WO2009156882A1 - System on chip system and method to operate the system - Google Patents

System on chip system and method to operate the system Download PDF

Info

Publication number
WO2009156882A1
WO2009156882A1 PCT/IB2009/052197 IB2009052197W WO2009156882A1 WO 2009156882 A1 WO2009156882 A1 WO 2009156882A1 IB 2009052197 W IB2009052197 W IB 2009052197W WO 2009156882 A1 WO2009156882 A1 WO 2009156882A1
Authority
WO
WIPO (PCT)
Prior art keywords
interaction
guard
chip
processor systems
processor
Prior art date
Application number
PCT/IB2009/052197
Other languages
French (fr)
Inventor
Paul Spaanderman
Gert Josef Elisa Copejans
Original Assignee
Nxp B.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nxp B.V. filed Critical Nxp B.V.
Publication of WO2009156882A1 publication Critical patent/WO2009156882A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/76Architectures of general purpose stored program computers
    • G06F15/78Architectures of general purpose stored program computers comprising a single central processing unit
    • G06F15/7839Architectures of general purpose stored program computers comprising a single central processing unit with memory
    • G06F15/7842Architectures of general purpose stored program computers comprising a single central processing unit with memory on one IC chip (single chip microcontrollers)

Definitions

  • This invention relates to a System on Chip system comprising two or more Processor Systems interacting with each other.
  • a first Processor System has the functionality of a motor controller device and interacts via different sensors with the motor.
  • the second Processor System implements the functionality of a hi-fi system and can be influenced via different manual control elements by a user.
  • the volume of the hi-fi system could be influenced by the motor speed so that the Processor Systems have to interact with each other or that data are exchanged.
  • US 7,093,288 Bl is known the usage of packet filters and network virtualization to restrict network communication.
  • a network mediator includes a set of one or more filters with parameters which can be compared to corresponding parameters of a data packet which shall pass through the network mediator either from or to a computing device itself. Which form of data exchange or interaction within the computing device is fulfilled is not influenced by the filters or the network mediator.
  • the GB 2386804 A discloses communication network node access switches. Additional components are introduced into a network which operate as a communication diode. These components serve as a firewall for uncontrolled node failures so that in case of a defect not the whole network fails. Controlling data exchanged during a normal operation is not influenced.
  • the core of the invention lies in the fact that a free interaction and/or data transfer between different areas of the System on Chip system or between its Processor Systems respectively is prohibited in a controlled way with the aid of an Interaction Guard.
  • an Interaction Guard In modern System on Chip systems it is the desired capability to exchange data easily between different processors to achieve a benefit for the system. But by introducing an additional Interaction Guard a situation of separation of concerns is created that allows the development and re-use from either area or Processor System to happen with minimal impact to the integrity of each other component or the whole system itself.
  • this Interaction Guard can be implemented by a person skilled in the art in different ways, preferably as described as following. In the most simple embodiment the Interaction Guard or an Interaction Guard function will let no signal or data pass from one Processor System to another or it will allow all signals and data to travel freely between different Processor Systems.
  • the different Processor Systems may be developed individually by different research teams whereas they know that their development work will not be invalidated by events occurring at the other side of the Interaction Guard or the Interaction Guard function.
  • one Processor System could be a CAN control (Controller Area Network) to control all relevant functions of a car and the other Processor System is a car hi-fi system whereas the two Processor Systems do not influence each other through undesired data or information exchange which is controlled by an Interaction Guard.
  • CAN control Controller Area Network
  • the two Processor Systems do not influence each other through undesired data or information exchange which is controlled by an Interaction Guard.
  • an Interaction Guard without raising the complexity of the whole system to much. It is obvious that there can be implemented one single Interaction Guard to control all communications between two, three or more Processor Systems or that for each pair a respective Interaction guard is implemented, with four processor Systems this would be six Interaction guards.
  • Interaction Guard a free interaction and data transfer between the different areas or Processor Systems of the System on Chip system is prohibited in a controlled way to distinguish trust or secure zones from non trusted or non secure zones.
  • the Interaction Guard is implemented in a hardware of the System on Chip system. This offers maximum protection for controlling the data transfer because modifications of the Interaction Guard in order to make data transfer easier require a modification of the hardware of the integrated circuit itself which is virtually excluded.
  • the Interaction Guard is implemented around a single point in the System on Chip system, for example in form of a filter that evaluates the incoming messages or data prior to passing to the other component of the System on Chip system.
  • Interaction Guard could be implemented distributed over the whole system within its hardware to allow more complex interactions. Of course this kind of implementation is more difficult to achieve but at the end more performance implementation may be achieved.
  • the Interaction Guard is implemented within a software of the System on Chip system in order to reach a higher flexibility by changing different parameters of the software. So data exchange between different components can be made easier or more difficult.
  • Interaction Guard may be implemented in the Hardware and the software as well.
  • the Interaction Guard can be operated by a remote control. By this the degree of data or information exchange between different Processor Systems can be adjusted as required.
  • FIG 1 is depicted a System on Chip system 100 comprising in this embodiment two Processor Systems 1, 2 which interact each other as indicated by the connecting lines.
  • Each Processor System 1, 2 is allotted to a respective interaction area 4, 5 in order to communicate for example with a user of the System on Chip systemlOO or further sensors.
  • the Processor System 1 could implement the functionalities of a motor control device and interacts via its interaction area 4 with different sensors like a motor speed sensor.
  • the Processor System 2 implements the functionality of a car hi-fi system and can be controlled by a user via its dedicated interaction area 5, maybe an operating element for the volume.
  • System on Chip systemlOO comprises an Interaction Guard 3 which can be embodied in the hardware and/or in the software of the System on Chip system 100.
  • Interaction Guard 3 an exchange of data and/or information between different Processor System 1, 2 is controlled in order to achieve a separation of concerns of the different Processor Systems 1, 2.
  • SoC System on Chip system

