DESC:FIELD OF INVENTION
[001] The present disclosure relates generally to access control and particularly to access control in a System on Chip (SOC) with multi master and slave systems.

BACKGROUND
[002] A System on Chip (SOC) is an integrated circuit that integrates different components such as Central Processing Unit (CPU), memory, input/output ports and storage in a single chip. Major functional units of SOCs include processors or microprocessors, co-processors, memories, interfaces, Digital Signal Processors (DSPs), and other electronic blocks. SOCs have various memory blocks such as Read-Only Memory (ROM), Random-Access Memory (RAM), Electrically Erasable Programmable ROM (EEPROM) and so on. Major units of the SOCs include bus and network on chip. A commonly used architecture for bus is Advanced Microcontroller Bus Architecture (AMBA) standard.
[003] In an SOC, multiple master modules are connected to various slave modules and control modules. The slave modules and control modules are usually not accessible to all the master modules. There may be access rights for each master module. The access rights indicate levels of allowable access for the master modules to the slave and control modules. This is achieved by access control systems. The access control systems control access to shared resources, such as the slave and control modules, based on access rights of the master modules.
[004] A conventional technique disclosed in U.S Patent No. US 9,612,977 B2 for “Method and System for Controlling Access to Embedded Non-volatile Memories” relates to control access to non-volatile memory using embedded controller and a password. However, the technique targets the non-volatile memory and the verification is done once during boot time.
[005] There is still a need for an efficient access control for accessing the components/units of the SOC.

SUMMARY
[006] This summary is provided to introduce concepts related to a system on chip and an access control method. This summary is neither intended to identify essential features of the present invention nor is it intended for use in determining or limiting the scope of the present invention.
[007] In an embodiment of the present invention, a System On Chip (SOC) is provided. The SOC includes a plurality of slave modules, one or more control modules, a plurality of master modules, and a System Control Module (SCM). A master module is configured to generate an access request to access a control module or a slave module. The SCM is in communication with the master modules, the slave modules, and the control modules via an Advanced Peripheral Bus (APB) interface. The SCM receives the access request. The SCM determines whether the control module or the slave module is locked or not. The SCM receives when the control module or the slave module is not locked, a first key from the master module within a predetermined time period. The SCM stores the first key in a first register. The SCM receives a second key from the master module within the predetermined time period. The SCM stores the second key in a second register. The SCM includes an APB protection unit, an interrupt generation unit, and an APB register access unit. The APB protection unit generates a read/write lock signal for the control module or the slave module. The interrupt generation unit generates an interrupt signal. The APB register access unit generates one or more control signals and transmits the control signals to the control module or the slave module, thereby controlling access of the master modules to the control modules and the slave modules.
[008] In another embodiment of the present invention, a System Control Module (SCM) for a System On Chip (SOC) is provided. The SOC includes a plurality of slave modules, a plurality of master modules, and one or more control modules. The SCM receives an access request from a master module to access a control module. The SCM determines whether the control module or the slave module is locked or not. The SCM receives, when the control module or the slave module is not locked, a first key from the master module within a predetermined time period. The SCM stores the first key in a first register. The SCM receives a second key from the master module within the predetermined time period and store the second key in a second register. The SCM includes an APB protection unit, an interrupt generation unit, and an APB register access unit. The APB protection unit generates a read/write lock signal for the control module or the slave module. The interrupt generation unit generates an interrupt signal. The APB register access unit generates one or more control signals and transmits the control signals to the control module or the slave module, thereby controlling access of the master modules to the control modules and the slave modules.
[009] In an embodiment of the present invention, an access control method is provided. The method includes generating an access request to access a control module or a slave module by a master module. A System Control Module (SCM) determines whether the control module or the slave module is locked or not. The SCM receives a first key from the master module within a predetermined time period when the control module or the slave module is not locked. The SCM stores the first key in a first register in a memory. The SCM receives a second key from the master module within the predetermined time period. The SCM stores the second key in a second register in the memory. An Advanced Peripheral Bus (APB) protection unit within the SCM generates a read/write lock signal for the control module or the slave module. An interrupt generation unit within the SCM generates an interrupt signal. An APB register access unit within the SCM generates one or more control signals. The APB register access unit transmits the control signals to the control module or the slave module, thereby controlling access of the master modules to the control modules and the slave modules.
[0010] In an exemplary embodiment, the interrupt generation unit includes a Finite State Machine (FSM) and an external module interface. The FSM interface module generates a timeout signal when the first key or the second key is not received within the predetermined time period. The FSM interface module generates a fail signal when the control module or the slave module is already locked by another master module. The external module interface is in communication with the control modules and the slave modules via the APB interface. The external module interface generates a read/write illegal access signal when another master module attempts to read/write the control module or the slave module locked by the master module. The external module interface transmits a clear signal when the interrupt signal is cleared by the processor on the SOC. The external interface module transmits an enable signal to enable the transmission of the interrupt signal.
[0011] In an exemplary embodiment, the interrupt generation unit includes an event sampling unit and an AND gate. The event sampling unit receives the fail and timeout signals from the FSM interface module and the clear signal from the external module interface. The event sampling unit generate a status signal based on the received fail, timeout, and clear signals. The AND gate has a first input terminal connected to the even sampling unit for receiving the status signal, a second input terminal connected to the external module interface for receiving the enable signal, and an output terminal for generating the interrupt signal.
[0012] In an exemplary embodiment, the interrupt generation unit is configured to generate six types of interrupt signals: (i) lock sequence fail, (ii) unlock sequence fail, (iii) lock sequence timeout, (iv) unlock sequence timeout, (v) read register illegal access, and (vi) write register illegal access.
[0013] In an exemplary embodiment, the SCM includes a separate FSM for each control module and each slave module, thereby reducing delay for granting access.
[0014] In an exemplary embodiment, read/write access is rejected by the slave module or the control module when the master module has not performed locking/unlocking through the SCM.
[0015] In an exemplary embodiment, the master modules may be secure master modules or unsecure master modules.
[0016] In an exemplary embodiment, only secure master modules are authorized to access registers within the SCM.
[0017] In an exemplary embodiment, the master module locks only write access and allows read access to the control module or the slave module. Or, the master module locks only read access and allows write access to the control module or the slave module. Or, the master module locks both: read and write accesses to the control module or the slave module.

BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS
[0018] The detailed description is described with reference to the accompanying figures.
[0019] Figure 1 illustrates a schematic block diagram of a System on Chip (SOC) in accordance with an embodiment of the present invention.
[0020] Figure 2 illustrates a schematic block diagram of a System Control Module (SCM) in accordance with an embodiment of the present invention.
[0021] Figure 3 illustrates a Finite State Machine (FSM) diagram of a System Control Module (SCM) in accordance with an embodiment of the present invention.
[0022] Figure 4 illustrates a schematic block diagram of an interrupt generation unit in accordance with an embodiment of the present invention.
[0023] Figure 5 illustrates a schematic block diagram of a System on Chip (SOC) in a handheld device for a geofencing application in a first use case in accordance with an embodiment of the present invention.
[0024] Figure 6 illustrates a flow chart of a method for controlling access to a camera interface in a geofencing application in a first use case in accordance with an embodiment of the present invention.
[0025] Figure 7 illustrates a schematic block diagram of a System on Chip (SOC) in a security camera for a geofencing application in a second use case in accordance with an embodiment of the present invention.
[0026] Figure 8 illustrates a flow chart of a method for controlling access to a camera interface in a geofencing application in a second use case in accordance with an embodiment of the present invention.
[0027] It should be appreciated by those skilled in the art that any block diagrams herein represent conceptual views of illustrative systems embodying the principles of the present invention.
[0028] Similarly, it will be appreciated that any flow chart, flow diagram, and the like represent various processes which may be substantially represented in computer readable medium and so executed by a computer or processor, whether or not such computer or processor is explicitly shown.

