公开(公告)号：EP1507414B1

公开(公告)日：2008-04-30

申请号：EP03255093.1

申请日：2003-08-15

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew ,  Bennett, Peter

IPC: H04N7/16 ,  G06F12/14

CPC classification number: G06F12/1483 ,  H04N21/443 ,  H04N21/4623

公开(公告)号：EP1619588A1

公开(公告)日：2006-01-25

申请号：EP04254362.9

申请日：2004-07-21

Applicant: STMicroelectronics Limited

Inventor： Bennett, Peter

IPC: G06F13/16 ,  G11C16/08

CPC classification number: G06F13/1631 ,  G11C16/08

Abstract: A memory access system comprising: a memory in which data is organised in pages, each page holding a sequence of data elements; means for receiving a requested address comprising a requested page address and a requested data element address; means for accessing a current page from the memory using a current page address; means for reading out data elements of the current page in the sequence in which they are held in memory; means for comparing the requested page address with the current page address and for issuing a memory access request with the requested page address when they are not the same; and means operable when the requested page address is the same as the current page address for comparing a requested data element address with the current address of a data element being read out and returning the data element when the requested data element address matches the current data element address.

Abstract translation: 一种存储器访问系统，包括：存储器，其中以页面的形式组织数据，每个页面保存数据元素的序列; 用于接收包括请求的页面地址和所请求的数据元素地址的所请求的地址的装置; 用于使用当前页面地址从所述存储器访问当前页面的装置; 用于按照它们被保存在存储器中的顺序读出当前页面的数据元素的装置; 用于将请求的页面地址与当前页面地址进行比较并用于当它们不相同时发出具有所请求的页面地址的存储器访问请求的装置; 以及当所请求的页面地址与当前页面地址相同时可操作的装置，用于将所请求的数据元素地址与正被读出的数据元素的当前地址进行比较，并且当请求的数据元素地址与当前数据元素匹配时返回数据元素 地址。

公开(公告)号：EP1507414A1

公开(公告)日：2005-02-16

申请号：EP03255093.1

申请日：2003-08-15

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew ,  Bennett, Peter

IPC: H04N7/16 ,  G06F12/14

CPC classification number: G06F12/1483 ,  H04N21/443 ,  H04N21/4623

Abstract: A privileged data table is provided to maintain a list of those regions of a data memory which contain privileged data. When a data access operation is attempted, a privilege rule enforcer compares the address of the memory being accessed to the list of privileged regions. If the memory address falls within a privileged region then the memory access operation is blocked unless the instruction accessing the memory has been securely authorised by a code verifier. A privileged instruction table is provided to maintain a list of instructions stored in an instruction list that have been verified. When an instruction is fetched from the instruction list, an instruction privilege identifier compares the instruction being fetched with the list of verified instructions, and generates a signal indicating the privilege status of the instruction. Instructions are blocked according to the privilege signal. Only privileged instructions are allowed to modify the contents of the privileged data table and the privileged instruction table. The process of blocking unauthorised memory operations may be performed in accordance with a set of further rules as defined by a rule signal. All components of the system are contained on a single monolithic semiconductor integrated circuit.

Abstract translation: 提供特权数据表以维护包含特权数据的数据存储器的那些区域的列表。 当尝试进行数据访问操作时，特权规则执行者将正在访问的内存的地址与特权区域列表进行比较。 如果存储器地址落在特权区域内，则存储器访问操作被阻止，除非访问存储器的指令已被代码验证者安全地授权。 提供特权指令表以维护存储在已被验证的指令列表中的指令的列表。 当从指令列表中取出指令时，指令特权标识符将所提取的指令与已验证指令的列表进行比较，并产生指示指令的特权状态的信号。 根据特权信号阻止指令。 只允许特权指令修改特权数据表和特权指令表的内容。 可以根据由规则信号定义的一组另外的规则来执行阻止未经授权的存储器操作的过程。 系统的所有组件都包含在单个单片半导体集成电路上。