Abstract

A System on Chip system (100) comprises two or more Processor Systems (1, 2) interacting with each other. In order to augment the reliability of the System (100) the interaction between the Processor Systems (1, 2) is controllable by an Interaction Guard (3). Further a method for the operation of such a System (100) is disclosed.

Description

SYSTEM ON CHIP SYSTEM AND METHOD TO OPERATE THE SYSTEM
FIELD OF THE INVENTION
This invention relates to a System on Chip system comprising two or more Processor Systems interacting with each other.
BACKGROUND OF THE INVENTION
Especially in the technical field of automotive engineering the interaction between different electrical and electronical components becomes more and more relevant. For example a hands free set for a mobile phone has to interact with a car hi-fi system in order to mute the system in case of an incoming or outgoing telephone call. Most of these infotainment devices have been developed and designed without the consideration of certain demands in automotive engineering.
Nowadays mostly all functions of a car are controlled via a data bus and a central control device. It is obvious that the functions of the car should not be influenced by further systems or devices namely infotainment devices.
Further it is known that more and more electronic functionalities are consolidated and integrated within so called System on Chip systems which comprise two or more Processor Systems for the implementation of different functionalities respectively. For example a first Processor System has the functionality of a motor controller device and interacts via different sensors with the motor. The second Processor System implements the functionality of a hi-fi system and can be influenced via different manual control elements by a user. In this case the volume of the hi-fi system could be influenced by the motor speed so that the Processor Systems have to interact with each other or that data are exchanged. From the US 7,093,288 Bl is known the usage of packet filters and network virtualization to restrict network communication. Therefore a network mediator includes a set of one or more filters with parameters which can be compared to corresponding parameters of a data packet which shall pass through the network mediator either from or to a computing device itself. Which form of data exchange or interaction within the computing device is fulfilled is not influenced by the filters or the network mediator. Further the GB 2386804 A discloses communication network node access switches. Additional components are introduced into a network which operate as a communication diode. These components serve as a firewall for uncontrolled node failures so that in case of a defect not the whole network fails. Controlling data exchanged during a normal operation is not influenced.
OBJECT AND SUMMARY OF THE INVENTION
It is an object of the invention to provide a System on Chip system fulfilling different functionalities whereas uncontrolled behavior of the different Processor Systems through intricate interactions between them is avoided. Further a method for operating such a System on Chip system shall be indicated.
These problems are solved with a system as described in claim 1 and a method as described in claim 6 respectively. The core of the invention lies in the fact that a free interaction and/or data transfer between different areas of the System on Chip system or between its Processor Systems respectively is prohibited in a controlled way with the aid of an Interaction Guard. In modern System on Chip systems it is the desired capability to exchange data easily between different processors to achieve a benefit for the system. But by introducing an additional Interaction Guard a situation of separation of concerns is created that allows the development and re-use from either area or Processor System to happen with minimal impact to the integrity of each other component or the whole system itself.
Within the scope of the invention this Interaction Guard can be implemented by a person skilled in the art in different ways, preferably as described as following. In the most simple embodiment the Interaction Guard or an Interaction Guard function will let no signal or data pass from one Processor System to another or it will allow all signals and data to travel freely between different Processor Systems.