DETAILED DESCRIPTION
[0029] The various embodiments of the present invention provide System on Chip (SOC) and an access control method therein.
[0030] In the following description, for purpose of explanation, specific details are set forth in order to provide an understanding of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without these details.
[0031] One skilled in the art will recognize that embodiments of the present invention, some of which are described below, may be incorporated into a number of systems.
[0032] However, the systems and methods are not limited to the specific embodiments described herein. Further, structures and devices shown in the figures are illustrative of exemplary embodiments of the present invention and are meant to avoid obscuring of the present invention.
[0033] Furthermore, connections between components and/or modules within the figures are not intended to be limited to direct connections. Rather, these components and modules may be modified, re-formatted or otherwise changed by intermediary components and modules.
[0034] The appearances of the phrase “in an embodiment” in various places in the specification are not necessarily all referring to the same embodiment.
[0035] In an embodiment, an access control method is provided for maintaining access control in a System in Chip (SOC) comprising a multi master and slave system. The slaves include control modules, peripherals and volatile/non-volatile memory interfaces. Two key based verification of dynamic data access to registers of slave/control modules in the System on Chip (SOC) are used and access exclusivity is maintained. The system is notified about illegal access to the slave/control modules. Critical secure slave interfaces in the system are defined. Any master trying to access the defined critical slave needs to undergo the lock/unlock verification process of a System Control Module (SCM) before accessing the slave, failing which the transaction will be rejected by the slave. In a connected device environment, thrust is given to protect contents of the memory. Along with memory contents, the access to the slave interfaces of critical modules like reset control module, camera module, etc. in the system is controlled. The method provides flexibility to add any number of critical slave modules, thereby protecting broader end-use portfolio of the system.
[0036] In an embodiment, the SOC is designed to address a defined end use application. Typically, the SOC includes modules like Central Processing Unit (CPU), graphics processor, display processor, internal memories, memory controllers and interface peripherals. Based on the application, internal modules in the SOC are classified as secure and non-secure. This classification is required to ensure that security requirement of end use application is not compromised. The modules grouped as non-secure have limited access to the resources in the SOC. In a connected device, the modules like camera, cryptographic accelerators, etc. are classified as secure and peripherals like Universal Asynchronous Receiver/Transmitter (UART), Inter Integrated Circuit (I2C), etc. are classified as non-secure. All secure and non-secure modules communicate using same network interconnect. Hence, the communication must be monitored and controlled according to their classification. In certain scenarios, non-secure masters try to access the secure modules. In such scenarios, the system must be alerted as illegal access and data communication, or transaction, should be blocked. In certain scenarios, secure masters try to access the secure modules. In this case, there must be predefined conditions to be met before the access. When multiple masters access a slave module, there is a possibility that masters try to access and modify the slave behavior at the same time. In such cases, dedicated modules are needed to maintain exclusivity of the access based on individual master. In a typical scenario of a connected device, camera, cryptography and memory is classified as secure and peripheral like UART is classified as non-secure. The Operating System (OS) ported on the device determines the resource allocation in the hardware.
[0037] In an embodiment, a centralized hardware access control module is provided in the system to provide protection to the system. In the OS, multiple secure masters can initiate access to same resource at the same time. In a multiprocessor system, if multiple CPUs try to access the critical module like camera directly, the access is rejected by the camera. The camera module does not accept any transaction without the clearance from the SCM. The masters like CPU need to undergo the two key locking and unlocking mechanism to gain access to camera. Once access is provided to one of the CPU cores, access to the camera module from any other CPUs will be rejected.
[0038] In an embodiment, a dedicated module like the SCM grants the access, maintains the exclusivity and avoids data corruption. The SCM is connected to the on-chip network interconnect through the Advanced Microcontroller Bus Architecture (AMBA), Advanced Peripheral Bus (APB) protocol interface. The secure masters communicate with the SCM via the APB interface.
[0039] Referring now to Figure 1, a schematic block diagram of a System on Chip (SOC) (100) is shown in accordance with an embodiment of the present invention.
[0040] The SOC (100) includes a Network Inter-Connect (NIC) bus (101, 102, 103), a System Control Module (SCM) (104), a plurality of control modules (105a-105n) (also referred to as “control module (105)” or “control modules (105)”), a plurality of master modules (106a-106n) (also referred to as “master module (106)” or “master modules (106)”), a plurality of slave modules (107a-107n) (also referred to as “slave module (107)” or “slave modules (107)”), a processor (108), and a memory (109). The master modules (106) and the slave modules (107) communicate with other using the On-chip Network Interconnect architecture using the AMBA protocol.
