Abstract: Microprocessor shifter circuits utilizing butterfly and inverse butterfly circuits, and control circuits therefor, are provided. The same shifter circuits can also perform complex bit manipulations at high speeds, including butterfly and inverse butterfly operations, parallel extract and deposit operations, group operations, mix operations, permutation operations, as well as instructions executed by existing microprocessors, including shift right, shift left, rotate, extract, deposit and multimedia mix operations. The shifter circuits can be provided in various combinations to provide microprocessor functional units which perform a plurality of bit manipulation operations.

Abstract: Methods for accessing, storing and replacing data in a cache memory are provided, wherein a plurality of index bits and a plurality of tag bits at the cache memory are received. The plurality of index bits are processed to determine whether a matching index exists in the cache memory and the plurality of tag bits are processed to determine whether a matching tag exists in the cache memory, and a data line is retrieved from the cache memory if both a matching tag and a matching index exist in the cache memory. A random line in the cache memory can be replaced with a data line from a main memory, or evicted without replacement, based on the combination of index and tag misses, security contexts and protection bits. User-defined and/or vendor-defined replacement procedures can be utilized to replace data lines in the cache memory.

Abstract: Disclosed is a system comprising a physical memory, a processor and a software component. The software component includes a policy/domain handler for receiving data and a policy associated with the data; a hypervisor; and a file management module. The file management module receives a request from a third-party application to interact with a data file containing the data; sends an authorization and tag request to the policy/domain handler to check if the user and application are permitted to access the data, and if permitted, to generate hardware tags for the data file; and sends a secure data request to the hypervisor to create a secure data compartment for the data file and the hardware tags. Based on the authorization and tag request, and the security policy associated with the data, the policy/domain handler generates the hardware tags for the data file.

Abstract: A system and method for processor-based security is provided, for on-chip security and trusted computing services for software applications. A processor is provided having a processor core, a cache memory, a plurality of registers for storing at least one hash value and at least one encryption key, a memory interface, and at least one on-chip instruction for creating a secure memory area in a memory external to the processor, and a hypervisor program executed by the processor. The hypervisor program instructs the processor to execute the at least one on-chip instruction to create a secure memory area for a software area for a software module, and the processor encrypts data written to, and decrypts data read from, the external memory using the at least one encryption key and the verifying data read from the external memory using the at least one hash value. Secure module interactions are provided, as well as the generation of a power-on key which can be used to protect memory in the event of a re-boot event.

Abstract: Methods for accessing, storing and replacing data in a cache memory are provided, wherein a plurality of index bits and a plurality of tag bits at the cache memory are received. The plurality of index bits are processed to determine whether a matching index exists in the cache memory and the plurality of tag bits are processed to determine whether a matching tag exists in the cache memory, and a data line is retrieved from the cache memory if both a matching tag and a matching index exist in the cache memory. A random line in the cache memory can be replaced with a data line from a main memory, or evicted without replacement, based on the combination of index and tag misses, security contexts and protection bits. User-defined and/or vendor-defined replacement procedures can be utilized to replace data lines in the cache memory.

Abstract: A cache memory having enhanced performance and security feature is provided. The cache memory includes a data array storing a plurality of data elements, a tag array storing a plurality of tags corresponding to the plurality of data elements, and an address decoder which permits dynamic memory-to-cache mapping to provide enhanced security of the data elements, as well as enhanced performance. The address decoder receives a context identifier and a plurality of index bits of an address passed to the cache memory, and determines whether a matching value in a line number register exists. The line number registers allow for dynamic memory-to-cache mapping, and their contents can be modified as desired. Methods for accessing and replacing data in a cache memory are also provided, wherein a plurality of index bits and a plurality of tag bits at the cache memory are received.

Abstract: A functional unit for a microprocessor is provided, which allows for fast, parallel data read, write, and manipulation operations in the microprocessor that are useful for a number of software applications, such as cryptography. The functional unit includes first and second source registers for receiving first and second data items to be processed by the functional unit, first and second banks of memory tables, a combinational logic circuit, and a decoder. The first and second banks of memory tables are in communication with the first source register, and each of the tables is indexed by an index comprising a portion of the first data item received by the first source register. Each index points to a lookup result in a respective one of the memory tables.

