System, apparatus and method for restricting data access
First Claim
1. A semiconductor integrated circuit for restricting a rate of data access from an external memory requested by one of one or more devices coupled to the semiconductor integrated circuit, comprising:
- one or more processing devices configured to implement;
a data access monitor configured to determine whether a data access request is from an insecure device seeking to access a portion of the external memory storing privileged data, the external memory divided into portions storing privileged data and unprivileged data, and to generate an access signal indicating whether an insecure device is requesting access to a portion of the external memory storing privileged data; and
a bandwidth comparator configured to receive the access signal, and, if the access signal indicates that the insecure device is requesting access to a portion of the external memory storing privileged data, to determine a rate of data retrieval for the data access request, compare the rate of data retrieval with one or more thresholds, and to selectively limit the rate of data retrieval for the data access request to a selected rate based on the comparison.
2 Assignments
0 Petitions
Accused Products
Abstract
An embodiment comprises a semiconductor integrated circuit for restricting the rate at which data may be accessed from an external memory by a device coupled to the circuit. The rate of data access is restricted if the data access satisfies one or more conditions. For example, one of the conditions is that the device which is requesting the data is insecure. Another condition is that the requested data is privileged. A data access monitor is provided to monitor data accesses and to is arranged to generate an access signal to indicate whether the conditions are satisfied or not. A bandwidth comparator determines whether data access exceeds a threshold and, if so, the semiconductor integrated circuit is impaired to prevent further data access.
23 Citations
37 Claims
-
1. A semiconductor integrated circuit for restricting a rate of data access from an external memory requested by one of one or more devices coupled to the semiconductor integrated circuit, comprising:
-
one or more processing devices configured to implement; a data access monitor configured to determine whether a data access request is from an insecure device seeking to access a portion of the external memory storing privileged data, the external memory divided into portions storing privileged data and unprivileged data, and to generate an access signal indicating whether an insecure device is requesting access to a portion of the external memory storing privileged data; and a bandwidth comparator configured to receive the access signal, and, if the access signal indicates that the insecure device is requesting access to a portion of the external memory storing privileged data, to determine a rate of data retrieval for the data access request, compare the rate of data retrieval with one or more thresholds, and to selectively limit the rate of data retrieval for the data access request to a selected rate based on the comparison. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A conditional access device for pay television, comprising:
a semiconductor integrated circuit for restricting a rate of data access from an external memory requested by one of one or more devices coupled to the semiconductor integrated circuit, the external memory including portions storing privileged data and portions storing unprivileged data, the semiconductor integrated circuit including one or more processing devices configured to implement; a data access monitor configured to determine whether a data access from the external memory satisfies one or more conditions, the conditions including the data access being an insecure device accessing a portion of the external memory storing privileged data, and to generate an access signal according to whether the conditions are satisfied; and a bandwidth comparator configured to receive the access signal, and, if the access signal indicates that the data access satisfies the conditions, to determine a rate of data retrieval that satisfies the conditions, compare the rate of data retrieval with one or more thresholds, and to selectively limit the rate of data retrieval for the data access request to a selected rate based on the comparison. - View Dependent Claims (14)
-
15. A method comprising:
-
restricting the rate of data access requested by one of one or more devices from an external memory having portions storing privileged data and portions storing unprivileged data by; monitoring data accesses from the external memory; determining whether a monitored data access is from an insecure device accessing a portion of the external memory storing privileged data; and when the monitored data access is from an insecure device accessing a portion of the external memory storing privileged data; determining a rate of data access satisfying conditions; comparing the rate of data access with one or more thresholds; generating a threshold signal according to whether one or more of the thresholds have been exceeded; and limiting the rate of the data access to a selected rate if one or more of the thresholds are exceeded. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A system for controlling access to a memory having portions storing privileged data and portions storing unprivileged data, the system comprising:
-
means for determining whether a received data request is from a secure device; means for determining whether the received data request is directed to privileged data stored in the memory; means for determining whether a rate of data exceeds a first threshold; and means for restricting access to the memory communicatively coupled to the means for determining whether a received data request is from a secure device and the means for determining whether a rate of data exceeds a first threshold and configured to selectively limit a rate of data access to a selected rate when the received data request is not from a secure device and the request is directed to privileged data stored in the memory, based on whether the rate of data exceeds the first threshold. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A method, comprising:
controlling access to a memory having portions storing privileged data and portions storing unprivileged data by; receiving a request from an insecure device to access privileged data stored in the memory; selectively processing the request; monitoring a data rate associated with the processing; comparing the rate of data access with one or more thresholds; and selectively limiting the data access to a selected rate based on the comparison. - View Dependent Claims (35)
-
36. At least one non-transitory computer readable memory storage medium containing instructions for causing a memory controller to:
-
determine whether a received request to access a memory storing privileged and unprivileged data is from an insecure device seeking access to a portion of the memory storing privileged data; when the request is from an insecure device seeking access to a portion of the memory storing privileged data, process the request by; monitoring a data rate associated with the processing; comparing the rate of data access with one or more thresholds; and selectively limiting the rate of the data access to a selected rate based on the comparison. - View Dependent Claims (37)
-
Specification