System and method for performing secure device communications in a

Abstract

A system and method for performing secure peer-to-peer device communications on an I/O bus, such as a PCI bus, a Fiber Channel bus, an IEEE, 1394 bus or a Universal Serial Bus. The system includes a plurality of intelligent I/O devices, such as intelligent storage devices and/or controllers, communications devices, video devices and audio devices. The I/O devices perform peer-to-peer message and data transfers, thereby bypassing the operating system running on the computer's CPU. The intelligent I/O devices encrypt messages and data before transmitting them on the I/O bus and conversely decrypt the messages and data upon reception. The encryption provides secrecy and/or authentication of the sender. The devices use keys or passwords to encrypt/decrypt the data. The keys are stored in non-volatile memory in the devices and are distributed to the devices by the system BIOS at initialization time. The devices perform access authorization validation using rule sets also distributed by the BIOS at initialization time. The rule sets specify which I/O operations are valid for a peer I/O device to request of a respective I/O device based, preferably, upon the device class/subclasses of the requesting device. In another embodiment, one of the intelligent I/O devices may be a communications device which serves as a firewall for the I/O bus. In this embodiment, the rule set further includes identification information of the remote machines/devices.