[0041] The master modules (106) may be secure master modules or unsecure master modules. The master module (106) generates an access request to access the control module (105) and the slave module (107).
[0042] Referring now to Figure 2, a schematic block diagram of the SCM (104) is shown in accordance with an embodiment of the present invention.
[0043] The SCM (104) includes an APB register access unit (201), an APB protection unit (202), an interrupt generation unit (203), and an APB interface (204). In an example, only secure master modules (106) are authorized to access registers within the SCM (104).
[0044] The SCM (104) receives the request and determines whether the requested slave module (107) or the control module (105) is already locked by any other master module or not. If the requested slave module (107) or the control module (105) is not already locked, the SCM (104) begins the locking mechanism of the slave module (107) or the control module (105).
[0045] In that, the SCM (104) receives a first key from the master module (109) in a predetermined time period. If the first key is not received within the predetermined time period, the SCM (104) terminates the locking mechanism. When the first key is received within the predetermined time period, the SCM (104) stores the first key.
[0046] Thereafter, the SCM (104) receives a second key from the master module (109) within the predefined time period and stores the second key.
[0047] The SCM (104) transmits the read/write lock signals (206) and the required control signals (205) for the slave modules (107) and the control modules (105). The SCM (104) is configurable using the APB register access unit (201). Whenever a read or write transaction occurs to one of the control modules (105), the SCM (104) is activated and performs the necessary verification of the access before granting access. If the transaction is initiated from any of the non-secure masters which does not have the privilege to access the control module then the transaction is declined and the system receives an alert through the interrupt signal (207), which is generated by interrupt generation unit (203). If the transaction is initiated from any of the secure masters which have the privilege to access the control module (105) then the Finite State Machine (FSM) is activated.
[0048] Referring now to Figure 3, a Finite State Machine (FSM) diagram of the SCM (104) is shown in accordance with an implementation of the present disclosure.
[0049] The steps of lock/unlock mechanism with respect to the APB control modules follows the FSM. It is a three-stage key-based system. In each stage, the key is matched and on success, it proceeds to next stage. The system has two key based lock mechanism (302) and unlock mechanism (303). If the key match fails or times out it will generate the interrupt and the FSM moves to initial stage (301) by not approving the access. The keys are stored internally in the module. The keys are once written, cannot be read by any masters. The output stage (304) of FSM is either read/write lock or interrupts generation. In an example, the SCM (104) includes a separate FSM for each control module (105) and each slave module (107). This reduces delay for granting access to the master modules (106).
[0050] Referring now to Figure 4, a schematic block diagram of the interrupt generation unit (203) is shown in accordance with an implementation of the present disclosure.
[0051] The interrupt generation unit (203) includes an FSM interface module (401), an event sampling unit (402), an external module interface (403), and an AND gate (404).
[0052] The FSM interface module (401) interacts with the FSM in Figure 3 and generates fail and timeout signals for both read and write transaction. The external module interface (403) interacts with the control modules (105), is used to generate status of illegal access, interrupt clear and enable request. The event sampling unit (402) samples the events from the FSM interface module (401) and the external module interface (403) to generate the present status of the interrupt. The interrupt generation unit (203) generates six interrupts, namely: (1) Lock sequence fail, (2) Unlock sequence fail, (3) Lock sequence time out, (4) Unlock sequence time out, (5) Read Register illegal access, and (6), Write Register illegal access.
[0053] When the first and/or the second keys are not received within the predetermined time period, the FSM interface module (401) generates the timeout signal. When any other master module attempts to lock the control module (105) or the slave module (107) which is already locked by the master module (106), the fail signal is generated by the FSM interface module (401). The external module interface (403) generates the read/write illegal access signal when another master module attempts to read/write the control module (105) or the slave module (107) locked by the master module (106).
[0054] When the processor (108) clears the interrupts generated by the interrupt generation unit (203), the external module interface (403) transmits the clear signal to the event sampling unit (402). When the next interrupt is generated, the external module interface (403) generates the enable signal.
[0055] The event sampling unit (402) receives the fail and timeout signals from the FSM interface module (401) and the clear signal from the external module interface (403) and generates the status signal based on the received fail, timeout, and clear signals. Thereafter, the AND gate (404) generates the interrupt signal at the output terminal.
[0056] Referring now to Figure 5, a schematic block diagram of the SOC (100) in a handheld device for a geofencing application in a first use case is shown in accordance with an implementation of the present disclosure.
[0057] The SOC (100) includes the SCM (104), a dual core CPU subsystem (501), a camera interface (502), an SDIO controller (503), UART (504), a DDR controller (505), a RAM (506), a ROM (507), a USB (508), a WiFi IC (509), a GPS (510), and a modem (513).
[0058] Considering an end-use scenario of geofencing, the first use case is defined as disabling of camera interface (502) once the handheld device enters a defined virtual geographical boundary.
