Method and system for protection of customer secrets in a secure reprogrammable system
First Claim
1. A method for software security, in a reprogrammable system that handles a plurality of customer specific functions for a corresponding plurality of customers, the method comprising:
- storing, in memory, as firmware, a plurality of user-specific algorithms;
controlling, via hardware logic and a particular user-specific algorithm, access to one or more of said plurality of customer specific functions for a particular customer while excluding access to all other customer-specific functions of all other of said plurality of customers once said reprogrammable system is configured for a particular customer, thereby defining a customer mode;
wherein the excluding access to all other customer-specific functions of all other of said plurality of customers includes latching said hardware logic in a disabled mode by said firmware for said all other customer-specific functions of all other of said plurality of customers, andwherein the user-specific algorithm comprises a unique customer-specific key used to control the access to the one or more of said plurality of customer specific functions and a common key used to control access to non-customer specific functions.
7 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for protection of customer secrets in a secure reprogrammable system are disclosed, and may include controlling, via hardware logic and firmware, access to customer specific functions. The firmware may comprise trusted code, and may comprise boot code, stored in non-volatile memory, which may comprise read only memory, or a locked flash memory. A customer mode may be checked via the trusted code prior to allowing downloading of code written by a customer to the reprogrammable system. Access to customer specific functions may be restricted via commands from a trusted source. The hardware logic may be latched at startup in a disabled mode by the firmware, determined by the customer mode stored in a one time programmable memory. The customer mode may be re-checked utilizing the firmware, and may disallow the use of code other than trusted code in the reprogrammable system when the re-checking fails.
36 Citations
33 Claims
-
1. A method for software security, in a reprogrammable system that handles a plurality of customer specific functions for a corresponding plurality of customers, the method comprising:
-
storing, in memory, as firmware, a plurality of user-specific algorithms; controlling, via hardware logic and a particular user-specific algorithm, access to one or more of said plurality of customer specific functions for a particular customer while excluding access to all other customer-specific functions of all other of said plurality of customers once said reprogrammable system is configured for a particular customer, thereby defining a customer mode; wherein the excluding access to all other customer-specific functions of all other of said plurality of customers includes latching said hardware logic in a disabled mode by said firmware for said all other customer-specific functions of all other of said plurality of customers, and wherein the user-specific algorithm comprises a unique customer-specific key used to control the access to the one or more of said plurality of customer specific functions and a common key used to control access to non-customer specific functions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for software security, the system comprising:
-
one or more circuits for use in a reprogrammable system, said one or more circuits handles a plurality of customer specific functions for a corresponding plurality of customers; memory configured to store firmware and a plurality of user-specific algorithms; and said one or more circuits comprising hardware logic and a particular user-specific algorithm that control access to one or more of said plurality of customer specific functions for a particular customer while excluding access to all other customer-specific functions of all other of said plurality of customers once said reprogrammable system is configured for a particular customer, thereby defining a customer mode, wherein the user-specific algorithm comprises a unique customer-specific key used to control the access to the one or more of said plurality of customer specific functions and a common key used to control access to non-customer specific functions, and wherein said one or more circuits enables latching said hardware logic in a disabled mode by said firmware for said all other customer-specific function of all other of said plurality of customers. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory machine-readable storage having stored thereon, a computer program having at least one code section for software security in a reprogrammable system that handles a plurality of customer specific functions for a corresponding plurality of customers, the at least one code section being executable by a machine for causing the machine to perform steps comprising:
-
storing, in memory, as firmware, a plurality of user-specific algorithms; controlling, via hardware logic and a particular user-specific algorithm, access to one or more of said plurality of customer specific functions for a particular customer while excluding access to all other customer-specific functions of all other of said plurality of customers once said reprogrammable system is configured for a particular customer, thereby defining a customer mode; wherein the excluding access to all other customer-specific functions of all other of said plurality of customers includes latching said hardware logic in a disabled mode by said firmware for said all other customer-specific functions of all other of said plurality of customers, and wherein the user-specific algorithm comprises a unique customer-specific key used to control the access to the one or more of said plurality of customer specific functions and a common key used to control access to non-customer specific functions. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification