JP2007065963A - Data transfer system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a data transfer system whose security is reinforced. <P>SOLUTION: The data transfer system is provided with: a first data processing part (101) for performing arithmetic processing according to a first program; a second data processing part (105) for performing arithmetic processing according to a second program; a first memory (104) for performing access by the first data processing part; a second memory (106) for performing access by the second data processing part; and a DMA controller (301) for operating DMA transfer from the first memory to the second data processing part. Then, the first program is stored so as to be executable by the first processing part, and the second program is stored in an encrypted status in the first memory. The rewriting of the second program in the second memory is made possible by the DMA transfer. The second program in the first memory is encrypted, so that security is reinforced. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a data transfer technique, for example, a technique effective when applied to a data processing apparatus that enables DMA (direct memory access) transfer.

  The DMA controller realizes data transfer at a higher speed than a CPU (central processing unit) transfers based on program control, and is therefore often used in a system that frequently transfers data. A technique (for example, see Patent Document 1) is known in which DMA transfer in different transfer modes can be automatically performed without intervention of a CPU so as to increase the system operation speed.

  Also, a processing technique such as code conversion / encryption for a multimedia signal (see, for example, Patent Document 2) is known.

JP 7-21118 A JP 2000-286898 A

  In systems that handle multimedia signals, a digital signal processor (DSP) may be incorporated. The capacity of the program memory and data memory of the DSP is limited, and it is desirable to make it as small as possible. Therefore, taking a program as an example, it is common to store a program that cannot be stored in the program memory in a main memory that is inexpensive and highly integrated, and to operate the DSP by repeatedly rewriting the contents of the program memory. It is. This main memory is configured so that the main CPU of the system can also be connected. The present inventor has revealed that in such a configuration, a malicious person may control the main CPU to read and decode the DSP program stored in the main memory.

  An object of the present invention is to provide a data transfer system with enhanced security.

  Another object of the present invention is to provide a data transfer system that can enhance data security and efficiently transfer data with a minimum circuit scale.

  The above and other objects and novel features of the present invention will be apparent from the description of this specification and the accompanying drawings.

  The following is a brief description of an outline of typical inventions disclosed in the present application.

  That is, a first data processing unit that can perform arithmetic processing according to the first program, a second data processing unit that can perform arithmetic processing according to a second program different from the first program, and a first data processing unit that can be accessed by the first data processing unit. 1 memory, a second memory accessible by the second data processing unit, and a DMA controller capable of DMA transfer from the first memory to the second data processing unit are provided. The first memory stores the first program in a state that can be executed by the first data processing unit, and stores the second program in an encrypted state.

  According to the above means, the first memory stores the first program in a state executable by the first data processing unit, and stores the second program in an encrypted state. Therefore, the second program cannot be monitored from the first data processing unit. This achieves enhanced security of the second program.

  At this time, the DMA controller can have a function of decrypting the encrypted second program. In this case, when the encrypted data is stored in the transfer source area and the plain text data is transmitted to the transfer destination, if a DMA controller having a function of decrypting the second program is used, the DMA channel to be used is 1 Channels are sufficient, and the latency that occurs during transfer can be minimized. For example, compared to the case where two DMA channels are used, the amount is approximately halved. The same applies when plaintext data is encrypted and transmitted to the transfer destination, and the data throughput is doubled.

  The DMA controller includes a first register capable of storing a transfer source address, a second register capable of storing a transfer destination address, and data stored in an area specified by the transfer source address stored in the first register. An area specified by a transfer destination address stored in the second register, wherein the second program decrypted by the encryption processing circuit is included. DMA transfer can be configured.

  Data transfer between the first data processing unit, the first memory, the first bus enabling data transfer between the DMA controller, and the DMA controller and the second data processing circuit is possible. And the second program decrypted by the encryption processing circuit is DMA-transferred to the second data processing circuit via the second bus. With this configuration, since the first data processing unit cannot be connected to the second bus, the decrypted second program cannot be read, and the system security is improved. be able to.

  A media signal encoding device capable of encoding an input media signal, wherein the DMA controller encrypts the media signal encoded by the media signal encoding device by the encryption processing circuit and then the first memory; It can be configured to transfer to DMA.

  And a media signal decoding device capable of decoding the encoded media signal, wherein the DMA controller decrypts the encrypted media signal in the first memory and then sends the encrypted media signal to the media signal decoding device. It can be configured to perform DMA transfer.

  The effects obtained by the representative ones of the inventions disclosed in the present application will be briefly described as follows.

  That is, a data transfer system with enhanced security can be provided.

<Embodiment 1>
2 and 3 show a data processing apparatus to which the data transfer system according to the present invention is applied.

  The data processing apparatus shown in FIG. 2 includes a CPU 101 that controls the entire system based on a program, a DMA controller 102 that handles data transfer, an encryption processing circuit 103 that performs encryption or decryption, and a main memory 104. . Also, a DSP (digital signal processor) 105 that performs signal processing based on a program, a program memory 106 that stores a program that the DSP 105 fetches and performs signal processing, and a temporary processing when the DSP 105 performs signal processing. In particular, a data memory 107 for storing data, a peripheral circuit 108 for performing predetermined signal processing, and a bus 109 are provided. The DMA controller 102, the cryptographic processing circuit 103, the main memory 104, the DSP 105, and the peripheral circuit 108 are coupled by a bus 109 so that data can be exchanged with each other.

  The bus 109 includes a data bus and an address bus. The capacity of the program memory 106 and the data memory 107 of the DSP 105 is limited, and it is desirable to make it as small as possible. Therefore, taking a program as an example, a program that cannot be stored in the program memory 106 is stored in advance in the main memory 104 that is inexpensive and can be highly integrated, and the contents of the program memory 106 are rewritten to operate the DSP 105. Is normal. A feature of the present invention is that data is encrypted from the viewpoint of security in order to store most of the programs required by the DSP 105 in the main memory 104.

  The CPU 101 or DSP 105 sets DMA parameters for operating the DMA controller 102 through the bus 109. The DMA parameter is an initial setting value necessary for DMA transfer, such as a transfer source address, a transfer destination address, and a transfer count of a DMA channel to be activated. Here, it is assumed that DMA channel 0 and DMA channel 1 are set. The DMA controller 102 activates the DMA channel 0 and receives data stored in the main memory 104 via the bus 109. The data is obtained by encrypting the program data of the DSP 105, and is transmitted to the encryption processing circuit 103 in order to decrypt it.

  The cryptographic processing circuit 103 decrypts the encrypted program data and holds it inside. The DMA controller 102 also activates the DMA channel 1, accesses the cryptographic processing circuit 103 and receives the program data so that there is no hindrance to the transfer of the DMA channel 0. The data is plain text that can be fetched and decoded by the DSP 105 without special processing, and is transmitted to the program memory 106 via the DSP 105. The DSP 105 performs signal processing based on a program stored in the program memory 106.

  In addition to the method using a plurality of DMA channels as described above, there is a method using only one channel. In this case, the DMA transfer performed by the DMA channel 1 is realized after the transfer of the DMA channel 0 is completely completed. The DMA controller 102 activates the DMA channel 0 and receives data stored in the main memory 104 via the bus 109. The data is obtained by encrypting the program data of the DSP 105, and is transmitted to the encryption processing circuit 103 in order to decrypt it. The cryptographic processing circuit 103 decrypts the encrypted program data and holds it inside. This processing is performed a predetermined number of times, and plaintext programs are stored in the buffer of the cryptographic processing circuit 103 as needed. A plain text program may be automatically written in the main memory 104 or the like. When the predetermined number of times of processing is completed and DMA channel 0 transfer is completed, a necessary value is set again for DMA channel 0, and the plaintext program stored in the buffer of the cryptographic processing circuit 103 is transferred to the DMA controller 102. To the DSP 105. This can be realized by performing such processing a predetermined number of times. When the plain text program is stored in the main memory 104 or the like, the program is transferred from the main memory 104 to the DMA controller 102 and transferred to the DSP 105.

  FIG. 3 shows a detailed configuration of the DMA controller 102 in FIG.

