

# **PATROLL Winning Submission**

### U.S. Patent 7,779,252

U.S. Patent 7,779,252 ("Speir Technologies Ltd" or the "patent-at-issue") was filed on March 21, 2006 and claims priority on the same date. Claim 1 of the patent-at-issue is generally directed to a mobile PDA computer system consisting of a non-secure user processor, a secure user processor, and a cryptographic engine. The non-secure processor has a non-trusted commercialoff-the-shelf (COTS) microprocessor hardware, a non-trusted COTS operating system, and nontrusted COTS application software. The secure processor has a trusted microprocessor hardware (HW), a trusted operating system and a trusted application software. In addition to providing encryption and decryption services, the cryptographic engine provides a first data communication link that communicates data between the secure processor and the cryptographic engine and a second data communication link that communicates data between the non-secure processor and the cryptographic engine. The mobile PDA computer system includes a shared human/machine interface to allow a user to input control commands and input data, and at least one output device to allow the mobile PDA computer system to inform a user. The shared human/machine interface can be configured for bi-directional communication of information between each of the secure user processor, the non-secure user processor, and the cryptographic engine

The primary reference, U.S. Patent 7,734,933 ("*Rockwell*"), was filed on June 17, 2005 and claims priority on the same date. The patent is directed to a system for providing a trusted environment for untrusted computing systems. The system may include a HAC subsystem managing shared resources and a trusted bus switch for controlling a COTS processor to access the shared resources. The shared resources such as memory and several I/O resources reside on the trusted side of the trusted bus switch. Alternatively, the system may include a SCM as an add-on module to an untrusted host environment. Only authenticated applications including COTS OS execute on the SCM while untrusted applications execute on the untrusted host environment. The SCM may control secure resource access from the untrusted host through a plug-in module interface. All secure resources may be maintained on the trusted side of the plug-in module interface.

The primary reference, U.S. Patent 8,499,171 ("*Qualcomm*"), was filed on February 25, 2011 and claims an earliest priority date of November 18, 2005. The patent is directed to a method or providing a secure environment for mobile telephones and other devices are disclosed. The system and method may utilize trust zoning, layered memory, and a secure matrix model having, for example, a memory protection module for protecting memory; a secure debug module for ensuring security of the debug module; a secure file system module for protecting the secure file system; and a trusted time source module for protecting components. Embodiments of the present invention may protect against security attacks on a variety of hardware and software components while permitting suitable levels of accessibility for developmental and maintenance purposes.

The secondary reference, U.S. Patent 8,566,612 ("*Exelis*"), was filed on January 29, 2010 and claims an earliest priority date of October 2, 2003. The patent is directed to a security processor that performs all or substantially all security and network processing to provide a secure I/O interface system to protect computing hardware from unauthorized access or attack. The security



processor sends and receives all incoming and outgoing data packets for a host device and includes a packet engine, coupled to a local data bus, to process the incoming and outgoing packets. The processor further comprises a cryptographic core coupled to the packet engine to provide encryption and decryption processing for packets processed by the packet engine. The packet engine also handles classification processing for the incoming and outgoing packets. A modulo engine may be coupled to the local data bus.



A sample claim chart comparing claim 1 of *Speir Technologies Ltd* to *Rockwell*, *Qualcomm*, and *Exelis* is provided below.

