Abstract: An apparatus, system and method for protecting the confidentiality and integrity of a secure object running on a computer system by protecting the memory pages owned by the secure object, including assigning a secure object an ID, labeling the memory pages owned by a secure object with the ID of the secure object, maintaining an Access Control Monitor (ACM) table for the memory pages on the system, controlling access to memory pages by monitoring load and store instructions and comparing information in the ACM table with the ID of the software that is executing these instructions; and limiting access to a memory page to the owner of the memory page.

Abstract: A method (and structure) includes receiving a challenge for an authentication, in a chip having stored in a memory device therein a secret to be used in an authentication attempt of the chip by an external agent. The chip includes a hardware processing circuit to sequentially perform a processing related to the secret. The secret is retrieved from the memory device and processed in the hardware processing circuit in accordance with information included in the received challenge. The result of the processing in the hardware processing circuit is transmitted as a response to the challenge. The hardware processing circuit executes in a parallel manner, thereby reducing a signal that can be detected by an adversary attempting a side channel attack to secure the secret.

Abstract: An apparatus, system and method for protecting the confidentiality and integrity of a secure object running on a computer system by protecting the memory pages owned by the secure object, including assigning a secure object an ID, labeling the memory pages owned by a secure object with the ID of the secure object, maintaining an Access Control Monitor (ACM) table for the memory pages on the system, controlling access to memory pages by monitoring load and store instructions and comparing information in the ACM table with the ID of the software that is executing these instructions; and limiting access to a memory page to the owner of the memory page.

Abstract: A processor in a computer system, the processor including a mechanism supporting a Secure Object that comprises information that is protected so that other software on said computer system cannot access or undetectably tamper with said information, thereby protecting both a confidentiality and an integrity of the Secure Object information while making the Secure Object information available to the Secure Object itself during execution of the Secure Object. The mechanism includes a crypto mechanism that decrypts and integrity-checks Secure Object information as said Secure Object information moves into the computer system from an external storage system, and encrypts and updates an integrity value for Secure Object information as said Secure Object information moves out of the computer system to the external storage system, and a memory protection mechanism that protects the confidentiality and integrity of Secure Object information when that information is in the memory of the computer system.

Abstract: A computer system, includes a crypto mechanism that decrypts and integrity-checks Secure Object information as the Secure Object information moves into the computer system from an external storage and encrypts and updates an integrity value for Secure Object information as the Secure Object information moves out of the computer system to the external storage.

Abstract: A method and structure for a secure object, as tangibly embodied in a computer-readable storage medium. The secure object includes a cryptographically protected region containing at least one of code and data, an initial integrity tree that protects an integrity of contents of the cryptographically protected region; and an unprotected region that includes a loader, an esm (enter secure mode) instruction, and one or more communication buffers.

Abstract: A method (and structure) includes receiving a challenge for an authentication, in a chip having stored in a memory device therein a secret to be used in an authentication attempt of the chip by an external agent. The chip includes a hardware processing circuit to sequentially perform a processing related to the secret. The secret is retrieved from the memory device and processed in the hardware processing circuit in accordance with information included in the received challenge. The result of the processing in the hardware processing circuit is transmitted as a response to the challenge. The hardware processing circuit executes in a parallel manner, thereby reducing a signal that can be detected by an adversary attempting a side channel attack to secure the secret.

Abstract: A computer system, includes a crypto mechanism that decrypts and integrity-checks Secure Object information as the Secure Object information moves into the computer system from an external storage and encrypts and updates an integrity value for Secure Object information as the Secure Object information moves out of the computer system to the external storage.

Abstract: A method (and structure) protects confidentiality and integrity of information in a secure object from other software on the system. An object-id value that identifies software currently executing on a CPU (Central Processing Unit) is stored, the value having a predetermined standard value when software that is not a secure object is executing. Each block of information in the cache is associated with an ownership value that is used to store an identification of the software that owns the information in the block. When software attempts to access information in one of the blocks, the object-id of the currently executing software is compared with the ownership value associated with the block being accessed. Access to the block is allowed if the object-id of the currently executing software matches the ownership value of the block.