  The bus 109 includes an address bus 209 that enables the transfer of address signals and a data bus 210 that enables the transfer of data. The DMA controller 102 controls a source address register 201 that stores a transfer source address for each DMA channel, a destination address register 202 that stores a transfer destination address for each DMA channel, and a source address register 201 and a destination address register 202. The address control circuit 204 that performs the transfer, the transfer count register 203 that stores the transfer count for each DMA channel, the transfer count control circuit 205 that controls the transfer count register 203, and the data read from the transfer source memory 211 are temporarily stored. A data latch circuit 206, a DMA information register 208 that stores a plurality of information related to DMA transfer, and a DMA information control circuit 207 that controls DMA transfer based on the DMA information stored in the DMA information register 208 In constructed. The DMA information control circuit 207 controls, for example, the DMA channel to be activated. Hereinafter, a case where the DMA channel 0 is activated and data in the transfer source memory 211 is transferred to the transfer destination memory 212 will be described. Although not particularly limited, the transfer source memory 211 corresponds to the main memory 104, and the transfer destination memory 212 is a memory built in the encryption processing circuit 103.

  When DMA channel 0 is activated by the DMA information control circuit 207 based on the DMA information in the DMA information register 208, the address control circuit 204 selects the transfer source address (SAR0) of the DMA channel 0 from the source address register 201, and the address Output to the bus 209. The transfer source memory 211 outputs the data stored at the address to the data bus 210. The data is temporarily stored in the data latch circuit 206. The address control circuit 204 selects the transfer destination address (DAR0) of the DMA channel 0 from the destination address register 202 and outputs it to the address bus 209. At the same time, the data latch circuit 206 outputs the temporarily stored data to the data bus 210. The transfer destination memory 212 stores the data in an area specified by the address. Through this series of operations, the transfer count control circuit 205 subtracts 1 from the transfer count (TCR0) of the DMA channel 0 stored in the transfer count register 203 and updates it. Similarly, the address control circuit 204 updates SAR0 and DAR0 based on a predetermined method. The DMA controller 102 repeats the above operation and performs DMA transfer until TCR0 becomes 0. In order to realize transfer different from the DMA information of DMA channel 0 including the transfer source, transfer destination, etc., normally, another DMA channel is used, or another transfer is instructed after TCR0 becomes 0, and the DMA channel is renewed. It is necessary to start 0.

  The latency that occurs in one DMA transfer in which TCR0 is decremented by 1 is at least the time from when the DMA controller 102 accesses the transfer source memory 211 until it receives data, and the data is latched and transferred to the transfer destination memory 212. And the time required to output the address and data to the address bus and data bus, respectively.

  As described above, by encrypting the program for the DSP 105 and storing it in the main memory 104, security can be enhanced.

<Embodiment 2>
FIG. 1 shows another configuration example of a data processing apparatus to which the data transfer system according to the present invention is applied.

  In the system as shown in FIG. 2, since it is necessary to use two of the limited DMA channel resources, the activation program becomes complicated and the latency generated in the transfer increases. Even if the DMA channel is only one channel, it is necessary to start the DMA controller twice for data transfer for decryption and plaintext transfer after the decryption is completed. Complicated and increased latency in transfer. This becomes more conspicuous when performing DMA transfer repeatedly, as represented by DSP program replacement, or when there are a plurality of memories or peripheral circuits to which the decoded data is to be transferred. Further, when the plaintext decrypted by the encryption processing circuit is transmitted to a desired transfer destination, the plaintext may remain in the memory via the main bus, so that the CPU 101 may read the plaintext. This embodiment is intended to solve the problems newly found by such inventors.

  This apparatus includes a DMA controller 301 with a cryptographic function, a CPU 101, a main memory 104, a DSP 105, a program memory 106 of the DSP 105, a data memory 107 of the DSP 105, and a peripheral circuit 108, and a single crystal silicon substrate by a known semiconductor integrated circuit manufacturing technique. Formed on one semiconductor substrate. The cryptographic function built-in DMA controller 301, CPU 101, main memory 104, DSP 105, and peripheral circuit 108 are coupled to each other via a bus 109 so that data can be exchanged. The bus 109 includes a data bus and an address bus. Here, the CPU 101 is an example of a first data processing unit in the present invention, and the DSP 105 is an example of a second data processing unit in the present invention. The main memory 104 corresponds to the first memory in the present invention, and the program memory 106 corresponds to the second memory in the present invention.