| <b>US7779252</b><br>("Speir Technologies Ltd")                                                                                                                                                                                | A. US7734933 ("Rockwell")<br>B. US8499171 ("Qualcomm")<br>C. US8566612 ("Exelis")                                                                                                                                                                                                                                                                                                                                                                     |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| <ol> <li>A mobile PDA computer system,<br/>comprising:</li> <li>a a secure user processor,<br/>comprising:</li> </ol>                                                                                                         | A. US7734933<br>"Consequently, a system suitable for highly assured military<br>applications employing widely available and cost effective<br>commercial off-the-shelf (COTS) components is necessary."<br><i>Rockwell</i> at col. 1:40-42                                                                                                                                                                                                            |
| <ul> <li>a trusted microprocessor;</li> <li>a trusted operating system<br/>executing on said trusted<br/>microprocessor;</li> <li>a trusted application software<br/>executing on said trusted<br/>microprocessor;</li> </ul> | <ul> <li>"In an additional exemplary aspect of the present invention, a system including a Secure Computing Module (SCM) provides a trusted environment for COTS host platforms." <i>Rockwell</i> at col. 2:4-6</li> <li>"Moreover, the SCM is suitable for providing secure wireless network connections when the SCM is added on wireless devices such as PDAs, cell phones, and other mobile devices." <i>Rockwell</i> at col. 11:53-56</li> </ul> |
|                                                                                                                                                                                                                               | "A secure COTS computing environment is provided by a system including a High Assurance Controller (HAC) subsystem to control execution of COTS functions and enforce security partitioning for applications running on the untrusted COTS processor." <i>Rockwell</i> at col. 4:15-18                                                                                                                                                                |
|                                                                                                                                                                                                                               | "Referring now to FIG. 7, a block diagram of a computing<br>environment 700 implementing SCM architecture in<br>accordance with an exemplary embodiment of the present<br>invention is shown. The <b>SCM</b> 702 <b>may include</b> a first<br>subsystem 703 and <b>a second subsystem</b> 704 residing on the<br>trusted environment." <i>Rockwell</i> at col. 8:51-56                                                                               |
|                                                                                                                                                                                                                               | "The first subsystem 703 may be an Authenticated COTS<br>environment subsystem (ACE) and the <b>second subsystem</b> 704<br><b>may be a Trusted Security Manager subsystem (TSM)</b><br>704." <i>Rockwell</i> at col. 8:64-67                                                                                                                                                                                                                         |
|                                                                                                                                                                                                                               | " <b>The TSM</b> 704 <b>may include a trusted processor</b> 705 for providing a brick-wall partitioning of memory, time, and device resources, and enforcing predetermined security policies." <i>Rockwell</i> at col. 9:31-34                                                                                                                                                                                                                        |



# **Unified**Patents

(cont.) 1. A mobile PDA computer system, comprising:

1.a a secure user processor, comprising:

a trusted microprocessor;

a trusted operating system executing on said trusted microprocessor;

a trusted application software executing on said trusted microprocessor;

"In a particular embodiment of the present invention, the trusted processor 705 may include ROCKWELL **COLLINS AAMP7<sup>TM</sup>** microprocessor and the like." Rockwell at col. 10:12-14

"AAMP7 microprocessor is configured to provide intrinsic partitioning, which allows the integration of multiple applications in a way that allows for their assured separation. As discussed above, the intrinsic partitioning mechanism operates much like a separation kernel implemented in microcode. Rather than manage operating system tasks, however, the intrinsic partitioning mechanism maintains appropriate separation between a set of system partitions implemented directly in the microarchitecture and associated microcode. Further, AAMP7 may enforce a communication policy between partitions that ensures that improper communication is not allowed, thereby providing the system designer a useful and dependable building block for designing and implementing secure systems." Rockwell at col. 10:14-30

# B. US8499171

"Each layer may include nested layers; for example, peripheral memory may be defined as secure peripherals and non-secure peripherals. Associations between various layers and various trust zones are then established to optimize functionality and security." Oualcomm at col. 4:43-47

"Zone 1 (12), for example, may be for completely trusted **code** and may be the smallest possible code size. It may execute core operating system functions and cryptography (crypto) operations involving the hardware key or private keys from the secure file system." *Qualcomm* at col. 5:6-10

Zone 2: Application digital signal processing (DSP) real time operating system (RTOS) mode: trusted code and access to system memory space permitted;" Qualcomm at col. 4:62-64

"The applications DSP RTOS 70, 72 can execute any mix of trusted and non-trusted applets. To support individual access rights per applet the RTOS provides driver functionality to request memory transfers/accesses." Qualcomm at col. 6:10-14

