Method and system for protection of customer secrets in a secure reprogrammable system

US 8,528,102 B2
Filed: 05/24/2007
Issued: 09/03/2013
Est. Priority Date: 10/06/2006
Status: Active Grant

First Claim

Patent Images

1. A method for software security, in a reprogrammable system that handles a plurality of customer specific functions for a corresponding plurality of customers, the method comprising:

storing, in memory, as firmware, a plurality of user-specific algorithms;

controlling, via hardware logic and a particular user-specific algorithm, access to one or more of said plurality of customer specific functions for a particular customer while excluding access to all other customer-specific functions of all other of said plurality of customers once said reprogrammable system is configured for a particular customer, thereby defining a customer mode;

wherein the excluding access to all other customer-specific functions of all other of said plurality of customers includes latching said hardware logic in a disabled mode by said firmware for said all other customer-specific functions of all other of said plurality of customers, andwherein the user-specific algorithm comprises a unique customer-specific key used to control the access to the one or more of said plurality of customer specific functions and a common key used to control access to non-customer specific functions.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for protection of customer secrets in a secure reprogrammable system are disclosed, and may include controlling, via hardware logic and firmware, access to customer specific functions. The firmware may comprise trusted code, and may comprise boot code, stored in non-volatile memory, which may comprise read only memory, or a locked flash memory. A customer mode may be checked via the trusted code prior to allowing downloading of code written by a customer to the reprogrammable system. Access to customer specific functions may be restricted via commands from a trusted source. The hardware logic may be latched at startup in a disabled mode by the firmware, determined by the customer mode stored in a one time programmable memory. The customer mode may be re-checked utilizing the firmware, and may disallow the use of code other than trusted code in the reprogrammable system when the re-checking fails.

36 Citations

View as Search Results

33 Claims

1. A method for software security, in a reprogrammable system that handles a plurality of customer specific functions for a corresponding plurality of customers, the method comprising:
- storing, in memory, as firmware, a plurality of user-specific algorithms;
  
  controlling, via hardware logic and a particular user-specific algorithm, access to one or more of said plurality of customer specific functions for a particular customer while excluding access to all other customer-specific functions of all other of said plurality of customers once said reprogrammable system is configured for a particular customer, thereby defining a customer mode;
  
  wherein the excluding access to all other customer-specific functions of all other of said plurality of customers includes latching said hardware logic in a disabled mode by said firmware for said all other customer-specific functions of all other of said plurality of customers, andwherein the user-specific algorithm comprises a unique customer-specific key used to control the access to the one or more of said plurality of customer specific functions and a common key used to control access to non-customer specific functions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, wherein said firmware comprises trusted code stored in non-volatile memory.
  - 3. The method according to claim 2, comprising checking said customer mode, via said trusted code, prior to allowing downloading of code written by one of said plurality of customers, to said reprogrammable system.
  - 4. The method according to claim 2, wherein said non-volatile memory comprises read only memory.
  - 5. The method according to claim 2, wherein said non-volatile memory comprises a locked flash memory.
  - 6. The method according to claim 2, wherein boot code for said reprogrammable system is stored in said non-volatile memory.
  - 7. The method according to claim 1, comprising restricting said access to one or more of said plurality of customer specific functions via commands from a trusted source.
  - 8. The method according to claim 1, wherein said latching is performed at startup of said reprogrammable system.
  - 9. The method according to claim 1, comprising re-checking said customer mode utilizing said firmware.
  - 10. The method according to claim 9, comprising disallowing use of code other than trusted code in said reprogrammable system when said re-checking fails.
  - 11. The method according to claim 1, wherein said customer mode for said particular customer is stored in a one time programmable memory.

12. A system for software security, the system comprising:
- one or more circuits for use in a reprogrammable system, said one or more circuits handles a plurality of customer specific functions for a corresponding plurality of customers;
  
  memory configured to store firmware and a plurality of user-specific algorithms; and
  
