SYSTEM

TECHNICAL FILED OF THE DISCLOSURE

The invention relates creating a security-enabled (SE) microprocessor for preventing unauthorized persons from malicious usages of computing systems. In general, a microprocessor equipped in a computing system is not securely protected. However, a computing system equipped with a microprocessor prevents unauthorized persons from malicious usages of the computing system.

The invention relates also permitting only authorized persons and/or machines to manipulate secured information generated and modified by the invented SE microprocessor in an SE computing system unlike computing systems in prior arts preventing unauthorized persons and machines from accessing the computing systems.

The invention relates decoding instructions in an executable program by the SE microprocessor according to a secured customized instruction set dynamically reconfigured before executing the decoded instructions, wherein an executable program includes a sequence of instructions, wherein instructions in the executable program are generally in binary format, wherein a customized SE instruction set includes a plurality of transformed instructions from the instructions used in the executable program, wherein a plurality of transformed instructions in a

customized SE instruction set is obtained by an instruction-set configuration compiler, wherein a customized instruction set

dynamically reconfigured is used for decoding instructions by an SE microprocessor .

The invention relates generating an SE function compiler, which (1) randomly identifies functions in a program and (2) transforms the identified functions to SE functions by inserting a plurality of SE function identification bits, wherein an SE function is generated from a function in a program when an authorized person initiates a series of SE function transformations. More specifically, the secure function compiler determines how many and which functions in a program are transformed .

The invention relates generating an instruction-set configuration compiler, which (1) identifies SE functions in a program, (2)

transforms an instruction or a sequence of instructions in an SE function to an SE instruction or a sequence of SE instructions in an SE function, (3) generates an SE instruction set, and (4) generates configuration information of SE instructions in the SE instruction set to decode SE instructions, wherein an SE instruction set includes all of SE instructions transformed, wherein configuration information is used to reconfigure a reconfigurable SE instruction decoder. An SE instruction or a sequence of SE instructions has a different binary format, wherein a different binary format includes a different sequence and/or length of binary numbers. More specifically, the instruction-set configuration compiler transforms a sequence of non-flow control instructions to a non-flow control SE instruction.

The invention relates generating a dynamic SE decoded-operations (DOPs) generator, which (1) transforms a sequence of DOPs of an SE instruction to a sequence of SE DOPs of an SE instruction, (2) links to an SE DOP or a sequence of SE DOPs to an SE instruction, and (3) updates an SE DOP access lookup table, wherein an SE DOP or a sequence of SE DOPs is accessed in series or in parallel after an SE instruction is decoded. More specifically, the dynamic SE DOP generator (1) identifies a sequence of non-flow control SE instructions and (2) generates a sequence of SE DOPs of a sequence of non-flow control SE instructions. An SE DOP or a sequence of SE DOPs has a different binary format, wherein a different binary format includes a different sequence and/or length of binary numbers.

Therefore, a computing system equipped with the invented SE

microprocessor is capable of protecting the secured information from unauthorized persons although the unauthorized persons are able to access the computing system.

BACKGROUND OF THE DISCOLOSURE

The present invention generally relates preventing unauthorized persons from malicious usages of computing systems. More specifically, a single or plurality of microprocessors equipped in a computing system is transformed to a single or plurality of security-enabled (SE) microprocessors in order for authorized persons to securely utilize a computing system, instead of only blocking accesses of a computing system from unauthorized persons.

The present invention generally relates also authorized persons to manipulate secured information with the invented SE microprocessors in a computing system.

The invention generally relates dynamically reconfiguring a secured instruction set to decode secured instructions in a program securely manipulated by authorized persons and/or machines. More specifically, a plurality of customized instructions is decoded by a reconfigurable instruction decoder to produce a series of DOPs, including control signals and other useful binary information encapsulated in a single or plurality of bytes.

The invention generally relates distributing a series of the DOPs to a plurality of execution units found in microprocessors in prior arts, wherein the execution units includes arithmetic logic units (ALUs), integer and floating-point units, memory read/write units, and

application specific execution engines.

The invention generally relates randomly identifying functions in a program and transforming the identified functions to SE functions by adding a plurality of SE function-identification bits to the SE functions .

The invention generally relates identifying SE functions in a transformed program, transforming a sequence of instructions in an SE function to an SE instruction or a sequence of SE instructions in an SE function, generating an SE instruction set with unique SE instructions found in the SE functions, and generating configuration information of SE instructions in the SE instruction set to decode SE instructions with a reconfigurable instruction decoder.

The invention generally relates transforming a sequence of DOPs of an SE instruction to a sequence of SE DOPs of an SE instruction, linking to an SE DOP or a sequence of SE DOPs to an SE instruction, and updating an SE DOP access lookup table.

PROBLEMS OF THE ART

Computing systems cipher most of information protecting from

malicious usages. For instance, Data Encryption Standard (DES) offers an encryption alongside of existing security technologies. Therefore, encrypted information is very difficult to be decrypted to the same meaning of the information. The crypto variable and other information need to be shared with the authorized users. In general, the encryption also needs to be less susceptible. Other encryption systems, including Symmetric-Advanced Encryption Standard, asymmetric-RSA [1], or elliptic curve cryptography [2], are used different key sizes.

U.S. Patent No. 7,269,715 [3] presents an instruction converting method and apparatus. A current set of instructions received as part of a group, including a prior set of instructions, is distinguished by using a history data structure. In this approach, a critical path is recognized to break apart incoming instructions into special groups or formations while instructions are fetched between an instruction cache and a memory. The converted instructions including a converting indication are finally used by the execution units. In particular, grouper circuit and translation circuit are invented to issue the converted instructions to the execution units.