  The CPU 101 instructs parameter setting for starting the encryption function built-in DMA controller 301 based on a predetermined program, and controls the entire system. The program memory 106 is a memory for storing a program for the DSP 105 to execute signal processing, and the data memory 107 is a memory for temporarily holding data processed by the DSP 105 based on the program. The main memory 104 stores a large-capacity program for the DSP 105 to execute signal processing, and stores data required by the peripheral circuit 108. In this example, it is assumed that the program stored in the main memory 104 is encrypted by an encryption method that can be decrypted by the encryption processing circuit 103, and stores a program larger than the program capacity that can be stored in the program memory 106. .

  Hereinafter, the operation of decrypting the encrypted program of the DSP 105 stored in the main memory 104 and transferring it to the program memory 106 will be described, and the operation of replacing the stored contents of the program memory 106 by repeating the same operation will be described. .

  The CPU 101 or the DSP 105 sets a DMA parameter for operating the DMA function built-in DMA controller 301 through the bus 109. The DMA parameter is an initial setting value for DMA transfer, such as the SAR 201, the DAR 202, the TCR 203, and the DMA information register 208. When the cryptographic function built-in DMA controller 301 is activated, the cryptographic function built-in DMA controller 301 accesses the main memory 104 via the bus 109 and receives the program data of the DSP 105 encrypted via the bus 109. The received data is input to a cryptographic processing circuit 103 in a cryptographic function built-in DMA controller, which will be described later, is decrypted by a predetermined algorithm, and is held therein. In accordance with an instruction from the DMA information control circuit 207 in the encryption function built-in DMA controller as will be described later, data held in the encryption processing circuit 103 is output and stored in the program memory 106 via the DSP 105. The DSP 105 fetches plain text program data stored in the program memory 106 and performs predetermined signal processing based on the program. After performing predetermined signal processing, the DSP 105 sets a DMA transfer parameter for starting the encryption function built-in DMA controller, and starts the DMA. The CPU 101 may set the DMA transfer parameter. When the cryptographic function built-in DMA controller 301 is activated, the contents of the program memory are updated through the above-described process, and the DSP 105 resumes signal processing based on the updated program. By repeating the above operation, the DSP 105 can perform predetermined signal processing even when the program memory 106 is small.

  FIG. 4 shows a configuration example of the above-described encryption function-containing DMA controller 301.

  A significant difference between the DMA controller 301 with a cryptographic function shown in FIG. 4 and the DMA controller 102 shown in FIG. 3 is that it has a cryptographic processing circuit 103 instead of the data latch circuit 206. The encryption processing circuit 103 has a data encryption processing function and a decryption processing function of encrypted data. The bus 109 includes an address bus 209 and a data bus 210. Address bus 209 is coupled to address control circuit 204, and data bus 210 is coupled to cryptographic processing circuit 103.

  A case will be described in which encrypted data is stored in the transfer source memory 211, decrypted within the DMA controller 301 with a built-in encryption function, and plain text data is transferred to the transfer destination memory 212. Although not particularly limited, the transfer source memory 211 in FIG. 4 corresponds to the main memory 104, and the transfer destination memory 212 is a memory arranged in the DSP 105 or its periphery.

  Similar to the DMA controller 102 shown in FIG. 3, when the DMA information control circuit 207 activates, for example, the DMA channel 0 based on the DMA information in the DMA information register 208, the address control circuit 204 starts from the source address register 201 to the DMA channel. A transfer source address (SAR0) of 0 is selected and output to the address bus 209. The transfer source memory 211 outputs the data stored at the address to the data bus 210. The data is received by the cryptographic processing circuit 103. The cryptographic processing circuit 103 decrypts received data based on a predetermined algorithm such as DES encryption, and holds plaintext data therein. The address control circuit 204 selects the transfer destination address (DAR0) of the DMA channel 0 from the destination address register 202 and outputs it to the address bus 209. At the same time, the encryption processing circuit 103 outputs the stored plaintext data to the data bus 210. In the transfer destination memory 212, plain text data is stored in an area specified by the address. Through this series of operations, the transfer count control circuit 205 subtracts 1 from the transfer count (TCR0) of the DMA channel 0 stored in the transfer count register 203 and updates it. Similarly, the address control circuit 204 updates SAR0 and DAR0 based on a predetermined method. The encryption function built-in DMA controller 301 repeats the above operation and performs DMA transfer until TCR0 becomes 0.