### C. US8566612A

"Architecture 100 includes security processing system 102 comprising security processor 104, which may consolidate



| <i>(cont.)</i><br>1. A <b>mobile PDA computer system</b> ,<br>comprising:      | the processing of discrete or consolidated security functions<br>and maintain the relationships and integrity of the stored<br>security context and other information in memories 106, 108,<br>and 110." <i>Exelis</i> at col. 4:4-9  |
|--------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1.a a secure user processor,                                                   |                                                                                                                                                                                                                                       |
| comprising:                                                                    | "The <b>boot code</b> used to load <b>firmware for execution by</b>                                                                                                                                                                   |
| a trusted microprocessor;                                                      | <b>security processor</b> 104 may optionally be authenticated using<br>a mechanism internal to security processor 104 prior to its<br>operation." <i>Exelis</i> at col. 7:28-32                                                       |
| a trusted operating system                                                     |                                                                                                                                                                                                                                       |
| executing on said trusted                                                      | "Each computer or computing device (not shown) connected,                                                                                                                                                                             |
| microprocessor;                                                                | for example, to internal network 116 may be protected by<br>security processing system 102, such as, for example, using                                                                                                               |
| a trusted application software<br>executing on said trusted<br>microprocessor; | an NIC containing security processing system 102, such as, for example, using the system 102 for all I/O traffic for each device." <i>Exelis</i> at col. 18:50-54                                                                     |
|                                                                                |                                                                                                                                                                                                                                       |
| 1.b a <b>non-secure user processor</b> , comprising:                           | A. US7734933<br>"In an additional exemplary aspect of the present invention, a                                                                                                                                                        |
| a non-trusted microprocessor;                                                  | system including a Secure Computing Module (SCM) provides<br>a trusted environment for COTS host platforms." <i>Rockwell</i> at                                                                                                       |
|                                                                                | col. 2:4-6                                                                                                                                                                                                                            |
| a non-trusted operating system                                                 |                                                                                                                                                                                                                                       |
| executing on said non-trusted                                                  | "Referring now to FIG. 7, a block diagram of a computing                                                                                                                                                                              |
| microprocessor;                                                                | environment 700 implementing SCM architecture in                                                                                                                                                                                      |
| · · · · · · · · · · · · · · · · · · ·                                          | accordance with an exemplary embodiment of the present                                                                                                                                                                                |
| a non-trusted application software                                             | invention is shown. The SCM 702 may include a first                                                                                                                                                                                   |
| executing on said non-trusted                                                  | subsystem 703 and a second subsystem 704 residing on the                                                                                                                                                                              |
| 0                                                                              |                                                                                                                                                                                                                                       |
| microprocessor;                                                                | trusted environment." <i>Rockwell</i> at col. 8:51-56                                                                                                                                                                                 |
|                                                                                | "The first subsystem 703 may be an Authenticated COTS<br>environment subsystem (ACE) and the second subsystem<br>704 may be a Trusted Security Manager subsystem (TSM)<br>704." <i>Rockwell</i> at col. 8:64-67                       |
|                                                                                | "This invention relates generally to computing environments<br>and more particularly to a system for providing a secure and<br>trusted <b>commercial-off-the-shelf COTS</b> computing<br>environment." <i>Rockwell</i> at col. 1:8-11 |
|                                                                                | "The ACE 703 includes an embedded COTS OS running on<br>a compatible embedded COTS processor. Examples of the<br>embedded COTS OS include WINDOWS® CE, LINUX, or<br>PALM OS®, or the like." <i>Rockwell</i> at col. 9:4-7             |



