CA2387807A1 - Partitioned memory device having characteristics of different memory technologies - Google Patents
Partitioned memory device having characteristics of different memory technologies Download PDFInfo
- Publication number
- CA2387807A1 CA2387807A1 CA002387807A CA2387807A CA2387807A1 CA 2387807 A1 CA2387807 A1 CA 2387807A1 CA 002387807 A CA002387807 A CA 002387807A CA 2387807 A CA2387807 A CA 2387807A CA 2387807 A1 CA2387807 A1 CA 2387807A1
- Authority
- CA
- Canada
- Prior art keywords
- memory
- management unit
- volatile
- application
- processing circuit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/145—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being virtual, e.g. for virtual blocks or segments before a translation mechanism
Abstract
A single-chip data processing circuit (100) has a memory management unit (200) and a homogeneous memory device (270). The memory management unit (i) partitions the homogeneous memory device to achieve heterogeneous memory characteristics for various regions of the memory device, and (ii) restricts access of installed applications executing in the microprocessor core to predetermined memory ranges. The memory management unit implements memory address checking using limit registers (325 and 345) and translates virtual addresses to an absolute memory address using offset registers (330 and 350).
The memory management unit loads limit and offset registers with the appropriate values from an application table (300) to ensure that the executing application only accesses the designated memory locations.
The memory management unit loads limit and offset registers with the appropriate values from an application table (300) to ensure that the executing application only accesses the designated memory locations.
Description
Partitioned Memory Device Having Characteristics of Different Memory Technologies Field of the Invention The present invention relates generally to a memory management system for single-chip data processing circuits, such as a smart card, and more particularly, to a memory management method and apparatus that (i) partitions l0 homogeneous memory devices to achieve heterogeneous memory characteristics and (ii) restricts access of installed applications to predetermined memory ranges.
Background of the Invention Smart cards typically contain a central processing unit (CPU) or a microprocessor to control all processes and transactions associated with the smart card.
The microprocessor is used to increase the security of the device, by providing a flexible method to implement complex and variable algorithms that ensure integrity and access to data stored in non volatile memory. To enable this requirement, smart cards contain non-volatile memory, for storing program code and changed data, and volatile memory for the temporary storage of certain information. In conventional smart cards, each memory type has been implemented using different technologies.
Byte erasable EEPROM, for example, is typically used to store non-volatile data, that changes or configures the device in the field, while Masked-Rom and more recently one-time-programmable read-only memory (OTPROM) is typically used to store program code. The data and program code stored in such non-volatile memory will remain in memory, even when the power is removed from the smart card.
Volatile memory is normally implemented as random access memory (RAM). The hardware technologies associated with each memory type provide desirable security benefits.
For example, the one-time nature of OTPROM prevents authorized program code from being modified or over-written with unauthorized program code. Likewise, the implementation of volatile memory as RAM ensures that the temporarily stored information, such as an encryption key, is cleared after each use.
There is an increasing trend, however, to utilize homogeneous memory devices, such as ferroelectric random access memory (FERAM), in the fabrication of smart cards. FERAM is a nonvolatile memory employing a ferroelectric material to store the information based on the polarization state of the ferroelectric material. Such homogeneous memory devices are desirable since they are non-volatile, while providing the speed of RAM, and the density of ROM while using little energy.
The homogeneous nature of such memory devices, however, eliminates the security benefits that were previously provided by the various hardware technologies themselves. Thus, a need exists for the ability to partition such otherwise homogeneous memory devices into volatile, non-volatile and program storage (ROM) regions with the appropriate corresponding memory characteristics.
United States Patent Number 5,890,199 to Downs discloses a system for selectively configuring a homogeneous memory, such as FERAM, as read/write memory, read only memory (ROM) or a combination of the foregoing. Generally, the Downs system allows a single portion of the memory array to be partitioned as ROM
for storing the software code for only an application. In addition, the Downs system does not provide a mechanism for configuring the homogeneous memory to behave like RAM that provides for the temporary storage of information that is cleared after each use.Single-chip microprocessors, such as those used in smart cards, increasingly support multiple functions (applications) and must be able to download an application for immediate execution in support of a given function. Currently, single-chip microprocessors prevent an installed application from improperly corrupting or otherwise accessing the sensitive information stored on the chip using software controls. Software-implemented application access control mechanisms, however, rely on the total integrity of the embedded software, including the software that can be loaded in the field.
Ideally, a system would allow a third party to create an application and load it onto a standard card, which removes the control over the integrity of the software allowing malicious attacks. This may be overcome, for example, by programming an interpreter into the card that indirectly executes a command sequence (as opposed to the micrprocessor executing a binary directly). This technique, however, requires more processing power for a given function and additional code on the device which further increases the cost of a cost-sensitive product. A
mechanism is required that ensures that every memory transaction made by a loaded application is limited to the memory areas allocated to it. Furthermore, this mechanism needs to function independently of the software such that it cannot be altered by malicious programs. Thus, even malicious software is controlled.
A further need exists for a hardware-implemented access control mechanism that prevents unauthorized applications from accessing stored information, such as sensitive data, and the controlling software of smart cards. Hardware-implementations of an access control mechanism will maximize the security of the single-chip microprocessor, and allow code to be reused, by isolating the code from the actual hardware implementation of the device. Furthermore, a hardware-implemented access control mechanism allows a secure kernel (operating system) to be embedded into the device, having access rights to features of the device that are denied to applications.
Summary of the Invention Generally, a memory management unit is disclosed for a single-chip data processing circuit, such as a smart card. The memory management unit (i) partitions a homogeneous memory device to achieve heterogeneous memory characteristics for various regions of the memory device, and (ii) restricts access of installed applications executing in the microprocessor core to predetermined memory ranges. Thus, the memory management unit imposes firewalls between applications and permits hardware checked partitioning of the memory.
The memory management unit provides two operating modes for the processing circuit. In a secure kernel mode, the programmer can access all resources of the device including hardware control. In an application mode, the memory management unit translates the virtual memory address used by the software creator into the physical address allocated to the application by the operating system in a secure kernel mode during installation. The present invention also ensures that an application does not access memory outside of the memory mapped to the application by the software when in secure kernel mode. Any illegal memory accesses attempted by an application will cause a trap, and in one embodiment, the memory management unit restarts the microprocessor in a secure kernel mode, optionally setting flags to permit a system programmer to implement an appropriate mechanism to deal with the exception.
Background of the Invention Smart cards typically contain a central processing unit (CPU) or a microprocessor to control all processes and transactions associated with the smart card.
The microprocessor is used to increase the security of the device, by providing a flexible method to implement complex and variable algorithms that ensure integrity and access to data stored in non volatile memory. To enable this requirement, smart cards contain non-volatile memory, for storing program code and changed data, and volatile memory for the temporary storage of certain information. In conventional smart cards, each memory type has been implemented using different technologies.
Byte erasable EEPROM, for example, is typically used to store non-volatile data, that changes or configures the device in the field, while Masked-Rom and more recently one-time-programmable read-only memory (OTPROM) is typically used to store program code. The data and program code stored in such non-volatile memory will remain in memory, even when the power is removed from the smart card.
Volatile memory is normally implemented as random access memory (RAM). The hardware technologies associated with each memory type provide desirable security benefits.
For example, the one-time nature of OTPROM prevents authorized program code from being modified or over-written with unauthorized program code. Likewise, the implementation of volatile memory as RAM ensures that the temporarily stored information, such as an encryption key, is cleared after each use.
There is an increasing trend, however, to utilize homogeneous memory devices, such as ferroelectric random access memory (FERAM), in the fabrication of smart cards. FERAM is a nonvolatile memory employing a ferroelectric material to store the information based on the polarization state of the ferroelectric material. Such homogeneous memory devices are desirable since they are non-volatile, while providing the speed of RAM, and the density of ROM while using little energy.
The homogeneous nature of such memory devices, however, eliminates the security benefits that were previously provided by the various hardware technologies themselves. Thus, a need exists for the ability to partition such otherwise homogeneous memory devices into volatile, non-volatile and program storage (ROM) regions with the appropriate corresponding memory characteristics.
United States Patent Number 5,890,199 to Downs discloses a system for selectively configuring a homogeneous memory, such as FERAM, as read/write memory, read only memory (ROM) or a combination of the foregoing. Generally, the Downs system allows a single portion of the memory array to be partitioned as ROM
for storing the software code for only an application. In addition, the Downs system does not provide a mechanism for configuring the homogeneous memory to behave like RAM that provides for the temporary storage of information that is cleared after each use.Single-chip microprocessors, such as those used in smart cards, increasingly support multiple functions (applications) and must be able to download an application for immediate execution in support of a given function. Currently, single-chip microprocessors prevent an installed application from improperly corrupting or otherwise accessing the sensitive information stored on the chip using software controls. Software-implemented application access control mechanisms, however, rely on the total integrity of the embedded software, including the software that can be loaded in the field.