  In this way, when encrypted data is stored in the transfer source and plaintext data is transmitted to the transfer destination, if the encryption function built-in DMA controller 301 is used, only one DMA channel is required. Therefore, the latency generated in the transfer is minimized, and the amount is about half that of the case where two DMA channels are used. Also, unlike the configuration shown in FIG. 2, it is not necessary to temporarily store the decrypted plaintext data in an external memory or the like that can be easily read from the outside, leading to enhanced security.

  According to the above example, the following effects can be obtained.

  (1) When encrypted data is stored in the transfer source area and plain text data is transmitted to the transfer destination, the use of the encryption function-containing DMA controller 301 requires only one DMA channel. Latency is minimized, and the amount is approximately half that of the case where two DMA channels are used. The same applies when plaintext data is encrypted and transmitted to the transfer destination, and the data throughput is doubled.

  (2) Since it is not necessary to temporarily store the decrypted plaintext data in an external memory or the like that can be easily read from the outside, security is enhanced.

  (3) Even in a system in which a plurality of memories and peripheral circuits exist and encryption processing is required for each transfer data, the encryption processing circuit only needs to be incorporated in the DMA controller with built-in encryption function of the present invention, and the minimum necessary circuit Efficient data transfer can be realized on a scale.

(4) Even when there are a plurality of memories and peripheral circuits (not shown) and encryption processing is required for each transfer data, the encryption processing circuit only needs to be incorporated in the encryption function built-in DMA controller 301. Efficient data transfer can be realized at scale.
<Embodiment 3>
FIG. 5 shows another configuration example of the data processing apparatus to which the data transfer system according to the present invention is applied.

  The data transfer system shown in FIG. 5 is greatly different from that shown in FIG. 1 in that a media signal for encoding a media signal such as video, image, audio, or voice is used instead of the peripheral circuit 108. The encoding device 501 is provided.

  In general, a media signal encoding system requires circuits such as an interrupt processing circuit, a bus control circuit, and an external interface, which are omitted in this example for convenience of explanation. Also, in this example, taking an audio signal as an example, the media signal encoding device 501 receives audio PCM (Pulse Code Modulation) data as input, and is encoded with AAC (Advanced Audio Coding), MP3 (MPEG1 Audio Layer 3), or the like. A signal (referred to as an audio stream) is output.

  Hereinafter, an operation from encrypting an audio stream generated by the media signal encoding device 501 to storing it in the main memory 104 will be described. It is assumed that the audio stream is stored in an internal memory (not shown) in the media signal encoding device 501.

When the encryption function built-in DMA controller 301 is activated by an instruction from the CPU 101, the encryption function built-in DMA controller 301 accesses the media signal encoding device 501 and receives an audio stream. Subsequently, the audio stream is encrypted inside the DMA controller with built-in encryption function 301 and held inside. Finally, the encryption function built-in DMA controller 301 outputs the encrypted audio stream and stores it in the main memory 104. In this way, even when the transfer source data is encrypted and sent to the transfer destination, the system configuration as in this example requires minimal data transfer latency, a minimum circuit scale, and safety. Thus, efficient DMA transfer can be realized.
<Embodiment 3>
FIG. 6 shows another configuration example of the data processing apparatus to which the data transfer system according to the present invention is applied.

  The data transfer system shown in FIG. 6 differs greatly from that shown in FIG. 1 in that it decodes a stream in which a media signal such as video, image, audio, or audio is encoded instead of the peripheral circuit 108. The point is that a media signal decoding device 601 is provided which outputs the data.

  Generally, a decoding system for decoding a stream of media signals requires circuits such as an interrupt processing circuit, a bus control circuit, and an external interface. However, in this example, the description thereof is omitted for convenience of explanation. Also, in this example, taking an audio signal as an example, the media signal decoding apparatus 601 receives an audio stream, decodes it, and outputs PCM data.

  Hereinafter, an operation from decrypting an encrypted audio stream stored in the main memory 104 to transmitting the audio stream to the media signal decrypting apparatus 601 will be described.

