System on chip and method therefor

US 9,781,120 B2
Filed: 07/18/2013
Issued: 10/03/2017
Est. Priority Date: 07/18/2013
Status: Active Grant

First Claim

Patent Images

1. A system-on-chip comprising:

a responder unit comprising a set of responder elements;

an access control unit associated with an authorization list and the responder unit, an entry of the authorization list defining a set of access requirements in relation to an address space identifying at least part of the responder unit;

wherein the access control unit is arranged to;

receive a request for access to a target responder element among the responder elements of the responder unit;

determine a corresponding set of access requirements for the received access request from the authorization list; and

evaluate the request for access with respect to the determined set of access requirements and generate a first request evaluation result; and

a protection unit associated with the responder unit, the protection unit being arranged to;

provide a group assignment assigning a group to each of the responder elements of the responder unit;

provide a group authorization list, an entry of the group authorization list defining a set of group access requirements for the group assigned;

receive the request for access to the target responder element;

determine the group assigned to the target responder element from the group assignment and further determine the set of group access requirements from the group authorization list for the group assigned; and

evaluate the request with respect to the determined set of group access requirements and generate a second request evaluation result; and

wherein;

interaction with the target responder element is controlled in response to at least one of the first and second evaluation result, andthe protection unit is arranged to provide at least one of a further group assignment and a further group authorization list to control access, when in use, to the target responder element, and select between at least one of the group assignment and the further group assignment, and the group authorization list and the further group authorization list in response to evaluating a predetermined criterion.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system on chip comprises a responder unit comprising a set of responder elements and an access control unit associated with an authorization list and the responder unit. An entry of the authorization list defines a set of access requirements in relation to an address space identifying at least part of the responder unit. The access control unit is arranged to: receive a request for access to a target responder element among the responder elements of the responder unit, determine the corresponding set of access requirements for the received access request from the authorization list, and evaluate the request for access with respect to the determined set of access requirements and generate a first request evaluation result. A protection unit associated with the responder unit is arranged to: provide a group assignment assigning a group to each of the responder elements of the responder unit, provide a group authorization list, an entry of the group authorization list defining a set of group access requirements for the group assigned, receive the request for access to the target responder element, determine the group assigned to the target responder element from the group assignment and further determine the set of group access requirements from the group authorization list for the group assigned. The system-on-chip also evaluates the request with respect to the determined set of group access requirements and generates a second request evaluation result. Interaction with the target responder element is controlled in response to the first and/or second evaluation result.

Citations

12 Claims

1. A system-on-chip comprising:
- a responder unit comprising a set of responder elements;
  
  an access control unit associated with an authorization list and the responder unit, an entry of the authorization list defining a set of access requirements in relation to an address space identifying at least part of the responder unit;
  
  wherein the access control unit is arranged to;
  
  receive a request for access to a target responder element among the responder elements of the responder unit;
  
  determine a corresponding set of access requirements for the received access request from the authorization list; and
  
  evaluate the request for access with respect to the determined set of access requirements and generate a first request evaluation result; and
  
  a protection unit associated with the responder unit, the protection unit being arranged to;
  
  provide a group assignment assigning a group to each of the responder elements of the responder unit;
  
  provide a group authorization list, an entry of the group authorization list defining a set of group access requirements for the group assigned;
  
  receive the request for access to the target responder element;
  
  determine the group assigned to the target responder element from the group assignment and further determine the set of group access requirements from the group authorization list for the group assigned; and
  
  evaluate the request with respect to the determined set of group access requirements and generate a second request evaluation result; and
  
  wherein;
  
  interaction with the target responder element is controlled in response to at least one of the first and second evaluation result, andthe protection unit is arranged to provide at least one of a further group assignment and a further group authorization list to control access, when in use, to the target responder element, and select between at least one of the group assignment and the further group assignment, and the group authorization list and the further group authorization list in response to evaluating a predetermined criterion.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A system-on-chip as claimed in claim 1, wherein the protection unit is further arranged to control interaction with the target responder element by performing one or more of the following in dependence of the at least one of the first and second evaluation results:
    - grant the request for access;
      
      inhibit the request for access;
      
      or abort access initiated in response to the request.
  - 3. A system-on-chip as claimed in claim 1, wherein the protection unit is further arranged to generate an error indication and is configured to communicating the error indication in dependence of the at least one of the first and second evaluation results when access to the target responder element is being inhibited or aborted.
  - 4. A system-on-chip as claimed in claim 1, wherein the evaluating the predetermined criterion is selection of the address space associated with an address identified in the received access request, the selection being made from a set of address spaces associated with the responder unit comprising the target responder element.
  - 5. A system-on-chip as claimed in claim 1, comprising:
    - a further protection unit arranged to provide at least one of a further group assignment and a further group authorization list;
      