Ideally, a system would allow a third party to create an application and load it onto a standard card, which removes the control over the integrity of the software allowing malicious attacks. This may be overcome, for example, by programming an interpreter into the card that indirectly executes a command sequence (as opposed to the micrprocessor executing a binary directly). This technique, however, requires more processing power for a given function and additional code on the device which further increases the cost of a cost-sensitive product. A
mechanism is required that ensures that every memory transaction made by a loaded application is limited to the memory areas allocated to it. Furthermore, this mechanism needs to function independently of the software such that it cannot be altered by malicious programs. Thus, even malicious software is controlled.
A further need exists for a hardware-implemented access control mechanism that prevents unauthorized applications from accessing stored information, such as sensitive data, and the controlling software of smart cards. Hardware-implementations of an access control mechanism will maximize the security of the single-chip microprocessor, and allow code to be reused, by isolating the code from the actual hardware implementation of the device. Furthermore, a hardware-implemented access control mechanism allows a secure kernel (operating system) to be embedded into the device, having access rights to features of the device that are denied to applications.
Summary of the Invention Generally, a memory management unit is disclosed for a single-chip data processing circuit, such as a smart card. The memory management unit (i) partitions a homogeneous memory device to achieve heterogeneous memory characteristics for various regions of the memory device, and (ii) restricts access of installed applications executing in the microprocessor core to predetermined memory ranges. Thus, the memory management unit imposes firewalls between applications and permits hardware checked partitioning of the memory.
The memory management unit provides two operating modes for the processing circuit. In a secure kernel mode, the programmer can access all resources of the device including hardware control. In an application mode, the memory management unit translates the virtual memory address used by the software creator into the physical address allocated to the application by the operating system in a secure kernel mode during installation. The present invention also ensures that an application does not access memory outside of the memory mapped to the application by the software when in secure kernel mode. Any illegal memory accesses attempted by an application will cause a trap, and in one embodiment, the memory management unit restarts the microprocessor in a secure kernel mode, optionally setting flags to permit a system programmer to implement an appropriate mechanism to deal with the exception.
An application table records the memory demands of each application that is installed on the single-chip data processing circuit, such as the volatile, non-volatile and program storage (OTPROM) memory requirements of each application.
The memory management unit implements memory address checking using limit registers and translates virtual addresses to an absolute memory address using offset registers. Once the appropriate memory areas have been allocated to each application program, the memory management unit loads limit and offset registers with the appropriate values from the application table to ensure that the executing application only accesses the designated memory locations.
According to another aspect of the invention, the memory management unit partitions a homogeneous memory device, such as an FERAM memory device, to achieve heterogeneous memory characteristics normally associated with a plurality of memory technologies, such as volatile, non-volatile and program storage (ROM) memory segments. Once partitioned, the memory management unit enforces the appropriate corresponding memory characteristics for each heterogeneous memory type. A memory partition control logic is programmed with the required partitioning associated with each portion of the homogeneous memory in order that the homogenous memory behaves like volatile, non-volatile and program storage (OTPROM) memory technologies, as desired.
A more complete understanding of the present invention, as well as further features and advantages of the present invention, will be obtained by reference to the following detailed description and drawings.
Brief Description of the Drawing FIG. 1 is a schematic block diagram illustrating a single-chip data processing circuit, such as a smart card, that includes a memory management unit in accordance with the present invention;
FIG. 2 is a schematic block diagram of an exemplary hardware-implementation of the memory management unit of FIG. l;
FIG. 3 is a sample table from the exemplary application table of FIG. 2;
and FIG. 4 is a schematic block diagram illustrating the memory partition control logic of FIG. 2.
The memory management unit implements memory address checking using limit registers and translates virtual addresses to an absolute memory address using offset registers. Once the appropriate memory areas have been allocated to each application program, the memory management unit loads limit and offset registers with the appropriate values from the application table to ensure that the executing application only accesses the designated memory locations.
According to another aspect of the invention, the memory management unit partitions a homogeneous memory device, such as an FERAM memory device, to achieve heterogeneous memory characteristics normally associated with a plurality of memory technologies, such as volatile, non-volatile and program storage (ROM) memory segments. Once partitioned, the memory management unit enforces the appropriate corresponding memory characteristics for each heterogeneous memory type. A memory partition control logic is programmed with the required partitioning associated with each portion of the homogeneous memory in order that the homogenous memory behaves like volatile, non-volatile and program storage (OTPROM) memory technologies, as desired.
A more complete understanding of the present invention, as well as further features and advantages of the present invention, will be obtained by reference to the following detailed description and drawings.
Brief Description of the Drawing FIG. 1 is a schematic block diagram illustrating a single-chip data processing circuit, such as a smart card, that includes a memory management unit in accordance with the present invention;
FIG. 2 is a schematic block diagram of an exemplary hardware-implementation of the memory management unit of FIG. l;
FIG. 3 is a sample table from the exemplary application table of FIG. 2;
and FIG. 4 is a schematic block diagram illustrating the memory partition control logic of FIG. 2.
Detailed Description FIG. 1 illustrates a single-chip data processing circuit 100, such as a smart card, that includes a microprocessor core 110, memory devices 120, 130 and a memory management unit 200 that interfaces between the microprocessor core 110 and the memory devices 120, 130 for memory access operations. In accordance with the present invention, the memory management unit 200 (i) partitions a homogeneous memory device to achieve heterogeneous memory characteristics for various regions of the memory device, and (ii) restricts access of installed applications executing in the microprocessor core 110 to predetermined memory ranges. It is noted that each of these two features are independent, and may be selectively and separately implemented in the memory management unit 200, as would be apparent to a person of ordinary skill. In addition, while the present invention is illustrated in a smart card environment, the present invention applies to any single-chip data processing circuit, as would be apparent to a person of ordinary skill in the art.
According to a feature of the present invention, the memory management uni; 200, discussed further below in conjunction with FIG. 2, imposes firewalls between applications and thereby permits hardware checked partitioning of the memory. Thus, an application has limited access to only a predetermined memory range. As discussed further below, the memory management unit 200 performs memory address checking and translates addresses based on user-specified criteria.
According to another feature of the invention, the memory management unit 200 provides two operating modes for the microprocessor 110. In a secure kernel mode, the programmer can access all resources of the device including hardware control. In an application mode, the memory management unit 200 translates the virtual memory address used by the software creator into the physical address allocated to the application by the operating system in a secure kernel mode during installation.
The present invention also ensures that an application does not access memory outside of the memory mapped to the application by the software when in secure kernel mode.
Any illegal memory accesses attempted by an application will cause a trap, and in one embodiment, the memory management unit 200 restarts the microprocessor 110 in a secure kernel mode, optionally setting flags to permit a system programmer to implement an appropriate mechanism to deal with the exception.
According to a feature of the present invention, the memory management uni; 200, discussed further below in conjunction with FIG. 2, imposes firewalls between applications and thereby permits hardware checked partitioning of the memory. Thus, an application has limited access to only a predetermined memory range. As discussed further below, the memory management unit 200 performs memory address checking and translates addresses based on user-specified criteria.
According to another feature of the invention, the memory management unit 200 provides two operating modes for the microprocessor 110. In a secure kernel mode, the programmer can access all resources of the device including hardware control. In an application mode, the memory management unit 200 translates the virtual memory address used by the software creator into the physical address allocated to the application by the operating system in a secure kernel mode during installation.
The present invention also ensures that an application does not access memory outside of the memory mapped to the application by the software when in secure kernel mode.
Any illegal memory accesses attempted by an application will cause a trap, and in one embodiment, the memory management unit 200 restarts the microprocessor 110 in a secure kernel mode, optionally setting flags to permit a system programmer to implement an appropriate mechanism to deal with the exception.
In this manner, an exception is identified if an application is written with the accidental or specific intention of compromising the security of the smart card, by accessing stored data, code or by manipulating the hardware to indirectly influence the operation of the chip. The memory management unit 200 limits the application to the allocated program code and data areas. Any other references result in termination of the application and flagging the secure kernel that such an illegal attempt has been made. Thus, each application is isolated from all other applications, the hardware and the secure kernel. In an implementation where application isolation is not needed, the security mechanism acts as a general protection unit trapping software errors.
According to a further feature of the present invention, the memory management unit 200 partitions a homogeneous memory device, such as an FERAM
memory device, to achieve heterogeneous memory characteristics normally associated with a plurality of memory technologies, such as volatile, non-volatile and program storage (ROM) memory segments. Once partitioned, the memory management unit 200 enforces the appropriate corresponding memory characteristics for each heterogeneous memory type.