U.S. Patent No. 6,047,368 [4] presents an instruction converting apparatus that employs a compatibility circuit includes translation and grouper circuits. The translation circuit transforms old instructions to new instructions as simpler forms. The grouper circuit groups instructions according to type of instructions during instruction fetches to an instruction cache. In this invention, assigned

functionalities of the grouped instructions are dynamically converted and identified while being concurrently issued and executes. However, this invention does not physically reduce the bit-length of

instructions. Therefore, the same or more instruction caches still required .

U.S. Patent No. 5,509,130 [5] claims simultaneously converting and issuing instructions at the same clock cycle for execution. An

instruction control unit detects operands cascading from one

instruction to another instruction after decoding a sequence of instructions. Then, instructions are packed according to exclusion rules reflecting characteristics of the resources and structure of the target processor. However, this invention still requires maintaining at least the same size of the instruction cache as well as involving branch prediction and resolution units due to the runtime conversion.

U.S. Patent 7,181,597 [6] describes a trace cache-based approach.

More specifically, the first instruction is decoded into a plurality of operations in the invention. The first copy of the operations is passed from the decoder to a build engine integrated to a trace cache. The decoder also directly passes the second copy of the operations to a backend allocation module. This approach focuses on enhancing

performance by selectively bypassing a trace cache build engine.

U.S. Patent Application US 2002/008782 A1 [7] claims about grouped VLIW instruction words stored with predecode information including the location of the instructions. The invention also claims the compiler generated information, including the processor path of the sub

instructions within the VLIW grouping. Since this invention inherently relates VLIW processor, the invention still includes instruction grouping under the fixed execution units installed in a VLIW processor, which has well-known drawback on highly unused execution units compared to other types of processors, including RISC and CISC processors.

In prior arts, (1) computing systems are blocked from unauthorized persons; and (2) information is encrypted and decrypted to prevent malicious usage to prohibit malicious programs from being accessing computing systems and executing and generating information only for authorized persons. The current approaches are highly vulnerable once unauthorized persons can not only access computing systems to copy secured information, but also run malicious programs to control the computing systems. Unlike the secured computing systems and encrypted information used in prior arts, the security-enabled microprocessor for a computing system invented is capable of creating security-enabled (SE) microprocessor to prevent unauthorized persons and/or machines from unauthorized accesses and malicious usages of computing systems by (1) transforming microprocessors, which control the computing systems and manipulate the information, employed in the computing systems to SE microprocessors, which only allow authorized persons and/or machines to securely control the computing systems and manipulate the secured information; (2) dynamically reconfiguring a customized instruction set to decode customized instructions in a program securely manipulated by authorized persons; (3) distributing a series of DOPs to a plurality of execution units in SE microprocessors; (4) randomly identifying functions in a program and transforming the identified functions to SE functions; (5) identifying SE functions in a transformed program; (6) transforming a sequence of instructions in an SE function to an SE instruction or a sequence of SE instructions in an SE function; (7) generating an SE instruction set with unique SE instructions found in the SE functions; (8) generating configuration information of SE instructions in the SE instruction set to decode SE instructions with a reconfigurable instruction decoder; (9) transforming a sequence of DOPs of an SE instruction to a sequence of SE DOPs of an SE instruction;

(10) linking a sequence of SE DOPs of an SE instruction to an SE DOP or a sequence of SE DOPs to an SE instruction; and (11) updating an SE DOP access lookup table. Therefore, an SE computing system is created by transforming a microprocessor to the invented SE microprocessor, which is capable of protecting secured information from unauthorized persons and/or machines even though unauthorized persons and/or machines maliciously access the computing system.

SUMMARY OF THE DISCLOSURE

The invention generally relates to a security-enabled (CE)

microprocessor system including a series of software compilations for selectively transforming unsecured functions and a series of unsecured instructions in a program to secured functions and a single or

plurality of secured instructions and a secure hardware system further including (1) a mixed SE an security-disabled (SD) information memory system, (2) a mixed SE and SD instruction memory system, (3) an SE instruction fetch unit, (4) a reconfigurable SE instruction decoder, and (5) a plurality of execution units, wherein the reconfigurable SE instruction decoder is interfaced with an SE DOP storage and SE DOP access lookup table. More specifically, a dynamic SE DOP generator dynamically generates and updates a plurality of SE DOP accessing information of a single or plurality of SE instructions identified in an SE instruction set compiled for SE functions and a single or plurality of SE instructions transformed. Furthermore, the dynamic SE DOP generator dynamically generates and updates SE configuration information to the reconfigurable SE instruction decoder to decode SE functions and a single or plurality of SE instructions. More

specifically, the SE DOP storage includes a plurality of entries of DOPs of an SE instruction and of SE instructions. The SE DOP access lookup table includes a plurality of entries of SE DOP access pointers, which provide which DOPs of SE instruction is accessed from the SE DOP storage upon decoding an SE instruction by the reconfigurable SE instruction decoder.

The mixed SE and an SD information memory system contains SE information, which is identified as an SE information by an SE information identification unit, wherein mixed SE and SD information is received from a computing system via wire or wireless communication channels and stored to the mixed SE and an SD information memory system, which can be accessed by a single or plurality of execution units. A single or plurality of execution units also accesses and produces mixed SE and SD information and transmits the mixed SE and SD information to other computing systems.

An SE computing system equipped with the invented SE microprocessor system processes a single or plurality of requests of authentications from users and/or machines of the SE computing system. The

authentication requests can be received from Universal Serial Bus (USB) dongles, Bluetooth devices, smart connected devices, such as

smartphones, tablets, etc., other identification sensor devices, such as chip cards, magnetic swipe cards, voice recorders, fingerprint sensors, and other devices, which can be used to identify persons' authentications. The SE microprocessor system processes the invented SE operations if receiving successful authentication requests.