By controlling the interaction between different Processor Systems with an Interaction Guard the different Processor Systems may be developed individually by different research teams whereas they know that their development work will not be invalidated by events occurring at the other side of the Interaction Guard or the Interaction Guard function. For example one Processor System could be a CAN control (Controller Area Network) to control all relevant functions of a car and the other Processor System is a car hi-fi system whereas the two Processor Systems do not influence each other through undesired data or information exchange which is controlled by an Interaction Guard. Further it is possible to implement such an Interaction Guard without raising the complexity of the whole system to much. It is obvious that there can be implemented one single Interaction Guard to control all communications between two, three or more Processor Systems or that for each pair a respective Interaction guard is implemented, with four processor Systems this would be six Interaction guards.
With this Interaction Guard a free interaction and data transfer between the different areas or Processor Systems of the System on Chip system is prohibited in a controlled way to distinguish trust or secure zones from non trusted or non secure zones. In a first preferred embodiment the Interaction Guard is implemented in a hardware of the System on Chip system. This offers maximum protection for controlling the data transfer because modifications of the Interaction Guard in order to make data transfer easier require a modification of the hardware of the integrated circuit itself which is virtually excluded.
For this hardware embodiment it is proposed that the Interaction Guard is implemented around a single point in the System on Chip system, for example in form of a filter that evaluates the incoming messages or data prior to passing to the other component of the System on Chip system. When no other link between the two Processor Systems is physically available the proper controlling of data exchange is secured.
Further the Interaction Guard could be implemented distributed over the whole system within its hardware to allow more complex interactions. Of course this kind of implementation is more difficult to achieve but at the end more performance implementation may be achieved.
In a second preferred embodiment the Interaction Guard is implemented within a software of the System on Chip system in order to reach a higher flexibility by changing different parameters of the software. So data exchange between different components can be made easier or more difficult.
It is to understand that the Interaction Guard may be implemented in the Hardware and the software as well.
In order to adjust the System on Chip system with an additional Interaction Guard to different needs or modes of operation the Interaction Guard can be operated by a remote control. By this the degree of data or information exchange between different Processor Systems can be adjusted as required.
BRIEF DESCRIPTION OF THE DRAWINGS An embodiment of the invention is hereinafter described with reference to the according drawing. The only figure shows a schematic view of a system according to the invention. DESCRIPTION OF EMBODIMENTS
In figure 1 is depicted a System on Chip system 100 comprising in this embodiment two Processor Systems 1, 2 which interact each other as indicated by the connecting lines. Each Processor System 1, 2 is allotted to a respective interaction area 4, 5 in order to communicate for example with a user of the System on Chip systemlOO or further sensors.
For example the Processor System 1 could implement the functionalities of a motor control device and interacts via its interaction area 4 with different sensors like a motor speed sensor. The Processor System 2 on the other hand implements the functionality of a car hi-fi system and can be controlled by a user via its dedicated interaction area 5, maybe an operating element for the volume.
Further the System on Chip systemlOO comprises an Interaction Guard 3 which can be embodied in the hardware and/or in the software of the System on Chip system 100.
With this Interaction Guard 3 an exchange of data and/or information between different Processor System 1, 2 is controlled in order to achieve a separation of concerns of the different Processor Systems 1, 2.
By such an architecture the integration of different Processor Systems 1, 2 is simplified because what ever happens at one side of the Interaction Guard 3 will have no or only little effect on the integrity of the other side of the Interaction Guard 3. For example a car crash, security attacks or a misbehaving content is contained within the Processor System 2 representing an infotainment system and will have no adverse effect on the other Processor System 1 representing for example a CAN-bus.
LIST OF REFERENCES:
1. Processor System
2. Processor System
3. Interaction Guard
4. interaction area
5. interaction area
100. System on Chip system (SoC)