| <b>Unified</b> Patents |
|------------------------|
|                        |

| <i>(cont.)</i><br>1.b a <b>non-secure user processor</b> ,<br>comprising:                                                                                                                                                                         | "The ACE 703 may include COTS applications,<br>manufacturer-supplied software and the like." <i>Rockwell</i> at col.<br>9:13-14                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| <ul> <li>a non-trusted microprocessor;</li> <li>a non-trusted operating system<br/>executing on said non-trusted<br/>microprocessor;</li> <li>a non-trusted application software<br/>executing on said non-trusted<br/>microprocessor;</li> </ul> | <b>B. US8499171</b><br>"Zone 5 (20), for example, may be completely untrusted."<br><i>Qualcomm</i> at col. 5:23                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
|                                                                                                                                                                                                                                                   | "Specific details of this embodiment include the following<br>interrelationships. The <b>application processor execution</b> 76 is                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
|                                                                                                                                                                                                                                                   | <b>untrusted in any mode</b> . Hence the application memory<br>management units (MMU) settings are not trusted and no<br>assumptions are made upon their configuration; i.e., the <b>third</b> -<br><b>party OS</b> can use the application MMU freely (area 4 at 36)."<br><i>Qualcomm</i> at col. 6:1-6                                                                                                                                                                                                                                                                                                                                                                             |
|                                                                                                                                                                                                                                                   | C. US8566612<br>"Security processing system 102 may be implemented, for<br>example, as a stand-alone system box or as a card such as, for<br>example, a NIC, that connects to a slot in the motherboard of a<br>host system. Security processing system 102 may be coupled<br>to host processor 130 using host bridge or interface 128. Host<br>processor 130 may be coupled to hard drive 132, digital<br>content input device 134, and authentication input device 136.<br>Hard drive 132 may store, for example, a software<br>application that communicates with the application program<br>interface (API) of security processing system 102." <i>Exelis</i> at<br>col. 5:36-46 |
|                                                                                                                                                                                                                                                   | "By routing all or substantially all I/O to and from host<br>processor 130 and/or internal network 116 through security<br>processing system 102, host processor 130 and internal<br>network 116 are substantially protected against<br>unauthorized access or other security breaches, protecting<br>the security information integrity, and providing processing<br>and storage efficiency from information consolidation." <i>Exelis</i><br>at col. 4:40-47                                                                                                                                                                                                                       |
| 1.c a cryptographic engine<br>configured for encrypting and<br>decrypting data comprising:<br>a trusted cryptographic processor;                                                                                                                  | A. US7734933<br>"In an additional exemplary aspect of the present invention, a<br>system including a Secure Computing Module (SCM)<br>provides a trusted environment for COTS host platforms."<br><i>Rockwell</i> at col. 2:4-6                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
| a trusted operating system<br>executing on said trusted<br>cryptographic processor;                                                                                                                                                               | "Referring now to FIG. 7, a block diagram of a computing<br>environment 700 implementing SCM architecture in<br>accordance with an exemplary embodiment of the present                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |



#### (cont.)

1.c a cryptographic engine configured for encrypting and decrypting data comprising:

a trusted cryptographic processor;

a **trusted operating system** executing on said trusted cryptographic processor; invention is shown. The SCM 702 may include a first subsystem 703 and a second subsystem 704 residing on the trusted environment. The untrusted host environment may include commercial software environments and applications, having minimal or no Common Criteria (CC) certification and no assurance of isolation between tasks. Conventionally, a host platform employing COTS processors is assumed to be untrusted. The trusted environment may include trusted hardware and software ensuring access to certain resources, or parts of shared resources to be controlled in a structured manner to prevent compromising classified data. The first subsystem 703 may be an Authenticated COTS environment subsystem (ACE) and the second subsystem 704 may be a Trusted Security Manager subsystem (TSM) 704." Rockwell at col. 8:51-67

"The **TSM** 704 **also includes** a local encrypted storage, **a cryptographic engine** 706, and multiple I/O channels for all I/O paths to the SCM 702. The **cryptographic engine** 706 **may aid the trusted processor** 705 to provide a robust security interface. The **cryptographic engine** 706 **may include a reprogrammable cryptographic engine**." *Rockwell* at col. 9:37-42

"The cryptographic engine 706 of the SCM 702 may include **ROCKWELL COLLINS Janus Crypto Engine**, and the like." *Rockwell* at col. 10:31-35

# B. US8499171

"The secure file system module 90 may use, for example, trusted software to encrypt sensitive data before storing it in external, non-volatile memory using a device-specific hardware key 52, thus preventing security breaches of multiple devices. The on-chip memory module 92 (embedded memory) may be used to provide, for example, storage for secret information such as cryptographic keys, thus preventing unauthorized access to such information via probes, for example." *Qualcomm* at col. 7:27-35

