Implementing access control by system-on-chip
First Claim
1. A system-on-chip (SoC), comprising:
- an access control unit to;
receive a message comprising an access control data item;
validate the message using a value of a message digest function of contents of the message and a value of a state variable reflecting a state of communications between the access control unit and a programming agent that has initiated the message, wherein the value of the state variable is derived from a previous value of the message digest function calculated within a current communication session between the access control unit and the programming agent;
update the state variable using the value of the message digest function of the contents of the message; and
control, using the access control data item, access by an initiator device to a target device.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for implementing access control by systems-on-chip (SoCs). An example SoC may comprise an access control unit employed to: receive a message comprising an access control data item; validate the message using a value of a message digest function of contents of the message and a value of a state variable reflecting a state of communications between the access control unit and a programming agent that has initiated the message, wherein the value of the state variable is derived from a previous value of the message digest function calculated within a current communication session between the access control unit and the programming agent; update the state variable using the value of the message digest function of the contents of the message; and control, using the access control data item, access by an initiator device to a target device.
-
Citations
36 Claims
-
1. A system-on-chip (SoC), comprising:
an access control unit to; receive a message comprising an access control data item; validate the message using a value of a message digest function of contents of the message and a value of a state variable reflecting a state of communications between the access control unit and a programming agent that has initiated the message, wherein the value of the state variable is derived from a previous value of the message digest function calculated within a current communication session between the access control unit and the programming agent; update the state variable using the value of the message digest function of the contents of the message; and control, using the access control data item, access by an initiator device to a target device. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A system-on-chip (SoC), comprising:
an access control unit to; receive an access control programming message comprising an access control data item; validate the access control programming message using value of a message digest function of contents of the access control programming message, wherein the message digest function is computed using a session key, and wherein validating the access control programming message comprises validating the session key using an intermediate output of the message digest function; and control, using the access control data item, access by an initiator device to a target device. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
15. A system-on-chip (SoC), comprising:
an access control unit comprising a key register for storing a key value and a secure memory for storing access control data, the access control unit to; receive a session key and a session key signature; validate the session key by comparing the session key signature with a value of a message digest function of the session key, wherein the message digest function is computed using the key value stored by the key register; receive an access control programming message comprising an access control data item and an access control data item signature; validate the access control programming message by comparing the access control data item signature with a value of the message digest function of contents of the access control programming message, wherein the message digest function is computed using the session key; store the access control data item in the secure memory; and control, using the access control data item, access by an initiator device to a target device. - View Dependent Claims (16, 17, 18, 19, 20)
-
21. A method, comprising:
-
receiving, by an access control unit of a system-on-chip (SoC), a message comprising an access control data item; validating the message using a value of a message digest function of contents of the message and a value of a state variable reflecting a state of communications between the access control unit and a programming agent that has initiated the message, wherein the value of the state variable is derived from a previous value of the message digest function calculated within a current communication session between the access control unit and the programming agent; updating the state variable using the value of the message digest function of the contents of the message; and controlling, using the access control data item, access by an initiator device to a target device. - View Dependent Claims (22, 23, 24)
-
-
25. A method, comprising:
-
receiving, by an access control unit of a system-on-chip (SoC), an access control programming message comprising an access control data item; validating the access control programming message using a value of a message digest function of contents of the access control programming message, wherein the message digest function is computed using a session key, and wherein validating the access control programming message comprises validating the session key using an intermediate output of the message digest function; and controlling, using the access control data item, access by an initiator device to a target device. - View Dependent Claims (26, 27, 28, 29, 30)
-
-
31. A method, comprising:
-
receiving, by an access control unit of a system-on-chip (SoC), a session key and a session key signature; validating the session key by comparing the session key signature with a value of a message digest function of the session key, wherein the message digest function is computed using the key value stored by a key register; receiving an access control programming message comprising an access control data item and an access control data item signature; validating the access control programming message by comparing the access control data item signature with a value of the message digest function of contents of the access control programming message, wherein the message digest function is computed using the session key; controlling, using the access control data item, access by an initiator device to a target device. - View Dependent Claims (32, 33, 34, 35, 36)
-
Specification