Physical layer security manager for memory-mapped serial communications interface
First Claim
1. A physical layer circuit arrangement for interfacing a local node in an electronic device to a memory-mapped serial communications interface of the type that supports peer-to-peer communications between a plurality of nodes, the circuit arrangement comprising:
- (a) a link layer interface coupled to a link layer defined in the electronic device, the link layer interface configured to transmit data to and receive data from the link layer; and
(b) a security manager coupled to the link layer interface and configured to modify a data packet received over the communications interface from an unauthorized node prior to transmission of the data packet over the link layer interface to inhibit acceptance of the modified data packet by the link layer.
6 Assignments
0 Petitions
Accused Products
Abstract
A distributed firewall is utilized in conjunction with a memory-mapped serial communications interface such as that defined by the IEEE 1394 specification to permit secure data transmission between selected nodes over the interface. The distributed firewall incorporates security managers in the selected nodes that are respectively configured to control access to their associated nodes, thereby restricting access to such nodes to only authorized entities. The security manager in at least one of the nodes is implemented in the physical (PHY) layer for the communications interface. The security manager controls access to its associated node by selectively modifying data packets received from unauthorized entities in such a manner that acceptance of the modified data packets by the link layer is inhibited, e.g., by modifying the checksum in a data packet so that, upon receipt by the link layer of the associated node, the data packet is determined to be invalid by the link layer. As a result, the link layer may disregard the data packet so that effectively the unauthorized attempt to access the node is ignored.
113 Citations
25 Claims
-
1. A physical layer circuit arrangement for interfacing a local node in an electronic device to a memory-mapped serial communications interface of the type that supports peer-to-peer communications between a plurality of nodes, the circuit arrangement comprising:
-
(a) a link layer interface coupled to a link layer defined in the electronic device, the link layer interface configured to transmit data to and receive data from the link layer; and (b) a security manager coupled to the link layer interface and configured to modify a data packet received over the communications interface from an unauthorized node prior to transmission of the data packet over the link layer interface to inhibit acceptance of the modified data packet by the link layer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 23, 24)
-
-
13. A method of controlling access to a local node in an electronic device from a memory-mapped serial communications interface of the type that supports peer-to-peer communications between a plurality of nodes, the method comprising:
-
(a) receiving a data packet over the communications interface from an unauthorized node; and (b) modifying the data packet prior to transmitting the data packet over a link layer interface to a link layer in the electronic device to inhibit acceptance of the modified data packet by the link layer. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
25. A method of implementing secure communications over a memory-mapped serial communications interface of the type that supports unsecured peer-to-peer communications between a plurality of nodes, wherein each node includes a link layer implemented in a first integrated circuit device, the link layer configured to communicate over the communications interface solely through an unsecured protocol, the method comprising:
(a) installing, in at least first and second nodes from the plurality of nodes, a second integrated circuit device, the second integrated circuit device implementing a physical layer circuit arrangement that interfaces the link layer in the first integrated circuit device with the communications interface, the physical layer circuit arrangement including a security manager coupled between the link layer and the communications interface and configured to modify a data packet received over the communications interface from an unauthorized node prior to transmission of the data packet to the link layer to inhibit acceptance of the modified data packet by the link layer.
Specification