"Various embodiments of the present invention may utilize security hardware 90 a to implement the hardware key 52 to facilitate the SFS. **Various embodiments also implement a cryptography engine** 90 b and DMA controller blocks 90 c used to accelerate encoding and decoding of data stored in an SFS." *Qualcomm* at col. 11:7-12



| <ul> <li>(cont.)</li> <li>1.c a cryptographic engine<br/>configured for encrypting and<br/>decrypting data comprising:</li> <li>a trusted cryptographic processor;</li> <li>a trusted operating system<br/>executing on said trusted<br/>cryptographic processor;</li> </ul> | C. US8566612<br>"Architecture 100 includes security processing system 102<br>comprising security processor 104, which may consolidate<br>the processing of discrete or consolidated security functions<br>and maintain the relationships and integrity of the stored<br>security context and other information in memories 106, 108,<br>and 110. Memories 106, 108 and 110 are coupled to security<br>processor 104. Memories 106, 108 and 110 store, for example,<br>cryptographic keys and other data used in security<br>functions by security processor 104, and also store security<br>associations and connection entries used in maintaining<br>multiple security sessions with other computers." <i>Exelis</i> at col.<br>4:4-15 |
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                                                                                                                                                                                                                                                                              | "Security processing system 102 may also serve as a trusted<br>hardware device to authenticate another hardware security<br>token connected on, for example, a common network. Security<br>processing system 102 may be authenticated using<br>authentication input device 136 and may provide the<br>cryptographic processing for such authentication." <i>Exelis</i> at<br>col. 6:20-25                                                                                                                                                                                                                                                                                                                                                |
|                                                                                                                                                                                                                                                                              | "Memory 106 may be made available to <b>cryptographic core</b> 232 to store security association and key information." <i>Exelis</i> at col. 7:16-18                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
|                                                                                                                                                                                                                                                                              | "Cryptographic cores 232 may provide security processing<br>to perform, for example, IPSec and/or SSL processing. Each<br>cryptographic core 232 may provide high-speed fixed<br>function encryption and authentication hash processing for<br>packet data. Each cryptographic core 232 may receive<br>instructions and key address information affixed to a packet for<br>applying appropriate transforms." <i>Exelis</i> at col. 11:23-29                                                                                                                                                                                                                                                                                              |
| 1.d a first data communication link<br>for communicating data between<br>said secure user processor and said<br>cryptographic engine;                                                                                                                                        | A. US7734933<br>"The TSM 704 also includes a local encrypted storage, a<br>cryptographic engine 706, and multiple I/O channels for all<br>I/O paths to the SCM 702. The cryptographic engine 706<br>may aid the trusted processor 705 to provide a robust<br>security interface." <i>Rockwell</i> at col. 9:37-42                                                                                                                                                                                                                                                                                                                                                                                                                        |
|                                                                                                                                                                                                                                                                              | <b>B. US8499171</b><br>"The aforementioned shading further correlates to the <b>arrows</b><br><b>between system components</b> (as depicted in the legend 80),                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |





1.d a first data communication link for communicating data between said secure user processor and said cryptographic engine;

1.e a second data communication

the arrows representing the channels in which data or code can be moved to or from areas of memory and relative to modes of operation." *Qualcomm* at col. 5:52-57



"In another example, a hardware key 52 may be moved in supervisory mode 62 (shown as arrow 80 b) to areas 1, 2 or 3 (shown at 30, 32, and 34 respectively) of system memory 22 as depicted by arrows 80 c, 80 d, and 80 e, respectively. In this particular embodiment, as shown in the foregoing example, **components of a certain level of trust may access memory layers having the same level of trust** or lower (less trusted zones)." *Qualcomm* at col. 5:60-67

# C. US8566612

"Also, in a preferred embodiment according to the present invention, all **I/O data to security processor** 104 **transits one of cryptographic cores** 232 whether or not the data needs encryption/decryption or other security processing." *Exelis* at col. 11:53-57

# A. US7734933

link for communicating data<br/>between said non-secure user<br/>processor and said cryptographic<br/>engine; and"In an additional exemplary aspect of the present invention, a<br/>system including a Secure Computing Module (SCM)<br/>provides a trusted environment for COTS host platforms."<br/>Rockwell at col. 2:4-6"Referring now to FIG. 7, a block diagram of a computing<br/>environment 700 implementing SCM architecture in



