Patent Application
20250045464
The present disclosure generally relates to secure computing. For example, aspects of the present disclosure relate to systems and techniques for enhancing security protections using a hardware signal for secure processing.
Computing devices can store sensitive data owned by users or enterprises, with firmware or operating system software on the computing devices. To help secure computing devices, the firmware or software may include security measures to protect against various security threats, e.g., brute force attacks, disabling secure boot/trust boot, and/or avoiding side channel attacks on the computing devices.
A side channel attack may be one class of attacks on computing devices which attempt to exploit some physical characteristic of the computing device to obtain information from the computing device. Characteristics that may be exploited may include timing, power consumption heat emissions, electromagnetic emissions, acoustic emissions, and the like. Consequently, techniques to help mitigate or detect possible side channel attacks may be useful
The following presents a simplified summary relating to one or more aspects disclosed herein. Thus, the following summary should not be considered an extensive overview relating to all contemplated aspects, nor should the following summary be considered to identify key or critical elements relating to all contemplated aspects or to delineate the scope associated with any particular aspect. Accordingly, the following summary presents certain concepts relating to one or more aspects relating to the mechanisms disclosed herein in a simplified form to precede the detailed description presented below.
Disclosed are systems, methods, apparatuses, and computer-readable media for performing delegated attestation. In one illustrative example, an apparatus for delegated attestation is provided that includes a hardware component, a memory system, and a processor system (e.g., implemented in circuitry) coupled to the memory system and coupled to the hardware component through a signal connection. The processor system is configured to: receive an indication to perform a secure process; determine, based on the indication to perform the secure process, to shut down the hardware component; transmit, to the hardware component, an indication to shut down; receive, from the hardware component, an indication that the hardware component has been shut down; monitor the signal connection for perturbation signals, wherein the signal connection carries the perturbation signals, and wherein the perturbation signals comprise hardware signals; and perform the secure process based on the monitored signal connection.
In another example, a method for secure processing is provided. The method includes: receiving an indication to perform a secure process; determining, based on the indication to perform the secure process, to shut down a hardware component; transmitting, to the hardware component, an indication to shut down; receiving, from the hardware component, an indication that the hardware component has been shut down; monitoring a signal connection for perturbation signals, wherein the signal connection carries the perturbation signals, and wherein the perturbation signals comprise hardware signals; and performing the secure process based on the monitored signal connection.
As another example, a non-transitory computer-readable medium is provided. The non-transitory computer-readable medium has stored thereon instructions that, when executed by a processor system, cause the processor system to: receive an indication to perform a secure process; determine, based on the indication to perform the secure process, to shut down a hardware component; transmit, to the hardware component, an indication to shut down; receive, from the hardware component, an indication that the hardware component has been shut down; monitor a signal connection for perturbation signals, wherein the signal connection carries the perturbation signals, and wherein the perturbation signals comprise hardware signals; and perform the secure process based on the monitored signal connection.
In another example, an apparatus for secure processing is provided. The apparatus includes: means for receiving an indication to perform a secure process; means for determining, based on the indication to perform the secure process, to shut down a hardware component; means for transmitting, to the hardware component, an indication to shut down; means for receiving, from the hardware component, an indication that the hardware component has been shut down; means for monitoring a signal connection for perturbation signals, wherein the signal connection carries the perturbation signals, and wherein the perturbation signals comprise hardware signals; and means for performing the secure process based on the monitored signal connection
In some aspects, one or more of the apparatuses described herein is, is a part of, or includes a mobile device (e.g., a mobile telephone or so-called “smart phone”, a tablet computer, or other type of mobile device), a wearable device, an extended reality device (e.g., a virtual reality (VR) device, an augmented reality (AR) device, or a mixed reality (MR) device), a personal computer, a laptop computer, a video server, a television (e.g., a network-connected television), a vehicle (or a computing device or system of a vehicle), or other device. In some aspects, the apparatus includes at least one camera for capturing one or more images or video frames. For example, the apparatus can include a camera (e.g., an RGB camera) or multiple cameras for capturing one or more images and/or one or more videos including video frames. In some aspects, the apparatus includes a display for displaying one or more images, videos, notifications, or other displayable data. In some aspects, the apparatus includes a transmitter configured to transmit one or more video frame and/or syntax data over a transmission medium to at least one device. In some aspects, the processor includes a neural processing unit (NPU), a central processing unit (CPU), a graphics processing unit (GPU), or other processing device or component.
The foregoing has outlined rather broadly the features and technical advantages of examples according to the disclosure in order that the detailed description that follows may be better understood. Additional features and advantages will be described hereinafter. The conception and specific examples disclosed may be readily utilized as a basis for modifying or designing other structures for carrying out the same purposes of the present disclosure. Such equivalent constructions do not depart from the scope of the appended claims. Characteristics of the concepts disclosed herein, both their organization and method of operation, together with associated advantages, will be better understood from the following description when considered in connection with the accompanying figures. Each of the figures is provided for the purposes of illustration and description, and not as a definition of the limits of the claims.
While aspects are described in the present disclosure by illustration to some examples, those skilled in the art will understand that such aspects may be implemented in many different arrangements and scenarios. Techniques described herein may be implemented using different platform types, devices, systems, shapes, sizes, and/or packaging arrangements. For example, some aspects may be implemented via integrated chip embodiments or other non-module-component based devices (e.g., end-user devices, vehicles, communication devices, computing devices, industrial equipment, retail/purchasing devices, medical devices, and/or artificial intelligence devices). Aspects may be implemented in chip-level components, modular components, non-modular components, non-chip-level components, device-level components, and/or system-level components. Devices incorporating described aspects and features may include additional components and features for implementation and practice of claimed and described aspects. For example, transmission and reception of wireless signals may include one or more components for analog and digital purposes (e.g., hardware elements including antennas, radio frequency (RF) chains, power amplifiers, modulators, buffers, processors, interleavers, adders, and/or summers). It is intended that aspects described herein may be practiced in a wide variety of devices, components, systems, distributed arrangements, and/or end-user devices of varying size, shape, and constitution.
Other objects and advantages associated with the aspects disclosed herein will be apparent to those skilled in the art based on the accompanying drawings and detailed description.
Examples of various implementations are described in detail below with reference to the following figures:
Certain aspects and embodiments of this disclosure are provided below. Some of these aspects and embodiments may be applied independently and some of them may be applied in combination as would be apparent to those of skill in the art. In the following description, for the purposes of explanation, specific details are set forth in order to provide a thorough understanding of embodiments of the application. However, it will be apparent that various embodiments may be practiced without these specific details. The figures and description are not intended to be restrictive.
The ensuing description provides example embodiments only, and is not intended to limit the scope, applicability, or configuration of the disclosure. Rather, the ensuing description of the exemplary embodiments will provide those skilled in the art with an enabling description for implementing an exemplary embodiment. It should be understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the application as set forth in the appended claims.
In some cases, a computing device may be capable of performing operations where extra security may be desirable. The computing device can be a wireless device (e.g., a user equipment (UE) in a 3rd Generation Partnership Project (3GPP) system, such as a 4G Long Term Evolution (LTE) network or 5G new radio (NR) network), a base station (e.g., an LTE eNodeB (eNB), a 5G/NR gNodeB (gNB), etc.), a server device, or other computing device. Examples of wireless devices include a mobile device (e.g., a mobile phone), an extended reality (XR) device such as a virtual reality (VR) device or augmented reality (AR) device, a vehicle or component or system of a vehicle, an Internet of Things (IoT) device, a network-connected wearable such as a watch, or other type of computing device.
For example, the computing device may be used to generate private keys which can be used to secure important assets, such as blockchain wallets, digital certificates, digital signatures, and the like. The computing device may also be used to access such important assets. To help allow such security actions to be performed, the computing device may include a secure processing unit. The secure processing unit may be configured or designed (or “hardened”) to resist attacks, such as side channel attacks, which may make the secure processing unit less suitable for general use.
