Programmable ordering and prefetch
US-9569362-B2 · Feb 14, 2017 · US
Programmable validation of transaction requests
US10013385B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10013385-B2 |
| Application number | US-201414540175-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 13, 2014 |
| Priority date | Nov 13, 2014 |
| Publication date | Jul 3, 2018 |
| Grant date | Jul 3, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A data processor includes an input/output bridge that provides enforcement of a security status on transactions between devices across the bridge. The bridge includes circuitry to parse a received request to obtain one or more identifiers, and compare the identifiers against one or more programmable lookup tables. Based on this comparison, the bridge can determine the security status of the transaction, as well as selectively forward the transaction based on the security status.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of controlling access, comprising: receiving a request from a processor to access at least one of a plurality of devices; parsing an address portion of the request to obtain a bus identifier, a device identifier, and a function identifier; comparing at least one of the bus identifier and the device identifier against a bus table and a device table, respectively, to determine a first security status; comparing the function identifier against a function table to determine a second security status, the second security status indicating whether the function identifier corresponds to a class of secure functions; comparing the first security status against the second security status; and selectively forwarding the request to the at least one of the plurality of devices based on whether the first security status matches the second security status. 2. The method of claim 1 , wherein the processor is an ARM processor. 3. The method of claim 1 , wherein the request includes a Peripheral Component Interconnect (PCI) transaction. 4. The method of claim 3 , wherein selectively forwarding the request includes transmitting the PCI transaction via a PCI bus. 5. The method of claim 1 , wherein selectively forwarding the request includes denying the request in response to detecting a mismatch between at least two of the bus identifier, the device identifier, and the function identifier. 6. The method of claim 1 , wherein selectively forwarding the request includes denying the request in response to detecting a mismatch between at least one of the bus identifier, a device identifier, and a function identifier and at least one of the bus table, device table and function table. 7. The method of claim 1 , wherein the bus identifier indicates a given path at which the request is to be forwarded to the at least one of the plurality of devices. 8. The method of claim 7 , wherein the bus table indicates a security status of the given path, the security status being secure or non-secure. 9. The method of claim 8 , wherein selectively forwarding the request includes denying the request in response to a mismatch between the security status and a status of at least one of the device identifier and the function identifier indicated by the device table and function table, respectively. 10. The method of claim 1 , wherein the device identifier indicates the at least one of the plurality of devices. 11. A circuit for controlling access, comprising: a first port configured to receive a request from a processor to access at least one of a plurality of devices, the request including a bus identifier, a device identifier, and a function identifier; a second port configured to connect to the plurality of devices via a bus; a memory storing a bus table, a device table, and a function table; and a control circuit configured to: compare at least one of the bus identifier and the device identifier against the bus table and the device table, respectively, to determine a first security status; compare the function identifier against the function table to determine a second security status, the second security status indicating whether the function identifier corresponds to a class of secure functions; compare the first security status against the second security status; and selectively forward the request to the at least one of the plurality of devices based on whether the first security status matches the second security status. 12. The circuit of claim 11 , wherein the processor is an ARM processor. 13. The circuit of claim 11 , wherein the request includes a Peripheral Component Interconnect (PCI) transaction. 14. The circuit of claim 13 , wherein the control circuit is further configured to transmit the PCI transaction via a PCI bus. 15. The circuit of claim 11 , wherein the control circuit is further configured to deny the request in response to detecting a mismatch between at least two of the bus identifier, the device identifier, and the function identifier. 16. The circuit of claim 11 , wherein the control circuit is further configured to deny the request in response to detecting a mismatch between at least one of the bus identifier, a device identifier, and a function identifier and at least one of the bus table, device table and function table. 17. The circuit of claim 11 , wherein the bus identifier indicates a given path at which the request is to be forwarded to the at least one of the plurality of devices. 18. The circuit of claim 17 , wherein the bus table indicates a security status of the given path, the security status being secure or non-secure. 19. The circuit of claim 18 , wherein the control circuit is further configured to deny the request in response to a mismatch between the security status and a status of at least one of the device identifier and the function identifier indicated by the device table and function table, respectively. 20. The circuit of claim 11 , wherein the device identifier indicates the at least one of the plurality of devices.
Assignees
Inventors
Classifications
- G06F13/4221Primary
being an input/output bus, e.g. ISA bus, EISA bus, PCI bus, SCSI bus · CPC title
by securing the transmission between two devices or processes · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10013385B2 cover?
- A data processor includes an input/output bridge that provides enforcement of a security status on transactions between devices across the bridge. The bridge includes circuitry to parse a received request to obtain one or more identifiers, and compare the identifiers against one or more programmable lookup tables. Based on this comparison, the bridge can determine the security status of the tra…
- Who is the assignee on this patent?
- Cavium Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F13/4221. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 03 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).