#### (cont.)

1.e a second data communication link for communicating data between said non-secure user processor and said cryptographic engine; and accordance with an exemplary embodiment of the present invention is shown. The **SCM** 702 **may include a first subsystem** 703 and a second subsystem 704 residing on the trusted environment." *Rockwell* at col. 8:51-56

**"The first subsystem** 703 **may be an Authenticated COTS environment subsystem (ACE)** and **the second subsystem** 704 **may be a Trusted Security Manager subsystem (TSM)** 704." *Rockwell* at col. 8:64-67

"The **TSM** 704 **also includes** a local encrypted storage, **a cryptographic engine** 706, and multiple I/O channels for all I/O paths to the SCM 702."*Rockwell* at col. 9:37-40

**"I/O paths between the TSM** 704 and the ACE 703 may include virtual I/O paths. In an embodiment, the virtual I/O paths between the TSM and the ACE may be implemented through a dual port RAM 707, with each I/O path and a memory-mapped resource being controlled by a dedicated TSM partition." *Rockwell* at col. 9:66 through col. 10:4

### B. US8499171

"For example, the **application processor** 76 **can move data or code such as third-party OS kernels and applications to and from area 4** shown at 36, the movement depicted by arrow 80 a." *Qualcomm* at col. 5:57-60





| <i>(cont.)</i><br>1.e a second data communication<br>link for communicating data<br>between said non-secure user<br>processor and said cryptographic<br>engine; and                                                                                                                                                                        | C. US8566612<br>"Outbound packets may be buffered after transit through<br>packet engine 228 and cryptographic core 232 for sending<br>out to streaming interface 200 or to host interface 206."<br><i>Exelis</i> at col. 20:22-24<br>"Host interface 206 may be coupled to physical host bridge<br>128 and supports slow path data flow and system<br>management by host processor 130." <i>Exelis</i> at col. 6:48-51                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1.f a shared human/machine<br>interface comprising a digital<br>multiplexer that is exclusively<br>responsive to said cryptographic<br>engine for selectively enabling<br>exclusive bi-directional<br>communication of information<br>between a user and one of said<br>secure user processor, said non-<br>secure user processor and said | <ul> <li>B. US8499171</li> <li>"Zone 2 (14), for example, may be for completely trusted code and may control the access rights of individual applications DSP applets." <i>Qualcomm</i> at col. 5:11-13</li> <li>"Zone 4 (18), for example, may be trusted for certain address ranges depending on the applet. Zone 2 (RTOS) may be responsible for determining the access rights of Zone 4." <i>Qualcomm</i> at col. 5:20-22</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| cryptographic engine; and                                                                                                                                                                                                                                                                                                                  | "In various embodiments, the memory protection module 84<br>may protect main memory 84 a, for example, via one or more<br>combined actions associated with the following memory<br>protection elements: a predetermined number of main memory<br>protection units (MPU) blocks; for example, three; modem<br>processor memory management unit (MMU); modem<br>subsystem secure mode multiplexer (SMM) block;<br>applications digital signal processor (applications DSP 72)<br>MPU; DMA controller security features (embedded MPU,<br>shadow registers, security identification (ID)); general<br>purpose input/output expansion interface (GPIO) security<br>features (shadow registers, bitmasks); and Main Memory MPU<br>blocks." <i>Qualcomm</i> at col. 7:63-67 through col. 8:1-8<br>"The RTOS is trusted to identify access rights per applet<br>and configure the assigned DMA controller channel's 60<br>MPU accordingly. Separate Memory Protection Units (MPUs)<br>are used to protect Zones 1 to 4 from invalid accesses from<br>other zones (such as one or more of Zones 3, 4 and 5) since the<br>application MMU is not trusted." <i>Qualcomm</i> at col. 6:14-19<br>"The applications DSP 72 MPU may prevent applications<br>DSP applications, such as those Zone 4, from accessing<br>various registers, thus the applications must issue RTOS |



