Setting security features of programmable logic devices
First Claim
Patent Images
1. A programmable integrated circuit device, comprising:
- a non-volatile memory for storing a value of at least one bit, the value representing a first set of security feature settings enabled in the programmable integrated circuit device;
an input for receiving configuration data for the programmable integrated circuit device, the configuration data including security requirement data representing a second set of security feature settings required by the configuration data on the programmable integrated circuit device; and
control circuitry configured to;
compare the value stored in the non-volatile memory against the security requirement data, andconfigure the programmable integrated circuit device with the configuration data in response to a match between the value stored in the non-volatile memory and the security requirement data, wherein the first set of security feature settings comprises one or more security operations selectively enabled on the programmable integrated circuit device, and the first set of security feature settings is enabled in the device prior to the device receiving the configuration data.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for allowing security features to be selectively enabled during device configuration. For example, a programmable integrated circuit device is provided that receives configuration data and security requirement data. Control circuitry compares enabled security features in the device against the security requirements, and can configure the programmable integrated circuit device with the configuration data or prevent such configuration. Control circuitry may also use the security requirement data to set security features within the device.
58 Citations
33 Claims
-
1. A programmable integrated circuit device, comprising:
-
a non-volatile memory for storing a value of at least one bit, the value representing a first set of security feature settings enabled in the programmable integrated circuit device; an input for receiving configuration data for the programmable integrated circuit device, the configuration data including security requirement data representing a second set of security feature settings required by the configuration data on the programmable integrated circuit device; and control circuitry configured to; compare the value stored in the non-volatile memory against the security requirement data, and configure the programmable integrated circuit device with the configuration data in response to a match between the value stored in the non-volatile memory and the security requirement data, wherein the first set of security feature settings comprises one or more security operations selectively enabled on the programmable integrated circuit device, and the first set of security feature settings is enabled in the device prior to the device receiving the configuration data. - View Dependent Claims (2, 3, 4, 33)
-
-
5. A method of configuring a programmable integrated circuit device, comprising:
-
storing a value of at least one bit in a non-volatile memory, the value representing a first set of security feature settings enabled in the programmable integrated circuit device; receiving configuration data for the programmable integrated circuit device, the configuration data including security requirement data representing a second set of security feature settings required by the configuration data on the programmable integrated circuit device; comparing the value stored in the non-volatile memory against the security requirement data; and configuring the programmable integrated circuit device with the configuration data in response to a match between the value stored in the non-volatile memory and the security requirement data, wherein the first set of security feature settings comprises one or more security operations selectively enabled on the programmable integrated circuit device, and the first set of security feature settings is enabled in the device prior to the device receiving the configuration data. - View Dependent Claims (6, 7, 8)
-
-
9. A method for configuring a programmable integrated circuit device, the method comprising:
-
receiving security requirement data at a test access port of the programmable integrated circuit device, wherein the programmable integrated circuit device is configured to compare the security requirement data to a value stored in a non-volatile memory of the programmable integrated circuit device, the value representing a first set of security feature settings enabled in the programmable integrated circuit device and the security requirement data representing a second set of security feature settings required on the programmable integrated circuit device; and receiving configuration data at a configuration input of the programmable integrated circuit device responsive to a determination that the value stored in the non-volatile memory is compatible with the security requirement data, wherein the first set of security feature settings comprises one or more security operations selectively enabled on the programmable integrated circuit device, and the first set of security feature settings is enabled in the device prior to the device receiving the configuration data. - View Dependent Claims (10, 11, 12)
-
-
13. A programmable integrated circuit device comprising:
-
an input for receiving configuration data for the programmable integrated circuit device; a test access port; control circuitry configured to; read security requirement data provided to the test access port of the programmable integrated circuit device, compare the security requirement data against a value stored in a non-volatile memory, the value representing a first set of security feature settings enabled in the programmable integrated circuit device and the security requirement data representing a second set of security feature settings required on the programmable integrated circuit device, and configure the programmable integrated circuit device according to configuration data provided to the configuration input in response to a determination that the value stored in the non-volatile memory is compatible with the security requirement data, wherein the first set of security feature settings comprises one or more security operations selectively enabled on the programmable integrated circuit device, and the first set of security feature settings is enabled in the device prior to the device receiving the configuration data. - View Dependent Claims (14, 15, 16)
-
-
17. A non-transitory machine-readable data storage medium encoded with non-transitory machine-executable instructions, said instructions comprising:
-
instructions to store a value of at least one bit in a non-volatile memory of a programmable integrated circuit device, the value representing a first set of security feature settings enabled in the programmable integrated circuit device; instructions to compare the value stored in the non-volatile memory against security requirement data, wherein the security requirement data is included in configuration data for the programmable integrated circuit device and represents a second set of security feature settings required by the configuration data on the programmable integrated circuit device; and instructions to configure the programmable integrated circuit device with the configuration data in response to a match between the value stored in the non-volatile memory and the security requirement data, wherein the first set of security feature settings comprises one or more security operations selectively enabled on the programmable integrated circuit device, and the first set of security feature settings is enabled in the device prior to the device receiving the configuration data. - View Dependent Claims (18, 19, 20)
-
-
21. A field-programmable gate array (FPGA), comprising:
-
an input for receiving configuration data for the FPGA, the configuration data including security requirement data; and control circuitry configured to; compare a value against the security requirement data, wherein the value is represents a first set of security feature settings enabled in the FPGA and the security requirement data represents a second set of security feature settings required on the programmable integrated circuit device by the configuration data, and configure the FPGA with the configuration data in response to a match between the value and the security requirement data, and wherein the first set of security feature settings comprises one or more security operations selectively enabled on the FPGA, and the first set of security feature settings is enabled in the FPGA prior to the FPGA receiving the configuration data. - View Dependent Claims (22, 23, 24)
-
-
25. A non-transitory machine-readable data storage medium encoded with non-transitory machine-executable instructions, said instructions comprising:
-
instructions for receiving security requirement data at a test access port of a programmable integrated circuit device, wherein the programmable integrated circuit device is configured to compare the security requirement data to a value stored in a non-volatile memory of the programmable integrated circuit device, the value representing a first set of security feature settings enabled in the programmable integrated circuit device and the security requirement data representing a second set of security feature settings required on the programmable integrated circuit device; and instructions for receiving configuration data at a configuration input of the programmable integrated circuit device responsive to a determination that the value stored in the non-volatile memory is compatible with the security requirement data, wherein the first set of security feature settings comprises one or more security operations selectively enabled on the programmable integrated circuit device, and the first set of security feature settings is enabled in the device prior to the device receiving the configuration data. - View Dependent Claims (26, 27, 28)
-
-
29. A field-programmable gate array (FPGA), comprising:
-
an input for receiving configuration data for the FPGA; a test access port; control circuitry configured to; read security requirement data provided to the test access port of the FPGA, compare the security requirement data against a value, the value representing a first set of security feature settings enabled in the FPGA and the security requirement data representing a second set of security feature settings required on the programmable integrated circuit device, and configure the FPGA according to configuration data provided to the configuration input in response to a determination that the value is compatible with the security requirement data, wherein the first set of security feature settings comprises one or more security operations selectively enabled on FPGA, and the first set of security feature settings is enabled in the FPGA prior to the FPGA receiving the configuration data. - View Dependent Claims (30, 31, 32)
-
Specification