There has thus been outlined, rather broadly, some of the features of the invention in order that the detailed description thereof may be better understood, and that the present contribution to the art may be better appreciated. Additional features of the invention will be described hereinafter.

In this respect, before explaining at least one embodiment of the invention in detail, it is to be understood that the invention is not limited in its application to the details of construction or to the arrangements of the components set forth in the following description or illustrated in the drawings. The invention is capable of other embodiments and of being practiced and carried out in various ways. Also, it is to be understood that the phraseology and terminology employed herein are for the purpose of the description and should not be regarded as limiting. An object is to provide secure operations of computing systems by security-enabled microprocessors that control the computing systems and manipulating security sensitive information in computing systems and between computing systems over computer networks and internets.

An object is to provide the secure operations of computing systems by security-enabled microprocessors that decode instructions in an executable program by the SE microprocessor according to a secured customized instruction set dynamically reconfigured before executing the decoded instructions.

Another object is to provide the secure operations of computing systems by security-enabled microprocessors that determine how many and which functions in a program are randomly identified and transformed the identified functions to SE functions with additional a plurality of SE function identification bits by an SE function compiler.

Another object is to provide the secure operations of computing systems by security-enabled microprocessors that identify SE functions in a program, transform an instruction or a sequence of instructions in an SE function to an SE instruction or a sequence of SE instructions in an SE function, generate an SE instruction set, and generate

configuration information of SE instructions in the SE instruction set to decode SE instructions by an instruction-set configuration compiler.

An object is to provide the secure operations of computing systems by security-enabled microprocessors that transform a sequence of non-flow control instructions to a non-flow control SE instruction by the instruction-set configuration compiler.

Another object is to provide the secure operations of computing systems by security-enabled microprocessors that transform a sequence of DOPs of an SE instruction to a sequence of SE DOPs of an SE

instruction, link to an SE DOP or a sequence of SE DOPs to an SE instruction, and update an SE DOP access lookup table by a dynamic SE DOP generator.

Another object is to provide the secure operations of computing systems by security-enabled microprocessors that identify a sequence of non-flow control SE instructions, and generate a sequence of SE DOPs of a sequence of non-flow control SE instructions with the dynamic SE DOP generator .

Another object is to provide the secure operations of computing systems by security-enabled microprocessors that utilize an SE DOP or a sequence of SE DOPs encapsulated in a different binary format.

Other objects and advantages of the present invention will become obvious to the reader and it is intended that these objects and advantages are within the scope of the present invention. To the accomplishment of the above and related objects, this invention may be embodied in the form illustrated in the accompanying drawings,

attention being called, however, to the fact that the drawings are illustrative only, and that changes may be made in the specific construction illustrated and described within the scope of this application .

In this patent document, the terms "include" and derivatives thereof mean inclusion without limitation.

BRIEF DESCRIPTION OF THE DRAWINGS

A more complete understanding of embodiments of the disclosure will be apparent from the detailed description taken in conjunction with the accompanying drawings in which:

FIG. 1 is a diagram showing one embodiment of the security-enabled (SE) microprocessor for a computing system including an SE function compiler, an instruction-set configuration compiler, a dynamic SE decoded-operation (DOP) generator, and an SE microprocessor, wherein the SE function compiler including a security authorization unit, a function identification unit, an SE function identification bits generator, and an SE function transformation unit for generating mixed SE and security-disabled (SD) functions in an SE program from unsecured functions in a program, wherein the instruction-set configuration compiler including an SE function identification unit, an SE

instruction transformation unit, an SE instruction-set generator, and an instruction configuration information generator for generating an SE instruction configuration information and a single or plurality of SE instruction sets from a mixed SE and SD functions in an SE program, wherein the dynamic SE DOP generator including an SE instruction identification unit, an SE DOP transformation unit, and an SE DOP linker for generating a single or plurality of DOPs linked to each SE instruction found in a single or plurality of SE instruction sets and for generating SE DOP accessing information stored in an SE DOP access lookup table, wherein an SE microprocessor including an SE instruction fetch unit, a reconfigurable SE instruction decoder interfaced with an SE DOP storage and an SE DOP access lookup table, and a plurality of execution units for fetching mixed SE and SD instructions from an instruction memory system, for decoding mixed SE and SD instructions fetched, and for executing mixed SE and SD instructions decoded;

FIG. 1 is also a diagram showing one embodiment of the generation method of SE functions, a single SE instruction or a series of SE instructions from SE functions, a single or plurality of SE instruction sets from a single or plurality of SE functions, an SE instruction configuration information from SE instructions generated for

configuring the reconfigurable SE instruction decoder, a plurality of SE DOPs of SE instructions, and information for accessing a plurality of SE DOPs of SE instructions;

FIG. 2 is a diagram showing one embodiment of an SE computing system including a mixed SE and SD information memory system, a mixed SE and SD instruction memory system, and an SE microprocessor for processing mixed SE and SD information and instructions according to the

authentication information, wherein the SE microprocessor including an SE instruction fetch unit, a reconfigurable SE instruction decoder, and a plurality of execution units, wherein the reconfigurable SE

instruction decoder further including a dynamic DOP generator, an SE DOP access table including a plurality of entries of SE DOP access pointers, which provide which DOPs of SE instruction is accessed from the SE DOP storage upon decoding an SE instruction by the

reconfigurable SE instruction decoder, an SE DOP storage including a plurality of entries of DOPs of an SE instruction and of SE

instructions, and an authentication processing unit, wherein the dynamic DOP generator dynamically operating with an SE instruction sets and an SE instruction configuration information for reconfiguring the reconfigurable SE instruction decoder, wherein the authentication processing unit processing various types of authentication requests received from Universal Serial Bus (USB) dongles, Bluetooth devices, smart connected devices, such as smartphones, tablets, etc., other identification sensor devices, such as chip cards, magnetic swipe cards, voice recorders, fingerprint sensors, and other devices, which can be used to identify authentications of persons and/or machines; and

FIG. 2 is also a diagram showing one embodiment of the SE

microprocessor for decoding SE instructions of SE functions with the reconfigurable SE instruction decoder, wherein the dynamic SE DOP generator distributing DOPs of SE instructions generated to the SE DOP storage and associated SE DOP access pointers to the SE DOP access lookup table.

