Trusted bus transactions

US 7,650,645 B1
Filed: 05/20/2005
Issued: 01/19/2010
Est. Priority Date: 05/21/2004
Status: Active Grant

First Claim

Patent Images

1. A method of performing a trusted access to a memory using a device comprising:

receiving a random number over a bus;

providing an authentication for the device by encrypting the random number and providing the encrypted random number over the bus, the authentication for the device provided to receive an assertion of a level of trust;

receiving the assertion of a level of trust over the bus;

receiving an instruction over the bus, the instruction instructing the device to access the memory;

providing a memory access request over the bus;

upon verification that an instruction to request memory access was provided to the device;

receiving data over the bus; and

receiving a de-assertion of the level of trust over the bus.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Circuits, methods, and apparatus that provide for trusted transactions between a device and system memory. In one exemplary embodiment of the present invention, a host processor asserts and de-asserts trust over a virtual wire. The device accesses certain data if the host processor provides a trusted instruction for it to do so. Once the device attempts to access this certain data, or perform a certain type of data access, a memory controller allows the access on the condition that the host processor previously made the trusted instruction. The device then accepts data if trust is asserted during the data transfer.

Citations

20 Claims

1. A method of performing a trusted access to a memory using a device comprising:
- receiving a random number over a bus;
  
  providing an authentication for the device by encrypting the random number and providing the encrypted random number over the bus, the authentication for the device provided to receive an assertion of a level of trust;
  
  receiving the assertion of a level of trust over the bus;
  
  receiving an instruction over the bus, the instruction instructing the device to access the memory;
  
  providing a memory access request over the bus;
  
  upon verification that an instruction to request memory access was provided to the device;
  
  receiving data over the bus; and
  
  receiving a de-assertion of the level of trust over the bus.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - receiving a de-assertion of the level of trust following the receiving of the instruction.
  - 3. The method of claim 2 further comprising:
    - receiving a re-assertion of the level of trust before receiving data over the bus.
  - 4. The method of claim 1 wherein the memory access is a direct memory access.
  - 5. The method of claim 1 wherein the device is a graphics processor.
  - 6. The method of claim 1 wherein the bus is a PCIE bus.
  - 7. The method of claim 1 wherein the verification that an instruction to request memory access was provided to the device is performed by a host processor.

8. A method of conducting trusted data transfers over a bus connecting a first device to a second device, the method comprising:
- providing a character string over the bus using the first device;
  
  providing the encrypted character string over the bus using the second device;
  
  in response to receiving the encrypted character string, authenticating the second device and asserting a level of trust over the bus using the first device;
  
  providing an instruction over the bus to the second device, the instruction instructing the second device to request a transfer of data;
  
  providing a request for a transfer of data over the bus using the second device;
  
  receiving data over the bus using the second device; and
  
  de-asserting the level of trust over the bus using the first device.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8 wherein the bus is a PCIE bus.
  - 10. The method of claim 8 wherein the first device is a host processor and the second device is a graphics processor.
  - 11. The method of claim 10 wherein the data is transferred from a system memory.
  - 12. The method of claim 10 wherein the request for a transfer of data is a request for a direct memory access.
  - 13. The method of claim 8 wherein before the level of trust is asserted over the bus, reading a register on the second device using the first device to determine whether the second device is configured to process an assertion of the level of trust.
  - 14. The method of claim 8 wherein the level of trust is asserted by sending an instruction.
  - 15. The method of claim 8 wherein the character string is a random number.

16. A method of transferring data from a system memory to a graphics processing unit in a secure manner comprising:
- sending a character string from the host processor to the graphics processing unit;
  
  encrypting the character string using the graphics processing unit and sending the encrypted character string from the graphics processing unit to the host processor;
  
  in response to receiving the encrypted character string, authenticating the graphics processing unit and asserting a level of trust from the host processor to the graphics processing unit;
  
  sending an instruction from the host processor to the graphics processing unit, the instruction instructing the graphics processing unit to request a data access;
  
  storing information regarding the instruction;
  
  sending a request from the graphics processing unit to the host processor requesting data;
  
  verifying that the request from the graphics processing unit corresponds to the instruction from the host processor by using the stored information;
  
  transferring data from a system memory to the graphics processing unit; and
  
  de-asserting the level of trust from the host processor to the graphics processing unit.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16 wherein sending a character string from the host processor to the graphics processing unit comprises:
    - sending a random number from the host processor to the graphics processing unit.
  - 18. The method of claim 16 further comprising:
    - before asserting a level of trust from a host processor to a graphics processing unit, reading a register on the graphics processing unit to determine whether the graphics processing unit is configured to process an assertion of a level of trust.
  - 19. The method of claim 16 wherein the graphics processing unit is permitted access a first plurality of memory addresses in the system memory when trust is asserted, but not permitted to access a second plurality of memory addresses in the system memory when trust is asserted.
  - 20. The method of claim 16 wherein the graphics processing unit is not permitted to access a first plurality of memory locations in the system memory unless trust is asserted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NVIDIA Corporation
Original Assignee
NVIDIA Corporation
Inventors
Langendorf, Brian Keith, Cox, Michael Brian
Primary Examiner(s)
Moazzami; Nasser G
Assistant Examiner(s)
Reza; Mohammad W

Application Number

US11/133,956
Time in Patent Office

1,705 Days
Field of Search

726/34, 726/21, 726/27, 726/31, 713/182
US Class Current

726/27
CPC Class Codes

G06F 21/606 by securing the transmissio...

Trusted bus transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted bus transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links