Method and System to Allow System-on-Chip Individual I/O Control to be Disabled and Enabled by Programmable Non-Volatile Memory

Description

BRIEF DESCRIPTION OF SEVERAL VIEWS OF THE DRAWINGS

FIG. 1A is a block diagram illustrating an exemplary set-top box with a security processor, in accordance with an embodiment of the invention.

FIG. 1B is a block diagram illustrating an exemplary set-top box (STB) challenge-response process, in accordance with an embodiment of the invention.

FIG. 2 is a block diagram illustrating a system with global bus control that may be utilized in connection with an embodiment of the invention.

FIG. 3 is a block diagram illustrating exemplary use of programmable non-volatile memory to individually control access to internal chip resources, in accordance with an embodiment of the invention.

DETAILED DESCRIPTION OF THE INVENTION

Certain embodiments of the invention may be found in a method and system for allowing system-on-chip individual input/output (I/O) control to be disabled and enabled by programmable non-volatile memory. Certain aspects of the invention may comprise mapping at least one bit of a control vector within a security processor comprising a non-volatile memory to each of a plurality of on-chip I/O physical buses. At least one of the plurality of on-chip I/O physical buses may be enabled or disabled by modifying the mapped bit or bits of the control vector.

FIG. 1A is a block diagram illustrating an exemplary set-top box with a security processor, in accordance with an embodiment of the invention. Referring to FIG. 1A, there is shown a set-top box 150 that may comprise a host processor 154, a system memory 152, a security processor 156, a signal processor 158, a memory bus 160, and a data bus 162. The host processor 154 may comprise suitable logic, circuitry, and/or code that may be enabled to perform data processing and/or system control operations associated with the set-top box 150. The host processor 154 may be enabled to communicate with the system memory 152 via, for example, the memory bus 160 and with the security processor 156 and/or the signal processor 158 via, for example, the data bus 162. The system memory 152 may comprise suitable logic, circuitry, and/or code that may be enabled to store data, control information, and/or operational information. The security processor 156 may comprise suitable logic, circuitry, and/or code that may be enabled to perform multiple security operations on data received by the set-top box 150. The security operations may include, but need not be limited to, non-volatile memory (NVM) security, “key ladders,” which may be designed for cryptographically wrapping/unwrapping keys, challenge-response authentication, memory data signature verification, secure scrambler configuration, and security assurance logic, for example. In this regard, the security processor 156 may comprise multiple security components to perform the features associated with the security operations. The signal processor 158 may comprise suitable logic, circuitry, and/or code that may be enabled to perform a plurality of processing operations on the data received by the set-top box 150. The set-top box may utilize at least one signal processor 158.

In operation, the security processor 156 may receive an access request from a user to perform a certain data operation within the set-top box 150. The security processor 156 may verify access rights or privileges that the user may have to a security component in the security processor 156 based on a securely stored access control matrix. The security processor 156 may determine whether access to a security component may be provided independently of the host processor 154, that is, the security processor 156 may not operate as a slave to the host processor 154. When access to the security component is verified, the security processor 156 may perform the security feature or features associated with the security component. In some instances, the security processor 156 may transfer the results of the operations associated with the security component to, for example, the host processor 154 and/or the signal processor 158. Moreover, the security processor 156 may utilize information stored in the system memory 152 when performing certain security operations associated with security features.

FIG. 1B is a block diagram illustrating a set-top box (STB) challenge-response process, in accordance with an embodiment of the invention. Referring to FIG. 1B, there is shown a set-top box (STB) 102. The STB 102 may comprise a device ID block 104, a mapping block 106, a descrambler block 108, a protection action block 110, a compare block 112, a decision block 114 and an enable/disable block 116.

The device ID block 104 may comprise suitable logic, circuitry and/or code that may be enabled to store a unique readable device ID. The mapping block 106 may comprise suitable logic, circuitry and/or code that may be enabled to store a table of values to map the device ID stored in the device ID block 104 and generate a corresponding secret seed. The descrambler block 106 may comprise suitable logic, circuitry and/or code that may be enabled to store a corresponding unique unreadable key to the device ID stored in the device ID block 104. The compare block 114 may comprise suitable logic, circuitry and/or code that may be enabled to compare the device ID stored in the device ID block 104 with its unique key stored in the descrambler block 108. In an alternative embodiment of the invention, the device ID stored in the device ID block 104 may be compared with its unique key stored in the descrambler block 108 by the STB 102. The enable block 116 may comprise suitable logic, circuitry and/or code that may enable at least one of the plurality of physical I/O buses. The protection action block 110 may comprise suitable logic, circuitry and/or code that may be enabled to reject a user from accessing the set-top box 102 if authentication fails.