Abstract: Microprocessor shifter circuits utilizing butterfly and inverse butterfly circuits, and control circuits therefor, are provided. The same shifter circuits can also perform complex bit manipulations at high speeds, including butterfly and inverse butterfly operations, parallel extract and deposit operations, group operations, mix operations, permutation operations, as well as instructions executed by existing microprocessors, including shift right, shift left, rotate, extract, deposit and multimedia mix operations. The shifter circuits can be provided in various combinations to provide microprocessor functional units which perform a plurality of bit manipulation operations.

Abstract: A system and method for processor-based security is provided, for on-chip security and trusted computing services for software applications. A processor is provided having a processor core, a cache memory, a plurality of registers for storing at least one hash value and at least one encryption key, a memory interface, and at least one on-chip instruction for creating a secure memory area in a memory external to the processor, and a hypervisor program executed by the processor. The hypervisor program instructs the processor to execute the at least one on-chip instruction to create a secure memory area for a software area for a software module, and the processor encrypts data written to, and decrypts data read from, the external memory using the at least one encryption key and the verifying data read from the external memory using the at least one hash value. Secure module interactions are provided, as well as the generation of a power-on key which can be used to protect memory in the event of a re-boot event.

Abstract: A functional unit for a microprocessor is provided, which allows for fast, parallel data read, write, and manipulation operations in the microprocessor that are useful for a number of software applications, such as cryptography. The functional unit includes first and second source registers for receiving first and second data items to be processed by the functional unit, first and second banks of memory tables, a combinational logic circuit, and a decoder. The first and second banks of memory tables are in communication with the first source register, and each of the tables is indexed by an index comprising a portion of the first data item received by the first source register. Each index points to a lookup result in a respective one of the memory tables.

Abstract: A cache memory having enhanced performance and security feature is provided. The cache memory includes a data array storing a plurality of data elements, a tag array storing a plurality of tags corresponding to the plurality of data elements, and an address decoder which permits dynamic memory-to-cache mapping to provide enhanced security of the data elements, as well as enhanced performance. The address decoder receives a context identifier and a plurality of index bits of an address passed to the cache memory, and determines whether a matching value in a line number register exists. The line number registers allow for dynamic memory-to-cache mapping, and their contents can be modified as desired. Methods for accessing and replacing data in a cache memory are also provided, wherein a plurality of index bits and a plurality of tag bits at the cache memory are received.

Abstract: In the context of a microprocessor and a program, the invention provides parallel subword compare instructions that store results in a selectable intra-register subword location. In a targeting approach, an instruction permits the location to be specified; alternatively, there can be plural instructions, each associated with one of the locations. In a replicating approach, plural replicas are stored in the alternative locations. In a shifting approach, the instruction moves prior results, so that the number of subsequent iterations of the instruction determines the location of a result. The invention provides for overwriting and content-preserving instructions, and for overlapping and separate locations. The invention allows results from multiple parallel subword compare operations with relatively few instructions. The invention also provides for other parallel subword instructions.

Abstract: A trust system and method is disclosed for use in computing devices, particularly portable devices, in which a central Authority shares secrets and sensitive data with users of the respective devices. The central Authority maintains control over how and when shared secrets and data are used. In one embodiment, the secrets and data are protected by hardware-rooted encryption and cryptographic hashing, and can be stored securely in untrusted storage. The problem of transient trust and revocation of data is reduced to that of secure key management and keeping a runtime check of the integrity of the secure storage areas containing these keys (and other secrets). These hardware-protected keys and other secrets can further protect the confidentiality and/or integrity of any amount of other information of arbitrary size (e.g., files, programs, data) by the use of strong encryption and/or keyed-hashing, respectively.

Abstract: Microprocessor shifter circuits utilizing butterfly and inverse butterfly circuits, and control circuits therefor, are provided. The same shifter circuits can also perform complex bit manipulations at high speeds, including butterfly and inverse butterfly operations, parallel extract and deposit operations, group operations, mix operations, permutation operations, as well as instructions executed by existing microprocessors, including shift right, shift left, rotate, extract, deposit and multimedia mix operations. The shifter circuits can be provided in various combinations to provide microprocessor functional units which perform a plurality of bit manipulation operations.

