1. Field of the Invention
This invention relates generally to communication between two computer processors. More particularly, the present invention relates to an apparatus and method for communication between a host CPU and a security co-processor, in which bi-directional data is multiplexed onto a low pin count bus.
2. Description of the Related Art
The general availability of high quality computers and computer memory, at relatively low costs, have resulted in computers being used in many varied applications throughout the world. Computers have become common business tools used in many aspects of the world economy, and their applications continue to expand and grow. One such application is the communication of data from one geographic location to another, with the geographic locations sometimes being separated by international boundaries. Such communications inherently suffer from the risk of potential interception by unauthorized third parties. Such unauthorized interception obviously poses security risks to the communication of confidential information.
While it is impossible to render the communication airways or transmission lines secure from third-party interception, the data transmitted may be encrypted so as to render varying degrees of protection to the content of the data transmitted. Various encryption techniques have been developed and generally implemented in software, and such software generally executed by a computer processor. Such systems, however, suffer from limitations inherent to the types of processors used, the types of memory used, the manner in which information is communicated from the processor to the memory and then stored in the memory, the ability of floating point instructions and execution units to carry out certain encryption ciphers, and so forth.
A solution having far greater security is one in which a security co-processor, having nonvolatile memory on board, is used, in conjunction with a host CPU. The co-processor can be particularly designed to efficiently perform the numerous shifts and exclusive-OR functions, and generate pure random numbers, typically required of sophisticated ciphers, which operations can not be efficiently and exactly performed by the processors typically used in computers and computer systems.
Because the technologies needed to manufacturer such a security co-processor are significantly different from the technologies needed to manufacture the typical computer processor, both devices cannot be fabricated on the same chip, or in the same package. Consequently, the host CPU and the security co-processor must be connected or coupled to each other by a bus. To maximize the efficiency of the system, the bus needs to have a low pin count and a high bandwidth. These requirements of low pin count and high bandwidth are at odds with each other; known systems having low pin count have low bandwidth, and known systems having high bandwidth have high pin count. For example, the PCI bus typically requires a minimum of 49 pins (a high pin count) and has a bandwidth of 133 million bytes per second (high bandwidth). One system according to the present invention has the same bandwidth but with {fraction (1/7)} the number of pins: a mere seven pins (low pin count) with a 133 million bytes per second bandwidth (high bandwidth).
In one aspect of the present invention, an apparatus is provided for communication between a host CPU and a security co-processor. The present invention, however, is not limited to communication between a host CPU and a security co-processor; rather, the invention can advantageously be used for communication between any two devices between which high bandwidth communication is needed via a bus having a low pin count. Additionally, the apparatus may advantageously be used when the bus is coupled to either of the two processors or other devices via an intermediate bus or device or other interface that fans-out or fans-in the pin count.
In another aspect of the present invention, a method is provided for multiplexing bi-directional data onto a low pin count bus. Via the bus, the data is communicated between a host CPU and a security co-processor. The method of the present invention, however, is not limited to communication between a host CPU and a security co-processor; rather, the method can be advantageously used to communicate between any two devices via a low pin-count bus. Additionally, the method may advantageously be used for communication between two processors or other devices, when an intermediate bus or device or other interface is included between the low pin count bus and either or both of the two processors or other devices.
According to one aspect of the invention, there is provided a CPU, a co-processor, and a bus coupled to the CPU and to the co-processor. The bus includes a bi-directional data and command bus, a bi-directional control line, and a unidirectional clock line. According to another aspect of the invention, the CPU and the co-processor have a dual master-slave mode, in which either the CPU or the co-processor may be the master of the bus, and the other of the CPU and the co-processor is the slave. The bus, coupled to the CPU and to the co-processor, supports data transfers between the CPU and the co-processor. The data transfers include read operations and/or write operations, and each such operation includes a command phase, a data transfer phase, and an error check phase.
The bus protocol of the present invention was designed to operate efficiently over a narrow bus. While it has some of the benefits of a fixed length transmission scheme, it does not have the inherent inefficiencies of hand shakes and of flow control on each clock of data transfer. And while it has some of the benefits of a pure packet transmission scheme, it does not require the buffering and latency overhead typical of such schemes. In a typical packet protocol, flow control is performed one layer above the protocol layer, thereby requiring that the packet transmitter and receiver be capable of buffering at least one entire maximum length data transfer. The bus protocol of the present invention requires the transmitter and receiver need store no more than two octets of data each. In the present protocol the burst length is variable, which is generally not the case for fixed length transfer protocols. The overhead for write operations is fixed at four clocks, and the overhead for read operations is fixed at eight clocks in the illustrated embodiments of the present invention; as the data transfer length increases, the overhead remains the same, thereby proportionally decreasing with respect to the amount of data transferred. These and other benefits will become evident as the present invention is described more fully below.