If the device ID stored in the device ID block 104 matches with its corresponding unique key stored in the descrambler block 108, control passes to the enable block 116. The enable/disable block 116 may be enabled to enable/disable at least one of the plurality of physical I/O buses. If the device ID stored in the device ID block 104 does not match its corresponding unique key stored in the descrambler block 108, authentication may fail and control passes to the protection action block 110. The protection action block 110 may be enabled to reject a user from accessing the set-top box 102 if authentication fails.

The set-top box 102 may be enabled to have an n-bit, for example, 64-bit unique readable device ID and a corresponding unique unreadable key in the descrambler block 108, both of which may be known to an authorizing entity. The unique device ID stored in the device ID block 104 and its corresponding key stored in the descrambler block 108 may be utilized to authenticate the STB 102. In order to keep the key value hidden, only the device ID stored in the device ID block 104 generating the challenge may be readable. The compare block 112 may be enabled to compare the device ID stored in the device ID block 104 with its unique key stored in the descrambler block 108 for a given STB 102, using a table of values stored in the mapping block 106 known only to the authorizing entity to generate a response. The response may be utilized as the unique password for the STB 102 to access security sensitive areas or functions of the device.

FIG. 2 is a block diagram illustrating a system with global bus control that may be utilized in connection with an embodiment of the invention. Referring to FIG. 2, there is shown a chip 200 that comprises a bus bridge logic block 202, a plurality of physical I/O buses 210_{1 . . . M}, an internal bus 208, and a plurality of sub-blocks 204_{1 . . . n}.

The plurality of physical I/O buses 210_{1 . . . M}may be, for example, joint test action group (JTAG), PCI, or system on chip (SoC) test buses. The JTAG interface may be utilized for testing the plurality of sub-blocks 204_{1 . . . n}, and as a mechanism for debugging embedded systems. The bus bridge logic block 202 may comprise suitable logic, circuitry and/or code that may enable coupling the plurality of physical I/O buses 210_{1 . . . M}to the plurality of sub-blocks 204_{1 . . . n}. The bus bridge logic block 202 may comprise a cross bar switch, for example, that may enable coupling each of the plurality of physical I/O buses 210_{1 . . . M}to a plurality of peripherals, for example, high-speed master peripherals and/or low speed peripherals. The bus bridge logic block 202 may also comprise a matrix switched interconnect. The bus bridge logic block 202 may be programmed to configure any one of the plurality of sub-blocks 204_{1 . . . n}by utilizing a control signal.

The internal bus 208 may be either a slave bus or a master bus that may be coupled to the plurality of sub-blocks 204_{1 . . . n}. One embodiment of the invention may provide a mechanism that addresses individual I/O control of the physical I/O buses via embedded non-volatile memory programming.

FIG. 3 is a block diagram illustrating exemplary use of programmable non-volatile memory to individually control access to internal chip resources, in accordance with an embodiment of the invention. Referring to FIG. 3, there is shown a chip 300. The chip 300 may comprise a security processor 301, a bus bridge logic block 302, an internal bus 308, a plurality of on-chip sub-blocks 304_{1 . . . n}, a plurality of physical I/O buses 310_{1 . . . M}. The security processor 301 may comprise a programmable non-volatile memory 312 and a plurality of bus access control logic blocks 314_{1 . . . M}.

The programmable non-volatile memory 312 may comprise suitable logic, circuitry and/or code that may be enabled to control the internal sub-blocks 304_{1 . . . n}of the chip 300 by programming internal control registers and/or observing internal hardware states. The programmable non-volatile memory 312 may be enabled to map at least one bit of a control vector stored in the programmable non-volatile memory 312 to each of a plurality of on-chip I/O physical buses 310_{1 . . . M}. The control vector may be a n-bit, for example, 64-bit vector within the programmable non-volatile memory 312. Each physical I/O bus 310_{1 . . . M}may be mapped to one or more bits of the control vector stored in the programmable non-volatile memory 312. The plurality of physical I/O buses 310_{1 . . . M}may be either industry standard buses, such as PCI buses, or proprietary buses that may be unique to a given chip.

