METHOD AND SYSTEM FOR PROTECTION OF CUSTOMER SECRETS IN A SECURE REPROGRAMMABLE SYSTEM

US 20080086780A1
Filed: 05/24/2007
Published: 04/10/2008
Est. Priority Date: 10/06/2006
Status: Active Grant

First Claim

Patent Images

1. A method for software security, the method comprising:

in a reprogrammable system that handles a plurality of customer specific functions for a corresponding plurality of customers, controlling via hardware logic and firmware, access to one or more of said plurality of customer specific functions for a particular customer based on a determined customer mode.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for protection of customer secrets in a secure reprogrammable system are disclosed, and may include controlling, via hardware logic and firmware, access to customer specific functions. The firmware may comprise trusted code, and may comprise boot code, stored in non-volatile memory, which may comprise read only memory, or a locked flash memory. A customer mode may be checked via the trusted code prior to allowing downloading of code written by a customer to the reprogrammable system. Access to customer specific functions may be restricted via commands from a trusted source. The hardware logic may be latched at startup in a disabled mode by the firmware, determined by the customer mode stored in a one time programmable memory. The customer mode may be re-checked utilizing the firmware, and may disallow the use of code other than trusted code in the reprogrammable system when the re-checking fails.

49 Citations

View as Search Results

36 Claims

1. A method for software security, the method comprising:
- in a reprogrammable system that handles a plurality of customer specific functions for a corresponding plurality of customers, controlling via hardware logic and firmware, access to one or more of said plurality of customer specific functions for a particular customer based on a determined customer mode.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method according to claim 1, wherein said firmware comprises trusted code stored in non-volatile memory.
  - 3. The method according to claim 2, comprising checking said customer mode, via said trusted code, prior to allowing downloading of code written by one of said plurality of customers, to said reprogrammable system.
  - 4. The method according to claim 2, wherein said non-volatile memory comprises read only memory.
  - 5. The method according to claim 2, wherein said non-volatile memory comprises a locked flash memory.
  - 6. The method according to claim 2, wherein boot code for said reprogrammable system is stored in said non-volatile memory.
  - 7. The method according to claim 1, comprising restricting said access to one or more of said plurality of customer specific functions via commands from a trusted source.
  - 8. The method according to claim 1, comprising latching said hardware logic in a disabled mode by said firmware for said one or more of said plurality of customer specific functions determined by said customer mode.
  - 9. The method according to claim 8, wherein said latching is performed at startup of said reprogrammable system.
  - 10. The method according to claim 1, comprising re-checking said customer mode utilizing said firmware.
  - 11. The method according to claim 10, comprising disallowing use of code other than trusted code in said reprogrammable system when said re-checking fails.
  - 12. The method according to claim 1, wherein said customer mode for said particular customer is stored in a one time programmable memory.

13. A system for software security, the system comprising:
- one or more circuits for use in a reprogrammable system, said one or more circuits handles a plurality of customer specific functions for a corresponding plurality of customers, said one or more circuits comprising hardware logic and firmware that control access to one or more of said plurality of customer specific functions for a particular customer based on a determined customer mode.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The system according to claim 13, wherein said firmware comprises trusted code stored in non-volatile memory.
  - 15. The system according to claim 14, wherein said one or more circuits enables checking said customer mode, via said trusted code, prior to allowing downloading of code written by one of said plurality of customers, to said reprogrammable system.
  - 16. The system according to claim 14, wherein said non-volatile memory comprises read only memory.
  - 17. The system according to claim 14, wherein said non-volatile memory comprises a locked flash memory.
  - 18. The system according to claim 14, wherein boot code for said reprogrammable system is stored in said non-volatile memory.
  - 19. The system according to claim 13, wherein said one or more circuits enables restricting said access to one or more of said plurality of customer specific functions via commands from a trusted source.
  - 20. The system according to claim 13, wherein said one or more circuits enables latching said hardware logic in a disabled mode by said firmware for said one or more of said plurality of customer specific functions determined by said customer mode.
  - 21. The system according to claim 20, wherein said latching is performed at startup of said reprogrammable system.
  - 22. The system according to claim 13, wherein said one or more circuits enables re-checking said customer mode utilizing said firmware.
  - 23. The system according to claim 22, wherein said one or more circuits enables disallowing use of code other than trusted code in said reprogrammable system when said re-checking fails.
  - 24. The system according to claim 13, wherein said customer mode for said particular customer is stored in a one time programmable memory.

25. A machine-readable storage having stored thereon, a computer program having at least one code section for software security, the at least one code section being executable by a machine for causing the machine to perform steps comprising:
- in a reprogrammable system that handles a plurality of customer specific functions for a corresponding plurality of customers, controlling via hardware logic and firmware, access to one or more of said plurality of customer specific functions for a particular customer based on a determined customer mode.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 26. The machine readable storage according to claim 25, wherein said firmware comprises trusted code stored in non-volatile memory.
  - 27. The machine readable storage according to claim 26, wherein said at least one code section comprises code for checking said customer mode, via said trusted code, prior to allowing downloading of code written by one of said plurality of customers, to said reprogrammable system.
  - 28. The machine readable storage according to claim 26, wherein said non-volatile memory comprises read only memory.
  - 29. The machine readable storage according to claim 26, wherein said non-volatile memory comprises a locked flash memory.
  - 30. The machine readable storage according to claim 26, wherein boot code for said reprogrammable system is stored in said non-volatile memory.
  - 31. The machine readable storage according to claim 25, wherein said at least one code section comprises code for restricting said access to one or more of said plurality of customer specific functions via commands from a trusted source.
  - 32. The machine readable storage according to claim 25, wherein said at least one code section comprises code for latching said hardware logic in a disabled mode by said firmware for said one or more of said plurality of customer specific functions determined by said customer mode.
  - 33. The machine readable storage according to claim 32, wherein said at least one code section comprises code for performing said latching at startup of said reprogrammable system.
  - 34. The machine readable storage according to claim 25, wherein said at least one code section comprises code for re-checking said customer mode utilizing said firmware.
  - 35. The machine readable storage according to claim 34, wherein said at least one code section comprises code for disallowing use of code other than trusted code in said reprogrammable system when said re-checking fails.
  - 36. The machine readable storage according to claim 25, wherein said customer mode for said particular customer is stored in a one time programmable memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Rodgers, Stephane, Chen, Iue-Shuenn, Dellow, Andrew, Chen, Xuemin

Granted Patent

US 8,528,102 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 21/572   Secure firmware programming...

G06F 21/629   to features or functions of...

H04N 21/42692   for reading from or writing...

H04N 21/4432   Powering on the client, e.g...

H04N 21/4627   Rights management associate...

H04N 21/818   OS software

H04N 7/163   by receiver means only

METHOD AND SYSTEM FOR PROTECTION OF CUSTOMER SECRETS IN A SECURE REPROGRAMMABLE SYSTEM

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR PROTECTION OF CUSTOMER SECRETS IN A SECURE REPROGRAMMABLE SYSTEM

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links