When the encryption function built-in DMA controller 301 is activated by an instruction from the CPU 101, the encryption function built-in DMA controller 301 accesses the main memory 104 and receives the encrypted audio stream. Subsequently, the audio stream is decrypted with respect to the cipher in the DMA controller 301 with a built-in encryption function, and held inside. Finally, the encryption function built-in DMA controller 301 outputs the audio stream and transmits it to the media signal decryption apparatus 601. In this way, when the encrypted transfer source data is decrypted and transmitted to the transfer destination, the latency for data transfer can be minimized with the system configuration as in this example, and the circuit scale can be minimized. In addition, safe and efficient DMA transfer can be realized.
<Embodiment 4>
FIG. 7 shows another configuration example of the data processing apparatus to which the data transfer system according to the present invention is applied.

  In the configuration shown in FIG. 1, when the decrypted plaintext is transmitted to a desired transfer destination, the plaintext is transferred via a bus to which the CPU 101 can be connected. The inventor has newly found that there is a possibility of being read. This embodiment is intended to solve the problems newly found by such inventors.

  7 includes a first CPU 1, a main memory 2, an ATA interface (I / F) 3, a cryptographic function built-in DMA controller 6, a register 10, peripheral circuits 11 and 12, a program memory 14, a data memory 15, And a second CPU 19, which are formed on one semiconductor substrate such as a single crystal silicon substrate by a known semiconductor integrated circuit manufacturing technique. Furthermore, a hard disk (HDD) 4 is included. The encryption function built-in DMA controller 6 includes a DMA control unit 7 and a cryptographic processing circuit 8, and basically has the same configuration as the encryption function built-in DMA controller 301 shown in FIG. That is, the cryptographic processing circuit 8 in FIG. 7 corresponds to the cryptographic processing circuit 103 in FIG. 4, and the DMA control unit 7 in FIG. 7 is other than the cryptographic processing circuit 103 in the encryption function built-in DMA controller 301 shown in FIG. Corresponds to all blocks. The first CPU 1, main memory 2, ATA interface 3, cryptographic function built-in DMA controller 6, and peripheral circuits 11 and 12 are configured to be able to exchange data with each other via a bus 5. The encryption function built-in DMA controller 6 and the register 10 are coupled by a DMA parameter control signal line 9. The encryption function built-in DMA controller 6 and the peripheral circuits 11 and 12 are coupled by a DMA bus 13. The second CPU 19 is coupled to the cryptographic function built-in DMA controller 6 via the second CPU bus 16, coupled to the register 10 via the second CPU bus 17, and coupled to the peripheral circuits 11 and 12 via the second CPU bus 18. . Here, the first CPU 1 is an example of a first data processing unit in the present invention, and the second CPU 19 is an example of a second data processing unit in the present invention.

  8 shows a flowchart for replacing the program for the CPU 2, FIG. 9 shows a flowchart for decrypting data obtained by encrypting the audio stream, and FIG. 10 shows a flowchart for encrypting the audio stream.

  The replacement of the second CPU program will be described with reference to the flowchart of FIG.

  The second CPU 19 sets the control parameter of the DMA control unit 7 in the register 10 via the bus 17 (step 801). Specifically, the transfer source address is set in SAR0, the transfer destination address is set in DAR0, and the transfer count is set in TCR0 (see FIG. 4). If the DMA transfer end condition is not satisfied in step 802, the DMA control unit 7 reads the encrypted data stored in the main memory 2 via the first CPU bus 5 (step 803). The encrypted data is data obtained by previously encrypting a program for operating the second CPU 19. Next, the encrypted data is latched inside the DMA control unit 7 (step 804). Subsequently, the cryptographic processing circuit 8 decrypts the encrypted data (step 805). Subsequently, the DMA control unit 7 transmits the decrypted plaintext to the second CPU 19 via the second CPU bus 16 (step 806). Here, the second CPU bus 16 is a bus that cannot be read from the outside connecting the DMA controller 6 with a cryptographic function and the CPU 2. By these operations, the plain text is stored in the program memory 14 (step 807). Then, the control parameters SAR0, DAR0 and TCR0 of the DMA control unit 7 are updated by a predetermined method (step 808). After these series of steps, it is determined again in step 802 whether or not the DMA transfer end condition is satisfied, and when it is satisfied, the DMA transfer is ended. If not established, the same operation is repeated from step 803 again, and the plaintext is stored in the program memory 14.