The programmable non-volatile memory 312 may be enabled to control at least one of the plurality of on-chip I/O physical buses, for example, 310_{1 . . . M}by modifying the mapped at least one bit of the control vector via the plurality of bus access control logic blocks 314_{1 . . . M}. The programmable non-volatile memory 312 may enable at least one of the plurality of on-chip I/O physical buses, for example, 310_{1 . . . M}by modifying the mapped at least one bit of the control vector. The programmable non-volatile memory 312 may disable at least one of the plurality of on-chip I/O physical buses, for example, 310_{1 . . . M}by modifying the mapped at least one bit of the control vector. The programmable non-volatile memory 312 may be, for example, a non-volatile RAM 155 within a set-top box 150. The programmable non-volatile memory 312 may be, for example, a secure flash electrically erasable programmable read only memory (EEPROM) 155. The programmable non-volatile memory 312 may be, for example, a one time programmable (OTP) memory.

The bus access control logic blocks 314_{1 . . . M}may comprise suitable logic, circuitry and/or code that may be enable to control at least one of the plurality of on-chip I/O physical buses, for example, 310_{1 . . . M}based on received instructions from the security processor 301. The programmable non-volatile memory 312 may enable and/or disable each of the plurality of on-chip I/O physical buses, for example, 310_{1 . . . M}by modifying the mapped at least one bit of the control vector. The plurality of blocks in FIG. 3 may be substantially as described in FIG. 2.

In another embodiment of the invention, the security processor 301 may enable temporary access to each sub-block 304_{1 . . . n}on the chip 300. The programmable non-volatile memory 312 may be enabled to further divide program control between the plurality of on-chip I/O physical buses, for example, 310_{1 . . . M}based on determining whether each of the plurality of on-chip I/O physical buses, for example, 310_{1 . . . M}is a master bus or a slave bus. Each of the plurality of on-chip I/O physical buses, for example, 310_{1 . . . M}may be independent of each other with regard to the enable and disable control functions of the programmable non-volatile memory 312. Depending on a given system-on-chip configuration, individual customization of the control vector may allow individual I/O control of the plurality of internal on-chip resources, for example, the plurality of sub-blocks 304_{1 . . . n}.

In accordance with an embodiment of the invention, the security processor 301 may enable authentication of access to the programmable non-volatile memory 312, if a received password matches a generated challenge. The security processor 301 may be enabled to generate the challenge based on decrypting an encrypted key. The security processor 301 may deny access to the programmable non-volatile memory 312, if the received password does not match the generated challenge. The security processor 301 may use secure encryption algorithms, such as RSA or advanced encryption standard (AES).

FIG. 4 is a block diagram illustrating exemplary use of externally programmable non-volatile memory to individually control access to internal chip resources, in accordance with an embodiment of the invention. Referring to FIG. 4, there is shown a chip 400 and an external flash device 403. The chip 400 may comprise a security processor 401, a bus bridge logic block 402, an internal bus 408, a plurality of on-chip sub-blocks 404_{1 . . . n}, a plurality of physical I/O buses 410_{1 . . . M}. The security processor 401 may comprise a plurality of bus access control logic blocks 414_{1 . . . M}. The flash device 403 may comprise a secure programmable non-volatile memory 412 which may be locked and may require a password to access the secure flash 415.

The secure programmable non-volatile memory 412 may store control vectors and/or code that may be enabled to control the internal sub-blocks 404_{1 . . . n}of the chip 400 by programming internal control registers and/or observing internal hardware states. These control vectors and code may be encrypted and signed. The secure flash 415 may be enabled to decrypt these control vectors and code and verify their signature and then map at least one bit of a control vector to each of a plurality of on-chip I/O physical buses 410_{1 . . . m}. The control vector may be a n-bit, for example, 64-bit vector within the programmable non-volatile memory 412. Each physical I/O bus 410_{1 . . . M}may be mapped to one or more bits of the control vector stored in the programmable non-volatile memory 412. The programmable non-volatile memory 412 may be enabled to control at least one of the plurality of on-chip I/O physical buses, for example, 410_{1 . . . M}by modifying the mapped at least one bit of the control vector via the plurality of bus access control logic blocks 414_{1 . . . M}. The programmable non-volatile memory 412 may enable and/or disable at least one of the plurality of on-chip I/O physical buses, for example, 410_{1 . . . M}by modifying the mapped at least one bit of the control vector.