In some cases, it may be assumed that operations within the secure processing unit are generally secure, but such assumptions may not be made for operations occurring outside of the secure processing unit. For example, the secure processing unit may not assume that other hardware components of the UE are secure. Thus, in some cases, non-essential hardware components and/or components that may be susceptible to side channel attacks (e.g., components that may provide side channel information or that could be used to exfiltrate side channel information) may be disabled. For example, prior to performing a security action, there may be a request to disable such components (e.g., one or more non-essential components and/or components susceptible to side channel attacks) of the electronic device to be shut down. As used herein, a “non-essential” component can include any component (e.g., a hardware component) that is not essential to security action(s) performed by the secure processing unit. The non-essential components may include a variety of components, such as input devices (e.g., a microphone, keyboard, etc.), output devices (e.g., speakers, displays, etc.), sensors (e.g., gyroscopes, magnetic field, temperature, humidity, image, electromagnetic, biometric, etc.), radio interfaces (e.g., Wi-Fi™, cellular, near-field communications (NFC), radio-frequency (RF) identification, etc.), auxiliary displays/lights (e.g., light emitting diodes on a device, secondary displays, etc.), ports (e.g., universal serial bus interface, pogo pins, etc.), charging components (e.g., via a physical connector or wireless charging), any combination thereof, and the like. In some cases, a technique to verify that the hardware component are disabled and/or remain disabled while the secure processing unit performs a security action may be useful.
Systems, apparatuses, electronic devices, methods (also referred to as processes), and computer-readable media (collectively referred to herein as “systems and techniques”) are described herein for using hardware signals to verify that a hardware component is disabled (e.g., shut down) for secure processing. For example, a secure processing unit may monitor a signal connection for a perturbation signal while performing a security action. In some cases, the perturbation signal may be some indication that a hardware component is active. For example, the perturbation signal may be detected based on a change in a hardware signal (e.g., detection of a hardware signal from a component that has been shut down during the secure processing). For example, if a hardware signal is received via a signal connection from a hardware component that has been shut down (e.g., disabled), the hardware signal can be detected as a perturbation signal. As used herein, shutting down a hardware component may refer to disabling and/or partially disabling the hardware component, deactivating the hardware component, locking the hardware component, stopping power to the hardware component, placing the hardware component in a restricted and/or low power state, and the like. The hardware signal can be a signal that provides an indication of a status of a hardware component that is independent of software control. If the perturbation signal is detected by the secure processing unit while performing the security action, the performance of the security action may be stopped. In some cases, an error indicating that the security action cannot be performed may be returned. In some cases, if the perturbation signal is not detected by the secure processing unit while performing the security action, then a result of the security action may be returned and the hardware components restarted.
Additional aspects of the present disclosure are described in more detail below.
As shown, the wireless device 100 may include one or more local area network transceivers 106 that may be connected to one or more antennas 102. The one or more local area network transceivers 106 comprise suitable devices, circuits, hardware, and/or software for communicating with and/or detecting signals to/from a network device (e.g., the access point (AP) 550 of
The wireless device 100 may also include, in some implementations, one or more wide area network transceiver(s) 104 that may be connected to the one or more antennas 102. The wide area network transceiver 104 may comprise suitable devices, circuits, hardware, and/or software for communicating with and/or detecting signals from one or more other devices or systems (e.g., the base station (BS) 502, AP 550, millimeter wave (mmW) base station (BS) 580 of
The processor(s) (also referred to as a controller) 110 may be connected to the local area network transceiver(s) 106 and the wide area network transceiver(s) 104. The processor 110 may include one or more microprocessors, microcontrollers, and/or digital signal processors that provide processing functions, as well as other calculation and control functionality. The processor 110 may be coupled to storage media (e.g., memory) 114 for storing data and software instructions for executing programmed functionality within the mobile device. The memory 114 may be on-board the processor 110 (e.g., within the same IC package), and/or the memory may be external memory to the processor and functionally coupled over a data bus.
In some cases, the processor 110 may be coupled to a location sensor 160. The location sensor 160 may provide information regarding a location of the wireless device 100. In some cases, the location sensor 160 may include a Global Navigation Satellite System (GNSS) receivers or transceivers that are used to determine a location of the wireless device 100. In some cases, the location sensor 160 may estimate a location of the wireless device 100, for example, based on wireless signals received from one or more wireless nodes, such as BS 502, AP 550, mmW BS 580 as shown in
A number of software engines and data tables may reside in memory 114 and may be utilized by the processor 110 in order to manage both communications with remote devices/nodes (such as the BS 502, AP 550, mmW BS 580 as shown in
The application engine 118 may include a process running on the processor 110 of the wireless device 100, which may request data from one of the other modules of the wireless device 100. Applications typically run within an upper layer of the software architectures and may be implemented in a rich execution environment of the wireless device 100, and may include indoor navigation applications, shopping applications, financial services applications, social media applications, location aware service applications, etc. The applications of the application engine 118 may make use of access tokens to obtain content from a remote server, such as a service provider server 574 of
The secure communications engine 126 may be a process configured to manage the storage of and access to the access tokens, encryption keys, attestation information, and the like. The secure communications engine 126 may be executed on a processor component of the trusted execution environment 180 and/or the secure element 190, where the wireless device 100 includes such components. The functionality of the secure communications engine 126 discussed herein can also be implemented as hardware or a combination of hardware and software. The secure communications engine 126 can be implemented one or more application specific integrated circuits (ASICs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), or other electronic units designed to perform the functions described herein, or a combination thereof.
The wireless device 100 may further include a user interface 150 providing suitable interface systems, such as a microphone/speaker 152, a keypad 154, and a display 156 that allows user interaction with the wireless device 100. The microphone/speaker 152 provides for voice communication services (e.g., using the wide area network transceiver(s) 104 and/or the local area network transceiver(s) 106). The keypad 154 may comprise suitable buttons for user input. The display 156 may include a suitable display, such as, for example, a backlit LCD display, and may further include a touch screen display for additional user input modes.
The processor 110 may also include a trusted execution environment 180. The trusted execution environment 180 can be implemented as a secure area of the processor 110 that can be used to process and store sensitive data in an environment that is segregated from the rich execution environment in which the operating system and/or applications (such as those of the application engine 118) may be executed. The trusted execution environment 180 can be configured to execute trusted applications that provide end-to-end security for sensitive data by enforcing confidentiality, integrity, and protection of the sensitive data stored therein. The trusted execution environment 180 can be used to store encryption keys, access tokens, and other sensitive data.
The wireless device 100 may include a secure element 190 (also referred to herein as a trusted component). The wireless device 100 may include the secure element 190 in addition to or instead of the trusted execution environment 180. The secure element 190 can comprise autonomous and tamper-resistant hardware that can be used to execute secure applications and the confidential data associated with such applications. The secure element 190 can be used to store encryption keys, access tokens, and other sensitive data. The secure element 190 can comprise a Near Field Communication (NFC) tag, a Subscriber Identity Module (SIM) card, or other type of hardware device that can be used to securely store data. The secure element 190 can be integrated with the hardware of the wireless device 100 in a permanent or semi-permanent fashion or may, in some implementations, be a removable or external component of the wireless device 100 that can be used to securely store data and/or provide a secure execution environment for applications.
In some cases, to help reduce an attack surface against side-channel attacks, some secure applications may execute in a secure processing unit, such as the trusted execution environment 180 and/or secure element 190, without knowledge of other components in their operating environment, such as the wide/local area networks, sensors, such as the location sensor 160, and/or certain elements of the user interface, such as the microphone/speaker 152. In some cases, certain elements, such as the keypad 154 and/or display 156, may be needed by a secure application, for example, to provide a password to use a key to encrypt/decrypt data. While the secure processing unit may be hardened against direct side channel attacks, other elements, such as sensors, of the electronic device may not be as hardened. For example, if an attacker is able to access sensor information, such as a gyroscope, microphone, camera, etc., the attacker may be able to deduce a password being entered based on device shake (e.g., from pressing/tapping on keys), doppler/sound measurements, movements captured in images, etc. Similarly, the attacker may be able to attack a radio interface of the device to help exfiltrate data. Thus, it may be useful to disable elements of the electronic device to further reduce the attack surface.
The secure processing unit 206 may be a part of the processor 202 or separate from the processor 202. In some cases, the secure processing unit 206 may include components for processing and/or storing sensitive data, such as for the trusted execution environment 180 and/or secure element 190, and the secure processing unit 206 may execute trusted applications, such as applications for generating security keys for encrypting/decrypting assets. In some cases, while the secure processing unit 206 may generally trust applications and/or data within the secure processing unit 206, the secure processing unit 206 may not generally trust the software (e.g., drivers, OS, firmware etc.) executing (e.g., controlling, running on, etc.) on components outside of the secure processing unit 206 (e.g., sensor/radio interface firmware, software executing on a general purpose processor, etc.).