FIG. 3 illustrates an SE information and instruction generation process. More specifically, (1) an SE information interpretation process for SE information received from other computing systems and (2) an SE information generation process in an SE computing system equipped with an SE microprocessor are illustrated. More specifically, various invented units involved in the SE information and instruction authentication processes are illustrated. Fig. 3 also illustrates SE operations performed by an SE computing system equipped with an SE microprocessor .

DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS FIG. 1 is a diagram showing one embodiment of a security-enabled (SE) microprocessor for a secure computing system including an SE function compiler 1, an instruction-set configuration compiler 11, a dynamic SE DOP generator 21, and an SE microprocessor 31.

In one embodiment, the SE function compiler 1 includes a security authorization unit 2, a function identification unit 4, an SE function identification bits generator 5, and an SE function transformation unit 6. The SE function compiler 1 randomly identifies a single or plurality of functions in unsecured functions in a program 3 according to security authentication information generated by the security

authentication unit 2. The function identification unit 4 determines which unsecured or security-disabled (SD) functions in the program 3 are transformed to a plurality of SE functions. The SE function transformation unit 6 analyzes each identified SD function, attaches a series of function identification bits generated by the SE function identification bits generator 5, transforms the SD function identified to an SE function, and replicates aforementioned operations for remaining SD functions identified for transforming to SE functions. Consequently, the SE function compiler 1 transforms randomly identified SD functions in a program to mixed SE functions and SD functions in an SE program 7.

In one embodiment, the instruction-set configuration compiler 11 includes an SE function identification unit 12, an SE instruction transformation unit 13, an SE instruction-set generator 14, and an instruction configuration information generator 15. The instruction-set configuration compiler 11 generates an SE instruction configuration information and a single or plurality of SE instruction sets from a mixed SE and SD functions in an SE program.

The SE function identification unit 12 filters SE functions in the mixed SE functions and SD functions in an SE program 7 and informs SE functions identified to the SE instruction transformation unit 13.

The SE instruction transformation unit 13 transforms a single security-disabled (SD) instruction or a series of SD instructions in an

SE function identified to a single SE instruction or a series of SE instructions. More specifically, the SE instruction transformation unit 13 transforms a sequence of non-flow control instructions to a non-flow control SE instruction, wherein a non-flow control instruction is an instruction that does not include any operation for controlling instruction flow. The SE instruction transformation unit 13 determines how many instructions in an SE function to be transformed. More specifically, the SE instruction transformation unit 13 determines how many instructions in a basic block and how many basic blocks are in an

SE function, wherein a basic block is a series of instructions with one entry and one exit. Therefore, the SE instruction transformation unit 13 transforms a single or plurality of instructions in a basic block to an SE instruction or a fewer number of SE instructions than the number of instructions in the basic block. The SE instruction transformation unit 13 registers an SE instruction transformed to the SE instruction- set generator 14 for generating an SE instruction set from a plurality of SE instructions transformed. The SE instruction transformation unit 13 substitutes SD instructions with SE instructions transformed in the mixed SE and security-disabled (SD) functions in SE program 7. The SE instruction transformation unit 13 continues to operate the

aforementioned operations with the SE function identification unit 12 and the SE instruction-set generator 14 until the SE instruction-set generator 14 informs a termination of SE instruction transformation.

The SE instruction-set generator 14 collects a plurality of unique SE instructions in order to generate an SE instruction set. The SE instruction-set generator 14 reformats a plurality of the unique SE instructions for securely decoding SE instructions. Therefore, an SE instruction or a sequence of SE instructions has a different binary format, wherein a different binary format including a different sequence and/or length of binary numbers. More specifically, the SE instruction-set generator 14 a non-flow control SE instruction from a sequence of non-flow control instructions for securely decoding a non ^¬ flow control SE instruction. The SE instruction-set generator 14 starts over to generate another SE instruction set once an SE instruction set is generated. Therefore, the SE instruction-set generator 14 generates a single or plurality of SE instruction sets 16, wherein the SE instruction sets 16 including a single or plurality of SE instruction sets generated by the SE instruction-set generator 14 and accessed by an SE decoded-operation (DOP) transformation unit 23 in the dynamic SE DOP generator 21.

The SE instruction configuration information generator 15 generates configuration information of SE instructions in the SE instruction set to decode SE instructions, wherein an SE instruction set includes all of SE instructions transformed, wherein configuration information is used to reconfigure a reconfigurable SE instruction decoder. The SE instruction configuration information generator 15 generates SE instruction configuration information 17 of an SE instruction set to decode SE instructions with a reconfigurable instruction decoder 33 in an SE microprocessor 31.

The SE instruction configuration information 17 generated by the SE instruction configuration information generator 15 is used for

reconfiguring the reconfigurable SE instruction decoder 33. More specifically, the SE instruction configuration information 17 includes configuration information of a reconfigurable instruction decoder that is built with a programmable gate array, such as a field-programmable gate array (FPGA), wherein an FPGA is an integrated circuit that can be programmed after manufacturing the FPGA.