FIG. 2 provides a schematic block diagram of an exemplary hardware-implementation of the memory management unit 200. As previously indicated, the memory management unit 200 (i) partitions a homogeneous memory device to achieve heterogeneous memory characteristics for various regions of the memory device, and (ii) restricts access of installed applications executing in the microprocessor core 110 to predetermined memory ranges. As shown in FIG. 2 and discussed further below in conjunction with FIG. 4, the memory management unit 200 includes a section for memory partition control logic 400. Generally, the memory partition control logic 400 is programmed with the required partitioning associated with each portion of the homogeneous memory in order that the homogenous memory behaves like volatile, non-volatile and program storage (OTPROM) memory technologies, as desired. An application would normally be allocated different memory areas for code and data, and the data area can be further divided into a volatile portion, for scratchpad operations, and non-volatile storage areas.
In addition, the memory management unit 200 includes an application table 300, discussed further below in conjunction with FIG. 3. Generally, the application table 300 records the memory demands of each application that is installed on the single-chip data processing circuit 100. For example, the application table 300 indicates the volatile, non-volatile and program storage (OTPROM) memory requirements of each application. The application table 300 is generated by the microprocessor 110 when operating in a secure kernel mode, as each application is installed. The kernel allocates the appropriate memory areas to each application program.
Once the appropriate memory areas have been allocated to each application program, the memory management unit 200 shown in FIG. 2 can load the limit and offset registers 230-232, 240-242, discussed below, with the appropriate values from the application table 300 to ensure that the executing application only accesses the designated memory locations. Generally, the memory management unit 200 implements memory address checking using the limit registers 230-232 and translates addresses to an absolute memory address using the offset registers 240-242.
In addition to restricting access of installed applications executing in the microprocessor core 110 to predetermined memory ranges, the memory management unit 200 also translates addresses between the virtual memory address used by the software programmer into the physical address allocated to the application by the operating system in a secure kernel mode, before it hands over execution to the application code. It is noted that when programming the illustrative 8051 microprocessor, a software programmer starts with a code space starting at an address of 0, and a data space starting at an address of 0. Furthermore, the size of the code and data space is a variable corresponding to the required resource of a given application.
Again, the application has the appropriate volatile, non-volatile and program storage (OTPROM) memory allocations that are translated and checked by the memory management unit 200, in a manner described below, such that attempts to access memory outside the designated memory area will result in the application being terminated. The kernel will be restarted and the offending trapped access, being stored for interrogation by the kernel.
The hardware memory-mapping scheme and out of area protection hardware mechanism is shown in FIG. 2. In the illustrative 8051 microprocessor, only one application is active at any time, so only one set of mapping logic is required, as shown in FIG. 2. Thus, the microprocessor core 110 must implement context switching in a mufti-function environment, as would be apparent to a person of ordinary skill. As previously indicated, the memory management unit 200 includes a pair of limit and offset registers, such as the registers 230-232, 240-242, respectively, for each memory technology that is managed by the memory management unit 200.
Before an application is started, the associated memory requirements are retrieved from the application table 300 by the secure operating system running in the kernel mode. The associated memory requirements are loaded into the corresponding limit and offset registers 230-232, 240-242.
Thereafter, the kernel loads the code application offset register (COR) 240 with the address of where the application program code is stored in memory. The kernel then loads the code application limit register (CLR) 230 with the size of the application code space. Similarly, the data space can be defined as a block of memory, whose size is the sum of the sizes of both the volatile and non-volatile memory, allocated to that application. Thus, the kernel loads the data limit register (DLR) 231 with the size of the data space (both the volatile and non-volatile memory).
The size of the allocated volatile memory is loaded into the volatile data limit register (VDLR) 232, and the base address to be used for the scratchpad memory (RAM) is loaded into the volatile data offset register (VDOR) 241. Finally, the base address to be used for non-volatile storage (EEPROM) allocated to the application is loaded into the non volatile offset register (NVOR) 242.
In one implementation, the memory protection mechanism checks the virtual memory addresses assigned by the programmer, as opposed to the absolute addresses allocated by the kernel. Thus, the illegal access mechanism is simplified, as an illegal memory access is identified when an access is made to a location having a virtual address that is greater than the value contained in the appropriate limit register.
Thus, as shown in FIG. 2, the memory management unit 200 contains comparators 250, 255 for comparing the virtual address issued by the microprocessor core 210, to the value contained in the appropriate limit register 230-232. If the application is attempting an unauthorized memory access, the corresponding comparator 250, will set an out-of bounds trap.
If the application is attempting an authorized memory access, the corresponding comparator 250, 255 will enable the appropriate offset register 240-242, and the value from the offset register will be added by an adder 260 to the virtual address issued by the microprocessor core 210. In one preferred implementation, the _g_ limit and offset registers 230-232, 240-242 and the comparators 250, 255 are fabricated using known tamper-resistant technologies to preclude physical security attack.
FIG. 3 illustrates an exemplary application table 300 that stores information on each application installed on the single-chip data processing circuit 100, including the memory demands of each installed application. As shown in FIG.
3, the application table 300 indicates the volatile, non-volatile and program storage (OTPROM) memory requirements of each application. The application table 300 may be generated by the microprocessor 110 when operating in a secure kernel mode, as each application is installed. The kernel allocates the appropriate memory areas to each application program.
The application table 300 maintains a plurality of records, such as records 305-315, each associated with a different application. For each application identifier in field 320, the application table 300 includes the base address of where the application program code is stored in memory, and the corresponding size of the application code space in fields 325 and 330, respectively. In addition, the application table 300 indicates the total size of the data space in field 335 (sum of both the volatile and non-volatile memory), with the size of the allocated volatile memory stored in field 340, the base address for the scratchpad memory (RAM) in field 345, and the base address for non-volatile storage (EEPROM) is recorded in field 350. As previously indicated, when an application becomes active, each of the corresponding memory range values from fields 325 through 350 are retrieved and loaded into the appropriate limit and offset registers 230-232, 240-242, respectively.
FIG. 4 illustrates the memory partition control logic 400 for a homogeneous memory array 450. As previously indicated, the memory partition control logic 400 contains registers associated with each portion of the homogeneous memory in order that the homogenous memory behaves like volatile, non-volatile and program storage (OTPROM) memory technologies, as desired. An application would normally be allocated different memory areas for code and data, and the data area can be further divided into a volatile portion, for scratchpad operations, and non-volatile storage areas. FERAM is inherently a non-volatile array. In other words, FERAM
can be changed many times and holds the last written value, even when powered down, in a manner similar to EEPROM. Thus, it is unnecessary to force EEPROM-behavior onto the FERAM to achieve a non-volatile array.
To create a volatile array using the non-volatile FERAM array, erase circuitry 410, 430 is added, for example, by writing 0's to each address, or using a block erase feature built into the array that writes 0's to many addresses in parallel. The erase circuitry 410, 430 records the upper and lower limits of the memory range that should behave like a volatile array. Similarly, to ensure that the code is not written to, a write inhibit has to be forced onto the memory array using lock-write circuitry 420, 440. The lock-write circuitry 420, 440 records the upper and lower limits of the memory range that should behave like program storage (OTPROM) memory.
Once the application space has been setup by the secure kernel, defined areas of the homogenous array need to behave in the appropriate manner. This can be achieved by mapping the erase logic using the same memory definitions used to define the volatile memory area for applications. Before an application is started (or after or both), the erase mechanism is enabled, ensuring that an application when started can see no residual values left over by a previous application or the kernel, that may have used the designated block. Similarly, the same simple mechanism can be used to enforce a write-lock on the area designated as the code space for the application to prevent the application from modifying its code to cause potential unknown conditions and hence revealing secure aspects of the device.
The application RAM area is defined by parameters loaded into erase circuitry 430. Typically, the value loaded into the erase circuitry 430 would be the physical address location within the FERAM memory array and the size of the allocated memory. The block erase logic 410, when activated, is constrained by the erase circuitry 430 to erase the predefined area. The same principle is used to obtain OTP characteristics. OTP partitioning is defined by the lock-write circuitry 440, which allocates an area of the same memory array once parameters are loaded. The lock write logic 420 removes the write capability for the area defined in the lock-write circuitry 440 giving the area the same characteristics as OTP memory.
It is to be understood that the embodiments and variations shown and described herein are merely illustrative of the principles of this invention and that various modifications may be implemented by those skilled in the art without departing from the scope and spirit of the invention.
According to a further feature of the present invention, the memory management unit 200 partitions a homogeneous memory device, such as an FERAM
memory device, to achieve heterogeneous memory characteristics normally associated with a plurality of memory technologies, such as volatile, non-volatile and program storage (ROM) memory segments. Once partitioned, the memory management unit 200 enforces the appropriate corresponding memory characteristics for each heterogeneous memory type.
FIG. 2 provides a schematic block diagram of an exemplary hardware-implementation of the memory management unit 200. As previously indicated, the memory management unit 200 (i) partitions a homogeneous memory device to achieve heterogeneous memory characteristics for various regions of the memory device, and (ii) restricts access of installed applications executing in the microprocessor core 110 to predetermined memory ranges. As shown in FIG. 2 and discussed further below in conjunction with FIG. 4, the memory management unit 200 includes a section for memory partition control logic 400. Generally, the memory partition control logic 400 is programmed with the required partitioning associated with each portion of the homogeneous memory in order that the homogenous memory behaves like volatile, non-volatile and program storage (OTPROM) memory technologies, as desired. An application would normally be allocated different memory areas for code and data, and the data area can be further divided into a volatile portion, for scratchpad operations, and non-volatile storage areas.