In some cases, certain applications may be executed in the secure processing unit 206 of an electronic device only when one or more components of the electronic device outside of the secure processing unit 206 are deactivated. For example, a high value asset, such as a crypto wallet, credential repository, etc., may be encrypted. In some cases, certain security actions, such as generating a private key, decrypting encrypted data, digitally signing a document, accessing a password repository, and the like, for the high value asset may be performed by the secure processing unit 206. Prior to performing those security actions, there may be a request to disable one or more non-essential components of the electronic device and/or components that are susceptible to side channel attacks (e.g., components that may provide side channel information and/or that can be used to exfiltrate side channel information). The non-essential components may include a variety of components, such as microphone/speakers, sensors (e.g., gyroscopes, magnetic field, temperature, humidity, image, electromagnetic, biometric, etc.), radio interfaces (e.g., Wi-Fi, cellular, near-field communications, radio-frequency identification, etc.), auxiliary displays/lights (e.g., light emitting diodes on a device, secondary displays, etc.), ports (e.g., universal serial bus interface, pogo pins, etc.), display, charging (e.g., via a physical connector or wireless charging), any combination thereof, and the like. Additionally, what components may be considered non-essential may vary depending on the security action being performed. In some cases, it may be useful to verify that disabled components are actually disabled and/or stay disabled while the security actions are performed.
In some cases, hardware signals may be provided from different components to verify that disabled components are actually disabled/stay disabled. For example, the secure processing unit 206 may have a signal connection 214A, 214B (collectively signal connections 214) to a hardware component, such as one or more radio interfaces 208 and/or sensor interfaces 210, over which a hardware signal, such as a perturbation signal, may be sent. Examples of hardware components may include radio interfaces, sensor interfaces, power interfaces, input/output interfaces and/or devices, and/or any other physical components which may provide information and/or input from an environment outside of the secure processing unit 206. The hardware signal may be a signal that provides an indication of a status of a hardware component that is independent of software control. For example, a hardware signal may be a based on a connection to an input power line indicating that the hardware component is receiving power (e.g., a voltage over a line). As another example, the hardware signal may be based on a connection to an input signal line that indicates that the hardware component is producing output (e.g., a variable or changing signal that may be used by an application executing on a processor of a system on chip (SoC) to generate data from the sensor).
In some cases, the signal connections 214 may be a physical connection between the secure processing unit 206 and a hardware component (or interface of the hardware component, for example if the hardware component is separate from a package including the secure processing unit 206, such as SoC). The signal connections 214 may carry a hardware signal from the hardware component. The hardware signal may be a signal from the hardware component that is not under software control that indicates whether the hardware component is shut down. The signal connection may be a direct connection as the signal connections 214 may be dedicated to carrying the perturbation signal, separate from an interconnect that may be used to pass general data, such as connection 212. As an example, the signal connections 214 may be a separate trace or circuit for carrying a perturbation signal. In some cases, the signal connection may be attached differently based on the specific hardware component being monitored. In some cases, the signal connection may be made at an earliest point where a signal may enter the SoC (e.g., at an interface for the hardware component associated with the signal) or may be directly connected to part of the hardware component, such as an antenna. In some cases, multiple signal connections may be multiplexed together, for example, for simplified monitoring. In some cases, the signal connections 214 may be indirect connections over wireless interfaces, such as an NFC, ultra-wideband (UWB), Bluetooth, etc. In such cases it may be useful to include a way to detect such perturbation over the indirect connection. For example, multiple signal connections 214A and 214B may be combined into a single signal over the indirect connection. In some cases, the signal connections 214 may not be under software control. For example, a signal under software control may be relatively easier for an attacker to remotely access or gain control of. However, a hardware based signal may be more difficult for an attacker to remotely access.
The perturbation signal may be some indication that a hardware component is active. For example, for a radio interface, the signal connection 214A may be connection to a transmit antenna for the radio interface such that if a radio signal is transmitted via the transmit antenna, the radio signal may also be carried via that signal connection 214A to the secure processing until 206 as the perturbation signal. Similarly, the signal connection for the sensor interface 210 may be to a power input line of a corresponding sensor such that if the sensor is receiving power, presence of power on the signal connection 214B may be used as the perturbation signal.
After the indication to start key generation 308 is received, the secure processing unit 302 may send a shut-down indication 310 to shut down (e.g., disable, power off, deactivate, enter an inactive state, etc.) a hardware component of the set of hardware components that may be disabled prior to performing the security action, such as the radio interface(s) 304. In some cases, the shut-down indication 310 may be a software request sent to a driver or firmware of the component (e.g., radio interface(s) 304). In some cases, the shut-down indication 310 may request to the radio interface 304 to perform a shut down operation. In other cases, the radio interface 304 may separately perform a shut down operation and the shut-down indication 310 may be a query to see if the shut down operation has been completed. If the radio interface 304 has been shut down, the radio interface 304 (e.g., a driver or firmware of the radio interface) may send a software response back to the secure processing unit 302 indicating the shut down is complete 312. Similarly, the secure processing unit 302 may indicate to the sensor interface 306 to shut down 314 and the sensor interface 306 may indicate that the shut down has been completed 316.
In some cases, the indication that the shut down is complete 312, 316 originates from a software source outside of the secure processing unit 302, the indication may not be trusted by the secure processing unit 302. Based on the received indication that the shut down has been completed 312, 316, the secure processing unit may begin monitoring perturbation signals 318 from the hardware components that were shut down. The perturbation signal may be based on a hardware signal (e.g., a signal that is not software/firmware controlled). For example, a perturbation signal may be detected based on a change in a hardware signal (e.g., a hardware signal being received). In some cases, multiple signal connections may be multiplexed together and perturbation signals from multiple hardware components may be monitored together. In some cases, monitoring the perturbation signals 318 may be performed by verifying that the perturbation signal matches an expected signal. For example, if a signal connection from the secure processing unit is to an input power line for a hardware component, the secure processing unit 302 may expect to detect zero volts over the signal connection when the hardware component is shut down. In some cases, the security processing unit may compare the perturbation signal to an expected signal. In some cases, monitoring the perturbation signals 318 may be performed by verifying that the perturbation signal does not fluctuate from an initial value. If the perturbation signals 318 indicate that the monitored hardware components are shut down, the secure processing unit 302 may begin to perform the security action. For example, the secure processing unit may initiate the key generation 320 process.
As shown in box 350, if the monitoring of the perturbation signal indicates that the monitored hardware components remain shut down and the security action completes then the secure processing unit 302 may stop monitoring the perturbation signals. For example, if key generation is completed 322, then the secure processing unit 302 may stop monitoring the perturbation signals 324. In some cases, the secure processing unit 302 may send an indication to restart 326, 328 the hardware components that were shut down. A result of the security action may be output by the secure processing unit 302. For example, the generated key may be output for storage (e.g., in a secure memory).
As shown in box 352, if a monitored hardware component is started up before the security action is completed, the performance of the security action may be stopped. For example, if a sensor of the sensor interface(s) 306 is started, then hardware signal 1330A may be changed and this change may be detected by the secure processing unit 302 as a perturbation signal. Similarly, if a radio of the radio interface(s) 304 is started, then hardware signal 2330B may be changed and this change may be detected by the secure processing unit 302 as a perturbation signal. In some cases, the perturbation signal may be any change from an expected signal associated with a shut down hardware component. As an example of a change in the perturbation signal, if a signal connection from the secure processing unit is to an input power line for a hardware component, the secure processing unit 302 may expect to detect (and does detect when monitoring perturbation signals 318) zero volts over the signal connection when the hardware component is shut down. If the secure processing unit 302 begins to detect some voltage over the signal connection, then the secure processing unit 302 may determine that there is a change in the perturbation signal. As another example of a change in the perturbation signal, if a signal connection from the secure processing unit is to an earliest point where a signal from the sensor enters the SoC, the secure processing unit 302 may monitor the signal connection to verify that the perturbation signal on the signal connection does not fluctuate from an initial value, which may indicate that the sensor is no longer shut down. In response to detecting a perturbation signal based on the hardware signal 1330A and/or perturbation signal based on the hardware signal 2330B, key generation may be stopped 332. In some cases, any data generated during the security action may be discarded and the security action may return an error.