公开(公告)号：EP1619588B1

公开(公告)日：2007-05-09

申请号：EP04254362.9

申请日：2004-07-21

Applicant: STMicroelectronics Limited

Inventor： Bennett, Peter

IPC: G06F13/16 ,  G11C16/08

CPC classification number: G06F13/1631 ,  G11C16/08

公开(公告)号：EP1657925A1

公开(公告)日：2006-05-17

申请号：EP06075049.4

申请日：2003-08-15

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew ,  Bennett, Peter

IPC: H04N7/16 ,  G06F12/14

CPC classification number: G06F12/1483 ,  H04N21/443 ,  H04N21/4623

Abstract: Data is retrieved from a data memory by transmitting instructions containing the memory address of the data to be retrieved. A privileged data table stores a list identifying those regions of the data memory that store privileged or sensitive data. A privileged rule enforcer determines whether an instruction is attempting to access privileged data by comparing the address contained in the instruction with the regions of memory identified by the privileged data table as storing privileged data. If the instruction is attempting to access privileged data, the privileged rule enforcer blocks the instruction, and therefore the data access, unless the instruction is identified as having been verified by a code verifier and the data access satisfies one or more data access rules. To determine whether an instruction has been verified, the privilege rule enforcer receives a privilege signal which is asserted when a verified instruction is transmitted. The data access rules are defined by a rule signal received by the privileged rule enforcer.

Abstract translation: 通过发送包含要检索的数据的存储器地址的指令从数据存储器检索数据。 特权数据表存储标识存储特权或敏感数据的数据存储器区域的列表。 特权规则执行者通过将指令中包含的地址与由特权数据表识别的存储器区域作为存储特权数据进行比较来确定指令是否尝试访问特权数据。 如果指令尝试访问特权数据，则特权规则执行者将阻止该指令，并因此阻止该数据访问，除非该指令被识别为已由代码验证器验证并且该数据访问满足一个或多个数据访问规则。 为了确定是否已经验证了指令，特权规则执行器接收到当发送已验证指令时被断言的特权信号。 数据访问规则由特权规则执行者接收的规则信号定义。

公开(公告)号：EP1578051A1

公开(公告)日：2005-09-21

申请号：EP04251574.2

申请日：2004-03-18

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew ,  Bennett, Peter ,  Cordero, Rodrigo

IPC: H04L9/00 ,  G06F12/14 ,  H04H1/00

CPC classification number: H04N7/162 ,  G06F12/1408 ,  H04H60/23 ,  H04N7/1675

Abstract: In an embodiment of the invention, a memory is provided to store data in an encrypted form. A modifiable register is arranged to store a memory address, a 0 , defining a boundary separating the memory into two regions. The lower region stores data encrypted using a key B, and the upper region stores data encrypted using a different key A. Data stored on the boundary address is encrypted using key A. Accordingly, when data is read from a memory address a, key A is used to decrypt the data if a≥a 0 , and key B is used if a 0 . However, when data is written to a memory address a, then key A is used to encrypt the data if a≥a 0 +1, key B is used if a 0 +1. The value of a 0 is then incremented by one. When data is written to the boundary address, a 0 , the position of the boundary is thus caused to increase by one unit. Initially, the value of a 0 is set to zero so that all data within the memory is encrypted using key A. As data is written to the memory, particularly on the boundary address, the value of a 0 gradually increases. Eventually the value of a 0 will exceed the highest address of the memory. At this point, all data within the memory is encrypted using key B, and a new key is generated. The new key becomes key B, and key A takes the value of the old key B. The value of a 0 is then set back to zero and the process is repeated. If a particular region of the memory is never written to, the value of a 0 will not increase beyond the lowest memory address of this region. To prevent this occurrence, if the value of a 0 does not change within a predetermined period of time then a 'kicker' process is activated. During the kicker process, data is caused to be read from the memory address a 0 , and then to be written back to the same location, thereby artificially stimulating an increase of the value of a 0 .