  said one or more circuits comprising hardware logic and a particular user-specific algorithm that control access to one or more of said plurality of customer specific functions for a particular customer while excluding access to all other customer-specific functions of all other of said plurality of customers once said reprogrammable system is configured for a particular customer, thereby defining a customer mode,wherein the user-specific algorithm comprises a unique customer-specific key used to control the access to the one or more of said plurality of customer specific functions and a common key used to control access to non-customer specific functions, andwherein said one or more circuits enables latching said hardware logic in a disabled mode by said firmware for said all other customer-specific function of all other of said plurality of customers.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The system according to claim 12, wherein said firmware comprises trusted code stored in non-volatile memory.
  - 14. The system according to claim 13, wherein said one or more circuits enables checking said customer mode, via said trusted code, prior to allowing downloading of code written by one of said plurality of customers, to said reprogrammable system.
  - 15. The system according to claim 13, wherein said non-volatile memory comprises read only memory.
  - 16. The system according to claim 13, wherein said non-volatile memory comprises a locked flash memory.
  - 17. The system according to claim 13, wherein boot code for said reprogrammable system is stored in said non-volatile memory.
  - 18. The system according to claim 12, wherein said one or more circuits enables restricting said access to one or more of said plurality of customer specific functions via commands from a trusted source.
  - 19. The system according to claim 12, wherein said latching is performed at startup of said reprogrammable system.
  - 20. The system according to claim 12, wherein said one or more circuits enables re-checking said customer mode utilizing said firmware.
  - 21. The system according to claim 20, wherein said one or more circuits enables disallowing use of code other than trusted code in said reprogrammable system when said re-checking fails.
  - 22. The system according to claim 12, wherein said customer mode for said particular customer is stored in a one time programmable memory.

23. A non-transitory machine-readable storage having stored thereon, a computer program having at least one code section for software security in a reprogrammable system that handles a plurality of customer specific functions for a corresponding plurality of customers, the at least one code section being executable by a machine for causing the machine to perform steps comprising:
- storing, in memory, as firmware, a plurality of user-specific algorithms;
  
  controlling, via hardware logic and a particular user-specific algorithm, access to one or more of said plurality of customer specific functions for a particular customer while excluding access to all other customer-specific functions of all other of said plurality of customers once said reprogrammable system is configured for a particular customer, thereby defining a customer mode;
  
  wherein the excluding access to all other customer-specific functions of all other of said plurality of customers includes latching said hardware logic in a disabled mode by said firmware for said all other customer-specific functions of all other of said plurality of customers, andwherein the user-specific algorithm comprises a unique customer-specific key used to control the access to the one or more of said plurality of customer specific functions and a common key used to control access to non-customer specific functions.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The non-transitory machine readable storage according to claim 23, wherein said firmware comprises trusted code stored in non volatile memory.
  - 25. The non-transitory machine readable storage according to claim 24, wherein said at least one code section comprises code for checking said customer mode, via said trusted code, prior to allowing downloading of code written by one of said plurality of customers, to said reprogrammable system.
  - 26. The non-transitory machine readable storage according to claim 24, wherein said non-volatile memory comprises read only memory.
  - 27. The non-transitory machine readable storage according to claim 24, wherein said non-volatile memory comprises a locked flash memory.
  - 28. The non-transitory machine readable storage according to claim 23, wherein boot code for said reprogrammable system is stored in said non-volatile memory.
  - 29. The non-transitory machine readable storage according to claim 23, wherein said at least one code section comprises code for restricting said access to one or more of said plurality of customer specific functions via commands from a trusted source.
  - 30. The non-transitory machine readable storage according to claim 23, wherein said at least one code section comprises code for performing said latching at startup of said reprogrammable system.
  - 31. The non-transitory machine readable storage according to claim 23, wherein said at least one code section comprises code for re-checking said customer mode utilizing said firmware.
  - 32. The non-transitory machine readable storage according to claim 31, wherein said at least one code section comprises code for disallowing use of code other than trusted code in said reprogrammable system when said re-checking fails.
  - 33. The non-transitory machine readable storage according to claim 23, wherein said customer mode for said particular customer is stored in a one time programmable memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Chen, Xuemin, Rodgers, Stephane, Dellow, Andrew, Chen, Iue Shuenn
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
LAKHIA, VIRAL S

Application Number

US11/753,414
Publication Number

US 20080086780A1
Time in Patent Office

2,294 Days
Field of Search

726 1- 2, 726 15- 27, 713/193
US Class Current

726/27
CPC Class Codes

G06F 21/572   Secure firmware programming...

G06F 21/629   to features or functions of...

H04N 21/42692   for reading from or writing...

H04N 21/4432   Powering on the client, e.g...

H04N 21/4627   Rights management associate...

H04N 21/818   OS software

H04N 7/163   by receiver means only

Method and system for protection of customer secrets in a secure reprogrammable system

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

Method and system for protection of customer secrets in a secure reprogrammable system

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others