At block 402, the computing device (or component thereof) may receive an indication to perform a secure process. Examples of secure process may include a security action, generating, storing, or using cryptographic keys, attestation, or any other process that may execute on a secure processing unit, such as secure processing unit 206 of
At block 404, the computing device (or component thereof) may determine, based on the indication to perform the secure process, to shut down a hardware component. In some cases, the hardware component is at least one of a sensor interface, a radio interface, an input/output interface, or a power interface.
At block 406, the computing device (or component thereof) may transmit, to the hardware component, an indication to shut down. Examples of hardware components may include radio interfaces, sensor interfaces, power interfaces, input/output interfaces and/or devices, and/or any other physical components which may provide information and/or input from an environment outside of the secure processing unit, such as secure processing unit 206 of
At block 408, the computing device (or component thereof) may receive, from the hardware component, an indication that the hardware component has been shut down. This indication may be generated based on software and may not be trusted.
At block 410, the computing device (or component thereof) may monitor a signal connection (e.g., signal connections 214 of
At block 412, the computing device (or component thereof) may perform the secure process based on the monitored signal connection. For example, if a perturbation signal is not detected on the monitored signal connection, then the secure process may be performed. In some cases, the computing device (or component thereof) may complete performance of the secure process; transmit an indication to start to the hardware component; and output a result of the secure process.
As described herein, a wireless device (e.g., the wireless device 100 of
In some aspects, wireless communications networks may be implemented using one or more modulation schemes. For example, a wireless communication network may be implemented using a quadrature amplitude modulation (QAM) scheme such as 16QAM, 32QAM, 64QAM, etc.
As used herein, the terms “user equipment” (UE) and “network entity” are not intended to be specific or otherwise limited to any particular radio access technology (RAT), unless otherwise noted. In general, a UE may be any wireless communication device (e.g., a mobile phone, router, tablet computer, laptop computer, and/or tracking device, etc.), wearable (e.g., smartwatch, smart-glasses, wearable ring, etc.), an XR device (e.g., a VR headset, an AR headset or glasses, or a MR headset), a vehicle (e.g., automobile, motorcycle, bicycle, etc.), and/or IoT device, etc., used by a user to communicate over a wireless communications network. A UE may be mobile or may (e.g., at certain times) be stationary, and may communicate with a radio access network (RAN). As used herein, the term “UE” may be referred to interchangeably as an “access terminal” or “AT,” a “client device,” a “wireless device,” a “subscriber device,” a “subscriber terminal,” a “subscriber station,” a “user terminal” or “UT,” a “mobile device,” a “mobile terminal,” a “mobile station,” or variations thereof. Generally, UEs may communicate with a core network via a RAN, and through the core network the UEs may be connected with external networks such as the Internet and with other UEs. Of course, other mechanisms of connecting to the core network and/or the Internet are also possible for the UEs, such as over wired access networks, wireless local area network (WLAN) networks (e.g., based on IEEE 802.11 communication standards, etc.) and so on.
A network entity may be implemented in an aggregated or monolithic base station architecture, or alternatively, in a disaggregated base station architecture, and may include one or more of a central unit (CU), a distributed unit (DU), a radio unit (RU), a Near-Real Time (Near-RT) RAN Intelligent Controller (RIC), or a Non-Real Time (Non-RT) RIC. A base station (e.g., with an aggregated/monolithic base station architecture or disaggregated base station architecture) may operate according to one of several RATs in communication with UEs depending on the network in which it is deployed, and may be alternatively referred to as an access point (AP), a network node, a NodeB (NB), an evolved NodeB (eNB), a next generation eNB (ng-eNB), a New Radio (NR) Node B (also referred to as a gNB or gNodeB), etc. A base station may be used primarily to support wireless access by UEs, including supporting data, voice, and/or signaling connections for the supported UEs. In some systems, a base station may provide edge node signaling functions while in other systems it may provide additional control and/or network management functions. A communication link through which UEs may send signals to a base station is called an uplink (UL) channel (e.g., a reverse traffic channel, a reverse control channel, an access channel, etc.). A communication link through which the base station may send signals to UEs is called a downlink (DL) or forward link channel (e.g., a paging channel, a control channel, a broadcast channel, or a forward traffic channel, etc.). The term traffic channel (TCH), as used herein, may refer to either an uplink, reverse or downlink, and/or a forward traffic channel.
The term “network entity” or “base station” (e.g., with an aggregated/monolithic base station architecture or disaggregated base station architecture) may refer to a single physical transmit receive point (TRP) or to multiple physical TRPs that may or may not be co-located. For example, where the term “network entity” or “base station” refers to a single physical TRP, the physical TRP may be an antenna of the base station corresponding to a cell (or several cell sectors) of the base station. Where the term “network entity” or “base station” refers to multiple co-located physical TRPs, the physical TRPs may be an array of antennas (e.g., as in a multiple-input multiple-output (MIMO) system or where the base station employs beamforming) of the base station. Where the term “base station” refers to multiple non-co-located physical TRPs, the physical TRPs may be a distributed antenna system (DAS) (a network of spatially separated antennas connected to a common source via a transport medium) or a remote radio head (RRH) (a remote base station connected to a serving base station). Alternatively, the non-co-located physical TRPs may be the serving base station receiving the measurement report from the UE and a neighbor base station whose reference radio frequency (RF) signals (or simply “reference signals”) the UE is measuring. Because a TRP is the point from which a base station transmits and receives wireless signals, as used herein, references to transmission from or reception at a base station are to be understood as referring to a particular TRP of the base station.
In some implementations that support positioning of UEs, a network entity or base station may not support wireless access by UEs (e.g., may not support data, voice, and/or signaling connections for UEs), but may instead transmit reference signals to UEs to be measured by the UEs, and/or may receive and measure signals transmitted by the UEs. Such a base station may be referred to as a positioning beacon (e.g., when transmitting signals to UEs) and/or as a location measurement unit (e.g., when receiving and measuring signals from UEs).
An RF signal comprises an electromagnetic wave of a given frequency that transports information through the space between a transmitter and a receiver. As used herein, a transmitter may transmit a single “RF signal” or multiple “RF signals” to a receiver. However, the receiver may receive multiple “RF signals” corresponding to each transmitted RF signal due to the propagation characteristics of RF signals through multipath channels. The same transmitted RF signal on different paths between the transmitter and receiver may be referred to as a “multipath” RF signal. As used herein, an RF signal may also be referred to as a “wireless signal” or simply a “signal” where it is clear from the context that the term “signal” refers to a wireless signal or an RF signal.
According to various aspects,
The base stations 502 may collectively form a RAN and interface with a core network 570 (e.g., an evolved packet core (EPC) or a 5G core (5GC)) through backhaul links 522, and through the core network 570 to one or more location servers 572 (which may be part of core network 570 or may be external to core network 570). The UEs 504 may be able to access one or more remote servers, such as a service provider server 574, via the base stations 502 and core network 570, and in some cases, the other networks, such as the Internet. In addition to other functions, the base stations 502 may perform functions that relate to one or more of transferring user data, radio channel ciphering and deciphering, integrity protection, header compression, mobility control functions (e.g., handover, dual connectivity), inter-cell interference coordination, connection setup and release, load balancing, distribution for non-access stratum (NAS) messages, NAS node selection, synchronization, RAN sharing, multimedia broadcast multicast service (MBMS), subscriber and equipment trace, RAN information management (RIM), paging, positioning, and delivery of warning messages. The base stations 502 may communicate with each other directly or indirectly (e.g., through the EPC or 5GC) over backhaul links 534, which may be wired and/or wireless.
The base stations 502 may wirelessly communicate with the UEs 504. Each of the base stations 502 may provide communication coverage for a respective geographic coverage area 510. In an aspect, one or more cells may be supported by a base station 502 in each coverage area 510. A “cell” is a logical communication entity used for communication with a base station (e.g., over some frequency resource, referred to as a carrier frequency, component carrier, carrier, band, or the like), and may be associated with an identifier (e.g., a physical cell identifier (PCI), a virtual cell identifier (VCI), a cell global identifier (CGI)) for distinguishing cells operating via the same or a different carrier frequency. In some cases, different cells may be configured according to different protocol types (e.g., machine-type communication (MTC), narrowband IoT (NB-IoT), enhanced mobile broadband (eMBB), or others) that may provide access for different types of UEs. Because a cell is supported by a specific base station, the term “cell” may refer to either or both of the logical communication entity and the base station that supports it, depending on the context. In addition, because a TRP is typically the physical transmission point of a cell, the terms “cell” and “TRP” may be used interchangeably. In some cases, the term “cell” may also refer to a geographic coverage area of a base station (e.g., a sector), insofar as a carrier frequency may be detected and used for communication within some portion of geographic coverage areas 510.