In addition, the memory management unit 200 includes an application table 300, discussed further below in conjunction with FIG. 3. Generally, the application table 300 records the memory demands of each application that is installed on the single-chip data processing circuit 100. For example, the application table 300 indicates the volatile, non-volatile and program storage (OTPROM) memory requirements of each application. The application table 300 is generated by the microprocessor 110 when operating in a secure kernel mode, as each application is installed. The kernel allocates the appropriate memory areas to each application program.
Once the appropriate memory areas have been allocated to each application program, the memory management unit 200 shown in FIG. 2 can load the limit and offset registers 230-232, 240-242, discussed below, with the appropriate values from the application table 300 to ensure that the executing application only accesses the designated memory locations. Generally, the memory management unit 200 implements memory address checking using the limit registers 230-232 and translates addresses to an absolute memory address using the offset registers 240-242.
In addition to restricting access of installed applications executing in the microprocessor core 110 to predetermined memory ranges, the memory management unit 200 also translates addresses between the virtual memory address used by the software programmer into the physical address allocated to the application by the operating system in a secure kernel mode, before it hands over execution to the application code. It is noted that when programming the illustrative 8051 microprocessor, a software programmer starts with a code space starting at an address of 0, and a data space starting at an address of 0. Furthermore, the size of the code and data space is a variable corresponding to the required resource of a given application.
Again, the application has the appropriate volatile, non-volatile and program storage (OTPROM) memory allocations that are translated and checked by the memory management unit 200, in a manner described below, such that attempts to access memory outside the designated memory area will result in the application being terminated. The kernel will be restarted and the offending trapped access, being stored for interrogation by the kernel.
The hardware memory-mapping scheme and out of area protection hardware mechanism is shown in FIG. 2. In the illustrative 8051 microprocessor, only one application is active at any time, so only one set of mapping logic is required, as shown in FIG. 2. Thus, the microprocessor core 110 must implement context switching in a mufti-function environment, as would be apparent to a person of ordinary skill. As previously indicated, the memory management unit 200 includes a pair of limit and offset registers, such as the registers 230-232, 240-242, respectively, for each memory technology that is managed by the memory management unit 200.
Before an application is started, the associated memory requirements are retrieved from the application table 300 by the secure operating system running in the kernel mode. The associated memory requirements are loaded into the corresponding limit and offset registers 230-232, 240-242.
Thereafter, the kernel loads the code application offset register (COR) 240 with the address of where the application program code is stored in memory. The kernel then loads the code application limit register (CLR) 230 with the size of the application code space. Similarly, the data space can be defined as a block of memory, whose size is the sum of the sizes of both the volatile and non-volatile memory, allocated to that application. Thus, the kernel loads the data limit register (DLR) 231 with the size of the data space (both the volatile and non-volatile memory).
The size of the allocated volatile memory is loaded into the volatile data limit register (VDLR) 232, and the base address to be used for the scratchpad memory (RAM) is loaded into the volatile data offset register (VDOR) 241. Finally, the base address to be used for non-volatile storage (EEPROM) allocated to the application is loaded into the non volatile offset register (NVOR) 242.
In one implementation, the memory protection mechanism checks the virtual memory addresses assigned by the programmer, as opposed to the absolute addresses allocated by the kernel. Thus, the illegal access mechanism is simplified, as an illegal memory access is identified when an access is made to a location having a virtual address that is greater than the value contained in the appropriate limit register.
Thus, as shown in FIG. 2, the memory management unit 200 contains comparators 250, 255 for comparing the virtual address issued by the microprocessor core 210, to the value contained in the appropriate limit register 230-232. If the application is attempting an unauthorized memory access, the corresponding comparator 250, will set an out-of bounds trap.
If the application is attempting an authorized memory access, the corresponding comparator 250, 255 will enable the appropriate offset register 240-242, and the value from the offset register will be added by an adder 260 to the virtual address issued by the microprocessor core 210. In one preferred implementation, the _g_ limit and offset registers 230-232, 240-242 and the comparators 250, 255 are fabricated using known tamper-resistant technologies to preclude physical security attack.
FIG. 3 illustrates an exemplary application table 300 that stores information on each application installed on the single-chip data processing circuit 100, including the memory demands of each installed application. As shown in FIG.
3, the application table 300 indicates the volatile, non-volatile and program storage (OTPROM) memory requirements of each application. The application table 300 may be generated by the microprocessor 110 when operating in a secure kernel mode, as each application is installed. The kernel allocates the appropriate memory areas to each application program.
The application table 300 maintains a plurality of records, such as records 305-315, each associated with a different application. For each application identifier in field 320, the application table 300 includes the base address of where the application program code is stored in memory, and the corresponding size of the application code space in fields 325 and 330, respectively. In addition, the application table 300 indicates the total size of the data space in field 335 (sum of both the volatile and non-volatile memory), with the size of the allocated volatile memory stored in field 340, the base address for the scratchpad memory (RAM) in field 345, and the base address for non-volatile storage (EEPROM) is recorded in field 350. As previously indicated, when an application becomes active, each of the corresponding memory range values from fields 325 through 350 are retrieved and loaded into the appropriate limit and offset registers 230-232, 240-242, respectively.
FIG. 4 illustrates the memory partition control logic 400 for a homogeneous memory array 450. As previously indicated, the memory partition control logic 400 contains registers associated with each portion of the homogeneous memory in order that the homogenous memory behaves like volatile, non-volatile and program storage (OTPROM) memory technologies, as desired. An application would normally be allocated different memory areas for code and data, and the data area can be further divided into a volatile portion, for scratchpad operations, and non-volatile storage areas. FERAM is inherently a non-volatile array. In other words, FERAM
can be changed many times and holds the last written value, even when powered down, in a manner similar to EEPROM. Thus, it is unnecessary to force EEPROM-behavior onto the FERAM to achieve a non-volatile array.
To create a volatile array using the non-volatile FERAM array, erase circuitry 410, 430 is added, for example, by writing 0's to each address, or using a block erase feature built into the array that writes 0's to many addresses in parallel. The erase circuitry 410, 430 records the upper and lower limits of the memory range that should behave like a volatile array. Similarly, to ensure that the code is not written to, a write inhibit has to be forced onto the memory array using lock-write circuitry 420, 440. The lock-write circuitry 420, 440 records the upper and lower limits of the memory range that should behave like program storage (OTPROM) memory.
Once the application space has been setup by the secure kernel, defined areas of the homogenous array need to behave in the appropriate manner. This can be achieved by mapping the erase logic using the same memory definitions used to define the volatile memory area for applications. Before an application is started (or after or both), the erase mechanism is enabled, ensuring that an application when started can see no residual values left over by a previous application or the kernel, that may have used the designated block. Similarly, the same simple mechanism can be used to enforce a write-lock on the area designated as the code space for the application to prevent the application from modifying its code to cause potential unknown conditions and hence revealing secure aspects of the device.
The application RAM area is defined by parameters loaded into erase circuitry 430. Typically, the value loaded into the erase circuitry 430 would be the physical address location within the FERAM memory array and the size of the allocated memory. The block erase logic 410, when activated, is constrained by the erase circuitry 430 to erase the predefined area. The same principle is used to obtain OTP characteristics. OTP partitioning is defined by the lock-write circuitry 440, which allocates an area of the same memory array once parameters are loaded. The lock write logic 420 removes the write capability for the area defined in the lock-write circuitry 440 giving the area the same characteristics as OTP memory.
It is to be understood that the embodiments and variations shown and described herein are merely illustrative of the principles of this invention and that various modifications may be implemented by those skilled in the art without departing from the scope and spirit of the invention.
Claims
13. A single-chip data processing circuit, comprising:
a processor for executing a plurality of applications;
a homogeneous memory device; and a memory management unit for (i) partitioning said homogeneous memory device for each of said plurality of applications to achieve memory characteristics associated with a plurality of memory technologies, including a volatile memory technology, (ii) recording for each of said applications a range for an assigned heterogeneous memory type corresponding to each of said partitions, and (iii) enforcing memory characteristics for a heterogeneous memory type corresponding to each of said partitions for each of said applications.
14. The single-chip data processing circuit of claim 13, wherein said memory technologies include a read only memory technology with limited programmability.
15. The single-chip data processing circuit of claim 13, wherein said memory technologies include a non-volatile memory technology.
16. The single-chip data processing circuit of claim 13, wherein said memory management unit includes block erase logic to achieve volatile memory characteristics.
17. The single-chip data processing circuit of claim 13, wherein said memory management unit includes lock-write erase logic to achieve memory characteristics with limited programmability.