In one embodiment, the dynamic SE DOP generator 21 includes an SE instruction identification unit 22, an SE DOP transformation unit 23, and an SE DOP linker 24 for (1) transforming a sequence of DOPs of an SE instruction to a sequence of SE DOPs of an SE instruction, (2) linking to an SE DOP or a sequence of SE DOPs to an SE instruction, and (3) updating an SE DOP access lookup table, wherein an SE DOP or a sequence of SE DOPs is accessed in series or in parallel after an SE instruction is decoded. More specifically, the dynamic SE DOP generator 21 (1) identifies a sequence of non-flow control SE instructions, and

(2) generates a sequence of SE DOPs of a sequence of non-flow control SE instructions. An SE DOP or a sequence of SE DOPs has a different binary format, wherein a different binary format including a different sequence and/or length of binary numbers.

The SE instruction identification unit 22 identifies SE instructions in the mixed SE and SD functions in SE program 7 and forwards SE instructions to the SE DOP transformation unit 23.

The SE DOP transformation unit 23 accesses configuration information stored from the SE instruction configuration information 17 and a plurality of unique SE instructions identified in an SE instruction set of a plurality of SE instruction sets 16 upon receiving a single or plurality of SE instructions identified and informed from the SE instruction identification unit 22. The SE DOP transformation unit 23 transforms an SE instruction to a single or plurality of DOPs by identifying required a single or plurality of DOPs implemented for the SE microprocessor 31 and assigning the identified DOPs in proper orders according to operations of an SE instruction, wherein a plurality of DOPs implemented for the SE microprocessor 31 is stored in the SE DOP storage 35. The SE DOP transformation unit 23 stores DOPs transformed to the SE DOP storage 35 and stores a DOP access order of an SE instruction to the SE DOP access lookup table 36. The SE DOP

transformation unit 23 further provides a sequence of DOPs of an SE instruction to the SE DOP linker 24 to determine which of a single or plurality of DOPs is accessed to complete decode operations of an SE instruction. The SE DOP linker 24 receives a linking request upon completion of transformation of a single or plurality of DOPs of an SE instruction from the SE DOP transformation unit 23. The SE DOP linker 24 identifies a single or plurality of DOP access locations of an SE instruction from a single or plurality of DOPs stored in the SE DOP storage 35. The SE DOP linker 24 generates a single or plurality of SE DOP accessing pointers and stores the SE DOP accessing pointers to the SE DOP access lookup table 31.

In one embodiment, the SE microprocessor 31 includes an SE

instruction fetch unit 32, a reconfigurable SE instruction decoder 33, a plurality of execution units 34, an SE DOP storage 35, and an SE DOP access lookup table 36. The SE microprocessor 31 fetches mixed SE and SD instructions with the SE instruction fetch unit 32, decodes mixed SE and SD instructions fetched with the reconfigurable SE instruction decoder 33 associated with the SE DOP storage 35 and the SE DOP access lookup table 36, and executes mixed SE and SD instructions decoded with a plurality of the execution units 34.

The SE function compiler, the instruction-set configuration compiler, the dynamic SE DOP generator, and the presented SE microprocessor, are not limited in its application to the details of construction or to the arrangements of the components set forth in the above description or illustrated in FIG. 1.

FIG. 2 is a diagram showing one embodiment of an SE computing system 41 includes a mixed SE and SD information 42, an SE information identification unit 43, a mixed SE and SD functions in SE program 7, a mixed SE and SD information memory system 45, a mixed SE and SD instruction memory system 44, an authentication processing unit 46, various types users' authentication devices 47, and an SE

microprocessor 31, wherein the SE microprocessor 31 further includes an SE instruction fetch unit 32, a reconfigurable SE instruction decoder 33, and a plurality of execution units 34, wherein the reconfigurable SE instruction decoder 33 is further includes an SE DOP storage 35, an SE DOP access lookup table 36, and a dynamic SE DOP generator 21, wherein the dynamic SE DOP generator 21 operates with an SE instruction sets 16 and an SE instruction configuration information 17.

In one embodiment, the mixed SE and SD information 42 is various types of information received from and transmitted to a single or plurality of computing systems. The SE information identification unit 43 identifies SE information and SD information from the mixed SE and SD information 42. The mixed SE and SD information memory system 45 stores SE information and SD information in binary form accessed by the SE microprocessor 31. The unsecured functions in program 3 are various types of functions in a program which is compiled by software compiler in prior arts. More specifically, the unsecured functions in program 3 are compiled by the SE function compiler 1 after compilation of software compiler in prior arts to identify SE functions from unsecured or SD functions and to generate the mixed SE and SD functions in SE program 7. More specifically, the mixed SE and SD functions in SE program 7 are compiled to generate SE instruction configuration information 17 and SE instruction sets 16 by the instruction-set configuration compiler 11. More specifically, the instruction-set configuration compiler 11 generates SE instructions of SE functions in the mixed SE and SD functions in SE program 7. The mixed SE and SD functions in SE program 7 in binary form are stored in the mixed SE and SD instruction memory system 44, wherein the mixed SE and SD

instruction memory system 44 is accessed by the SE microprocessor 31.

In one embodiment, the dynamic SE DOP generator 21 generates SE DOPs of an SE instruction and a single or plurality of SE DOP access pointers with information from the SE instruction configuration information 17 and the SE instruction sets 16. More specifically, the dynamic SE DOP generator 21 transforms a sequence of DOPs of an SE instruction to a sequence of SE DOPs of an SE instruction, (2) links to an SE DOP or a sequence of SE DOPs to an SE instruction, and (3) updates the SE DOP access lookup table 36, wherein an SE DOP or a sequence of SE DOPs is accessed in series or in parallel after an SE instruction is decoded. More specifically, the dynamic SE DOP generator 21 (1) identifies a sequence of non-flow control SE instructions, and

(2) generates a sequence of SE DOPs of a sequence of non-flow control SE instructions. An SE DOP or a sequence of SE DOPs has a different binary format, wherein a different binary format including a different sequence and/or length of binary numbers. More specifically, the dynamic SE DOP generator 21 dynamically generates and updates a plurality of SE DOP accessing information of a single or plurality of SE instructions identified in an SE instruction set compiled for SE functions and a single or plurality of SE instructions transformed. Furthermore, the dynamic SE DOP generator 21 dynamically generates and updates SE configuration information to the reconfigurable SE

instruction decoder 33 to decode SE functions and a single or plurality of SE instructions.