While neighboring macro cell base station 502 geographic coverage areas 510 may partially overlap (e.g., in a handover region), some of the geographic coverage areas 510 may be substantially overlapped by a larger geographic coverage area 510. For example, a small cell base station 502′ may have a coverage area 510′ that substantially overlaps with the coverage area 510 of one or more macro cell base stations 502. A network that includes both small cell and macro cell base stations may be known as a heterogeneous network. A heterogeneous network may also include home eNBs (HeNBs), which may provide service to a restricted group known as a closed subscriber group (CSG).
The communication links 520 between the base stations 502 and the UEs 504 may include uplink (also referred to as reverse link) transmissions from a UE 504 to a base station 502 and/or downlink (also referred to as forward link) transmissions from a base station 502 to a UE 504. The communication links 520 may use MIMO antenna technology, including spatial multiplexing, beamforming, and/or transmit diversity. The communication links 520 may be through one or more carrier frequencies. Allocation of carriers may be asymmetric with respect to downlink and uplink (e.g., more or less carriers may be allocated for downlink than for uplink).
The wireless communications system 500 may further include a WLAN AP 550 in communication with WLAN stations (STAs) 552 via communication links 554 in an unlicensed frequency spectrum (e.g., 5 Gigahertz (GHz)). When communicating in an unlicensed frequency spectrum, the WLAN STAs 552 and/or the WLAN AP 550 may perform a clear channel assessment (CCA) or listen before talk (LBT) procedure prior to communicating in order to determine whether the channel is available. In some examples, the wireless communications system 500 may include devices (e.g., UEs, etc.) that communicate with one or more UEs 504, base stations 502, APs 550, etc. utilizing the ultra-wideband (UWB) spectrum. The UWB spectrum may range from 3.1 to 10.5 GHZ.
The small cell base station 502′ may operate in a licensed and/or an unlicensed frequency spectrum. When operating in an unlicensed frequency spectrum, the small cell base station 502′ may employ LTE or NR technology and use the same 5 GHz unlicensed frequency spectrum as used by the WLAN AP 550. The small cell base station 502′, employing LTE and/or 5G in an unlicensed frequency spectrum, may boost coverage to and/or increase capacity of the access network. NR in unlicensed spectrum may be referred to as NR-U. LTE in an unlicensed spectrum may be referred to as LTE-U, licensed assisted access (LAA), or MulteFire.
The wireless communications system 500 may further include a millimeter wave (mmW) base station 580 that may operate in mmW frequencies and/or near mmW frequencies in communication with a UE 582. The mmW base station 580 may be implemented in an aggregated or monolithic base station architecture, or alternatively, in a disaggregated base station architecture (e.g., including one or more of a CU, a DU, a RU, a Near-RT RIC, or a Non-RT RIC). Extremely high frequency (EHF) is part of the RF in the electromagnetic spectrum. EHF has a range of 30 GHz to 300 GHz and a wavelength between 1 millimeter and 10 millimeters. Radio waves in this band may be referred to as a millimeter wave. Near mmW may extend down to a frequency of 3 GHz with a wavelength of 100 millimeters. The super high frequency (SHF) band extends between 3 GHZ and 30 GHz, also referred to as centimeter wave. Communications using the mmW and/or near mmW radio frequency band have high path loss and a relatively short range. The mmW base station 580 and the UE 582 may utilize beamforming (transmit and/or receive) over an mmW communication link 584 to compensate for the extremely high path loss and short range. Further, it will be appreciated that in alternative configurations, one or more base stations 502 may also transmit using mmW or near mmW and beamforming. Accordingly, it will be appreciated that the foregoing illustrations are merely examples and should not be construed to limit the various aspects disclosed herein.
In some aspects relating to 5G, the frequency spectrum in which wireless network nodes or entities (e.g., base stations 502/580, UEs 504/582) operate is divided into multiple frequency ranges, FR1 (from 450 to 6000 Megahertz (MHz)), FR2 (from 24250 to 52600 MHZ), FR3 (above 52600 MHZ), and FR4 (between FR1 and FR2). In a multi-carrier system, such as 5G, one of the carrier frequencies is referred to as the “primary carrier” or “anchor carrier” or “primary serving cell” or “PCell,” and the remaining carrier frequencies are referred to as “secondary carriers” or “secondary serving cells” or “SCells.” In carrier aggregation, the anchor carrier is the carrier operating on the primary frequency (e.g., FR1) utilized by a UE 504/582 and the cell in which the UE 504/582 either performs the initial radio resource control (RRC) connection establishment procedure or initiates the RRC connection re-establishment procedure. The primary carrier carries all common and UE-specific control channels and may be a carrier in a licensed frequency (however, this is not always the case). A secondary carrier is a carrier operating on a second frequency (e.g., FR2) that may be configured once the RRC connection is established between the UE 504 and the anchor carrier and that may be used to provide additional radio resources. In some cases, the secondary carrier may be a carrier in an unlicensed frequency. The secondary carrier may contain only necessary signaling information and signals, for example, those that are UE-specific may not be present in the secondary carrier, since both primary uplink and downlink carriers are typically UE-specific. This means that different UEs 504/582 in a cell may have different downlink primary carriers. The same is true for the uplink primary carriers. The network is able to change the primary carrier of any UE 504/582 at any time. This is done, for example, to balance the load on different carriers. Because a “serving cell” (whether a PCell or an SCell) corresponds to a carrier frequency and/or component carrier over which some base station is communicating, the term “cell,” “serving cell,” “component carrier,” “carrier frequency,” and the like may be used interchangeably.
For example, still referring to
In order to operate on multiple carrier frequencies, a base station 502 and/or a UE 504 may be equipped with multiple receivers and/or transmitters. For example, a UE 504 may have two receivers, “Receiver 1” and “Receiver 2,” where “Receiver 1” is a multi-band receiver that may be tuned to band (i.e., carrier frequency) ‘X’ or band ‘Y,’ and “Receiver 2” is a one-band receiver tuneable to band ‘Z’ only. In this example, if the UE 504 is being served in band ‘X,’ band ‘X’ would be referred to as the PCell or the active carrier frequency, and “Receiver 1” would need to tune from band ‘X’ to band ‘Y’ (an SCell) in order to measure band ‘Y’ (and vice versa). In contrast, whether the UE 504 is being served in band ‘X’ or band ‘Y,’ because of the separate “Receiver 2,” the UE 504 may measure band ‘Z’ without interrupting the service on band ‘X’ or band ‘Y.’
The wireless communications system 500 may further include a UE 564 that may communicate with a macro cell base station 502 over a communication link 520 and/or the mmW base station 580 over an mmW communication link 584. For example, the macro cell base station 502 may support a PCell and one or more SCells for the UE 564 and the mmW base station 580 may support one or more SCells for the UE 564.
The wireless communications system 500 may further include one or more UEs, such as UE 590, that connects indirectly to one or more communication networks via one or more device-to-device (D2D) peer-to-peer (P2P) links (referred to as “sidelinks”). In the example of
At base station 502, a transmit processor 620 may receive data from a data source 612 for one or more UEs, select one or more modulation and coding schemes (MCS) for each UE based at least in part on channel quality indicators (CQIs) received from the UE, process (e.g., encode and modulate) the data for each UE based at least in part on the MCS(s) selected for the UE, and provide data symbols for all UEs. Transmit processor 620 may also process system information (e.g., for semi-static resource partitioning information (SRPI) and/or the like) and control information (e.g., CQI requests, grants, upper layer signaling, and/or the like) and provide overhead symbols and control symbols. Transmit processor 620 may also generate reference symbols for reference signals (e.g., the cell-specific reference signal (CRS)) and synchronization signals (e.g., the primary synchronization signal (PSS) and secondary synchronization signal (SSS)). A transmit (TX) multiple-input multiple-output (MIMO) processor 630 may perform spatial processing (e.g., precoding) on the data symbols, the control symbols, the overhead symbols, and/or the reference symbols, if applicable, and may provide T output symbol streams to T modulators (MODs) 632a through 632t. The modulators 632a through 632t are shown as a combined modulator-demodulator (MOD-DEMOD). In some cases, the modulators and demodulators may be separate components. Each modulator of the modulators 632a to 632t may process a respective output symbol stream, e.g., for an orthogonal frequency-division multiplexing (OFDM) scheme and/or the like, to obtain an output sample stream. Each modulator of the modulators 632a to 632t may further process (e.g., convert to analog, amplify, filter, and upconvert) the output sample stream to obtain a downlink signal. T downlink signals may be transmitted from modulators 632a to 632t via T antennas 634a through 634t, respectively. According to certain aspects described in more detail below, the synchronization signals may be generated with location encoding to convey additional information.