28. A method for partitioning a homogeneous memory device to achieve heterogeneous memory characteristics for various regions of the memory device for a plurality of applications, comprising the steps of:
partitioning said homogeneous memory device to achieve memory characteristics associated with a plurality of memory technologies, including a volatile memory technology;
recording for each of said applications a range for an assigned heterogeneous memory type corresponding to each of said partitions; and enforcing memory characteristics for a heterogeneous memory type corresponding to each of said partitions for each of said applications.
29. The method of claim 28, wherein said memory technologies include a read only memory technology with limited programmability.
30. The method of claim 28, wherein said memory technologies include a non-volatile memory technology.
31. The method of claim 28, further comprising the step of erasing a partition of said homogeneous memory device to achieve volatile memory characteristics.
32. The method of claim 28, further comprising the step of preventing write operations in a partition to achieve memory characteristics with limited programmability.
33. The single-chip data processing circuit of claim 13, wherein said memory management unit further comprises a register for storing a base memory address corresponding to a location where a non-volatile memory region begins.
34. The single-chip data processing circuit of claim 13, wherein said memory management unit further comprises a register for storing a memory address corresponding to a location where a non-volatile memory region ends.
35. The single-chip data processing circuit of claim 13, wherein said memory management unit further comprises a register for storing a base memory address corresponding to a location where a volatile memory region begins.
36. The single-chip data processing circuit of claim 13, wherein said memory management unit further comprises a register for storing a memory address corresponding to a location where a volatile memory region ends.
37. The method of claim 28, further comprising the step of storing a base memory address corresponding to a location where a non-volatile memory region begins.
38. The method of claim 28, further comprising the step of storing a memory address corresponding to a location where a non-volatile memory region ends.
39. The method of claim 28, further comprising the step of storing a base memory address corresponding to a location where a volatile memory region begins.
40. The method of claim 28, further comprising the step of storing a memory address corresponding to a location where a volatile memory region ends.
a processor for executing a plurality of applications;
a homogeneous memory device; and a memory management unit for (i) partitioning said homogeneous memory device for each of said plurality of applications to achieve memory characteristics associated with a plurality of memory technologies, including a volatile memory technology, (ii) recording for each of said applications a range for an assigned heterogeneous memory type corresponding to each of said partitions, and (iii) enforcing memory characteristics for a heterogeneous memory type corresponding to each of said partitions for each of said applications.
14. The single-chip data processing circuit of claim 13, wherein said memory technologies include a read only memory technology with limited programmability.
15. The single-chip data processing circuit of claim 13, wherein said memory technologies include a non-volatile memory technology.
16. The single-chip data processing circuit of claim 13, wherein said memory management unit includes block erase logic to achieve volatile memory characteristics.
17. The single-chip data processing circuit of claim 13, wherein said memory management unit includes lock-write erase logic to achieve memory characteristics with limited programmability.
28. A method for partitioning a homogeneous memory device to achieve heterogeneous memory characteristics for various regions of the memory device for a plurality of applications, comprising the steps of:
partitioning said homogeneous memory device to achieve memory characteristics associated with a plurality of memory technologies, including a volatile memory technology;
recording for each of said applications a range for an assigned heterogeneous memory type corresponding to each of said partitions; and enforcing memory characteristics for a heterogeneous memory type corresponding to each of said partitions for each of said applications.
29. The method of claim 28, wherein said memory technologies include a read only memory technology with limited programmability.
30. The method of claim 28, wherein said memory technologies include a non-volatile memory technology.
31. The method of claim 28, further comprising the step of erasing a partition of said homogeneous memory device to achieve volatile memory characteristics.
32. The method of claim 28, further comprising the step of preventing write operations in a partition to achieve memory characteristics with limited programmability.
33. The single-chip data processing circuit of claim 13, wherein said memory management unit further comprises a register for storing a base memory address corresponding to a location where a non-volatile memory region begins.
34. The single-chip data processing circuit of claim 13, wherein said memory management unit further comprises a register for storing a memory address corresponding to a location where a non-volatile memory region ends.
35. The single-chip data processing circuit of claim 13, wherein said memory management unit further comprises a register for storing a base memory address corresponding to a location where a volatile memory region begins.
36. The single-chip data processing circuit of claim 13, wherein said memory management unit further comprises a register for storing a memory address corresponding to a location where a volatile memory region ends.
37. The method of claim 28, further comprising the step of storing a base memory address corresponding to a location where a non-volatile memory region begins.
38. The method of claim 28, further comprising the step of storing a memory address corresponding to a location where a non-volatile memory region ends.
39. The method of claim 28, further comprising the step of storing a base memory address corresponding to a location where a volatile memory region begins.
40. The method of claim 28, further comprising the step of storing a memory address corresponding to a location where a volatile memory region ends.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US09/420,318 US6292874B1 (en) | 1999-10-19 | 1999-10-19 | Memory management method and apparatus for partitioning homogeneous memory and restricting access of installed applications to predetermined memory ranges |
| US09/420,318 | 1999-10-19 | ||
| PCT/US2000/041243 WO2001029672A1 (en) | 1999-10-19 | 2000-10-18 | Partitioned memory device having characteristics of different memory technologies |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2387807A1 true CA2387807A1 (en) | 2001-04-26 |
Family
ID=23665978
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002387807A Abandoned CA2387807A1 (en) | 1999-10-19 | 2000-10-18 | Partitioned memory device having characteristics of different memory technologies |
Country Status (11)
| Country | Link |
|---|---|
| US (1) | US6292874B1 (en) |
| EP (1) | EP1242891B1 (en) |
| JP (1) | JP2003523554A (en) |
| KR (1) | KR100734340B1 (en) |
| AT (1) | ATE476706T1 (en) |
| AU (1) | AU771129B2 (en) |
| CA (1) | CA2387807A1 (en) |
| DE (1) | DE60044783D1 (en) |
| IL (1) | IL149157A0 (en) |
| NZ (1) | NZ518400A (en) |
| WO (1) | WO2001029672A1 (en) |
Families Citing this family (154)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6385645B1 (en) * | 1995-08-04 | 2002-05-07 | Belle Gate Investments B.V. | Data exchange system comprising portable data processing units |
| DK0757336T3 (en) | 1995-08-04 | 2001-03-19 | Belle Gate Invest B V | Data Exchange System comprising portable data processing units |
| US6295640B1 (en) * | 1998-05-08 | 2001-09-25 | Apple Computer, Inc. | Method and apparatus for distinguishing reference values from non-reference values in a runtime environment |
| CA2345794A1 (en) * | 1998-09-29 | 2000-04-06 | Sun Microsystems, Inc. | Superposition of data over voice |
| US6633984B2 (en) * | 1999-01-22 | 2003-10-14 | Sun Microsystems, Inc. | Techniques for permitting access across a context barrier on a small footprint device using an entry point object |