### (cont.)

1.f a shared human/machine interface comprising a digital multiplexer that is exclusively responsive to said cryptographic engine for selectively enabling exclusive bi-directional communication of information between a user and one of said secure user processor, said nonsecure user processor and said cryptographic engine; and system calls to perform memory access." *Qualcomm* at col. 8:23-26

"Applications DSP 72 may run multitasking RTOS 70 that may be trusted and might always run in privileged mode. The DSP 72 may **execute applications using up to, for example**, 32 **user mode execution threads**. Some applications are not trusted." *Qualcomm* at col. 13:24-27

# C. US8566612

"Authentication input device 136 may be, for example, a physical key or token, a smart card, or a biometric identification sensor. Authentication input device 136 may enable the authentication of a user attempting to access host processor 130. Authentication input device 136 may be directly attached, for example, to a serial, network, or EEPROM interface of host processor 130 using a physically segregated or covered transmission channel. Authentication input device 136 may act as a mechanism for enabling or modifying the functions of security processor 104, or as an information-loading mechanism, used for example in loading keys, uncovering keys, or modifying rules for device operation.

**Digital content input device** 134 may be, for example, a **CD-ROM, portable storage device, or keyboard and provides digital data such as program code or security data to host processor** 130." *Exelis* at col. 5:56-57 through col. 6:1-4



# **Unified**Patents

| 1.g a third data communication link<br>for communicating control<br>information between said<br>cryptographic engine to said shared<br>human/machine interface; | <b>B. US8499171</b><br>"The applications DSP RTOS 70, 72 can execute any mix of<br>trusted and non-trusted applets. To support individual access<br>rights per applet the RTOS provides driver functionality to<br>request memory transfers/accesses. The RTOS is trusted to<br>identify access rights per applet and configure the assigned<br>DMA controller channel's 60 MPU accordingly." <i>Qualcomm</i> at<br>col. 6:10-16                                                                                                                                    |
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                                                                                                                                                                 | <b>C. US8566612</b><br>"Authentication input device 136 may be directly attached,<br>for example, to a serial, network, or EEPROM interface of<br>host processor 130 using a physically segregated or covered<br>transmission channel. Authentication input device 136 may<br>act as a mechanism for enabling or modifying the functions<br>of security processor 104, or as an information-loading<br>mechanism, used for example in loading keys, uncovering<br>keys, or modifying rules for device operation." <i>Exelis</i> at col.<br>5:60-67                  |
|                                                                                                                                                                 | "Security processing system 102 may also serve as a trusted<br>hardware device to authenticate another hardware security<br>token connected on, for example, a common network. Security<br>processing system 102 may be authenticated using<br>authentication input device 136 and may provide the<br>cryptographic processing for such authentication. Security<br>processing system 102 may communicate verification or<br>other information regarding the authentication status of<br>input device 136 to host processor 130." <i>Exelis</i> at col. 6:20-<br>28 |
|                                                                                                                                                                 | "By routing all or substantially all <b>I/O to and from host</b><br><b>processor</b> 130 and/or internal network 116 <b>through security</b><br><b>processing system</b> 102, host processor 130 and internal<br>network 116 are substantially protected against unauthorized<br>access or other security breaches, protecting the security<br>information integrity, and providing processing and storage<br>efficiency from information consolidation." <i>Exelis</i> at 4:40-47                                                                                  |
|                                                                                                                                                                 | "Security processing system 102 may be implemented, for<br>example, as a stand-alone system box or as a card such as, for<br>example, a NIC, that connects to a slot in the motherboard of a<br>host system. Security processing system 102 may be coupled<br>to host processor 130 using host bridge or interface 128."<br><i>Exelis</i> at col. 5:37-42                                                                                                                                                                                                           |