At UE 504, antennas 652a through 652r may receive the downlink signals from base station 502 and/or other base stations and may provide received signals to demodulators (DEMODs) 654a through 654r, respectively. The demodulators 654a through 654r are shown as a combined modulator-demodulator (MOD-DEMOD). In some cases, the modulators and demodulators may be separate components. Each demodulator of the demodulators 654a through 654r may condition (e.g., filter, amplify, downconvert, and digitize) a received signal to obtain input samples. Each demodulator of the demodulators 654a through 654r may further process the input samples (e.g., for OFDM and/or the like) to obtain received symbols. A MIMO detector 656 may obtain received symbols from all R demodulators 654a through 654r, perform MIMO detection on the received symbols if applicable, and provide detected symbols. A receive processor 658 may process (e.g., demodulate and decode) the detected symbols, provide decoded data for UE 504 to a data sink 660, and provide decoded control information and system information to a controller/processor 680. A channel processor may determine reference signal received power (RSRP), received signal strength indicator (RSSI), reference signal received quality (RSRQ), channel quality indicator (CQI), and/or the like.
On the uplink, at UE 504, a transmit processor 664 may receive and process data from a data source 662 and control information (e.g., for reports comprising RSRP, RSSI, RSRQ, CQI, and/or the like) from controller/processor 680. Transmit processor 664 may also generate reference symbols for one or more reference signals (e.g., based at least in part on a beta value or a set of beta values associated with the one or more reference signals). The symbols from transmit processor 664 may be precoded by a TX-MIMO processor 666 if application, further processed by modulators 654a through 654r (e.g., for DFT-s-OFDM, CP-OFDM, and/or the like), and transmitted to base station 502. At base station 502, the uplink signals from UE 504 and other UEs may be received by antennas 634a through 634t, processed by demodulators 632a through 632t, detected by a MIMO detector 636 if applicable, and further processed by a receive processor 638 to obtain decoded data and control information sent by UE 504. Receive processor 638 may provide the decoded data to a data sink 639 and the decoded control information to controller (processor) 640. Base station 502 may include communication unit 644 and communicate to a network controller 631 via communication unit 644. Network controller 631 may include communication unit 694, controller/processor 690, and memory 692.
In some aspects, one or more components of UE 504 may be included in a housing. Controller 640 of base station 502, controller/processor 680 of UE 504, and/or any other component(s) of
Memories 642 and 682 may store data and program codes for the base station 502 and the UE 504, respectively. A scheduler 646 may schedule UEs for data transmission on the downlink, uplink, and/or sidelink.
In some aspects, deployment of communication systems, such as 5G new radio (NR) systems, may be arranged in multiple manners with various components or constituent parts. In a 5G NR system, or network, a network node, a network entity, a mobility element of a network, a radio access network (RAN) node, a core network node, a network element, or a network equipment, such as a base station (BS), or one or more units (or one or more components) performing base station functionality, may be implemented in an aggregated or disaggregated architecture. For example, a BS (such as a Node B (NB), evolved NB (eNB), NR BS, 5G NB, access point (AP), a transmit receive point (TRP), or a cell, etc.) may be implemented as an aggregated base station (also known as a standalone BS or a monolithic BS) or a disaggregated base station.
An aggregated base station may be configured to utilize a radio protocol stack that is physically or logically integrated within a single RAN node. A disaggregated base station may be configured to utilize a protocol stack that is physically or logically distributed among two or more units (such as one or more central or centralized units (CUs), one or more distributed units (DUs), or one or more radio units (RUS)). In some aspects, a CU may be implemented within a RAN node, and one or more DUs may be co-located with the CU, or alternatively, may be geographically or virtually distributed throughout one or multiple other RAN nodes. The DUs may be implemented to communicate with one or more RUs. Each of the CU, DU and RU also may be implemented as virtual units, i.e., a virtual central unit (VCU), a virtual distributed unit (VDU), or a virtual radio unit (VRU).
Base station-type operation or network design may consider aggregation characteristics of base station functionality. For example, disaggregated base stations may be utilized in an integrated access backhaul (IAB) network, an open radio access network (O-RAN (such as the network configuration sponsored by the O-RAN Alliance)), or a virtualized radio access network (vRAN, also known as a cloud radio access network (C-RAN)). Disaggregation may include distributing functionality across two or more units at various physical locations, as well as distributing functionality for at least one unit virtually, which may enable flexibility in network design. The various units of the disaggregated base station, or disaggregated RAN architecture, may be configured for wired or wireless communication with at least one other unit.
In some embodiments, computing system 700 is a distributed system in which the functions described in this disclosure may be distributed within a datacenter, multiple data centers, a peer network, etc. In some embodiments, one or more of the described system components represents many such components each performing some or all of the function for which the component is described. In some embodiments, the components may be physical or virtual devices.
Example system 700 includes at least one processing unit (CPU or processor) 710 and connection 705 that communicatively couples various system components including system memory 715, such as read-only memory (ROM) 720 and random access memory (RAM) 725 to processor 710. Computing system 700 may include a cache 712 of high-speed memory connected directly with, in close proximity to, or integrated as part of processor 710.
Processor 710 may include any general purpose processor and a hardware service or software service, such as services 732, 734, and 736 stored in storage device 730, configured to control processor 710 as well as a special-purpose processor where software instructions are incorporated into the actual processor design. Processor 710 may essentially be a completely self-contained computing system, containing multiple cores or processors, a bus, memory controller, cache, etc. A multi-core processor may be symmetric or asymmetric.
To enable user interaction, computing system 700 includes an input device 745, which may represent any number of input mechanisms, such as a microphone for speech, a touch-sensitive screen for gesture or graphical input, keyboard, mouse, motion input, speech, etc. Computing system 700 may also include output device 735, which may be one or more of a number of output mechanisms. In some instances, multimodal systems may enable a user to provide multiple types of input/output to communicate with computing system 700.
Computing system 700 may include communications interface 740, which may generally govern and manage the user input and system output. The communication interface may perform or facilitate receipt and/or transmission wired or wireless communications using wired and/or wireless transceivers, including those making use of an audio jack/plug, a microphone jack/plug, a universal serial bus (USB) port/plug, an Apple™ Lightning™ port/plug, an Ethernet port/plug, a fiber optic port/plug, a proprietary wired port/plug. 3G, 4G, 5G and/or other cellular data network wireless signal transfer, a Bluetooth™ wireless signal transfer, a Bluetooth™ low energy (BLE) wireless signal transfer, an IBEACON™ wireless signal transfer, a radio-frequency identification (RFID) wireless signal transfer, near-field communications (NFC) wireless signal transfer, dedicated short range communication (DSRC) wireless signal transfer, 802.11 Wi-Fi wireless signal transfer, wireless local area network (WLAN) signal transfer, Visible Light Communication (VLC), Worldwide Interoperability for Microwave Access (WiMAX), Infrared (IR) communication wireless signal transfer, Public Switched Telephone Network (PSTN) signal transfer, Integrated Services Digital Network (ISDN) signal transfer, ad-hoc network signal transfer, radio wave signal transfer, microwave signal transfer, infrared signal transfer, visible light signal transfer, ultraviolet light signal transfer, wireless signal transfer along the electromagnetic spectrum, or some combination thereof. The communications interface 740 may also include one or more Global Navigation Satellite System (GNSS) receivers or transceivers that are used to determine a location of the computing system 700 based on receipt of one or more signals from one or more satellites associated with one or more GNSS systems. GNSS systems include, but are not limited to, the US-based Global Positioning System (GPS), the Russia-based Global Navigation Satellite System (GLONASS), the China-based BeiDou Navigation Satellite System (BDS), and the Europe-based Galileo GNSS. There is no restriction on operating on any particular hardware arrangement, and therefore the basic features here may easily be substituted for improved hardware or firmware arrangements as they are developed.