[0059] In the first use case, the camera access is blocked once the handheld device enters the defined virtual geographical boundary. The data communication of camera interface (502) uses high speed interface. A low speed APB interface is used to control the camera interface (502). Activity-in is when the device enters the defined geographical boundary. Activity-out is when the device is out of the defined geographical boundary. The GPS sensor (510) is used to detect the location and WiFi IC (509) or cellular data is used for communication with handheld device.
[0060] Referring now to Figure 6, a flow chart of a method for controlling access to a camera interface in a geofencing application in a first use case is shown in accordance with an implementation of the present disclosure. Similar flowchart and method apply to disable any other slave peripherals like the SDIO controller (503) or the USB (508) which are connected to the WiFi IC (509) and the modem (513) to block Wifi data or cellular data.
[0061] In the first use case, it is assumed that all CPUs in the dual core CPU subsystem (501), have access to the camera interface (502). It is also assumed that the first CPU initiates the camera disable feature based on the received geofencing message from the transmitter. Once the first CPU locks the camera, the second CPU cannot access the locked peripheral interface.
[0062] At step 601, the CPU detects that the handheld device enters a predefined geographic area based on the GPS coordinates provided by the GPS sensor (510).
[0063] At step 602, the CPU requests the SCM (104) to grant access to the camera interface (502).
[0064] At step 603, the SCM (104) checks whether the camera interface (502) is already locked by any master module.
[0065] If at step 603 the SCM (104) determines that the camera interface (502) is not locked, step 604 is executed.
[0066] At step 604, the CPU locks the camera interface (502) using the SCM (104).
[0067] At step 605, the CPU disables the camera (605). Thereafter, the CPU monitors the GPS coordinates of the handheld device.
[0068] At step 606, when the GPS coordinates are out of the predefined geographic area, step 607 is executed.
[0069] If at step 603 the SCM (104) determines that the camera interface (502) is locked, step 607 is executed.
[0070] At step 607, the CPU checks if the camera interface (502) is unlocked successfully using the SCM (104).
[0071] If at step 607 the camera interface (502) is not unlocked, step 608 is executed.
At step 608, the SCM (104) raises interrupt, i.e., the illegal access signal.
[0072] At step 609, the SCM (104) rejects the access to the camera interface (502).
[0073] At step 610, the camera interface (502) is successfully unlocked and is free for access by other master modules.
[0074] Referring now to Figure 7, a schematic block diagram of the SOC (100) in a security camera for a geofencing application in a second use case is shown in accordance with an implementation of the present disclosure.
[0075] The SOC (100) includes the SCM (104), a dual core CPU subsystem (701), a camera interface (702), a SDIO controller (703), a DDR controller (704), a RAM (705), a ROM (706), and a WiFi IC (709).
[0076] Considering another end-use scenario of geofencing, the second use case is defined as enabling of the camera interface (702) once the handheld device leaves the defined virtual geographical boundary. Activity-in is when handheld device enters the defined geo fencing boundary. Activity-out is when the handheld device is out of the defined geographical boundary. The GPS is used to detect the location of a hand-held device.
[0077] Referring now to Figure 8, a flow chart of a method for controlling access to a camera interface in a geofencing application in a second use case is shown in accordance with an implementation of the present disclosure.
[0078] In the second use case, it is assumed that all CPUs in the dual core CPU subsystem (701), have access to the camera interface (702). It is also assumed that the first CPU initiates the camera enable feature based on the GPS location data of the handheld device and locks it. Once the first CPU locks the camera, the second CPU cannot disable the locked peripheral interface.
[0079] At step 801, the CPU detects that the handheld device exits a predefined geographic area based on the GPS coordinates provided by the GPS sensor (510).
[0080] At step 802, the CPU requests the SCM (104) to grant access to the camera interface (502).
[0081] At step 803, the SCM (104) checks whether the camera interface (502) is already locked by any master module.
[0082] If at step 803 the SCM (104) determines that the camera interface (502) is not locked, step 804 is executed.
[0083] At step 804, the CPU locks the camera interface (502) using the SCM (104).
[0084] At step 805, the CPU enables the camera (605). Thereafter, the CPU monitors the GPS coordinates of the handheld device.
[0085] At step 806, when the GPS coordinates are within the predefined geographic area, step 807 is executed.
[0086] If at step 803 the SCM (104) determines that the camera interface (502) is locked, step 807 is executed.
[0087] At step 807, the CPU checks if the camera interface (502) is unlocked successfully using the SCM (104).
[0088] If at step 807 the camera interface (502) is not unlocked, step 808 is executed.
[0089] At step 808, the SCM (104) raises interrupt, i.e., the illegal access signal.
[0090] At step 809, the SCM (104) rejects the access to the camera interface (502).
[0091] At step 810, the camera interface (502) is successfully unlocked and is free for access by other master modules.
[0092] The foregoing description of the invention has been set merely to illustrate the invention and is not intended to be limiting. Since modifications of the disclosed embodiments incorporating the spirit and substance of the invention may occur to person skilled in the art, the invention should be construed to include everything within the scope of the invention.