Claims

CLAIMS:
1. System on Chip System (100) comprising two or more Processor Systems (1, 2) interacting with each other, characterized in that the interaction between the Processor Systems (1, 2) is controllable by an Interaction Guard (3).
2. System (100) according to claim 1, characterized in that the Interaction Guard (3) is implemented in a hardware of the System (100).
3. System (100) according to claim 2, characterized in that the Interaction
Guard (3) is implemented around a single point in the System (100) or is distributed over the System (100).
4. System (100) according to claim 1, characterized in that the Interaction Guard (3) is implemented in a software of the System (100).
5. System (100) according to one of the claims 1 to 4, characterized in that the Interaction Guard (3) is controllable by a remote control.
6. Method to operate a System on Chip system (100) whereas this System (100) comprises two or more Processor Systems (1, 2) interacting with each other, characterized in that the interaction between the Processor Systems (100) is controlled by an Interaction Guard (3).
7. Method according to claim 6, characterized in that the Interaction Guard (3) is implemented in a hardware of the System (100).
8. Method according to claim 7, characterized in that the Interaction Guard (3) is implemented around a single point in the System (100) or is distributed over the System (100).
9. Method according to claim 6, characterized in that the Interaction Guard (3) is implemented in a software of the System (100).
10. Method according to one of the claims 6 to 9, characterized in that the
Interaction Guard (3) is controlled by a remote control.
PCT/IB2009/052197 2008-06-25 2009-05-26 System on chip system and method to operate the system WO2009156882A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP08104542 2008-06-25
EP08104542.9 2008-06-25

Publications (1)

Publication Number Publication Date
WO2009156882A1 true WO2009156882A1 (en) 2009-12-30

Family

ID=41064582

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2009/052197 WO2009156882A1 (en) 2008-06-25 2009-05-26 System on chip system and method to operate the system

Country Status (1)

Country Link
WO (1) WO2009156882A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5957985A (en) * 1996-12-16 1999-09-28 Microsoft Corporation Fault-resilient automobile control system
US6360152B1 (en) * 1999-03-31 2002-03-19 Mitsubishi Denki Kabushiki Kaisha Vehicle-control communication system
US20040251742A1 (en) * 2001-06-06 2004-12-16 Holger Runge Bus station in a vehicle

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5957985A (en) * 1996-12-16 1999-09-28 Microsoft Corporation Fault-resilient automobile control system
US6360152B1 (en) * 1999-03-31 2002-03-19 Mitsubishi Denki Kabushiki Kaisha Vehicle-control communication system
US20040251742A1 (en) * 2001-06-06 2004-12-16 Holger Runge Bus station in a vehicle

Similar Documents

Publication Publication Date Title
DE10000997B4 (en) Electronic control system
KR101879014B1 (en) Connecting node for a communication network
EP2832070B1 (en) Device for protecting a vehicle electronic system
JP4828798B2 (en) Electronics
KR20150024710A (en) Method and apparatus on the basis of Automotive Open System Architecture
JP2017079461A (en) Flexible deterministic communication network
KR20150119891A (en) Method and device for connecting a diagnostic unit to a control unit in a motor vehicle
JP4103623B2 (en) In-vehicle control device
JP2016163348A (en) One-way gateway, vehicle network system and method for protecting network within vehicle using one-way gateway
Corbett et al. Automotive Ethernet: Security opportunity or challenge?
KR20150141948A (en) Method and terminal device for secure access code entry
KR101967144B1 (en) Apparatus for communication security for vehicle
CN109532725A (en) A kind of onboard system
JP2006304034A (en) Mobile telephone system, mobile telephone terminal, and transmission device
CN106506583B (en) Method and system for wireless data transmission of vehicle computing system
CN113728319A (en) Method and configurable hardware module for monitoring hardware applications
JP6036569B2 (en) Security equipment
US11106612B2 (en) Coordinating operations of multiple communication chips via local hub device
WO2009156882A1 (en) System on chip system and method to operate the system
US9876802B2 (en) Multi-mode computer with selector
US11576047B2 (en) Device, system, and method for cyber isolating mobility systems when a vehicle is in motion
JP2002152244A (en) In-vehicle gateway and on-vehicle device
JP5117516B2 (en) Electronic device and communication module
JP5299261B2 (en) Electronic control unit
CN114946159A (en) Method for monitoring communication on a communication bus, electronic device for connection to a communication bus, and central monitoring device for connection to a communication bus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09769692

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09769692

Country of ref document: EP

Kind code of ref document: A1