Storage device 730 may be one or more non-volatile and/or non-transitory and/or computer-readable memory devices and may be a hard disk or other types of computer readable media which may store data that are accessible by a computer, such as magnetic cassettes, flash memory cards, solid state memory devices, digital versatile disks, cartridges, a floppy disk, a flexible disk, a hard disk, magnetic tape, a magnetic strip/stripe, any other magnetic storage medium, flash memory, memristor memory, any other solid-state memory, a compact disc read only memory (CD-ROM) optical disc, a rewritable compact disc (CD) optical disc, digital video disk (DVD) optical disc, a blu-ray disc (BDD) optical disc, a holographic optical disk, another optical medium, a secure digital (SD) card, a micro secure digital (microSD) card, a Memory Stick® card, a smartcard chip, a EMV chip, a subscriber identity module (SIM) card, a mini/micro/nano/pico SIM card, another integrated circuit (IC) chip/card, random access memory (RAM), static RAM (SRAM), dynamic RAM (DRAM), read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), flash EPROM (FLASHEPROM), cache memory (e.g., Level 1 (L1) cache, Level 2 (L2) cache, Level 3 (L3) cache, Level 4 (L4) cache, Level 5 (L5) cache, or other (L #) cache), resistive random-access memory (RRAM/ReRAM), phase change memory (PCM), spin transfer torque RAM (STT-RAM), another memory chip or cartridge, and/or a combination thereof.
The storage device 730 may include software services, servers, services, etc., that when the code that defines such software is executed by the processor 710, it causes the system to perform a function. In some embodiments, a hardware service that performs a particular function may include the software component stored in a computer-readable medium in connection with the necessary hardware components, such as processor 710, connection 705, output device 735, etc., to carry out the function. The term “computer-readable medium” includes, but is not limited to, portable or non-portable storage devices, optical storage devices, and various other mediums capable of storing, containing, or carrying instruction(s) and/or data. A computer-readable medium may include a non-transitory medium in which data may be stored and that does not include carrier waves and/or transitory electronic signals propagating wirelessly or over wired connections. Examples of a non-transitory medium may include, but are not limited to, a magnetic disk or tape, optical storage media such as compact disk (CD) or digital versatile disk (DVD), flash memory, memory or memory devices. A computer-readable medium may have stored thereon code and/or machine-executable instructions that may represent a procedure, a function, a subprogram, a program, a routine, a subroutine, a module, a software package, a class, or any combination of instructions, data structures, or program statements. A code segment may be coupled to another code segment or a hardware circuit by passing and/or receiving information, data, arguments, parameters, or memory contents. Information, arguments, parameters, data, etc. may be passed, forwarded, or transmitted via any suitable means including memory sharing, message passing, token passing, network transmission, or the like.
Specific details are provided in the description above to provide a thorough understanding of the embodiments and examples provided herein, but those skilled in the art will recognize that the application is not limited thereto. Thus, while illustrative embodiments of the application have been described in detail herein, it is to be understood that the inventive concepts may be otherwise variously embodied and employed, and that the appended claims are intended to be construed to include such variations, except as limited by the prior art. Various features and aspects of the above-described application may be used individually or jointly. Further, embodiments may be utilized in any number of environments and applications beyond those described herein without departing from the broader scope of the specification. The specification and drawings are, accordingly, to be regarded as illustrative rather than restrictive. For the purposes of illustration, methods were described in a particular order. It should be appreciated that in alternate embodiments, the methods may be performed in a different order than that described.
For clarity of explanation, in some instances the present technology may be presented as including individual functional blocks comprising devices, device components, steps or routines in a method embodied in software, or combinations of hardware and software. Additional components may be used other than those shown in the figures and/or described herein. For example, circuits, systems, networks, processes, and other components may be shown as components in block diagram form in order not to obscure the embodiments in unnecessary detail. In other instances, well-known circuits, processes, algorithms, structures, and techniques may be shown without unnecessary detail in order to avoid obscuring the embodiments.
Further, those of skill in the art will appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the aspects disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
Individual embodiments may be described above as a process or method which is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations may be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed but could have additional steps not included in a figure. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its termination may correspond to a return of the function to the calling function or the main function.
Processes and methods according to the above-described examples may be implemented using computer-executable instructions that are stored or otherwise available from computer-readable media. Such instructions may include, for example, instructions and data which cause or otherwise configure a general purpose computer, special purpose computer, or a processing device to perform a certain function or group of functions. Portions of computer resources used may be accessible over a network. The computer executable instructions may be, for example, binaries, intermediate format instructions such as assembly language, firmware, source code. Examples of computer-readable media that may be used to store instructions, information used, and/or information created during methods according to described examples include magnetic or optical disks, flash memory, USB devices provided with non-volatile memory, networked storage devices, and so on.
In some embodiments the computer-readable storage devices, mediums, and memories may include a cable or wireless signal containing a bitstream and the like. However, when mentioned, non-transitory computer-readable storage media expressly exclude media such as energy, carrier signals, electromagnetic waves, and signals per se.
Those of skill in the art will appreciate that information and signals may be represented using any of a variety of different technologies and techniques. For example, data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof, in some cases depending in part on the particular application, in part on the desired design, in part on the corresponding technology, etc.
The various illustrative logical blocks, modules, and circuits described in connection with the aspects disclosed herein may be implemented or performed using hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof, and may take any of a variety of form factors. When implemented in software, firmware, middleware, or microcode, the program code or code segments to perform the necessary tasks (e.g., a computer-program product) may be stored in a computer-readable or machine-readable medium. A processor(s) may perform the necessary tasks. Examples of form factors include laptops, smart phones, mobile phones, tablet devices or other small form factor personal computers, personal digital assistants, rackmount devices, standalone devices, and so on. Functionality described herein also may be embodied in peripherals or add-in cards. Such functionality may also be implemented on a circuit board among different chips or different processes executing in a single device, by way of further example.
The instructions, media for conveying such instructions, computing resources for executing them, and other structures for supporting such computing resources are example means for providing the functions described in the disclosure.
The techniques described herein may also be implemented in electronic hardware, computer software, firmware, or any combination thereof. Such techniques may be implemented in any of a variety of devices such as general purposes computers, wireless communication device handsets, or integrated circuit devices having multiple uses including application in wireless communication device handsets and other devices. Any features described as modules or components may be implemented together in an integrated logic device or separately as discrete but interoperable logic devices. If implemented in software, the techniques may be realized at least in part by a computer-readable data storage medium comprising program code including instructions that, when executed by one or more processors, performs one or more of the methods, algorithms, and/or operations described above. The computer-readable data storage medium may form part of a computer program product, which may include packaging materials. The computer-readable medium and/or memory system may comprise any memory or data storage media, such as random access memory (RAM) such as synchronous dynamic random access memory (SDRAM), read-only memory (ROM), non-volatile random access memory (NVRAM), electrically erasable programmable read-only memory (EEPROM), FLASH memory, magnetic or optical data storage media, memory 615, read-only memory (ROM) 620, random access memory (RAM) 625, storage device 630, and the like, and the computer-readable medium may include multiple memories or data storage media. The techniques additionally, or alternatively, may be realized at least in part by a computer-readable communication medium that carries or communicates program code in the form of instructions or data structures and that may be accessed, read, and/or executed by a computer, such as propagated signals or waves.
The program code may be executed by a processor system, which may include one or more processors, such as one or more digital signal processors (DSPs), general purpose microprocessors, an application specific integrated circuits (ASICs), field programmable logic arrays (FPGAs), or other equivalent integrated or discrete logic circuitry. Such a processor system may be configured to perform any of the techniques described in this disclosure. A general-purpose processor may be a microprocessor; but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor system may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration. Accordingly, the term “processor system,” as used herein may refer to any of the foregoing structure, any combination of the foregoing structure, or any other structure or apparatus suitable for implementation of the techniques described herein.
One of ordinary skill will appreciate that the less than (“<”) and greater than (“>”) symbols or terminology used herein may be replaced with less than or equal to (“≤”) and greater than or equal to (“>”) symbols, respectively, without departing from the scope of this description.