| 1.h.i wherein said <b>non-secure user</b><br><b>processor</b> is operatively connected to<br>a communications transceiver,<br>said secure processor is configured<br>to utilize said non-secure processor<br>to exchange information with said<br>communications transceiver, | <b>A. US7734933</b><br>"The SCM may be connected as a USB, CF, or Personal<br>Computer Memory Card International Association (PCMCIA)<br>device for a laptop host platform. Moreover, the SCM is<br>suitable for providing secure wireless network connections<br>when the <b>SCM is added on wireless devices such as PDAs,</b><br><b>cell phones, and other mobile devices</b> ." <i>Rockwell</i> at col.<br>11:50-56                                                                                                                                                                                  |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                                                                                                                                                                                                                                                                               | "The <b>TSM</b> 704 also includes a local encrypted storage, a cryptographic engine 706, and <b>multiple I/O channels for all I/O paths to the SCM</b> 702." <i>Rockwell</i> at col. 9:37-40                                                                                                                                                                                                                                                                                                                                                                                                             |
|                                                                                                                                                                                                                                                                               | "In an additional exemplary aspect of the present invention, a system including a <b>Secure Computing Module (SCM)</b> provides a trusted environment for COTS host platforms." <i>Rockwell</i> at col. 2:4-6                                                                                                                                                                                                                                                                                                                                                                                            |
|                                                                                                                                                                                                                                                                               | "Referring now to FIG. 7, a block diagram of a computing<br>environment 700 implementing SCM architecture in<br>accordance with an exemplary embodiment of the present<br>invention is shown. The <b>SCM</b> 702 <b>may include</b> a first<br>subsystem 703 and <b>a second subsystem</b> 704 residing on the<br>trusted environment." <i>Rockwell</i> at col. 8:51-56<br>"The first subsystem 703 may be an Authenticated COTS<br>environment subsystem (ACE) and <b>the second subsystem</b> 704<br><b>may be a Trusted Security Manager subsystem (TSM)</b><br>704." <i>Rockwell</i> at col. 8:64-67 |
|                                                                                                                                                                                                                                                                               | <b>B. US8499171</b><br>"Zone 3 (16), for example, may permit trusted access to the<br>radio control registers while in modem supervisory mode,<br>and may contain all of the core control code such as Code<br>Division Multiple Access (CDMA), global system for mobile<br>communications (GSM); and universal mobile<br>telecommunications service (UMTS)." <i>Qualcomm</i> at col.<br>5:14-19                                                                                                                                                                                                         |
|                                                                                                                                                                                                                                                                               |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |



| 1.h.ii and said cryptographic engine |  |
|--------------------------------------|--|
| is further configured                |  |

to command said shared human/machine interface to delete sensitive information contained therein and

to command said digital multiplexer to connect to said non-secure user processor only after said sensitive information has been deleted from said shared human/machine interface.

## A. US7734933

"A secure COTS computing environment is provided by a system including a **High Assurance Controller (HAC) subsystem to control execution of COTS functions and enforce security partitioning for applications running on the untrusted COTS processor**." *Rockwell* at col. 4:15-19

"The HAC subsystem 312 is responsible for control of COTS CPU execution as well as enforcing access to shared resources 313 such as memory and I/O. The HAC subsystem 312 may monitor and manage partitions for the COTS CPU. The **HAC subsystem** 312 **is responsible for zeroizing, loading, configuring, and controlling the COTS CPU for time-sliced real time execution of Multiple Independent Level of Security (MILS) computing functions. Zeroizing the COTS CPU may include approved zeroization procedures configured to erase sensitive information (e.g. keys for a cryptographic module) or decrypted secure data to prevent its disclosure**." *Rockwell* at col. 5:5-13

"As a result, the COTS CPU is ready to execute a next scheduled computing function. For example, a first computing function at TS security level may be executed in a first time slice 316. **Before a second computing function at security level being executed in a second time slice** 320, **a processing partition for the first computing function may be** "scrubbed" by the HAC subsystem 312. The HAC subsystem 312 causes the COTS CPU to zeroize its internal states and reestablish the PMU state. Then, the COTS CPU 302 is ready for executing the second computing function in the second time slice 320." *Rockwell* at col. 6:4-14 "Each micro-fob may be coded to the corresponding SCM device that it protects. If the signal is lost for a preset amount of time, the SCM device may lock out user access or start **auto-zeroizing**." *Rockwell* at col. 12:67 through col. 13:1-4