  Through the above operation, the encrypted data stored in advance in the main memory 2 can be decrypted, converted into a program executable by the second CPU 19 and safely transferred to the program memory 14. In addition, by encrypting and transferring the DMA channel at the time of DMA transfer using only one channel, the latency for the target transfer can be minimized.

  Next, the decoding operation of data obtained by encrypting the audio stream using the peripheral circuit 11 as an audio decoder will be described based on the decoding flowchart of FIG.

  It is assumed that the data obtained by encrypting the audio stream is stored in the hard disk 4 in advance. In step 901, the first CPU 1 sets the control parameter of the DMA control unit 7 in the register 10 via the first CPU bus 5. Specifically, the transfer source address is set in SAR0, the transfer destination address is set in DAR0, and the transfer count is set in TCR0.

  Next, it is determined whether or not the DMA transfer termination condition is satisfied (step 902). If not, the DMA control unit 7 sends the hard disk 4 via the ATA interface 3 and the first CPU bus 5 in step 903. Read the stored encrypted data. Subsequently, the encrypted data is latched in the DMA controller 7 (step 904). Then, the encryption processing circuit 8 decrypts the encrypted data (step 905). Subsequently, the DMA control unit 7 transmits the decrypted plaintext (audio stream) to the peripheral circuit 11 (audio decoder) via the DMA bus 13 (step 906). Here, the DMA bus 13 is a bus that cannot be read from the first CPU 1, the second CPU 19, and the outside, which connect the DMA controller 6 with a cryptographic function, the peripheral circuit 11, and the peripheral circuit 12. With these operations, the audio stream is decoded by the audio decoder by a predetermined method (step 907). Then, the control parameters SAR0, DAR0 and TCR0 of the DMA control unit 7 are updated by a predetermined method (step 908). After these series of steps, it is determined again in step 902 whether or not the DMA transfer end condition is satisfied, and when it is satisfied, the DMA transfer is ended. If not, the same operation is repeated from step 903 again.

  By the above operation, the encrypted data of the audio stream stored in the hard disk 4 is decrypted and converted into an audio stream that can be decoded by the audio decoder, so that it can be safely transferred to the audio decoder without being read from the first CPU 1 or the like. can do. Further, by decoding and transferring the DMA channel at the time of DMA transfer using only one channel, the latency for the target transfer can be minimized.

  Next, the operation of encrypting the audio stream generated by the audio encoder as the peripheral circuit 12 and storing it in the hard disk 4 will be described with reference to the flowchart of FIG. It is assumed that the audio stream is generated in advance by the peripheral circuit 12.

  In step 1001, the first CPU 1 sets the control parameters (transfer source address in SAR 0, transfer destination address in DAR 0, transfer count in TCR 0) in the register 10 via the first CPU bus 5. Next, it is determined whether or not the DMA transfer end condition is satisfied (step 1002). If not satisfied, the DMA control unit 7 is stored in the peripheral circuit 12 via the DMA bus 13 in step 1003. Read audio stream (plaintext). The DMA bus 13 is a bus that cannot be read from the first CPU 1, the second CPU 19 and the outside. Subsequently, the audio stream is latched inside the DMA control unit 7 (step 1004). Subsequently, the encryption processing circuit 8 encrypts the audio stream (step 1005). Next, the DMA control unit 7 transmits the encrypted data to the hard disk 4 via the first CPU bus 5 and the ATA interface 3 (step 1006). Through these operations, the data obtained by encrypting the audio stream is stored in the hard disk 4 (step 1007). Then, the control parameters SAR0, DAR0 and TCR0 of the DMA control unit 7 are updated by a predetermined method (step 1008). After these series of steps, it is determined again in step 1002 whether or not the DMA transfer end condition is satisfied, and when it is satisfied, the DMA transfer is ended. If not established, the same operation is repeated again from step 1003, and the data obtained by encrypting the audio stream is transmitted to the hard disk 4.

