Initiator and target firewalls
Abstract
A system comprising a first logic adapted to use qualifiers received from a component to determine which of a plurality of storages matches the qualifiers, the first logic generates a first signal indicative of a storage matching the qualifiers. The system also comprises a second logic coupled to the first logic and adapted to use a target address received from the component to determine which of the plurality of storages matches the target address, the second logic generates a second signal indicative of a storage matching the target address. Another logic is adapted to determine whether the storage associated with the first signal matches the storage associated with the second signal. The qualifiers indicate security mode attributes associated with the component.
Claims
exact text as granted — not AI-modified1 . A system, comprising:
a first logic adapted to use qualifiers received from a component to determine which of a plurality of storages matches said qualifiers, said first logic generates a first signal indicative of a storage matching said qualifiers; and a second logic coupled to the first logic and adapted to use a target address received from the component to determine which of said plurality of storages matches said target address, said second logic generates a second signal indicative of a storage matching said target address; wherein another logic is adapted to determine whether the storage associated with the first signal matches the storage associated with the second signal; wherein the qualifiers indicate security mode attributes associated with the component.
2 . The system of claim 1 , wherein the system comprises a mobile communication device.
3 . The system of claim 1 , wherein said first logic determines which of said plurality of storages matches said qualifiers by comparing the qualifiers to access requirements programmed into the plurality of storages.
4 . The system of claim 3 , wherein said access requirements comprise a requirement that the component tries to access at least one of said storages while in a security mode selected from the group consisting of a normal secure privilege mode or user mode, a normal public privilege mode or user mode, a virtual secure privilege mode or user mode and a virtual public privilege mode or user mode.
5 . The system of claim 3 , wherein said access requirements comprise a requirement that the component tries to access at least one of said storages to perform only one of a read function or a write function.
6 . The system of claim 1 , wherein, if the another logic determines that the storage associated with the first signal does not match the storage associated with the second signal, the another logic prevents the component from accessing the storages associated with the first and second signals.
7 . A method, comprising:
generating a first signal indicating which of a plurality of storages matches qualifiers received from a component, said qualifiers indicate security mode attributes associated with the component; generating a second signal indicating which of said plurality of storages matches a target address received from said component; and determining whether the storage associated with the first signal matches the storage associated with the second signal.
8 . The method of claim 7 , wherein generating the first signal indicating which of the plurality of storages matches qualifiers received from a component comprises using a storage housed within a mobile communication device.
9 . The method of claim 7 , wherein generating said first signal comprises comparing the qualifiers to access requirements programmed into said plurality of storages.
10 . The method of claim 9 , wherein comparing the qualifiers to access requirements comprises using an access requirement that the component tries to access at least one of said storages while in a security mode selected from the group consisting of a normal secure privilege mode or user mode, a normal public privilege mode or user mode, a virtual secure privilege mode or user mode and a virtual public privilege mode or user mode.
11 . The system of claim 9 , wherein comparing the qualifiers to access requirements comprises using an access requirement that the component tries to access at least one of said storages to perform only one of a read function or a write function.
12 . The method of claim 7 , further comprising preventing the component from accessing either of the storages associated with the first and second signals.
13 . A system, comprising:
means for generating a first signal indicating which of a plurality of storages matches qualifiers received from a component, said qualifiers indicate security mode attributes associated with the component; means for generating a second signal indicating which of said plurality of storages matches a target address received from said component; and means for determining whether the storage associated with the first signal matches the storage associated with the second signal.
14 . The system of claim 13 , wherein the system comprises a mobile communication device.
15 . The system of claim 13 , wherein the means for generating the first signal compares the qualifiers to access requirements programmed into the plurality of storages.
16 . The system of claim 15 , wherein said access requirements comprise a requirement that the component tries to access at least one of said storages while in a security mode selected from the group consisting of a normal secure privilege mode or user mode, a normal public privilege mode or user mode, a virtual secure privilege mode or user mode and a virtual public privilege mode or user mode.
17 . The system of claim 15 , wherein said access requirements comprise a requirement that the component tries to access at least one of said storages to perform only one of a read function or a write function.
18 . The system of claim 13 , wherein the means for determining prevents the component from accessing either of the storages associated with the first and second signals.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.