Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020140261 - METHOD AND SYSTEM FOR PROTECTING DATA PROCESSED BY DATA PROCESSING ACCELERATORS

Publication Number WO/2020/140261
Publication Date 09.07.2020
International Application No. PCT/CN2019/070402
International Filing Date 04.01.2019
IPC
G06F 9/30 2006.1
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
30Arrangements for executing machine instructions, e.g. instruction decode
CPC
G06F 21/53
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity ; ; Preventing unwanted data erasure; Buffer overflow
53by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/575
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
575Secure boot
G06F 21/6245
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
62Protecting access to data via a platform, e.g. using keys or access control rules
6218to a system of files or objects, e.g. local or distributed file system or database
6245Protecting personal data, e.g. for financial or medical purposes
G06F 9/3017
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
30Arrangements for executing machine instructions, e.g. instruction decode
3017Runtime instruction translation, e.g. macros
G06F 9/3877
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
30Arrangements for executing machine instructions, e.g. instruction decode
38Concurrent instruction execution, e.g. pipeline, look ahead
3877using a slave processor, e.g. coprocessor
G06F 9/4411
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
44Arrangements for executing specific programs
4401Bootstrapping
4411Configuring for operating with peripheral devices; Loading of device drivers
Applicants
  • BAIDU.COM TIMES TECHNOLOGY (BEIJING) CO., LTD. [CN]/[CN]
  • BAIDU USA LLC [US]/[US]
Inventors
  • CHENG, Yueqiang
  • LIU, Yong
  • WEI, Tao
  • OUYANG, Jian
Agents
  • INSIGHT INTELLECTUAL PROPERTY LIMITED
Priority Data
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) METHOD AND SYSTEM FOR PROTECTING DATA PROCESSED BY DATA PROCESSING ACCELERATORS
(FR) PROCÉDÉ ET SYSTÈME POUR PROTÉGER DES DONNÉES TRAITÉES PAR DES ACCÉLÉRATEURS DE TRAITEMENT DE DONNÉES
Abstract
(EN)
A data processing system performs a secure boot using a security module (e. g., a trusted platform module (TPM)) of a host system (301). The system verifies that an operating system (OS) and one or more drivers including an accelerator driver associated with a data processing (DP) accelerator is provided by a trusted source (302). The system launches the accelerator driver within the OS (303). The system generates a trusted execution environment (TEE) associated with one or more processors of the host system (304). The system launches an application and a runtime library within the TEE, where the application communicates with the DP accelerator via the runtime library and the accelerator driver (305).
(FR)
La présente invention concerne un système de traitement de données qui effectue un démarrage sécurisé en utilisant un module de sécurité (par exemple, un module de plate-forme de confiance (TPM)) d'un système hôte (301). Le système vérifie qu'un système d'exploitation (OS) et un ou plusieurs pilotes, y compris un pilote d'accélérateur associé à un accélérateur de traitement de données (DP), sont fournis par une source de confiance (302). Le système lance le pilote d'accélérateur à l'intérieur de l'OS (303). Le système génère un environnement d'exécution de confiance (TEE) associé à un ou plusieurs processeurs du système hôte (304). Le système lance une application et une thèque d'exécution à l'intérieur du TEE, l'application communiquant avec l'accélérateur de DP par l'intermédiaire de la thèque d'exécution et du pilote d'accélérateur (305).
Also published as
Latest bibliographic data on file with the International Bureau