  With the above operation, the audio stream encoded and generated in advance by the peripheral circuit 12 can be encrypted and transferred to the hard disk 4 safely. In addition, by encrypting and transferring the DMA channel at the time of DMA transfer using only one channel, the latency for the target transfer can be minimized.

  Although the invention made by the present inventor has been specifically described above, the present invention is not limited thereto, and it goes without saying that various changes can be made without departing from the scope of the invention.

  In the above description, the case where the invention made mainly by the present inventor is applied to the data processing apparatus which is the field of use as the background has been described. However, the present invention is not limited to this and is widely applied to data transfer systems. Can be applied.

  The present invention can be applied on condition that at least data transfer is performed.

1 is a block diagram illustrating a configuration example of a data processing apparatus to which a data transfer system according to the present invention is applied. It is another example block diagram of a data processing apparatus to which the data transfer system according to the present invention is applied. FIG. 3 is a block diagram illustrating a configuration example of a main part in FIG. 2. FIG. 2 is a block diagram illustrating a configuration example of a main part in FIG. 1. It is another structural example block diagram of the said data processor. It is another structural example block diagram of the said data processor. It is another structural example block diagram of the said data processor. It is a flowchart of the main operation | movement in the data processor shown by FIG. It is a flowchart of the main operation | movement in the data processor shown by FIG. It is a flowchart of the main operation | movement in the data processor shown by FIG.

Explanation of symbols

1 1st CPU
3 ATA interface 4 Hard disk (HDD)
5 First CPU Bus 6 DMA Controller with Cryptographic Function 7 DMA Controller 8 Cryptographic Processing Circuit 9 DMA Parameter Control Signal Line 11 Peripheral Circuit 12 Peripheral Circuit 13 DMA Bus 14 Program Memory 15 Data Memory 16, 17, 18 Second CPU Bus 19 Second CPU
DESCRIPTION OF SYMBOLS 103 Encryption processing circuit 201 Source address register 202 Destination address register 203 Transfer count register 204 Address control circuit 205 Transfer count control circuit 206 Data latch circuit 207 DMA information control circuit 208 DMA information register 209 Address bus 210 Data bus 211 Transfer source memory 212 Destination memory 301 DMA controller with built-in encryption function 501 Audio encoder 601 Audio decoder

Claims (7)

A first data processing unit capable of performing arithmetic processing according to a first program;
A second data processing unit capable of performing arithmetic processing according to a second program different from the first program;
A first memory accessible by the first data processing unit;
A second memory accessible by the second data processing unit;
A DMA controller that enables DMA transfer from the first memory to the second data processing unit,
A data transfer system in which the first memory stores the first program in a state executable by the first data processing unit, and stores data obtained by encrypting the second program.   The DMA controller has a function of decrypting the encrypted second program, and the second program in the second memory can be rewritten by the DMA transfer. 1. The data transfer system according to 1. The DMA controller includes a first register capable of storing a transfer source address;
A second register capable of storing a transfer destination address;
An encryption processing circuit that enables encryption processing or decryption processing of data existing in an area specified by the transfer source address stored in the first register, and decrypted by the encryption processing circuit The data transfer system according to claim 1, wherein the second program is DMA-transferred to an area specified by a transfer destination address stored in the second register. A first bus enabling data transfer between the first data processing unit, the first memory, and the DMA controller;
A second bus enabling data transfer between the DMA controller and the second data processing circuit, and the second program decrypted by the encryption processing circuit is transmitted via the second bus. 4. The data transfer system according to claim 3, wherein the DMA transfer is performed to the second data processing circuit.   A media signal encoding device capable of encoding an input media signal, wherein the DMA controller encrypts the media signal encoded by the media signal encoding device by the encryption processing circuit and then the first memory; 5. The data transfer system according to claim 4, wherein the data transfer system performs DMA transfer to the network.   A media signal decoding device capable of decrypting the encoded media signal, wherein the DMA controller decrypts the encrypted media signal in the first memory and then performs DMA transfer to the media signal decoding device. The data transfer system according to claim 4.   2. The data transfer according to claim 1, wherein the first data processing unit, the second data processing unit, the first memory, the second memory, and the DMA controller are formed on one semiconductor substrate. system.

Images