In one embodiment, the SE instruction fetch unit 32 in the SE microprocessor 31 receives SE instructions in SE functions and SD instructions in SD functions stored in the mixed SE and SD instruction memory system 44. The SE instruction fetch unit 32 forwards SE

instructions and SD instructions to the reconfigurable SE instruction decoder 33. More specifically, the SE instruction fetch unit 32 separately forwards SE instructions and SD instructions if an SE microprocessor equips with an instruction decoder for unsecure or SD instructions and a reconfigurable SE instruction decoder 33. Otherwise, the reconfigurable SE instruction decoder 33 receives both SE

instructions and SD instructions to decode from the SE instruction fetch unit 32. The SE instruction fetch unit 32 also performs other operations typically implemented in instruction fetch units in prior arts .

In one embodiment, the reconfigurable SE instruction decoder 33 in the SE microprocessor 31 is interconnected to the SE instruction fetch unit 32, the SE DOP storage 53, and the SE DOP access lookup table 36, wherein the SE DOP storage 53, and the SE DOP access lookup table 36 are connected to the dynamic SE DOP generator 21. The reconfigurable SE instruction decoder 33 is configured with configuration information generated by the dynamic SE DOP generator 21. More specifically, the reconfigurable SE instruction decoder 33 is implemented with a reconfigurable programmable gate array, such as an FPGA, for

configuring the reconfigurable SE instruction decoder 33 after

manufacturing the FPGA and the SE microprocessor 31. If the

reconfigurable SE instruction decoder 33 is implemented with a

reconfigurable programmable gate array, the SE instruction

configuration information 17 includes additional configuration

information for reconfiguring the FPGA as a reconfigurable SE

instruction decoder. Otherwise, the reconfigurable SE instruction decoder 33 is reconfigured for SE instructions transformed in one of the SE instruction sets 16. The reconfigurable SE instruction decoder 33 is reconfigured for SE instructions by accessing binary format information of unique types of SE instructions to extract values of different fields implemented in SE instructions, wherein a unique type of SE instructions shares with a unique and same binary format of an SE instruction, wherein the extracted values of different fields

implemented in an SE instruction are decoded by accessing a single DOP or a series of DOPs in identified order along with a single or

plurality of extracted values. The reconfigurable SE instruction decoder 33 accesses SE DOPs generated by the dynamic SE DOP generator 21 and stored in the SE DOP storage 35 according to the access order identified by the dynamic SE DOP generator 21 and stored in the SE DOP access lookup table 36. A single reconfigurable SE instruction decoder 33 decodes a single SE instruction per a single or plurality of cycles. A plurality of reconfigurable SE instruction decoders 33 decodes a plurality of SE instructions in parallel. More specifically, the reconfigurable SE instruction decoder 33 decodes both of SE and SD instructions if SD instructions are configured and DOPs and DOP accessing orders of SD instructions are generated and stored in the SE DOP storage 35 and the SE DOP access lookup table 36. More

specifically, a limited number of SE instructions or SE and SD

instructions in an SE instruction set are applied for avoiding large entries of the SE DOP storage 35 and the SE DOP access lookup table 36 and large logic circuits to build the reconfigurable SE instruction decoder 33.

The SE DOP storage 35 includes a plurality of entries of DOPs of an SE instruction and of SE instructions. More specifically, a single or plurality of entries of DOPs in the SE DOP storage 35 is accessed by a single or plurality of SE DOP access pointers stored in the SE DOP access lookup table 36 to provide which DOPs of SE instruction is accessed upon decoding an SE instruction by the reconfigurable SE instruction decoder 33. The SE DOP storage 35 is interfaced with the reconfigurable SE instruction decoder 33, the SE DOP access lookup table 36, and the dynamic SE DOP generator 21. More specifically, the SE DOP transformation unit 23 in the dynamic SE DOP generator 21 stores DOPs transformed from an SE instruction to the SE DOP storage 35. A single or plurality of DOP access locations of an SE instruction from a single or plurality of DOPs stored in the SE DOP storage 35 is

identified by the SE DOP linker 24 in the dynamic SE DOP generator 21 to generate decoded outcomes of an SE instruction decoded by the reconfigurable SE instruction decoder 33 and to deliver the decoded outcomes to a plurality of the execution units 34. More specifically, the SE DOP storage 35 stores DOPs of both of SE and SD instructions if SD instructions are decoded by the reconfigurable SE instruction decoder 33. More specifically, a limited number of DOPs of SE, a limited number of DOPs of SD, or a limited number of DOPs of SE and SD instructions in an SE instruction set are stored to the SE DOP storage 35 if the SE DOP storage 35 is limited to avoid large entries of the SE DOP storage 35. More specifically, the SE DOP storage 35 stores a large number of DOPs of SE, a large number of DOPs of SD, or a large number of DOPs of SE and SD instructions in an SE instruction set by

dynamically replacing a various limited number of DOPs of SE, a various limited number of DOPs of SD, or a various limited number of DOPs of SE and SD instructions in an SE instruction set whenever the

reconfigurable SE instruction decoder 33 is reconfigured a limited number of SE instructions, a limited number of SD instructions, or a limited number SE and SD instructions in an SE instruction set.

Therefore, a limited number of entries of the SE DOP storage 35 are capable of dealing with various and large number of SE and SD

instructions in various SE instruction sets.

