Distributed (modular) internal architecture

Abstract

A node configured for use in a communication network with a distributed architecture. The node comprises a key encryption functionality, a transceiving functionality for transmitting and receiving packets, a privilege level introduction functionality configured to introduce a privilege level into packets to be transmitted, and a comparison functionality configured to compare a privilege level of received packets with a privilege level assigned to a second node from which these packets are received, wherein these packets are dropped, if they violate the privilege level of said second node.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

In the following, preferred embodiments of the present invention are described in detail by referring to the accompanying drawings, in which:

FIG. 1 shows a formerly proposed format of a Datalink layer packet concerning a first example;

FIG. 2 shows the format of the Datalink layer packet according to a preferred embodiment of the present invention with respect to the first example;

FIG. 3 shows the structure of an existing (“normal”) L2 data frame concerning a second example;

FIG. 4 shows the format of the SOF control symbol according to a preferred embodiment of the present invention with respect to the second example;

FIG. 5 shows the format of the EOF control symbol according to a preferred embodiment of the present invention with respect to the second example;

FIG. 6 shows the format of a combined ACK+FC control symbol according to still another preferred embodiment with respect to the second example;

FIG. 7 shows a generic case of tunneling of I²C according to a preferred embodiment of the present invention;

FIG. 8 shows the I²C local read/write access according to a preferred embodiment of the present invention;

FIG. 9 shows the I²C remote read/write access according to a preferred embodiment of the present invention; and

FIG. 10 illustrates the loss of arbitration when accessing a remote I²C device according to a preferred embodiment of the present invention.

Claims

1. A node configured for use in a communication network with a distributed architecture, comprising: a key encryption functionality;a transceiving functionality for transmitting and receiving packets;a privilege level introduction functionality configured to introduce a privilege level into packets to be transmitted; anda comparison functionality configured to compare a privilege level of received packets with a privilege level assigned to a second node from which said packets are received, wherein said packets are dropped if the packets violate the privilege level of said second node.

2. The node according to claim 1, wherein said introduced privilege level is introduced into a special field in the header of a packet to be transmitted.

3. The node according to claim 1, further comprising a trusted boot mechanism for said communication network configured to assign trust corresponding to a privilege level to other nodes.

4. The node according to claim 3, further configured to assign the trust to other nodes by a key encryption based authentication process.

5. The node according to claim 1, further configured to acquire trust corresponding to a privilege level by a key encryption based authentication process.

6. The node according to claim 1, further configured to isolate each port of said node from each other, and to only allow a secure point-to-point protocol at a boot-up process of said communication network.

7. The node according to claim 6, wherein said isolation is effected by temporarily disconnecting a data link layer from a network layer for every port.

8. A method, comprising: receiving packets by a trustable node;introducing a privilege level into packets to be transmitted by said trustable node; andcomparing a privilege level of said received packets with a privilege level assigned to any node from which said packets are received, wherein said received packets are dropped if said received packets violate the privilege level of said any node to spread trust in a communication network using a distributed architecture, wherein trustable nodes are used and defined by having key encryption capabilities and untrustable nodes are used and defined by not having key encryption capabilities.

9. The method according to claim 8, wherein said introducing of said privilege level comprises introducing said privilege level into a special field in the header of a packet to be transmitted.

10. The method according to claim 8, further comprising: assigning trust corresponding to a privilege level to other nodes by using a trusted boot mechanism for said communication network.

11. The method according to claim 10, wherein said assigning of the trust comprises assigning the trust to other nodes by a key encryption based authentication process.

12. The method according to claim 8, further comprising: acquiring trust corresponding to a privilege level by a key encryption based authentication process.

13. The method according to claim 8, further comprising: isolating each port of said node from each other; andallowing only a secure point-to-point protocol at a boot-up process of said communication network.

14. The method according to claim 13, wherein said isolating of each port of said node comprises temporarily disconnecting a data link layer from a network layer for every port.

15. A system configured to spread trust in a communication network with a distributed architecture, comprising: trustable nodes defined by having key encryption capabilities; anduntrustable nodes defined by not having key encryption capabilities,wherein selective ones of said trustable nodes and said untrustable nodes are operably connected so that they can transmit and receive packets between each other,wherein said trustable nodes are configured to introduce a privilege level into packets to be transmitted, andwherein said trustable nodes are configured to compare a privilege level of received packets with a privilege level assigned to a any node from which these packets are received, wherein said received packets are dropped, if said received packets violate the privilege level of said any node.

16. The system according to claim 15, wherein said trustable nodes are further configured to introduce said privilege level into a special field in the header of a packet to be transmitted.

17. The system according to claim 15, wherein said trustable nodes are further configured to assign trust corresponding to a privilege level to other nodes by using a trusted boot mechanism for said communication network.

18. The system according to claim 17, wherein said trustable nodes are further configured to assign the trust to other nodes by a key encryption based authentication process.

19. The system according to claim 15, wherein said trustable nodes are further configured to acquire trust corresponding to a privilege level by a key encryption based authentication process.

20. The system according to claim 15, wherein said trustable nodes are further configured to isolate each port of said trustable node from each other, and to only allow a secure point-to-point protocol at a boot-up process of said communication network.

21. The system according to claim 20, wherein said trustable nodes are further configured to effect said isolation by temporarily disconnecting a data link layer from a network layer for every port.

22. A method, comprising: using a datalink packet header having a field for carrying, in forward direction, a sequence number of a packet associated with said packet header, and having a field for carrying, in backward direction, acknowledgements for the forward traffic to provide datalink layer reliability in a communication network using a distributed architecture.

23. A method, comprising: using packets counter-based acknowledgements;using credit tokens-based flow control; andmerging level 2 and level 3 packet data unit headers to provide datalink layer reliability in a communication network using a distributed architecture.

24. A method, comprising: synchronizing a clock of a plurality of masters connected to an inter-integrated circuit bus; andarbitrating the control of the bus for accessing the bus between the plurality of masters to tunnel said inter-integrated circuit bus over a fast serial link bus in a communication network using a distributed architecture,wherein the synchronizing of the clock comprises a flow control mechanism by extending a low clock period.