ,  SCHMIDT, Rodney ,  STRONGIN, Geoffrey, S. ,  BARCLAY, Michael

IPC: H04Q7/32

CPC classification number: H04L63/04 ,  G06F21/55 ,  H04L63/08

Abstract: A communications system (10) includes a physical layer hardware unit (220) and a processing unit (110). The physical layer hardware unit (220) is adapted to communicate data over a communications channel (40) in accordance with assigned transmission parameters. The physical layer hardware unit (220) is adapted to receive an incoming signal over the communications channel (40) and sample the incoming signal to generate a digital received signal. The processing unit (110) is adapted to execute a standard mode driver (240) in a standard mode of operation and a privileged mode driver (250) in a privileged mode of operation. The standard mode driver (240) includes program instructions adapted to extract control codes (280) from the digital received signal and configure the physical layer hardware unit (220) assigned transmission parameters based on the control codes (280). The privileged mode driver (250) includes prograni instructions adapted to independently extract secure control codes (310) from the digital received signal, determine an operational characteristic of the physical layer hardware unit (220), and signal a security violation in response to the operational characteristic being inconsistent with the secure control codes (310).

Abstract translation: 通信系统（10）包括物理层硬件单元（220）和处理单元（110）。 物理层硬件单元（220）适于根据分配的传输参数在通信信道（40）上传送数据。 物理层硬件单元（220）适于通过通信信道（40）接收输入信号，并对输入信号进行采样以产生数字接收信号。 处理单元（110）适于以标准操作模式执行标准模式驱动器（240），并且以特权操作模式执行特权模式驱动器（250）。 标准模式驱动器（240）包括适于从数字接收信号中提取控制代码（280）的程序指令，并且基于控制代码（280）配置分配了传输参数的物理层硬件单元（220）。 特权模式驱动器（250）包括适于独立地从数字接收信号提取安全控制代码（310）的程序指令，确定物理层硬件单元（220）的操作特性，并且响应于操作 特征与安全控制代码（310）不一致。

公开(公告)号：WO2003102770A1

公开(公告)日：2003-12-11

申请号：PCT/US2002/040219

申请日：2002-12-17

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： SCHMIDT, Rodney, W. ,  BARNES, Brian, C. ,  STRONGIN, Geoffrey, S. ,  CHRISTIE, David, S.

IPC: G06F9/46

CPC classification number: G06F21/53 ,  G06F21/71 ,  G06F2221/2153

Abstract: A method and system for handling a security exception. The method includes creating a security exception stack frame (900) in secure memory at a base address. The method also includes writing a faulting code sequence address and one or more register values into the security exception stack frame (900), and executing a plurality of security exception instructions.

Abstract translation: 一种处理安全异常的方法和系统。 该方法包括在基地址的安全存储器中创建安全异常堆栈帧（900）。 该方法还包括将故障代码序列地址和一个或多个寄存器值写入到安全异常栈帧（900）中，以及执行多个安全异常指令。

公开(公告)号：WO2003007644A1

公开(公告)日：2003-01-23

申请号：PCT/US2002/018859

申请日：2002-06-12

Applicant: ADVANCED MICRO DEVICES, INC. ,  SCHMIDT, Rodney ,  STRONGIN, Geoffrey, S. ,  SMITH, David, W. ,  BARNES, Brian, C. ,  COLE, Terry, L. ,  BARCLAY, Michael

Inventor： SCHMIDT, Rodney ,  STRONGIN, Geoffrey, S. ,  SMITH, David, W. ,  BARNES, Brian, C. ,  COLE, Terry, L. ,  BARCLAY, Michael

IPC: H04Q7/32

CPC classification number: H04L63/104 ,  G06F12/1491

Abstract: A communications system (10) includes physical layer hardware (180) and a processing unit (105). The physical layer hardware (180) is adapted to communicate data over a communications channel (40) in accordance with a plurality of control codes. The physical layer hardware (180) is adapted to demodulate an incoming analog signal to generate a digital receive signal and modulate a digital transmit signal to generate an analog transmit signal. The processing unit (105) is adapted to execute a privileged driver (190) for interfacing with the physical layer hardware (180). The privileged driver (190) includes program instructions for implementing a protocol layer (80) to decode the digital receive signal, encode the digital transmit signal, and configure the physical layer harware (180) for receipt of the digital receive signal and transmission of the digital transmit signal based on the plurality of control codes. A method for configuring a transceiver (50) includes demodulating an incoming analog signal to generate a digital receive signal based on a plurality of control codes; modulating a digital transmit signal to generate an analog transmit signal based on the control codes; and executing a privileged driver (190) for configuring the plurality of control codes.