The SE DOP access lookup table 36 includes a plurality of entries of SE DOP access pointers, which provide which DOPs of SE instruction is accessed from the SE DOP storage 35 upon decoding an SE instruction by the reconfigurable SE instruction decoder 33. The SE DOP access lookup table 36 stores a single or plurality of DOP access orders of a single or plurality of SE instructions. The SE DOP access lookup table 36 is interfaced with the reconfigurable SE instruction decoder 33, the SE DOP storage 35, and the dynamic SE DOP generator 21. More specifically, the SE DOP transformation unit 23 in the dynamic SE DOP generator 21 dynamically updates DOPs transformed from an SE instruction to the SE DOP access lookup table 36 to match the DOPs transformed are accessed by the updated SE DOP access pointers. Therefore, the SE DOP access lookup table 36 and the SE DOP storage 35 are synchronized each other to avoid potential malfunctions of the reconfigurable SE instruction decoder 33 with the same binary information of different SE

instructions in different SE instruction sets. A single or plurality of DOP access locations of an SE instruction from a single or plurality of DOPs stored in the SE DOP storage 35 identified by the SE DOP linker 24 in the dynamic SE DOP generator 21 is stored to the SE DOP access lookup table 36. Therefore, the reconfigurable SE instruction decoder 33 generates decoded outcomes of an SE instruction and to deliver the decoded outcomes to a plurality of the execution units 34 by a single or a series of SE DOPs accessed in an order stored in the SE DOP access lookup table 36 by accessing SE DOP access pointers from the SE DOP access lookup table 36. More specifically, the SE DOP access lookup table 36 stores access pointers of DOPs of both of SE and SD

instructions if SD instructions are decoded by the reconfigurable SE instruction decoder 33. More specifically, a limited number of access pointers of DOPs of SE, a limited number of access pointers of DOPs of SD, or a limited number of access pointers of DOPs of SE and SD instructions in an SE instruction set are stored to the SE DOP access lookup table 36 if the SE DOP access lookup table 36 is limited to avoid large entries of the SE DOP access lookup table 36. More

specifically, the SE DOP access lookup table 36 stores a large number of access pointers of DOPs of SE, a large number of access pointers of DOPs of SD, or a large number of access pointers of DOPs of SE and SD instructions in an SE instruction set by dynamically replacing a various number of access pointers of DOPs of SE, a various number of access pointers of DOPs of SD, or a various number of access pointers of DOPs of SE and SD instructions in an SE instruction set whenever the reconfigurable SE instruction decoder 33 is reconfigured a number of SE instructions, a number of SD instructions, or a number SE and SD instructions in an SE instruction set. Therefore, a limited number of entries of the SE DOP access lookup table 36 is capable of dealing with a various and a large number of SE and SD instructions in various SE instruction sets.

In one embodiment, a plurality of execution units 34 includes arithmetic logic units (ALUs), integer and/or floating-point units, memory read/write units, and/or application specific execution engines. A plurality of the execution units 34 accesses the mixed SE and SD information 42 received from a computing system via wire or wireless communication channels after identifying SE information with the SE information identification unit 43 from the mixed SE and an SD

information memory system 45. A plurality of the execution units 34 also accesses and produces mixed SE and SD information and transmits the mixed SE and SD information 42 to other computing systems. A plurality of the execution units 34 executes mixed SE and SD

instructions decoded by the reconfigurable SE instruction decoder 33. More specifically, a plurality of the execution units 34 receives a single or plurality of SE DOPs from a single or plurality of entries of the SE DOP storage 35, wherein a single or plurality of the SE DOPs received is used by a single or plurality of the execution units in sequence and in parallel according to the SE DOPs generated for the execution units and architecture of the execution units. More

specifically, a plurality of the execution units 34 accesses a single or a series of SE DOPs in an order stored in the SE DOP access lookup table 36 by accessing SE DOP access pointers from the SE DOP access lookup table 36. A plurality of the execution units 34 also processes a single or plurality of requests of authentications from users and/or machines of the SE computing system 41, wherein the authentication requests are received from various means but not limited from Universal Serial Bus (USB) dongles, Bluetooth devices, smart connected devices, such as smartphones, tablets, etc., other identification sensor devices, such as chip cards, magnetic swipe cards, voice recorders, fingerprint sensors, and other devices, which can be used to identify authentications of persons and/or machines. Therefore, the SE

microprocessor system 31 processes the invented SE operations if receiving successful authentication requests. The SE microprocessor 31 can be used for various computing systems as different forms of SE microprocessors, wherein the different forms of SE microprocessors are an SE server processor for a server, an SE central processing unit (CPU) for a personal computer, an SE multi-core processor for mobile smart connected devices (SCDs) , such as a smartphone, a tablet, and other computing devices connected to other SCDs, an SE embedded microprocessor or an SE microcontroller for various systems, such as computing devices for internet of things (IoTs), transportations for vehicles, airplanes, drones, and ships, robotics for healthcare, industrial, defense, and building/home applications.

The presented SE microprocessor 31 is not limited in its application to the details of construction or to the arrangements of the components set forth in the above description or illustrated in FIG. 2. The SE computing system 41 equipped with the SE microprocessor 31 processes a single or plurality of requests of authentications from users of the SE computing system, wherein the authentication requests are received from USB dongles, Bluetooth devices, smart connected devices, such as smartphones, tablets, etc., other identification sensor devices, such as chip cards, magnetic swipe cards, voice recorders, fingerprint sensors, and other devices, which are used to identify persons' authentications. The SE computing system 41 processes the invented SE operations if receiving successful authentication requests. Therefore, the presented SE microprocessor 31 is capable of protecting secured information from unauthorized persons even though the unauthorized persons and/or machines maliciously access the computing system.