Abstract: A method and structure for authenticating users of a system that prevents theft of passwords and re-use of passwords. The method and structure use one-time passwords and a Secure CPU technology that cryptographically protects a software module known as a Secure Object from other software on a system. The method and structure generate and validate one-time passwords within Secure Objects and use a communications mechanism to securely communicate passwords or information used to generate passwords that makes use of cryptography and the protected and unprotected regions of a Secure Object to provide strong end-to-end security.

Abstract: A computer system includes a mechanism supporting a Secure Object that includes information that is cryptographically protected so that other software on the computer system cannot access or undetectably tamper with the information, thereby protecting both a confidentiality and an integrity of the Secure Object information from other software while making an unencrypted form of the Secure Object information available to the Secure Object itself during execution of the Secure Object. The Mechanism includes a crypto engine that decrypts and integrity-checks Secure Object information as the Secure Object information moves into the computer system from external storage and encrypts and updates an integrity value for Secure Object information as the Secure Object information moves out of the computer system to the external storage.

Abstract: A method and structure for a secure object, as tangibly embodied in a computer-readable storage medium. The secure object includes a cryptographically protected region containing at least one of code and data, an initial integrity tree that protects an integrity of contents of the cryptographically protected region; and an unprotected region that includes a loader, an esm (enter secure mode) instruction, and one or more communication buffers.

Abstract: A method and structure for a secure object, as tangibly embodied in a computer-readable storage medium. The secure object includes a cryptographically protected region containing at least one of code and data, an initial integrity tree that protects an integrity of contents of the cryptographically protected region; and an unprotected region that includes a loader, an esm (enter secure mode) instruction, and one or more communication buffers.

Abstract: A method that protects a confidentiality and an integrity of information in a secure object from other software on the system, said secure object comprising information that is cryptographically protected from the other software on the system, said method includes decrypting and integrity-checking information in the secure object as said information is brought into a cache from external memory.

Abstract: A computer system includes a mechanism supporting a Secure Object that includes information that is cryptographically protected so that other software on the computer system cannot access or undetectably tamper with the information, thereby protecting both a confidentiality and an integrity of the Secure Object information from other software while making an unencrypted form of the Secure Object information available to the Secure Object itself during execution of the Secure Object. The Mechanism includes a crypto engine that decrypts and integrity-checks Secure Object information as the Secure Object information moves into the computer system from external storage and encrypts and updates an integrity value for Secure Object information as the Secure Object information moves out of the computer system to the external storage.

Abstract: A method that protects a confidentiality and an integrity of information in a secure object from other software on the system, said secure object comprising information that is cryptographically protected from the other software on the system, said method includes decrypting and integrity-checking information in the secure object as said information is brought into a cache from external memory.

Abstract: A processor in a computer system, the processor including a mechanism supporting a Secure Object that comprises information that is protected so that other software on said computer system cannot access or undetectably tamper with said information, thereby protecting both a confidentiality and an integrity of the Secure Object information while making the Secure Object information available to the Secure Object itself during execution of the Secure Object. The mechanism includes a crypto mechanism that decrypts and integrity-checks Secure Object information as said Secure Object information moves into the computer system from an external storage system, and encrypts and updates an integrity value for Secure Object information as said Secure Object information moves out of the computer system to the external storage system, and a memory protection mechanism that protects the confidentiality and integrity of Secure Object information when that information is in the memory of the computer system.

Abstract: A method and structure for authenticating users of a system that prevents theft of passwords and re-use of passwords. The method and structure use one-time passwords and a Secure CPU technology that cryptographically protects a software module known as a Secure Object from other software on a system. The method and structure generate and validate one-time passwords within Secure Objects and use a communications mechanism to securely communicate passwords or information used to generate passwords that makes use of cryptography and the protected and unprotected regions of a Secure Object to provide strong end-to-end security.

Abstract: A method (and structure) of enhancing efficiency in processing using a secure environment on a computer, includes, for each line of a cache, providing an associated object identification label field associated with the line of cache, the object identification label field storing a value that identifies an owner of data currently stored in the line of cache.

Abstract: A method and structure for a secure object, as tangibly embodied in a computer-readable storage medium. The secure object includes a cryptographically protected region containing at least one of code and data, an initial integrity tree that protects an integrity of contents of the cryptographically protected region; and an unprotected region that includes a loader, an esm (enter secure mode) instruction, and one or more communication buffers.