      whereinthe target responder element has a first access path associated with the protection unit and a second access path associated with a further protection unit.
  - 6. A system-on-chip as claimed in claim 5, wherein the first access path is associated with the address space and the second access path is associated with a further address space;
    - andthe address identified in the received access request is used to select the first access path or the second access path.
  - 7. A system-on-chip as claimed in claim 5, wherein the further protection unit is arranged to assign another group to each of the responder elements of the responder unit, the another group being different from the group assigned by the protection unit.
  - 8. A system-on-chip as claimed in claim 1, wherein the further group authorization list assigns a further set of group access requirements to the group or the another group.
  - 9. A system-on-chip as claimed in claim 1, wherein the authorization list comprises a plurality of entries including the entry, each of the plurality of entries defining a respective set of access requirements in relation to a respective address space;
    - and the access control unit is arranged to select the entry associated with the address identified in the received access request identifying the part of the responder unit containing the target responder element.
  - 10. A vehicle comprising the system-on-chip as claimed in claim 1.

11. An integrated circuit comprising:
- a responder unit comprising a set of responder elements;
  
  an access control unit associated with an authorization list and the responder unit, an entry of the authorization list defining a set of access requirements in relation to an address space identifying at least part of the responder unit;
  
  wherein the access control unit is arranged to;
  
  receive a request for access to a target responder element among the responder elements of the responder unit;
  
  determine a corresponding set of access requirements for the received access request from the authorization list; and
  
  evaluate the request for access with respect to the determined set of access requirements and generate a first request evaluation result; and
  
  a protection unit associated with the responder unit, the protection unit being arranged to;
  
  provide a group assignment assigning a group to each of the responder elements of the responder unit;
  
  provide a group authorization list, an entry of the group authorization list defining a set of group access requirements for the group assigned;
  
  receive the request for access to the target responder element;
  
  determine the group assigned to the target responder element from the group assignment and further determine the set of group access requirements from the group authorization list for the group assigned; and
  
  evaluate the request with respect to the determined set of group access requirements and generate a second request evaluation result; and
  
  wherein;
  
  interaction with the target responder element is controlled in response to at least one of the first and second evaluation result, andthe protection unit is arranged to provide at least one of a further group assignment and a further group authorization list to control access, when in use, to the target responder element, and select between at least one of the group assignment and the further group assignment, and the group authorization list and the further group authorization list in response to evaluating a predetermined criterion.

12. A method of protecting a responder unit in a system-on-chip comprising a set of responder elements, the method comprising:
- provide an authorization list, an entry of the authorization list defining a set of access requirements in relation to an address space identifying at least part of the responder unit;
  
  receiving a request for access to a target responder element among the responder elements of the responder unit;
  
  determining a corresponding set of access requirements for the received access request from the authorization list; and
  
  evaluating the request for access with respect to the determined set of access requirements and generate a first request evaluation result;
  
  providing a group assignment assigning a group to each of the responder elements of the responder unit;
  
  providing a group authorization list, an entry of the group authorization list defining a set of group access requirements to the group;
  
  receiving the request for access to the target responder element;
  
  determining the corresponding group for the target responder element from the group assignment and further determining the corresponding set of group access requirements from the group authorization list;
  
  evaluating the request with respect to the determined set of group access requirements and generate a second request evaluation result; and
  
  controlling interaction with the target responder element in response to the first or second evaluation result, wherein the protection unit is arranged to provide at least one of a further group assignment and a further group authorization list to control access, when in use, to the target responder element, and select between at least one of the group assignment and the further group assignment, and the group authorization list and the further group authorization list in response to evaluating a predetermined criterion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP USA, Inc. (NXP Semiconductors NV)
Original Assignee
NXP USA, Inc. (NXP Semiconductors NV)
Inventors
Rohleder, Michael, Hay, Gary, Luedeke, Thomas, Mueller, Stephan
Primary Examiner(s)
Simitoski, Michael

Application Number

US14/899,338
Publication Number

US 20160156632A1
Time in Patent Office

1,538 Days
Field of Search
US Class Current
CPC Class Codes

G06F 1/00   Details not covered by grou...

G06F 21/30   Authentication, i.e. establ...

G06F 21/60   Protecting data

G06F 21/70   Protecting specific interna...

G06F 21/78   to assure secure storage of...

G06F 21/79   in semiconductor storage me...

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

System on chip and method therefor

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

System on chip and method therefor

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links