,CLAIMS:
1. A System on Chip (SOC) (100) comprising:
a plurality of slave modules (107);
one or more control modules (105);
a plurality of master modules (106), wherein a master module (106) is configured to generate an access request to access a control module (105) or a slave module (107); and
a System Control Module (SCM) (104) in communication with the master modules (106), the slave modules (107), and the control modules (105) via an Advanced Peripheral Bus (APB) interface, said SCM (104) configured to:
receive the access request,
determine whether the control module (105) or the slave module (107) is locked or not,
receive, when the control module (105) or the slave module (107) is not locked, a first key from the master module (106) within a predetermined time period,
store the first key in a first register,
receive a second key from the master module (106) within the predetermined time period, and
store the second key in a second register,
wherein the SCM (104) includes:
an APB protection unit (202) configured to generate a read/write lock signal (206) for the control module (105) or the slave module (107);
an interrupt generation unit (203) configured to generate an interrupt signal; and
an APB register access unit (201) configured to generate one or more control signals (205) and transmit the control signals (205) to the control module (105) or the slave module (107), thereby controlling access of the master modules (106) to the control modules (105) and the slave modules (107).

2. The SOC (100) as claimed in claim 1, wherein the interrupt generation unit (203) comprises:
a Finite State Machine (FSM) interface module (401) configured to:
generate a timeout signal when the first key or the second key is not received within the predetermined time period, and
generate a fail signal when the control module (105) or the slave module (107) is already locked by another master module; and
an external module interface (403) in communication with the control modules (105) and the slave modules (107) via the APB interface, said external module interface (403) configured to:
generate a read/write illegal access signal when another master module attempts to read/write the control module (105) or the slave module (107) locked by the master module (106),
transmit a clear signal when the interrupt signal is cleared by the processor (108) on the SOC (100), and
transmit an enable signal to enable the transmission of the interrupt signal.