Where components are described as being “configured to” perform certain operations, such configuration may be accomplished, for example, by designing electronic circuits or other hardware to perform the operation, by programming programmable electronic circuits (e.g., microprocessors, or other suitable electronic circuits) to perform the operation, or any combination thereof.
The phrase “coupled to” or “communicatively coupled to” refers to any component that is physically connected to another component either directly or indirectly, and/or any component that is in communication with another component (e.g., connected to the other component over a wired or wireless connection, and/or other suitable communication interface) either directly or indirectly.
Claim language or other language reciting “at least one of” a set and/or “one or more” of a set indicates that one member of the set or multiple members of the set (in any combination) satisfy the claim. For example, claim language reciting “at least one of A and B” or “at least one of A or B” means A, B, or A and B. In another example, claim language reciting “at least one of A, B, and C” or “at least one of A, B, or C” means A, B, C, or A and B, or A and C, or B and C. A and B and C, or any duplicate information or data (e.g., A and A, B and B, C and C, A and A and B, and so on), or any other ordering, duplication, or combination of A, B, and C. The language “at least one of” a set and/or “one or more” of a set does not limit the set to the items listed in the set. For example, claim language reciting “at least one of A and B” or “at least one of A or B” may mean A, B, or A and B, and may additionally include items not listed in the set of A and B.
Claim language or other language reciting “at least one processor configured to,” “at least one processor being configured to,” “a processor being configured to,” or the like indicates that one processor or multiple processors (in any combination) can perform the associated operation(s). For example, claim language reciting “at least one processor configured to: X, Y, and Z” means a single processor can be used to perform operations X, Y, and Z; or that multiple processors are each tasked with a certain subset of operations X, Y, and Z such that together the multiple processors perform X, Y, and Z; or that a group of multiple processors work together to perform operations X, Y, and Z. In another example, claim language reciting “at least one processor configured to: X, Y, and Z” can mean that any single processor may only perform at least a subset of operations X, Y, and Z.
Illustrative aspects of the disclosure include:
Aspect 1. An apparatus for secure processing, comprising: a hardware component; a memory system comprising instructions; and a processor system coupled to the memory system and coupled to the hardware component through a signal connection, wherein the processor system is configured to: receive an indication to perform a secure process; determine, based on the indication to perform the secure process, to shut down the hardware component; transmit, to the hardware component, an indication to shut down; receive, from the hardware component, an indication that the hardware component has been shut down; monitor the signal connection for perturbation signals, wherein the signal connection carries the perturbation signals, and wherein the perturbation signals comprise hardware signals; and perform the secure process based on the monitored signal connection.
Aspect 2. The apparatus of Aspect 1, wherein the processor system is further configured to detect the perturbation signals based on a change in the hardware signals received via the signal connection.
Aspect 3. The apparatus of Aspect 2, wherein the signal connection comprises a physical connection dedicated to carrying the hardware signals.
Aspect 4. The apparatus of any one of Aspects 1 to 3, wherein the processor system is further configured to: detect a perturbation signal on the signal connection; and stop performance of the secure process based on the detected perturbation signal.
Aspect 5. The apparatus of any one of Aspects 1 to 4, wherein the hardware signals comprise signals from the hardware component that are not under software control.
Aspect 6. The apparatus of any one of Aspects 1 to 5, wherein the processor system is configured to: determine an expected signal for the monitored signal connection; and determine a perturbation signal has been received based on a comparison of a signal on the monitored signal connection to the expected signal.
Aspect 7. The apparatus of Aspect 6, wherein the expected signal on the monitored signal connection comprises an initial signal on the monitored signal connection.
Aspect 8. The apparatus of any one of Aspects 1 to 7, wherein the processor system is further configured to: complete performance of the secure process; transmit an indication to start to the hardware component; and output a result of the secure process.
Aspect 9. The apparatus of any one of Aspects 1 to 8, wherein the hardware component comprises at least one of a sensor interface, a radio interface, an input/output interface, or a power interface.
Aspect 10. The apparatus of any one of Aspects 1 to 9, wherein the signal connection is coupled to an interface of the hardware component.
Aspect 11. A method for secure processing, comprising: receiving an indication to perform a secure process; determining, based on the indication to perform the secure process, to shut down a hardware component; transmitting, to the hardware component, an indication to shut down; receiving, from the hardware component, an indication that the hardware component has been shut down; monitoring a signal connection for perturbation signals, wherein the signal connection carries the perturbation signals, and wherein the perturbation signals comprise hardware signals; and performing the secure process based on the monitored signal connection.
Aspect 12. The method of Aspect 11, further comprising detecting the perturbation signals based on a change in the hardware signals received via the signal connection.
Aspect 13. The method of Aspect 12, wherein the signal connection comprises a physical connection dedicated to carrying the hardware signals.
Aspect 14. The method of any one of Aspects 11 to 13, further comprising: detecting a perturbation signal on the signal connection; and stopping performance of the secure process based on the detected perturbation signal.
Aspect 15. The method of any one of Aspects 11 to 14, wherein the hardware signals comprise signals from the hardware component that are not under software control.
Aspect 16. The method of any one of Aspect 11 to 15, further comprising: determining an expected signal for the monitored signal connection; and determining a perturbation signal has been received based on a comparison of a signal on the monitored signal connection to the expected signal.
Aspect 17. The method of Aspect 16, wherein the expected signal on the monitored signal connection comprises an initial signal on the monitored signal connection.
Aspect 18. The method of any one of Aspects 11 to 17, further comprising: completing performance of the secure process; transmitting an indication to start to the hardware component; and outputting a result of the secure process.
Aspect 19. The method of any one of Aspects 11 to 18, wherein the hardware component comprises at least one of a sensor interface, a radio interface, an input/output interface, or a power interface.
Aspect 20. The method of any one of Aspects 11 to 19, wherein the signal connection is coupled to an interface of the hardware component.
Aspect 21. A non-transitory computer-readable medium having stored thereon instructions that, when executed by a processor system, cause the processor system to: receive an indication to perform a secure process; determine, based on the indication to perform the secure process, to shut down a hardware component; transmit, to the hardware component, an indication to shut down; receive, from the hardware component, an indication that the hardware component has been shut down; monitor a signal connection for perturbation signals, wherein the signal connection carries the perturbation signals, and wherein the perturbation signals comprise hardware signals; and perform the secure process based on the monitored signal connection.
Aspect 22. The non-transitory computer-readable medium of Aspect 21, wherein the instructions further cause the processor system to detect the perturbation signals based on a change in the hardware signals received via the signal connection.
Aspect 23. The non-transitory computer-readable medium of Aspect 22, wherein the signal connection comprises a physical connection dedicated to carrying the hardware signals.
Aspect 24. The non-transitory computer-readable medium of any one of Aspects 21 to 23, wherein the instructions further cause the processor system: detect a perturbation signal on the signal connection; and stop performance of the secure process based on the detected perturbation signal.
Aspect 25. The non-transitory computer-readable medium of any one of Aspects 21 to 24, wherein the hardware signals comprise signals from the hardware component that are not under software control.
Aspect 26. The non-transitory computer-readable medium of any one of Aspects 21 to 25, wherein the instructions further cause the processor system: determine an expected signal for the monitored signal connection; and determine a perturbation signal has been received based on a comparison of a signal on the monitored signal connection to the expected signal.
Aspect 27. The non-transitory computer-readable medium of Aspect 26, wherein the expected signal on the monitored signal connection comprises an initial signal on the monitored signal connection.
Aspect 28. The non-transitory computer-readable medium of any one of Aspects 21 to 27, wherein the instructions further cause the processor system: complete performance of the secure process; transmit an indication to start to the hardware component; and output a result of the secure process.
Aspect 29. The non-transitory computer-readable medium of any one of Aspects 21 to 28, wherein the hardware component comprises at least one of a sensor interface, a radio interface, an input/output interface, or a power interface.
Aspect 30. The non-transitory computer-readable medium of any one of Aspects 21 to 29, wherein the signal connection is coupled to an interface of the hardware component.
Aspect 31. A non-transitory computer-readable medium having stored thereon instructions that, when executed by at least one processor, cause the at least one processor to perform operations according to any of Aspects 11-20.
Aspect 32. An apparatus for delegated attestation, comprising one or more means for performing operations according to any of Aspects 11-20.
