| 发明名称 | Apparatus for processing with a secure system manager | ||
| 摘要 | Method and apparatus for secure processing. The method includes detecting communication among secure and non-secure data entities, prohibiting execution of non-secure executable instructions on secure data entities unless the non-secure executable instructions are recorded in a permitted instruction record, and prohibiting execution of non-secure executable instructions if the non-secure executable instructions are recorded in a prohibited instruction record. The apparatus includes a processor, at least one non-secure data entity, and secure data entities including: a communication monitor adapted to detect communication among secure and non-secure data entities; a permitted instruction record; a first prohibitor adapted to prohibit execution of non-secure executable instructions on secure data entities unless the non-secure executable instructions are recorded in the permitted instruction record; a prohibited instruction record; and a second prohibitor adapted to prohibit execution of non-secure executable instructions if the non-secure executable instructions are recorded in the prohibited instruction record. | ||
| 申请公布号 | US8990921(B2) | 申请公布日期 | 2015.03.24 |
| 申请号 | US201313773465 | 申请日期 | 2013.02.21 |
| 申请人 | Atheer, Inc. | 发明人 | Itani Sleiman |
| 分类号 | G06F21/57;G06F21/60 | 主分类号 | G06F21/57 |
| 代理机构 | Perkins Coie LLP | 代理人 | Perkins Coie LLP |
| 主权项 | 1. An apparatus, comprising: a hardware processor adapted for executing executable instructions; at least one non-secure data entity, comprising: a non-secure program instantiated on said processor, said non-secure program comprising non-secure executable instructions; a plurality of secure data entities, comprising: a communication monitor instantiated on said processor, said communication monitor comprising secure executable instructions, said communication monitor being adapted to detect communication among said secure data entities and said at least one non-secure data entity; a permitted instruction record; a first prohibitor instantiated on said processor, said first prohibitor comprising said secure executable instructions, said first prohibitor being adapted to prohibit execution of said non-secure executable instructions on said secure data entities unless said non-secure executable instructions are recorded in said permitted instruction record; a prohibited instruction record; and a second prohibitor instantiated on said processor, said second prohibitor comprising said secure executable instructions, said second prohibitor being adapted to prohibit execution of said non-secure executable instructions if said non-secure executable instructions are recorded in said prohibited instruction record. | ||
| 地址 | Mountain View CA US | ||