Abstract translation: 通信系统（10）包括物理层硬件（180）和处理单元（105）。 物理层硬件（180）适于根据多个控制代码通过通信信道（40）传送数据。 物理层硬件（180）适于解调输入模拟信号以产生数字接收信号并且调制数字发射信号以产生模拟发射信号。 处理单元（105）适于执行用于与物理层硬件（180）进行接口的特权驱动器（190）。 特权驱动器（190）包括用于实现用于解码数字接收信号的协议层（80），对数字发送信号进行编码以及配置用于接收数字接收信号的物理层硬件（180）的程序指令和 基于多个控制码的数字发送信号。 一种用于配置收发器（50）的方法包括：解调输入的模拟信号，以基于多个控制码产生数字接收信号; 调制数字发射信号以根据所述控制码产生模拟发射信号; 以及执行用于配置所述多个控制代码的特权驱动器（190）。

公开(公告)号：WO2003007643A1

公开(公告)日：2003-01-23

申请号：PCT/US2002/018856

申请日：2002-06-12

Applicant: ADVANCED MICRO DEVICES, INC. ,  BARNES, Brian, C. ,  COLE, Terry, L. ,  SMITH, David, W. ,  SCHMIDT, Rodney ,  STRONGIN, Geoffrey, S. ,  BARCLAY, Michael

Inventor： BARNES, Brian, C. ,  COLE, Terry, L. ,  SMITH, David, W. ,  SCHMIDT, Rodney ,  STRONGIN, Geoffrey, S. ,  BARCLAY, Michael

IPC: H04Q7/32

CPC classification number: H04L63/18 ,  G06F21/606 ,  H04L63/0428 ,  H04W12/02

Abstract: A communications system includes a physical layer hardware unit (220) and a processing unit (100). The physical layer hardware unit (220) is adapted to receive user data over a first communications channel and control codes over a second communications channel. The physical layer hardware unit (220) is further adapted to transmit an upstream data signal over the first communications channel based on transmission assignments defined by the control codes. The processing unit (100) is adapted to execute a software driver (240) for interfacing with the physical layer hardware unit (220). The software driver (240) includes program instructions for implementing a protocol layer (80) to decrypt the user data and provide upstream data to the physical layer hardware unit (220) for generation of the upstream data signal. A method for configuring a transceiver (50) includes receiving user data over a first communications channel; receiving control codes over a second communications channel; and transmitting an upstream signal over the first communications channel based on transmission assignments defined by the control codes.

Abstract translation: 通信系统包括物理层硬件单元（220）和处理单元（100）。 物理层硬件单元（220）适于通过第一通信信道接收用户数据，并通过第二通信信道控制代码。 物理层硬件单元（220）还适于基于由控制码定义的传输分配，通过第一通信信道发送上行数据信号。 处理单元（100）适于执行用于与物理层硬件单元（220）进行接口的软件驱动器（240）。 软件驱动器（240）包括用于实现协议层（80）的程序指令，以解密用户数据，并向物理层硬件单元（220）提供上行数据以产生上行数据信号。 一种用于配置收发器（50）的方法包括：在第一通信信道上接收用户数据; 在第二通信信道上接收控制码; 以及基于由所述控制码定义的传输分配，通过所述第一通信信道发送上行信号。

公开(公告)号：WO2003102745A3

公开(公告)日：2003-12-11

申请号：PCT/US2002/040218

申请日：2002-12-17

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： SCHMIDT, Rodney, W. ,  BARNES, Brian, C. ,  STRONGIN, Geoffrey, S. ,  CHRISTIE, David, S.

IPC: G06F9/30

Abstract: A method and system (400A-B) for performing the method is provided. The method includes executing an insecure routine and receiving a request from the insecure routine. The method also includes performing a first evaluation of the request in hardware, and performing a second evaluation of the request in a secure routine in software. The computer system (400A-B) includes a processor (404) configurable to execute a secure routine and an insecure routine. The computer system (400A-B) also includes hardware coupled to perform a first evaluation of a request associated with the insecure routine. The hardware is further configured to provide a notification of the request to the secure routine. The secure routine is configured to perform a second evaluation of the request. The secure routine is further configured to deny a requested response to the request.