3. The SOC (100) as claimed in claim 2, wherein the interrupt generation unit (203) comprises:
an event sampling unit (402) configured to:
receive the fail and timeout signals from the FSM interface module (401) and the clear signal from the external module interface (403), and
generate a status signal based on the received fail, timeout, and clear signals; and
an AND gate (404) having:
a first input terminal connected to the even sampling unit (402) for receiving the status signal;
a second input terminal connected to the external module interface (403) for receiving the enable signal; and
an output terminal for generating the interrupt signal.

4. The SOC (100) as claimed in claim 1, wherein the interrupt generation unit (203) is configured to generate six types of interrupt signals: (i) lock sequence fail, (ii) unlock sequence fail, (iii) lock sequence timeout, (iv) unlock sequence timeout, (v) read register illegal access, and (vi) write register illegal access.

5. The SOC (100) as claimed in claim 1, wherein the SCM (104) includes a separate FSM for each control module (105) and each slave module (107), thereby reducing delay for granting access.

6. The SOC (100) as claimed in claim 1, wherein read/write access is rejected by the slave module (107) or the control module (105) when the master module (106) has not performed locking/unlocking through the SCM (104).

7. The SOC (100) as claimed in claim 1, wherein the master modules (106) may be secure master modules or unsecure master modules.

8. The SOC (100) as claimed in claim 7, wherein only secure master modules (106) are authorized to access registers within the SCM (104).

9. A System Control Module (SCM) (104) for a System on Chip (SOC) (100), the SOC (100) having a plurality of slave modules (107), a plurality of master modules (106), and one or more control modules (105), said SCM (104) configured to:
receive an access request from a master module (106) to access a control module (105) or a slave module (107),
determine whether the control module (105) or the slave module (107) is locked or not,
receive, when the control module (105) or the slave module (107) is not locked, a first key from the master module (106) within a predetermined time period,
store the first key in a first register,
receive a second key from the master module (106) within the predetermined time period, and
store the second key in a second register, and
wherein the SCM (104) includes:
an APB protection unit (202) configured to generate a read/write lock signal (206) for the control module (105) or the slave module (107);
an interrupt generation unit (203) configured to generate an interrupt signal; and
an APB register access unit (201) configured to generate one or more control signals (205) and transmit the control signals (205) to the control module (105) or the slave module (107), thereby controlling access of the master modules (106) to the control modules (105) and the slave modules (107).

10. The SCM (104) as claimed in claim 9, wherein the interrupt generation unit (203) comprises:
a Finite State Machine (FSM) interface module (401) configured to:
generate a timeout signal when the first key or the second key is not received within the predetermined time period, and
generate a fail signal when the control module (105) or the slave module (107) is already locked by another master module; and
an external module interface (403) in communication with the control modules (105) and the slave modules (107) via the APB interface, said external module interface (403) configured to:
generate a read/write illegal access signal when another master module attempts to read/write the control module (105) or the slave module (107) locked by the master module (106),
transmit a clear signal when the interrupt signal is cleared by the processor (108) on the SOC (100), and
transmit an enable signal to enable the transmission of the interrupt signal.

11. The SCM (104) as claimed in claim 10, wherein the interrupt generation unit (203) comprises:
an event sampling unit (402) configured to:
receive the fail and timeout signals from the FSM interface module (401) and the clear signal from the external module interface (403), and
generate a status signal based on the received fail, timeout, and clear signals; and
an AND gate (404) having:
a first input terminal connected to the even sampling unit (402) for receiving the status signal;
a second input terminal connected to the external module interface (403) for receiving the enable signal; and
an output terminal for generating the interrupt signal.

