| 发明名称 | Computing system using single operating system to provide normal security services and high security services, and methods thereof | ||
| 摘要 | A method of providing normal security services and high security services with a single operating system in a computing system is disclosed. A secure thread is only accessible while the computing system is in a high security environment, and relates to one of the high security services. A pseudo normal thread is to be executed while the computing system in a normal security environment, and it works as a temporary of the secure thread, and is forwarded to a thread ordering service to gain access to resources of the computing system. When the pseudo normal thread gains access to the computing system resources, the computing system is changed to the high security environment to execute the secure thread. | ||
| 申请公布号 | US9207968(B2) | 申请公布日期 | 2015.12.08 |
| 申请号 | US200912611223 | 申请日期 | 2009.11.03 |
| 申请人 | MEDIATEK INC. | 发明人 | Yen Hsien-Chun;Huang Jing-Kuang |
| 分类号 | G06F11/00;G06F12/14;G06F12/16;G08B23/00;G06F7/04;G06F17/30;H04N7/16;G06F9/46;G06F21/53;G06F9/48 | 主分类号 | G06F11/00 |
| 代理机构 | McClure, Qualey & Rodack, LLP | 代理人 | McClure, Qualey & Rodack, LLP |
| 主权项 | 1. A computing system provides normal security services and high security services with a single operating system, comprising: normal devices and secure devices, wherein part of the secure devices are dedicated for the high security services; and a processor, building an operating core switched between a normal state and secure state via a secure application programming interface, a driver layer and a monitor, wherein: the operating core built by the processor accesses the normal devices when being in the normal state, to form a normal security environment by the computing system for the normal security services; the operating core built by the processor accesses the secure devices when being in the secure state, to form a high security environment by the computing system for the high security services; the secure application programming interface is called by a pseudo normal thread executed while the computing system is in the normal security environment; the driver layer is invoked by the secure application programming interface to call a world switch instruction; the monitor is activated by the world switch instruction from the driver layer to save context of the pseudo normal thread, change the computing system to the high security environment, obtain a secure thread corresponding to the pseudo normal thread, create or restore context of the secure thread, and dispatch the secure thread to be executed by the computing system that has been changed to the high security environment; and the secure thread relates to one of the high security services, wherein the pseudo normal thread having a one-to-one relation with the secure thread is executed in the normal security environment to work as a temporary of the secure thread to gain resources through scheduling, the pseudo normal thread is a substitute of the corresponding secure thread to queue with other normal threads for accessing the resources. | ||
| 地址 | Hsinchu TW | ||