The plurality of blocks in FIG. 4 may be substantially as described in FIG. 2 and FIG. 3. The secure flash 415 may be enabled to allow and/or deny access to the programmable non-volatile memory 412, if a received password matches a generated challenge. The plurality of security processors, 415 and 401, may utilize encryption algorithms, such as RSA or advanced encryption standard (AES).

In accordance with an embodiment of the invention, a method and system for allowing system-on-chip individual input/output (I/O) control to be disabled and enabled by programmable non-volatile memory may comprise at least one circuit within a security processor 301 comprising a programmable non-volatile memory 312 that enables mapping at least one bit of a control vector stored in the programmable non-volatile memory 312 to each of a plurality of on-chip input/output (I/O) physical buses 310_{1 . . . M}. At least one circuit, for example, the programmable non-volatile memory 312 may be enabled to control operation of at least one of the plurality of on-chip I/O physical buses, for example, 310_{1 . . . M}by modifying the mapped at least one bit of the control vector.

The programmable non-volatile memory 312 may enable at least one of the plurality of on-chip I/O physical buses, for example, 310_{1 . . . M}by modifying the mapped at least one bit of the control vector. The programmable non-volatile memory 312 may be utilized to disable at least one of the plurality of on-chip I/O physical buses, for example, 310_{1 . . . M}by modifying the mapped at least one bit of the control vector. The non-volatile memory, for example, non-volatile RAM 155 may be within a set-top box 150. The non-volatile memory, for example, programmable non-volatile memory 312 may be a secure flash electrically erasable programmable read only memory (EEPROM) 155. The non-volatile memory, for example, programmable non-volatile memory 412 may be a flash RAM. The security processor 301 may enable authentication of access to the programmable non-volatile memory 312, if a received password matches a generated challenge. The security processor 301 may deny access to the programmable non-volatile memory 312, if the received password does not match the generated challenge.

The security processor 301 may enable encryption of the control vector stored in the programmable non-volatile memory 312. The security processor 301 may enable decryption of the encrypted control vector stored in the programmable non-volatile memory 312 before mapping at least one bit of the control vector stored in the programmable non-volatile memory 312 to each of a plurality of on-chip input/output (I/O) physical buses 310_{1 . . . M}.

Another embodiment of the invention may provide a machine-readable storage, having stored thereon, a computer program having at least one code section executable by a machine, thereby causing the machine to perform the steps as described above for allowing system-on-chip individual I/O control to be disabled and enabled by programmable non-volatile memory.

Accordingly, the present invention may be realized in hardware, software, or a combination of hardware and software. The present invention may be realized in a centralized fashion in at least one computer system, or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system or other apparatus adapted for carrying out the methods described herein is suited. A typical combination of hardware and software may be a general-purpose computer system with a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein.

The present invention may also be embedded in a computer program product, which comprises all the features enabling the implementation of the methods described herein, and which when loaded in a computer system is able to carry out these methods. Computer program in the present context means any expression, in any language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following: a) conversion to another language, code or notation; b) reproduction in a different material form.

While the present invention has been described with reference to certain embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the scope of the present invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the present invention without departing from its scope. Therefore, it is intended that the present invention not be limited to the particular embodiment disclosed, but that the present invention will include all embodiments falling within the scope of the appended claims.