12. The SCM (104) as claimed in claim 9, wherein the interrupt generation unit (203) is configured to generate six types of interrupt signals: (i) lock sequence fail, (ii) unlock sequence fail, (iii) lock sequence timeout, (iv) unlock sequence timeout, (v) read register illegal access, and (vi) write register illegal access.

13. The SCM (104) as claimed in claim 1, wherein the master module (106):
locks only write access and allows read access to the control module (105) or the slave module (107), or
locks only read access and allows write access to the control module (105) or the slave module (107), or
locks both: read and write accesses to the control module (105) or the slave module (107).

14. An access control method for a System on Chip (SOC) (100), the method comprising:
generating, by a master module (106), an access request to access a control module (105) or a slave module (107);
determining, by a System Control Module (SCM) (104), whether the control module (105) or the slave module (107) is locked or not;
receiving, by the SCM (104), when the control module (105) or the slave module (107) is not locked, a first key from the master module (106) within a predetermined time period;
storing, by the SCM (104), the first key in a first register in a memory (109);
receiving, by the SCM (104), a second key from the master module (106) within the predetermined time period;
storing, by the SCM (104), the second key in a second register in the memory (109);
generating, by an Advanced Peripheral Bus (APB) protection unit (202) within the SCM (104), a read/write lock signal (206) for the control module (105) or the slave module (107);
generating, by an interrupt generation unit (203) within the SCM (104), an interrupt signal;
generating, by an APB register access unit (201) within the SCM (104), one or more control signals (205); and
transmitting, by the APB register access unit (201), the control signals (205) to the control module (105) or the slave module (107), thereby controlling access of the master modules (106) to the control modules (105) and the slave modules (107).

15. The access control method as claimed in claim 14, comprising:
generating, by a Finite State Machine (FSM) interface module (401) within the interrupt generation unit (203), a timeout signal when the first key or the second key is not received within the predetermined time period;
generating, by the FSM interface module (401), a fail signal when the control module (105) or the slave module (107) is already locked by another master module;
generating, by an external module interface (403) within the interrupt generation unit (203), a read/write illegal access signal when another master module attempts to read/write the control module (105) or the slave module (107) locked by the master module (106);
transmitting, by the external module interface (403), a clear signal when the interrupt signal is cleared by the processor (108) on the SOC (100); and
transmitting, by the external module interface (403), an enable signal to enable the transmission of the interrupt signal.

16. The access control method as claimed in claim 15, comprising:
receiving, by an event sampling unit (402) within the interrupt generation unit (203), the fail and timeout signals from the FSM interface module (401) and the clear signal from the external module interface (403);
generating, by the event sampling unit (402), a status signal based on the received fail, timeout, and clear signals; and
receiving, by an AND gate (404) within the interrupt generation unit (203), the status signal and the enable signal, and generating the interrupt signal.

17. The access control method as claimed in claim 14, wherein interrupt generation unit (203) generates six types of interrupt signals: (i) lock sequence fail, (ii) unlock sequence fail, (iii) lock sequence timeout, (iv) unlock sequence timeout, (v) read register illegal access, and (vi) write register illegal access.

18. The access control method as claimed in claim 14, wherein the SCM (104) includes a separate FSM for each control module (105) and each slave module (107), thereby reducing delay for granting access.

19. The access control method as claimed in claim 14, wherein read/write access is rejected by the slave module (107) or the control module (105) when the master module (106) has not performed locking/unlocking through the SCM (104).

20. The access control method as claimed in claim 14, wherein the master modules (106) may be secure master modules or unsecure master modules.

21. The access control method as claimed in claim 14, wherein only secure master modules (106) are authorized to access registers within the SCM (104).

22. The access control method as claimed in claim 14, comprising:
locking, by the master module (106), only write access and allowing read access to the control module (105) or the slave module (107); or
locking, by the master module (106), only read access and allowing write access to the control module (105) or the slave module (107); or
locking, by the master module (106), both: read and write accesses to the control module (105) or the slave module (107).