| US6823520B1 (en) * | 1999-01-22 | 2004-11-23 | Sun Microsystems, Inc. | Techniques for implementing security on a small footprint device using a context barrier |
| US6922835B1 (en) | 1999-01-22 | 2005-07-26 | Sun Microsystems, Inc. | Techniques for permitting access across a context barrier on a small footprint device using run time environment privileges |
| US6907608B1 (en) * | 1999-01-22 | 2005-06-14 | Sun Microsystems, Inc. | Techniques for permitting access across a context barrier in a small footprint device using global data structures |
| US7093122B1 (en) | 1999-01-22 | 2006-08-15 | Sun Microsystems, Inc. | Techniques for permitting access across a context barrier in a small footprint device using shared object interfaces |
| ATE475139T1 (en) | 1999-06-10 | 2010-08-15 | Belle Gate Invest B V | DEVICE FOR STORING DIFFERENT VERSIONS OF DATA SETS IN SEPARATE DATA AREAS AND METHOD FOR UPDATE A DATA SET IN A MEMORY |
| US6772416B1 (en) * | 1999-11-19 | 2004-08-03 | General Dynamics Decision Systems, Inc. | Separation kernel with memory allocation, remote procedure call and exception handling mechanisms |
| AU1586500A (en) | 1999-12-06 | 2001-06-12 | Sun Microsystems, Inc. | Computer arrangement using non-refreshed dram |
| DE69932643T2 (en) | 1999-12-07 | 2007-04-05 | Sun Microsystems, Inc., Santa Clara | IDENTIFICATION DEVICE WITH SECURED PHOTO, AND METHOD AND METHOD FOR AUTHENTICATING THIS IDENTIFICATION DEVICE |
| DE69937581T2 (en) | 1999-12-07 | 2008-09-18 | Sun Microsystems, Inc., Palo Alto | COMPUTER-READABLE MEDIUM WITH MICROPROCESSOR FOR READING CONTROL AND COMPUTER ARRANGEMENT FOR COMMUNICATING WITH SUCH A MEDIUM |
| US7082615B1 (en) * | 2000-03-31 | 2006-07-25 | Intel Corporation | Protecting software environment in isolated execution |
| US6760441B1 (en) | 2000-03-31 | 2004-07-06 | Intel Corporation | Generating a key hieararchy for use in an isolated execution environment |
| US6678825B1 (en) | 2000-03-31 | 2004-01-13 | Intel Corporation | Controlling access to multiple isolated memories in an isolated execution environment |
| US7013481B1 (en) | 2000-03-31 | 2006-03-14 | Intel Corporation | Attestation key memory device and bus |
| US6957332B1 (en) * | 2000-03-31 | 2005-10-18 | Intel Corporation | Managing a secure platform using a hierarchical executive architecture in isolated execution mode |
| US6633963B1 (en) * | 2000-03-31 | 2003-10-14 | Intel Corporation | Controlling access to multiple memory zones in an isolated execution environment |
| US7013484B1 (en) * | 2000-03-31 | 2006-03-14 | Intel Corporation | Managing a secure environment using a chipset in isolated execution mode |
| US6769058B1 (en) | 2000-03-31 | 2004-07-27 | Intel Corporation | Resetting a processor in an isolated execution environment |
| US6795905B1 (en) | 2000-03-31 | 2004-09-21 | Intel Corporation | Controlling accesses to isolated memory using a memory controller for isolated execution |
| US7194634B2 (en) * | 2000-03-31 | 2007-03-20 | Intel Corporation | Attestation key memory device and bus |
| US7111176B1 (en) * | 2000-03-31 | 2006-09-19 | Intel Corporation | Generating isolated bus cycles for isolated execution |
| US7073071B1 (en) | 2000-03-31 | 2006-07-04 | Intel Corporation | Platform and method for generating and utilizing a protected audit log |
| US6754815B1 (en) | 2000-03-31 | 2004-06-22 | Intel Corporation | Method and system for scrubbing an isolated area of memory after reset of a processor operating in isolated execution mode if a cleanup flag is set |
| US6718404B2 (en) * | 2000-06-02 | 2004-04-06 | Hewlett-Packard Development Company, L.P. | Data migration using parallel, distributed table driven I/O mapping |
| DE10033612B4 (en) * | 2000-07-11 | 2004-05-13 | Siemens Ag | Method for controlling access to a storage device |
| WO2002009046A1 (en) | 2000-07-20 | 2002-01-31 | Belle Gate Investment B.V. | Method and system of communicating devices, and devices therefor, with protected data transfer |
| US7793111B1 (en) | 2000-09-28 | 2010-09-07 | Intel Corporation | Mechanism to handle events in a machine with isolated execution |
| FR2816090B1 (en) * | 2000-10-26 | 2003-01-10 | Schlumberger Systems & Service | DEVICE FOR SHARING FILES IN AN INTEGRATED CIRCUIT DEVICE |
| US6907600B2 (en) * | 2000-12-27 | 2005-06-14 | Intel Corporation | Virtual translation lookaside buffer |
| US7035963B2 (en) * | 2000-12-27 | 2006-04-25 | Intel Corporation | Method for resolving address space conflicts between a virtual machine monitor and a guest operating system |
| US7818808B1 (en) | 2000-12-27 | 2010-10-19 | Intel Corporation | Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor |
| US6567897B2 (en) * | 2001-03-01 | 2003-05-20 | International Business Machines Corporation | Virtualized NVRAM access methods to provide NVRAM CHRP regions for logical partitions through hypervisor system calls |
| DE10127179A1 (en) * | 2001-06-05 | 2002-12-19 | Infineon Technologies Ag | Chip card memory management method has virtual addresses of defined virtual address zone assigned to physical addresses of memory locations |
| CN100347667C (en) | 2001-06-27 | 2007-11-07 | 索尼公司 | Integrated circuit device, information processing device, information recording device memory management method, mobile terminal device semiconductor integrated circuit device, and communication |
| US7191440B2 (en) * | 2001-08-15 | 2007-03-13 | Intel Corporation | Tracking operating system process and thread execution and virtual machine execution in hardware or in a virtual machine monitor |
| US7024555B2 (en) | 2001-11-01 | 2006-04-04 | Intel Corporation | Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment |
| JP2003162433A (en) * | 2001-11-27 | 2003-06-06 | Fujitsu Ltd | Memory system |
| US7051340B2 (en) * | 2001-11-29 | 2006-05-23 | Hewlett-Packard Development Company, L.P. | System and method for isolating applications from each other |
| US20030101381A1 (en) * | 2001-11-29 | 2003-05-29 | Nikolay Mateev | System and method for virus checking software |
| DE10164422A1 (en) * | 2001-12-29 | 2003-07-17 | Philips Intellectual Property | Method for writing to NV memories in computer architecture, requires data values or data words to be written to specified position of cache-page register of NV memory |
| DE10200288A1 (en) * | 2002-01-07 | 2003-07-17 | Scm Microsystems Gmbh | A device for executing applications that include secure transactions and / or access control to valuable content and / or services and methods for protecting such a device |
| US7631196B2 (en) | 2002-02-25 | 2009-12-08 | Intel Corporation | Method and apparatus for loading a trustable operating system |
| US6996802B2 (en) * | 2002-03-18 | 2006-02-07 | Sun Microsystems, Inc. | Method and apparatus for deployment of high integrity software using initialization order and calling order constraints |
| US7010783B2 (en) * | 2002-03-18 | 2006-03-07 | Sun Microsystems, Inc. | Method and apparatus for deployment of high integrity software using reduced dynamic memory allocation |
| US7181737B2 (en) * | 2002-03-18 | 2007-02-20 | Sun Microsystems, Inc. | Method and apparatus for deployment of high integrity software using static procedure return addresses |
| US6912633B2 (en) * | 2002-03-18 | 2005-06-28 | Sun Microsystems, Inc. | Enhanced memory management for portable devices |
| US20030182653A1 (en) * | 2002-03-22 | 2003-09-25 | Giuseppe Desoli | Systems and methods for verifying correct execution of emulated code via dynamic state verification |
| US7069442B2 (en) | 2002-03-29 | 2006-06-27 | Intel Corporation | System and method for execution of a secured environment initialization instruction |
| KR100476892B1 (en) * | 2002-04-29 | 2005-03-17 | 삼성전자주식회사 | Tamper-resistant method and data processing system using the same |
| GB0212315D0 (en) * | 2002-05-28 | 2002-07-10 | Symbian Ltd | Secure mobile wireless device with protected file systems |
| JP3513147B2 (en) * | 2002-05-29 | 2004-03-31 | 株式会社ハギワラシスコム | USB storage device and its control device |
| KR100505106B1 (en) * | 2002-05-29 | 2005-07-29 | 삼성전자주식회사 | Smart card with enhanced security |
| US6820177B2 (en) | 2002-06-12 | 2004-11-16 | Intel Corporation | Protected configuration space in a protected environment |
| KR20030096659A (en) | 2002-06-17 | 2003-12-31 | 삼성전자주식회사 | Pixel array region of an image sensor, structure thereof and fabrication method thereof |
| US8010405B1 (en) | 2002-07-26 | 2011-08-30 | Visa Usa Inc. | Multi-application smart card device software solution for smart cardholder reward selection and redemption |
| US9852437B2 (en) | 2002-09-13 | 2017-12-26 | Visa U.S.A. Inc. | Opt-in/opt-out in loyalty system |
| US8015060B2 (en) | 2002-09-13 | 2011-09-06 | Visa Usa, Inc. | Method and system for managing limited use coupon and coupon prioritization |
