Secure storage of program code for an embedded system
First Claim
Patent Images
1. A system to securely store a program code of an embedded system, the system comprising:
- a configurable integrated circuit, the configurable integrated circuit comprising;
a memory to store a digitation file, the digitation file comprising a tightly coupled interdigitated stream comprising configuration information and data to be processed, wherein the memory includes an adaptive silicon foundation, and wherein the digitation file, when applied to the adaptive silicon foundation, provides a hardware designation and software application for the adaptive silicon foundation,a plurality of computational elements, andan interconnection network, the interconnection network adapted to configure the plurality of computational elements in response to the configuration information to perform any one of a plurality of algorithms in response to the configuration information; and
computer readable medium storage external to the configurable integrated circuit for receiving a plurality of segmented encrypted digitation files from the configurable integrated circuit, each of the plurality of segmented encrypted digitation files including one or more of the algorithms,wherein the configurable integrated circuit is further adapted to;
encrypt each of the digitation files and hash each of the digitation files to form hash data,separate each of the encrypted digitation files into a set of data blocks, wherein a size of the data blocks is based on the functions and subroutines included in the encrypted digitation file and is further based on module types associated with the modules included in the configurable integrated circuit,transfer each data block in the set of data blocks to the computer readable medium storage,retain an encryption key and the hash data in on-chip memory,retrieve a selected one of the segmented digitation files from the computer readable medium storage,decrypt on-chip the retrieved segmented encrypted digitation file and hash the decrypted digitation file, andwhen the hash data of the decrypted digitation file matches the retained hash data, separate the decrypted digitation file into a set of data blocks, wherein the size of the data blocks is based on the functions and subroutines included in the decrypted digitation file and is further based on module types associated with the modules included in the configurable integrated circuit, and provide the configuration information of the retrieved segmented digitation file to the interconnection network to configure the plurality of computational elements into one of a plurality of modes of operation to process the coupled data of the retrieved digitation file according to an algorithm in the retrieved segmented digitation file.
5 Assignments
0 Petitions
Accused Products
Abstract
Aspects for securely storing program code of an embedded system includes accepting a digitation file from a distribution source into on-chip memory of an adaptive computing engine (ACE). The digitation file is then secured and transferred to off-chip memory.
96 Citations
15 Claims
-
1. A system to securely store a program code of an embedded system, the system comprising:
-
a configurable integrated circuit, the configurable integrated circuit comprising; a memory to store a digitation file, the digitation file comprising a tightly coupled interdigitated stream comprising configuration information and data to be processed, wherein the memory includes an adaptive silicon foundation, and wherein the digitation file, when applied to the adaptive silicon foundation, provides a hardware designation and software application for the adaptive silicon foundation, a plurality of computational elements, and an interconnection network, the interconnection network adapted to configure the plurality of computational elements in response to the configuration information to perform any one of a plurality of algorithms in response to the configuration information; and computer readable medium storage external to the configurable integrated circuit for receiving a plurality of segmented encrypted digitation files from the configurable integrated circuit, each of the plurality of segmented encrypted digitation files including one or more of the algorithms, wherein the configurable integrated circuit is further adapted to; encrypt each of the digitation files and hash each of the digitation files to form hash data, separate each of the encrypted digitation files into a set of data blocks, wherein a size of the data blocks is based on the functions and subroutines included in the encrypted digitation file and is further based on module types associated with the modules included in the configurable integrated circuit, transfer each data block in the set of data blocks to the computer readable medium storage, retain an encryption key and the hash data in on-chip memory, retrieve a selected one of the segmented digitation files from the computer readable medium storage, decrypt on-chip the retrieved segmented encrypted digitation file and hash the decrypted digitation file, and when the hash data of the decrypted digitation file matches the retained hash data, separate the decrypted digitation file into a set of data blocks, wherein the size of the data blocks is based on the functions and subroutines included in the decrypted digitation file and is further based on module types associated with the modules included in the configurable integrated circuit, and provide the configuration information of the retrieved segmented digitation file to the interconnection network to configure the plurality of computational elements into one of a plurality of modes of operation to process the coupled data of the retrieved digitation file according to an algorithm in the retrieved segmented digitation file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for securely transferring program code of a configurable integrated circuit in an embedded system from an off chip distribution source to an on chip memory of an adaptive computing engine which is operable in a plurality of different modes, the configurable integrated circuit comprising the memory, a plurality of computational elements and an interconnection network, the interconnection network adapted to configure the plurality of computational elements to execute one of a plurality of different modes of operation in response to the configuration information, the method comprising:
-
encrypting a digitation file at the configurable integrated circuit, the digitation file comprising configuration information for a selected one of the modes of the configurable integrated circuit and coupled data to be executed by the integrated circuit upon being configured according to the mode, wherein the memory includes an adaptive silicon foundation, and wherein the digitation file, when applied to the adaptive silicon foundation, provides a hardware designation and software application for the adaptive silicon foundation; hashing the digitation file on chip to form hash data; separating the digitation file into a set of data blocks, wherein a size of the data blocks is based on the functions and subroutines included in the digitation file and is further based on module types associated with the modules included in the configurable integrated circuit; transferring the encrypted and separated digitation file to a data storage device, the data storage device receiving and storing a plurality of different encrypted and separated digitation files from the configurable integrated circuit, and retaining an encryption key and the hash data in the on chip memory; the configurable integrated circuit retrieving the encrypted and separated digitation file from the off chip data storage device and decrypting the encrypted and separated digitation file in response to a received command; hashing the decrypted digitation file; and when the hash data of the decrypted digitation file matches the retained hash data, separating the decrypted digitation file into a set of data blocks, wherein the size of the data blocks is based on the functions and subroutines included in the decrypted digitation file and is further based on module types associated with the modules included in the configurable integrated circuit, and providing configuration from the decrypted digitation file information to the interconnection network to configure the plurality of computational elements into one of the plurality of modes of operation as defined by the decrypted digitation file to process the coupled data of the decrypted digitation file according to the one mode of operation, whereby the configurable integrated circuit is protected from tampered digitation file data. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
Specification