公开(公告)号：WO2003060696A3

公开(公告)日：2003-07-24

申请号：PCT/US2002/029042

申请日：2002-09-12

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： BARNES, Brian, C. ,  STRONGIN, Geoffrey, S. ,  SCHMIDT, Rodney, W.

IPC: G06F12/14

Abstract: A method and an apparatus for performing an I/O device access using targeted security. A software object (350) is executed. A security level for the software object (350) is established. A multi-table input/output (I/O) space access is performed using at least one of the security levels. The function of the software object (350) is executed.

公开(公告)号：WO2003048908A2

公开(公告)日：2003-06-12

申请号：PCT/US2002/028855

申请日：2002-09-12

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： BARNES, Brian, C. ,  SCHMIDT, Rodney, W. ,  STRONGIN, Geoffrey, S.

IPC: G06F1/00

CPC classification number: G06F9/30145 ,  G06F9/30181 ,  G06F21/52 ,  G06F21/53 ,  G06F21/54 ,  G06F2221/2105 ,  G06F2221/2141 ,  G06F2221/2149

Abstract: A method and apparatus for restricting the execution of security sensitive instructions. A first security identification (ID) is associated with each of a plurality of instructions or a set of instructions that are to be executed by a processor (305). Software code running on the processor (305) requests to execute at least one of the plurality of instructions or set of instructions. The processor (305) obtains a second security ID associated with the software code running thereon and compares the second security ID with the first security ID. The processor (305) executes the requested instruction or set of instructions providing that the second security ID matches the first security ID.

Abstract translation: 一种限制安全敏感指令执行的方法和装置。 第一安全标识（ID）与要由处理器（305）执行的多个指令或一组指令中的每一个相关联。 在处理器（305）上运行的软件代码请求执行多个指令或指令集中的至少一个。 处理器（305）获得与其上运行的软件代码相关联的第二安全ID，并将第二安全ID与第一安全ID进行比较。 处理器（305）执行请求的指令或指令集，条件是第二安全ID与第一安全ID相匹配。

公开(公告)号：WO2003042839A3

公开(公告)日：2003-05-22

申请号：PCT/US2002/028984

申请日：2002-09-12

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： BARNES, Brian, C. ,  STRONGIN, Geoffrey, S. ,  SCHMIDT, Rodney, W.

IPC: G06F12/14

Abstract: A memory management unit (MMU) (602) is disclosed for managing a memory (406) storing data arranged within a plurality of memory pages. The MMU (602) includes a security check unit (416) receiving a linear address (102) generated during execution of a current instruction. The linear address (102) has a corresponding physical address residing within a selected memory page. The security check unit (416) uses the linear address (102) to access one or more security attribute data structures located in the memory (406) to obtain a security attribute of the selected memory page. The security check unit (416) compares a numerical value conveyed by a security attribute of the current instruction to a numerical value conveyed by the security attribute of the selected memory page, and produces an output signal dependent upon a result of the comparison. The MMU (602)accesses the selected memory page dependent upon the output signal.

公开(公告)号：WO2003038573A3

公开(公告)日：2003-05-08

申请号：PCT/US2002/025401

申请日：2002-08-09

Applicant: ADVANCED MICRO DEVICES, INC.

Inventor： BARNES, Brian, C. ,  STRONGIN, Geoffrey, S. ,  SCHMIDT, Rodney, W.

IPC: G06F12/14

Abstract: A method and an apparatus for performing a virtual memory access. A software object (350) is executed. A security level for the software object (350) is established. A secondary table (430) is established. A memory access request based upon the executing of the software object (350) is received. At least one security level that corresponds to a segment in the secondary table (430) is determined. A match between an execution security level and a security level associated with a segment being accessed is verified in response to an execution of the software object (350). A virtual memory address based upon the secondary table (430) in response to a match between the execution security level and the security level associated with the segment being accessed is determined. A physical memory location corresponding to the virtual memory address is located. A portion of a memory based upon locating the physical memory location is accessed.