| US8626577B2 (en) | 2002-09-13 | 2014-01-07 | Visa U.S.A | Network centric loyalty system |
| US7171539B2 (en) * | 2002-11-18 | 2007-01-30 | Arm Limited | Apparatus and method for controlling access to a memory |
| DE60306952T2 (en) | 2002-11-18 | 2007-02-08 | Arm Ltd., Cherry Hinton | ALLOCATION OF VIRTUAL TO PHYSICAL MEMORY ADDRESSES IN A SYSTEM WITH A SAFE AREA AND A NON-SAFE AREA |
| US7383587B2 (en) * | 2002-11-18 | 2008-06-03 | Arm Limited | Exception handling control in a secure processing system |
| GB2396713B (en) * | 2002-11-18 | 2005-09-14 | Advanced Risc Mach Ltd | Apparatus and method for controlling access to a memory unit |
| GB2396034B (en) * | 2002-11-18 | 2006-03-08 | Advanced Risc Mach Ltd | Technique for accessing memory in a data processing apparatus |
| EP1563388A2 (en) * | 2002-11-18 | 2005-08-17 | ARM Limited | Secure memory for protecting against malicious programs |
| GB0226874D0 (en) * | 2002-11-18 | 2002-12-24 | Advanced Risc Mach Ltd | Switching between secure and non-secure processing modes |
| US7073042B2 (en) * | 2002-12-12 | 2006-07-04 | Intel Corporation | Reclaiming existing fields in address translation data structures to extend control over memory accesses |
| US7318141B2 (en) | 2002-12-17 | 2008-01-08 | Intel Corporation | Methods and systems to control virtual machines |
| US7793286B2 (en) * | 2002-12-19 | 2010-09-07 | Intel Corporation | Methods and systems to manage machine state in virtual machine operations |
| US7900017B2 (en) | 2002-12-27 | 2011-03-01 | Intel Corporation | Mechanism for remapping post virtual machine memory pages |
| US20040250105A1 (en) * | 2003-04-22 | 2004-12-09 | Ingo Molnar | Method and apparatus for creating an execution shield |
| US7827077B2 (en) | 2003-05-02 | 2010-11-02 | Visa U.S.A. Inc. | Method and apparatus for management of electronic receipts on portable devices |
| US20040243783A1 (en) * | 2003-05-30 | 2004-12-02 | Zhimin Ding | Method and apparatus for multi-mode operation in a semiconductor circuit |
| US7415708B2 (en) | 2003-06-26 | 2008-08-19 | Intel Corporation | Virtual machine management using processor state information |
| EP1642184A1 (en) * | 2003-07-04 | 2006-04-05 | Nokia Corporation | Key storage administration |
| JP4537022B2 (en) * | 2003-07-09 | 2010-09-01 | 株式会社日立製作所 | A data processing method, a storage area control method, and a data processing system that limit data arrangement. |
| US8554610B1 (en) | 2003-08-29 | 2013-10-08 | Visa U.S.A. Inc. | Method and system for providing reward status |
| TWM249049U (en) * | 2003-09-09 | 2004-11-01 | Chicony Electronics Co Ltd | Digital camera |
| US7051923B2 (en) | 2003-09-12 | 2006-05-30 | Visa U.S.A., Inc. | Method and system for providing interactive cardholder rewards image replacement |
| US7739521B2 (en) | 2003-09-18 | 2010-06-15 | Intel Corporation | Method of obscuring cryptographic computations |
| US20050071656A1 (en) * | 2003-09-25 | 2005-03-31 | Klein Dean A. | Secure processor-based system and method |
| US7681046B1 (en) | 2003-09-26 | 2010-03-16 | Andrew Morgan | System with secure cryptographic capabilities using a hardware specific digital secret |
| US8005763B2 (en) | 2003-09-30 | 2011-08-23 | Visa U.S.A. Inc. | Method and system for providing a distributed adaptive rules based dynamic pricing system |
| US20050080934A1 (en) | 2003-09-30 | 2005-04-14 | Cota-Robles Erik C. | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
| US8407083B2 (en) | 2003-09-30 | 2013-03-26 | Visa U.S.A., Inc. | Method and system for managing reward reversal after posting |
| US7149863B1 (en) * | 2003-10-08 | 2006-12-12 | Sun Microsystems, Inc. | System and method of descriptively specifying memory placement in a computer system |
| DE10347828A1 (en) * | 2003-10-10 | 2005-05-25 | Giesecke & Devrient Gmbh | Accessing data items in a portable disk |
| US20070083726A1 (en) * | 2003-10-13 | 2007-04-12 | Koninklijke Philips Electronics N.V. | Storage allocation per application |
| US7653602B2 (en) | 2003-11-06 | 2010-01-26 | Visa U.S.A. Inc. | Centralized electronic commerce card transactions |
| US7694151B1 (en) * | 2003-11-20 | 2010-04-06 | Johnson Richard C | Architecture, system, and method for operating on encrypted and/or hidden information |
| US8156343B2 (en) | 2003-11-26 | 2012-04-10 | Intel Corporation | Accessing private data about the state of a data processing machine from storage that is publicly accessible |
| US8037314B2 (en) | 2003-12-22 | 2011-10-11 | Intel Corporation | Replacing blinded authentication authority |
| US7802085B2 (en) | 2004-02-18 | 2010-09-21 | Intel Corporation | Apparatus and method for distributing private keys to an entity with minimal secret, unique information |
| US7620949B2 (en) | 2004-03-31 | 2009-11-17 | Intel Corporation | Method and apparatus for facilitating recognition of an open event window during operation of guest software in a virtual machine environment |
| EP1585071B1 (en) * | 2004-04-09 | 2008-06-18 | Proton World International N.V. | Non-divisible Files Sharing |
| US7840962B2 (en) | 2004-09-30 | 2010-11-23 | Intel Corporation | System and method for controlling switching between VMM and VM using enabling value of VMM timer indicator and VMM timer value having a specified time |
| US8146078B2 (en) | 2004-10-29 | 2012-03-27 | Intel Corporation | Timer offsetting mechanism in a virtual machine environment |
| CN100489818C (en) * | 2004-11-26 | 2009-05-20 | 松下电器产业株式会社 | Processor and secure processing system |
| US8924728B2 (en) | 2004-11-30 | 2014-12-30 | Intel Corporation | Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information |
| US8533777B2 (en) | 2004-12-29 | 2013-09-10 | Intel Corporation | Mechanism to determine trust of out-of-band management agents |
| DE102005000796A1 (en) * | 2005-01-05 | 2006-07-13 | Giesecke & Devrient Gmbh | Portable media with watermark functionality |
| US7395405B2 (en) | 2005-01-28 | 2008-07-01 | Intel Corporation | Method and apparatus for supporting address translation in a virtual machine environment |
| KR100704037B1 (en) * | 2005-04-15 | 2007-04-04 | 삼성전자주식회사 | Data storage device with a different kind of non-volatile memories and operating method therefor |
| US7406711B2 (en) * | 2005-09-02 | 2008-07-29 | Motorola, Inc. | Method and apparatus for enforcing independence of processors on a single IC |
| US7809957B2 (en) | 2005-09-29 | 2010-10-05 | Intel Corporation | Trusted platform module for generating sealed data |
| US9573067B2 (en) * | 2005-10-14 | 2017-02-21 | Microsoft Technology Licensing, Llc | Mass storage in gaming handhelds |
| US7496727B1 (en) | 2005-12-06 | 2009-02-24 | Transmeta Corporation | Secure memory access system and method |
| US7845005B2 (en) * | 2006-02-07 | 2010-11-30 | International Business Machines Corporation | Method for preventing malicious software installation on an internet-connected computer |
| US8014530B2 (en) | 2006-03-22 | 2011-09-06 | Intel Corporation | Method and apparatus for authenticated, recoverable key distribution with no database secrets |
| US7650479B2 (en) * | 2006-09-20 | 2010-01-19 | Arm Limited | Maintaining cache coherency for secure and non-secure data access requests |
| US20080077749A1 (en) * | 2006-09-22 | 2008-03-27 | Daniel Scott Cohen | Access control of memory space in microprocessor systems |
| FR2908916B1 (en) * | 2006-11-17 | 2009-04-17 | Thales Sa | GRAPHIC OBJECT PROCESSING SYSTEM COMPRISING A SECURE GRAPHIC MANAGER |
| SG146551A1 (en) * | 2007-03-29 | 2008-10-30 | Toshiba Kk | Portable electronic device and control method of portable electronic device |
| DE602007012519D1 (en) | 2007-04-05 | 2011-03-31 | St Microelectronics Res & Dev | Integrated circuit with limited data access |
| US20080270652A1 (en) * | 2007-04-30 | 2008-10-30 | Jeffrey Kevin Jeansonne | System and method of tamper-resistant control |
| US8213612B2 (en) * | 2007-12-07 | 2012-07-03 | Inside Contactless S.A. | Secure software download |
| FR2929729A1 (en) * | 2008-04-03 | 2009-10-09 | Alveol Technology Sarl | DEVICE FOR MANAGING THE MEMORY OF A COMPUTER ENVIRONMENT |
| WO2010031976A1 (en) * | 2008-09-22 | 2010-03-25 | France Telecom | Memory allocation method and method for managing data related to an application recorded onto a security module associated with a terminal, and related security module and terminal |
| KR101481562B1 (en) * | 2008-09-22 | 2015-01-13 | 엘지전자 주식회사 | apparatus for receiving digital broadcast, and method for setting operation memory thereof |
| US7992781B2 (en) | 2009-12-16 | 2011-08-09 | Visa International Service Association | Merchant alerts incorporating receipt data |
| US8429048B2 (en) | 2009-12-28 | 2013-04-23 | Visa International Service Association | System and method for processing payment transaction receipts |
