LOGIC REPOSITORY SERVICE USING ENCRYPTED CONFIGURATION DATA

US 20180091484A1
Filed: 09/29/2016
Published: 03/29/2018
Est. Priority Date: 09/29/2016
Status: Active Grant

First Claim

Patent Images

1. A method of providing configurable hardware, the method comprising:

receiving a first request to generate configuration data for a field-programmable gate array (FPGA), the first request comprising a reference to a hardware design specifying application logic for implementation on the FPGA, the FPGA comprising host logic and the application logic when the FPGA is configured;

generating a validated bitstream based on the application logic and the host logic, the validated bitstream specifying the configuration data for the FPGA;

encrypting the validated bitstream to generate an encrypted bitstream;

signing the encrypted bitstream using a private key to generate a signed encrypted bitstream, the signed encrypted bitstream comprising a signature and the encrypted bitstream;

transmitting the signed encrypted bitstream to a host server computer in communication with a particular FPGA;

verifying the signature of the signed encrypted bitstream using a public key;

decrypting the encrypted bitstream to generate the validated bitstream; and

programming the particular FPGA with the validated bitstream so that the particular FPGA is configured with the host logic and the application logic.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The following description is directed to a logic repository service. In one example, a method of a logic repository service can include receiving a first request to generate configuration data for configurable hardware using a specification for application logic of the configurable hardware. The method can include generating the configuration data for the configurable hardware. The configuration data can include data for implementing the application logic. The method can include encrypting the configuration data to generate encrypted configuration data. The method can include signing the encrypted configuration data using a private key. The method can include transmitting the signed encrypted configuration data in response to the request.

54 Citations

View as Search Results

20 Claims

1. A method of providing configurable hardware, the method comprising:
- receiving a first request to generate configuration data for a field-programmable gate array (FPGA), the first request comprising a reference to a hardware design specifying application logic for implementation on the FPGA, the FPGA comprising host logic and the application logic when the FPGA is configured;
  
  generating a validated bitstream based on the application logic and the host logic, the validated bitstream specifying the configuration data for the FPGA;
  
  encrypting the validated bitstream to generate an encrypted bitstream;
  
  signing the encrypted bitstream using a private key to generate a signed encrypted bitstream, the signed encrypted bitstream comprising a signature and the encrypted bitstream;
  
  transmitting the signed encrypted bitstream to a host server computer in communication with a particular FPGA;
  
  verifying the signature of the signed encrypted bitstream using a public key;
  
  decrypting the encrypted bitstream to generate the validated bitstream; and
  
  programming the particular FPGA with the validated bitstream so that the particular FPGA is configured with the host logic and the application logic.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein verifying the signature or decrypting the encrypted bitstream are performed by the host logic of the particular FPGA.
  - 3. The method of claim 1, wherein verifying the signature or decrypting the encrypted bitstream are performed by the host server computer.
  - 4. The method of claim 1, wherein the received hardware design comprises source code, and wherein generating the validated bitstream comprises synthesizing the received hardware design to generate a netlist compatible with the FPGA.
  - 5. The method of claim 1, wherein the FPGA comprises multiple configurable regions, and the validated bitstream specifying the configuration data is a partial bitstream for configuring a portion of the regions.
  - 6. The method of claim 5, wherein the validated bitstream specifying the configuration data comprises data for reconfiguring the application logic and data for maintaining static host logic.

7. One or more computer-readable storage media including instructions that upon execution cause a first computer system to:
- receive a request to generate configuration data for configurable hardware using a specification for application logic of the configurable hardware;
  
  generate the configuration data for the configurable hardware, the configuration data comprising data for implementing the application logic;
  
  encrypt the configuration data to generate encrypted configuration data;
  
  sign the encrypted configuration data using a private key; and
  
  transmit the signed encrypted configuration data in response to the request.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 8. The one or more computer-readable storage media of claim 7, wherein the instructions, upon execution, further cause a second computer system to:
    - receive the signed encrypted configuration data;
      
      verify the signature of the signed encrypted configuration data using a public key;
      
      decrypt the encrypted configuration data to regenerate the configuration data; and
      
      program an instance of configurable hardware with the configuration data so that the instance of the configurable hardware is configured with host logic and the application logic.
  - 9. The one or more computer-readable storage media of claim 8, wherein at least a portion of the host logic of the instance of the configurable hardware is loaded during a power-on sequence of the instance of the configurable hardware, and wherein at least one of verifying the signature and decrypting the encrypted configuration data are performed by the host logic of the instance of the configurable hardware.
  - 10. The one or more computer-readable storage media of claim 8, wherein at least one of verifying the signature and decrypting the encrypted bitstream are performed by a host server computer in communication with the instance of the configurable hardware.
  - 11. The one or more computer-readable storage media of claim 7, wherein the specification for the application logic comprises source code, and wherein generating the configuration data for the configurable hardware comprises synthesizing the source code to generate a netlist for the application logic.
  - 12. The one or more computer-readable storage media of claim 7, wherein the request to generate configuration data is an API request from a customer of a service provider.
  - 13. The one or more computer-readable storage media of claim 7, wherein the signed encrypted configuration data is transmitted to a customer of a service provider or to an instance including configurable hardware.
  - 14. The one or more computer-readable storage media of claim 7, wherein generating the configuration data for the configurable hardware comprises validating that the application logic is compatible with host logic requirements.
  - 15. The one or more computer-readable storage media of claim 7, wherein the request to generate configuration data comprises a reference to an encrypted version of the specification for the application logic of the configurable hardware.
  - 16. The one or more computer-readable storage media of claim 7, wherein the configurable hardware comprises a field-programmable gate array (FPGA) and the configuration data comprises a bitstream for configuring the FPGA.

17. A computing system comprising:
- a database; and
  
  a logic repository service running on a first server computer coupled to the database, the logic repository service configured to;
  
  ingest a first specification for application logic and a second specification for host logic of configurable hardware to generate configuration data for the configurable hardware;
  
  encrypt and sign the configuration data using a private key of the logic repository service to generate signed encrypted configuration data; and
  
  store the signed encrypted configuration data in the database.
- View Dependent Claims (18, 19, 20)
- - 18. The computing system of claim 17, further comprising:
    - a second server computer coupled to the database and to the configurable hardware, the second server computer configured to;
      
      receive the signed encrypted configuration data from the database; and
      
      program the configurable hardware based on the signed encrypted configuration data.
  - 19. The computing system of claim 18, wherein programming the configurable hardware comprises using the host logic of the configurable hardware to verify a signature of the encrypted configuration data and using the host logic to decrypt the encrypted configuration data.
  - 20. The computing system of claim 18, wherein programming the configurable hardware comprises verifying a signature of the encrypted configuration data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Atta, Islam Mohamed Hatem Abdulfattah Mohamed, Pettey, Christopher Joseph, Bshara, Nafea, Khan, Asif, Davis, Mark Bradley, Tandon, Prateek

Granted Patent

US 10,250,572 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 15/7871   Reconfiguration support, e....

G06F 9/50   Allocation of resources, e....

H04L 2209/72   Signcrypting, i.e. digital ...

H04L 63/0428   wherein the data content is...

H04L 9/3247   involving digital signatures

LOGIC REPOSITORY SERVICE USING ENCRYPTED CONFIGURATION DATA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

54 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

LOGIC REPOSITORY SERVICE USING ENCRYPTED CONFIGURATION DATA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links