Claims

1. A method for secure communication, the method comprising: in a security processor comprising a non-volatile memory, mapping at least one bit of a control vector stored in said non-volatile memory to each of a plurality of on-chip input/output (I/O) physical buses; andcontrolling operation of at least one of said plurality of on-chip I/O physical buses by modifying said mapped said at least one bit of said control vector.
2. The method according to claim 1, comprising enabling at least one of said plurality of on-chip I/O physical buses by modifying said mapped said at least one bit of said control vector.
3. The method according to claim 1, comprising disabling at least one of said plurality of on-chip I/O physical buses by modifying said mapped said at least one bit of said control vector.
4. The method according to claim 1, wherein said non-volatile memory of said security processor is within a set-top box.
5. The method according to claim 1, wherein said non-volatile memory is a secure flash electrically erasable programmable read only memory (EEPROM).
6. The method according to claim 1, wherein said non-volatile memory is a flash RAM.
7. The method according to claim 1, comprising if a received password matches a generated challenge, authenticating access to said non-volatile memory.
8. The method according to claim 7, comprising if said received password does not match said generated challenge, denying access to said non-volatile memory.
9. The method according to claim 1, comprising encrypting said control vector stored in said non-volatile memory.
10. The method according to claim 9, comprising decrypting said encrypted control vector stored in said non-volatile memory before said mapping.
11. A machine-readable storage having stored thereon, a computer program having at least one code section for secure communication, the at least one code section being executable by a machine for causing the machine to perform steps comprising: in a security processor comprising a non-volatile memory, mapping at least one bit of a control vector stored in said non-volatile memory to each of a plurality of on-chip input/output (I/O) physical buses; andcontrolling at least one of said plurality of on-chip I/O physical buses by modifying said mapped said at least one bit of said control vector.
12. The machine-readable storage according to claim 11, wherein said at least one code section comprises code for enabling at least one of said plurality of on-chip I/O physical buses by modifying said mapped said at least one bit of said control vector.
13. The machine-readable storage according to claim 11, wherein said at least one code section comprises code for disabling at least one of said plurality of on-chip I/O physical buses by modifying said mapped said at least one bit of said control vector.
14. The machine-readable storage according to claim 11, wherein said non-volatile memory is within a set-top box.
15. The machine-readable storage according to claim 11, wherein said non-volatile memory is a secure flash electrically erasable programmable read only memory (EEPROM).
16. The machine-readable storage according to claim 11, wherein said non-volatile memory is a flash RAM.
17. The machine-readable storage according to claim 11, wherein said at least one code section comprises code for authenticating access to said non-volatile memory, if a received password matches a generated challenge.
18. The machine-readable storage according to claim 17, wherein said at least one code section comprises code for denying access to said non-volatile memory, if said received password does not match said generated challenge.
19. The machine-readable storage according to claim 11, wherein said at least one code section comprises code for encrypting said control vector stored in said non-volatile memory.
20. The machine-readable storage according to claim 19, wherein said at least one code section comprises code for decrypting said encrypted control vector stored in said non-volatile memory before said mapping.
21. A system for secure communication, the system comprising: at least one circuit, within a security processor comprising a non-volatile memory, that enables mapping at least one bit of a control vector stored in said non-volatile memory to each of a plurality of on-chip input/output (I/O) physical buses; andsaid at least one circuit enables controlling at least one of said plurality of on-chip I/O physical buses by modifying said mapped said at least one bit of said control vector.
22. The system according to claim 21, wherein said at least one circuit enables at least one of said plurality of on-chip I/O physical buses by modifying said mapped said at least one bit of said control vector.
23. The system according to claim 21, wherein said at least one circuit disables at least one of said plurality of on-chip I/O physical buses by modifying said mapped said at least one bit of said control vector.
24. The system according to claim 21, wherein said non-volatile memory is within a set-top box.
25. The system according to claim 21, wherein said non-volatile memory is a secure flash electrically erasable programmable read only memory (EEPROM).
26. The system according to claim 21, wherein said non-volatile memory is a flash RAM.
27. The system according to claim 21, wherein said at least one circuit enables authentication of access to said non-volatile memory, if a received password matches a generated challenge.
28. The system according to claim 27, wherein said at least one circuit enables denying of access to said non-volatile memory, if said received password does not match said generated challenge.
29. The system according to claim 21, wherein said at least one circuit enables encryption of said control vector stored in said non-volatile memory.
30. The system according to claim 29, wherein said at least one circuit enables decryption of said encrypted control vector stored in said non-volatile memory before said mapping.

CROSS-REFERENCE TO RELATED APPLICATIONS/INCORPORATION BY REFERENCE

This patent application makes reference to, claims priority to and claims benefit from U.S. Provisional Patent Application Ser. No. 60/814,834, filed on Jun. 19, 2006. This application makes reference to: U.S. patent application Ser. No. 11/135,906 (Attorney Docket No. 16571US02) filed on May 24, 2005; and U.S. patent application Ser. No. ______ (Attorney Docket No. 17468US02) filed on even date herewith. Each of the above stated applications is hereby incorporated herein by reference in its entirety.

Provisional Applications (1)

	Number	Date	Country
	60814814	Jun 2006	US

Method and System to Allow System-on-Chip Individual I/O Control to be Disabled and Enabled by Programmable Non-Volatile Memory

Information

Publication Number

Date Filed

Date Published

Inventors

CPC

US Classifications

International Classifications

Abstract

Description

Claims

CROSS-REFERENCE TO RELATED APPLICATIONS/INCORPORATION BY REFERENCE

Provisional Applications (1)