| KR101119434B1 (en) * | 2010-05-26 | 2012-03-16 | 주식회사 켐트로닉스 | Micro controller unit sharing one memory, method for controlling memory included therein and computer readable record-midium on which program for excuting method thereof |
| US8539245B2 (en) * | 2010-08-06 | 2013-09-17 | Intel Corporation | Apparatus and method for accessing a secure partition in non-volatile storage by a host system enabled after the system exits a first instance of a secure mode |
| CN107608910B (en) | 2011-09-30 | 2021-07-02 | 英特尔公司 | Apparatus and method for implementing a multi-level memory hierarchy with different operating modes |
| WO2013048491A1 (en) | 2011-09-30 | 2013-04-04 | Intel Corporation | Apparatus, method and system that stores bios in non-volatile random access memory |
| US9378133B2 (en) | 2011-09-30 | 2016-06-28 | Intel Corporation | Autonomous initialization of non-volatile random access memory in a computer system |
| CN103946816B (en) | 2011-09-30 | 2018-06-26 | 英特尔公司 | The nonvolatile RAM of replacement as conventional mass storage device(NVRAM) |
| CN103946810B (en) * | 2011-09-30 | 2017-06-20 | 英特尔公司 | The method and computer system of subregion in configuring non-volatile random access storage device |
| EP3364304B1 (en) | 2011-09-30 | 2022-06-15 | INTEL Corporation | Memory channel that supports near memory and far memory access |
| US8667270B2 (en) | 2012-02-10 | 2014-03-04 | Samsung Electronics Co., Ltd. | Securely upgrading or downgrading platform components |
| US9286235B2 (en) * | 2012-06-29 | 2016-03-15 | Intel Corporation | Virtual memory address range register |
| US9075751B2 (en) * | 2012-08-09 | 2015-07-07 | Intel Corporation | Secure data protection with improved read-only memory locking during system pre-boot |
| KR102002900B1 (en) | 2013-01-07 | 2019-07-23 | 삼성전자 주식회사 | System on chip including memory management unit and memory address translation method thereof |
| US9224452B2 (en) | 2013-01-17 | 2015-12-29 | Qualcomm Incorporated | Heterogeneous memory systems, and related methods and computer-readable media for supporting heterogeneous memory access requests in processor-based systems |
| KR102088403B1 (en) | 2013-08-08 | 2020-03-13 | 삼성전자 주식회사 | Storage device, computer system comprising the same, and operating method thereof |
| US20160048353A1 (en) * | 2014-08-13 | 2016-02-18 | Kabushiki Kaisha Toshiba | Memory system and method of controlling memory system |
| DE102015200801A1 (en) * | 2015-01-20 | 2016-07-21 | Continental Teves Ag & Co. Ohg | Electronic control device |
| US9405515B1 (en) * | 2015-02-04 | 2016-08-02 | Rockwell Collins, Inc. | Computing systems utilizing controlled dynamic libraries and isolated execution spaces |
| US9904586B2 (en) | 2015-10-28 | 2018-02-27 | Intel Corporation | Interfacing with block-based storage in a processor |
| US9747041B2 (en) | 2015-12-23 | 2017-08-29 | Intel Corporation | Apparatus and method for a non-power-of-2 size cache in a first level memory device to cache data present in a second level memory device |
| US10007606B2 (en) | 2016-03-30 | 2018-06-26 | Intel Corporation | Implementation of reserved cache slots in computing system having inclusive/non inclusive tracking and two level system memory |
| US10185619B2 (en) | 2016-03-31 | 2019-01-22 | Intel Corporation | Handling of error prone cache line slots of memory side cache of multi-level system memory |
| US10120806B2 (en) | 2016-06-27 | 2018-11-06 | Intel Corporation | Multi-level system memory with near memory scrubbing based on predicted far memory idle time |
| CN107665175A (en) * | 2016-07-27 | 2018-02-06 | 展讯通信(上海)有限公司 | The method, apparatus and electronic equipment of memory partition isolation |
| US10915453B2 (en) | 2016-12-29 | 2021-02-09 | Intel Corporation | Multi level system memory having different caching structures and memory controller that supports concurrent look-up into the different caching structures |
| US10445261B2 (en) | 2016-12-30 | 2019-10-15 | Intel Corporation | System memory having point-to-point link that transports compressed traffic |
| US10304814B2 (en) | 2017-06-30 | 2019-05-28 | Intel Corporation | I/O layout footprint for multiple 1LM/2LM configurations |
| US11188467B2 (en) | 2017-09-28 | 2021-11-30 | Intel Corporation | Multi-level system memory with near memory capable of storing compressed cache lines |
| US10860244B2 (en) | 2017-12-26 | 2020-12-08 | Intel Corporation | Method and apparatus for multi-level memory early page demotion |
| KR20200075565A (en) | 2018-12-18 | 2020-06-26 | 에스케이하이닉스 주식회사 | Smart car system |
| US11055228B2 (en) | 2019-01-31 | 2021-07-06 | Intel Corporation | Caching bypass mechanism for a multi-level memory |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2514954B2 (en) * | 1987-03-13 | 1996-07-10 | 三菱電機株式会社 | IC card |
| JP2682700B2 (en) * | 1989-05-09 | 1997-11-26 | 三菱電機株式会社 | IC card |
| JPH03276337A (en) * | 1990-03-27 | 1991-12-06 | Toshiba Corp | Microcontroller |
| JP3178881B2 (en) * | 1992-03-06 | 2001-06-25 | 株式会社東芝 | Portable electronic devices |
| JPH05120891A (en) * | 1992-04-24 | 1993-05-18 | Hitachi Ltd | Semiconductor storage device |
| JPH06274397A (en) * | 1993-03-24 | 1994-09-30 | Toshiba Corp | File control system |
| JPH07114497A (en) * | 1993-10-14 | 1995-05-02 | Hitachi Ltd | Semiconductor integrated circuit device |
| DE19536169A1 (en) * | 1995-09-29 | 1997-04-03 | Ibm | Multifunctional chip card |
| US5818771A (en) * | 1996-09-30 | 1998-10-06 | Hitachi, Ltd. | Semiconductor memory device |
| US5890199A (en) * | 1996-10-21 | 1999-03-30 | Ramtron International Corporation | Data processor incorporating a ferroelectric memory array selectably configurable as read/write and read only memory |
-
1999
- 1999-10-19 US US09/420,318 patent/US6292874B1/en not_active Expired - Lifetime
-
2000
- 2000-10-18 DE DE60044783T patent/DE60044783D1/en not_active Expired - Lifetime
- 2000-10-18 IL IL14915700A patent/IL149157A0/en unknown
- 2000-10-18 EP EP00984535A patent/EP1242891B1/en not_active Expired - Lifetime
- 2000-10-18 CA CA002387807A patent/CA2387807A1/en not_active Abandoned
- 2000-10-18 AT AT00984535T patent/ATE476706T1/en not_active IP Right Cessation
- 2000-10-18 JP JP2001532399A patent/JP2003523554A/en active Pending
- 2000-10-18 AU AU21137/01A patent/AU771129B2/en not_active Ceased
- 2000-10-18 WO PCT/US2000/041243 patent/WO2001029672A1/en active IP Right Grant
- 2000-10-18 NZ NZ518400A patent/NZ518400A/en unknown
- 2000-10-18 KR KR1020027005035A patent/KR100734340B1/en active IP Right Grant
Also Published As
| Publication number | Publication date |
|---|---|
| EP1242891A4 (en) | 2008-08-13 |
| US6292874B1 (en) | 2001-09-18 |
| EP1242891B1 (en) | 2010-08-04 |
| WO2001029672A9 (en) | 2002-08-08 |
| AU2113701A (en) | 2001-04-30 |
| AU771129B2 (en) | 2004-03-11 |
| JP2003523554A (en) | 2003-08-05 |
| KR20020039374A (en) | 2002-05-25 |
| ATE476706T1 (en) | 2010-08-15 |
| EP1242891A1 (en) | 2002-09-25 |
| WO2001029672A1 (en) | 2001-04-26 |
| KR100734340B1 (en) | 2007-07-03 |
| NZ518400A (en) | 2003-01-31 |
| IL149157A0 (en) | 2002-11-10 |
| DE60044783D1 (en) | 2010-09-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6292874B1 (en) | Memory management method and apparatus for partitioning homogeneous memory and restricting access of installed applications to predetermined memory ranges | |
| KR102095614B1 (en) | Memory protection | |
| JP2727520B2 (en) | Memory card and operating method thereof | |
| CN112602060A (en) | Virtual machine registers in a computer processor | |
| CN112602061A (en) | Domain crossing when executing instructions in a computer processor | |
| KR20050113659A (en) | Universal memory device having a profile storage unit | |
| JP2001256460A (en) | One-chip microcomputer and ic card using the same | |
| CN112639732A (en) | Dynamic configuration of computer processors based on presence of hypervisors | |
| KR100574747B1 (en) | Microprocessor circuit for data carriers and a method for organising access to data stored in a memory | |
| WO2018104711A1 (en) | Memory protection logic | |
| US20060069924A1 (en) | Flash device security method utilizing a check register | |
| JPH01219982A (en) | Ic card | |
| GB2356469A (en) | Portable data carrier memory management system and method | |
| US20180196956A1 (en) | Security architecture and method | |
| US20230161486A1 (en) | Method for managing a memory in a system-on-a-chip | |
| US20220229937A1 (en) | Integrated circuit with asymmetric access privileges | |
| GB2602241A (en) | Integrated circuit with asymmetric access privileges | |
| CN110569205A (en) | Security system single chip and method of operation thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Discontinued |