The presented SE computing system 41 is not limited in its

application to the details of construction or to the arrangements of the components set forth in the above description or illustrated in FIG. 2.

FIG. 3 is a diagram showing one embodiment of an SE information and instruction generation process 51 including (1) an SE information and instruction authentication process for transforming unsecured

information and instructions to SE information and instructions, (2) an SE information interpretation process for interpreting encoded SE information received from other SE computing systems to SE information after decoding the encoded SE information, (3) an SE information generation process for SE information generated by an SE computing system itself for utilizing by itself and/or transmitting to other SE computing systems, (4) an SE instruction generation process for transforming unsecured instructions in functions in a program to SE instructions in SE functions in an SE program, and (5) an SE

instruction-set configuration process for decoding SE and/or SD instructions with the reconfigurable SE instruction decoder 33 whenever dynamically configuring SE and SD instructions in a single or plurality of SE instruction sets from an SE program.

The SE information and instruction authentication process is initiated by user authentication devices 47 which transmit

authentication requests to an authorization processing unit 46. The authorization processing unit 46 generates permission and forwards permission to other units including a security authentication unit 2 for activating SE operations of an SE function identification unit 12 and an SE instruction ID unit 22. The security authentication unit 2 activates an SE information identification unit 43 for switching current SE operation mode to another SE operation mode in an SE microprocessor 31 via an SE operation mode changer 55. The SE

information identification unit 43 also activates an SE information generator 52 to generate SE information 42-4 including encoded SE information to be transmitted to other SE computing systems or SE information to be used by the SE microprocessor 31. More specifically, the SE information identification unit 43 activates an SE information interpreter 43-1 to transform SE information received 42-1 from other SE computing systems. The SE information interpreter 43-1 obtains SE encoded information 42-2 and sequences of SE decoding operations 42-3 to decode the SE information received 42-1 for further processing the SE information decoded by the SE microprocessor 31, wherein the SE encoded information 42-2 includes ciphered binary form of data for identifying an SE information, wherein the sequences of SE decoding operations 42-3 include ciphered binary form of data for converting an SE encoded information to an SE decoded information in which the SE microprocessor 31 uses the SE decoded information as an SE information generated by the SE microprocessor 31, wherein the SE encoded

information 42-2 and sequences of the SE decoding operations 42-3 are received separately for additional security of the SE information received 42-1. Therefore, the SE information interpreter 43-1

transforms the SE information received 42-1 to SE information.

The SE information interpretation process is initiated by receiving permission and SE information received 42-1. The SE information interpreter 43-1 decodes SE information received 42-1 using SE encoded information 42-2 and sequences of SE decoding operations 42-3

separately received.

The SE information generation process is initiated by the SE

information generator 52. The SE information generator 52 generates SE information 42-4 as encoded SE information to be transmitted to other SE computing systems or SE information to be used by the SE

microprocessor 31.

The SE instruction generation process is initiated by the security authentication unit 2. The security authentication unit 2 activates SE operations of the SE function identification unit 12 and the SE instruction ID unit 22. The SE function identification unit 12

identifies functions in different programs including functions from operating system (OS) 3-1 or functions from application software 3-2, wherein a function from OS 3-1 is a file copy function, wherein a function from application software 3-2 is a read memory function. The SE instruction ID unit 22 identifies instructions in SE functions according to unsecure instructions in a primary instruction set being executable by a microprocessor before transformed to an SE

microprocessor .

The SE instruction-set configuration process is initiated by the instruction-set configuration compiler 11. The instruction-set

configuration compiler 11 identifies SE functions in a program, transforms an instruction or a sequence of instructions in an SE function to an SE instruction or a sequence of SE instructions in an SE function, generates an SE instruction set, and generates configuration information of SE instructions in the SE instruction set to decode SE instructions, wherein an SE instruction set includes all of SE

instructions transformed, wherein configuration information is used to reconfigure a reconfigurable SE instruction decoder. The instruction- set configuration compiler 11 also transforms a sequence of non-flow control instructions to a non-flow control SE instruction. The dynamic SE DOPs generator 21 transforms a sequence of DOPs of an SE instruction to a sequence of SE DOPs of an SE instruction, links to an SE DOP or a sequence of SE DOPs to an SE instruction, and updates an SE DOP access lookup table with an SE instruction set and configuration information of SE instructions in the SE instruction set. The dynamic SE DOP generator 21 identifies a sequence of non-flow control SE instructions and generates a sequence of SE DOPs of a sequence of non-flow control SE instructions. The SE instruction-set configuration process continues to generate a single or plurality of SE instruction sets 16 and an SE instruction configuration information 17 for generating SE DOPs for SE instructions 35 generated according to primary DOPs of unsecured instructions 54, wherein SE DOPs for SE instructions 35 and sequences of SE DOPs of SE instructions are dynamically configured and utilized for dynamically reconfiguring the reconfigurable SE instruction decoder 33 with DOPs and DOP accessing orders of SE and SD instructions stored in the SE DOP storage 35 and the SE DOP access lookup table 36 whenever a single or plurality of SE and SD instructions is received from the SE instruction fetch unit 32.

The SE microprocessor 31 accesses SE instructions and SD instructions from the mixed SE and SD functions in SE program 7 and SE information and SD information from the mixed SE and SD information 42 to produce execution results of the functions from OS 3-1 and the functions from application software 3-2 with SE information received 42-1, SE

information 42-4 generated, and SD information 42-5 received and produced. Therefore, the SE computing system 41 securely operates with both SE and SD information and SE and SD instructions in a program.

The presented SE information and instruction generation processes and the presented SE information interpretation process are not limited in their application to the details of construction or to the arrangements of the components set forth in the above description or illustrated in FIG. 3.