Abstract: The present invention provides permutation instructions which can be used in software executed in a programmable processor for solving permutation problems in cryptography, multimedia and other applications. PPERM and PPERM3R instructions are defined to perform permutations by a sequence of instructions with each sequence specifying the position in the source for each bit in the destination. In the PPERM instruction bits in the destination register that change are updated and bits in the destination register that do not change are set to zero. In the PPERM3R instruction bits in the destination register that change are updated and bits in the destination register that do not change are copied from intermediate result of previous PPERM3R instructions. Both PPERM and PPERM3R instruction can individually do permutation with bit repetition. Both PPERM and PPERM3R instruction can individually do permutation of bits stored in more than one register.

Abstract: Parallel table lookups are implemented using variable Mux instructions to reorder data. Table data can be represented in a “table” register, while the desired ordering can be represented in an “Index” register. A direct variable Mux instruction can specify the table register and the index register as arguments, along with a result register. The instruction writes at least some of the data from the table register into the result register as specified in the index register. If the entire table cannot fit within a single register, entries can be divided between two or more table registers. An indirect variable Mux instruction can specify both a table-register-select register and a subword-location-select register. Both the direct and indirect Mux instructions can be used with entry data that is divided in accordance with significance between registers. In that case, plural Mux instructions are used with UnPack instructions that concatenate portions of the table entries.

Abstract: A block-matching method reduces pixel depth prior to match evaluation to drastically reduce the computations required intensive block-matching applications such motion estimation for video compression. Pixel-depth reduction is achieved by analyzing incorporating images to determine how to reduce pixel depth so as to retain information useful for block matching. Original pixel values (e.g., 8-bit), are compressed to lower-depth (e.g., e.g., 1-bit or 1.6-bit) pixel values. The resulting converted blocks are XORed to yield a comparison image. The 1s in the comparison image are tallied to provide a match measure. In the image analysis, the original images can be subsampled and averages can be computed based on the subsample pixels to reduce computational overhead.

Abstract: The present invention provides permutation instructions usable in a programmable processor for solving permutation problems in cryptography, multimedia and other applications. PPERM and PPERM3R instructions are defined to perform permutations by a sequence of instructions with each sequence specifying the position in the source for each bit in the destination. In the PPERM instruction bits in the destination register that change are updated and bits in the destination register that do not change are set to zero. In the PPERM3R instruction bits in the destination register that change are updated and bits in the destination register that do not change are copied from intermediate result of previous PPERM3R instructions. Both PPERM and PPERM3R instructions can individually do permutation with bit repetition. Both PPERM and PPERM3R instructions can individually do permutation of bits stored in more than one register. In an alternate embodiment, a GRP instruction is defined to perform permutations.

Abstract: The method and system provides a set of permutation primitives for current and future 2-D multimedia programs which are based on decomposing images and objects into atomic units, then finding the permutations desired for the atomic units. The subword permutation instructions for these 2-D building blocks are also defined for larger subword sizes at successively higher hierarchical levels. The atomic unit can be a 2×2 matrix and four triangles contained within the 2×2 matrix. Each of the elements in the matrix can represent a subword of one or more bits. The permutations provide vertical, horizontal, diagonal, rotational, and other rearrangements of the elements in the atomic unit.

Abstract: The present invention provides permutation instructions which can be used in software executed in a programmable processor for solving permutation problems in cryptography, multimedia and other applications. The permute instructions are based on an omega-flip network comprising at least two stages in which each stage can perform the function of either an omega network stage or a flip network stage. Intermediate sequences of bits are defined that an initial sequence of bits from a source register are transformed into. Each intermediate sequence of bits is used as input to a subsequent permutation instruction. Permutation instructions are determined for permuting the initial source sequence of bits into one or more intermediate sequence of bits until a desired sequence is obtained. The intermediate sequences of bits are determined by configuration bits. The permutation instructions form a permutation instruction sequence, of at least one instruction.