Setting security features of programmable logic devices

US 8,736,299 B1
Filed: 04/29/2011
Issued: 05/27/2014
Est. Priority Date: 04/29/2011
Status: Active Grant

First Claim

Patent Images

1. A programmable integrated circuit device, comprising:

a non-volatile memory for storing a value of at least one bit, the value representing a first set of security feature settings enabled in the programmable integrated circuit device;

an input for receiving configuration data for the programmable integrated circuit device, the configuration data including security requirement data representing a second set of security feature settings required by the configuration data on the programmable integrated circuit device; and

control circuitry configured to;

compare the value stored in the non-volatile memory against the security requirement data, andconfigure the programmable integrated circuit device with the configuration data in response to a match between the value stored in the non-volatile memory and the security requirement data, wherein the first set of security feature settings comprises one or more security operations selectively enabled on the programmable integrated circuit device, and the first set of security feature settings is enabled in the device prior to the device receiving the configuration data.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed for allowing security features to be selectively enabled during device configuration. For example, a programmable integrated circuit device is provided that receives configuration data and security requirement data. Control circuitry compares enabled security features in the device against the security requirements, and can configure the programmable integrated circuit device with the configuration data or prevent such configuration. Control circuitry may also use the security requirement data to set security features within the device.

58 Citations

View as Search Results

33 Claims

1. A programmable integrated circuit device, comprising:
- a non-volatile memory for storing a value of at least one bit, the value representing a first set of security feature settings enabled in the programmable integrated circuit device;
  
  an input for receiving configuration data for the programmable integrated circuit device, the configuration data including security requirement data representing a second set of security feature settings required by the configuration data on the programmable integrated circuit device; and
  
  control circuitry configured to;
  
  compare the value stored in the non-volatile memory against the security requirement data, andconfigure the programmable integrated circuit device with the configuration data in response to a match between the value stored in the non-volatile memory and the security requirement data, wherein the first set of security feature settings comprises one or more security operations selectively enabled on the programmable integrated circuit device, and the first set of security feature settings is enabled in the device prior to the device receiving the configuration data.
- View Dependent Claims (2, 3, 4, 33)
- - 2. The programmable integrated circuit device of claim 1, wherein the control circuitry is further configured to identify a match between the value stored in the non-volatile memory and the security requirement data when the value stored in the non-volatile memory indicates that JTAG ports associated with the programmable integrated circuit device are disabled.
  - 3. The programmable integrated circuit device of claim 1, wherein the control circuitry is further configured to identify a match between the value stored in the non-volatile memory and the security requirement data when the value stored in the non-volatile memory indicates that a test mode of the programmable integrated circuit device is disabled.
  - 4. The programmable integrated circuit device of claim 3, wherein the control circuitry is further configured to identify a match between the value stored in the non-volatile memory and the security requirement data when the value stored in the non-volatile memory indicates that a test mode of the programmable integrated circuit device has not been previously enabled.
  - 33. The programmable integrated circuit device of claim 1, wherein the first set of security feature settings represents a selection from a set of different possible device security feature settings, wherein selected security feature settings in the selection are enabled on the programmable integrated circuit device and non-selected security feature settings not in the selection are not enabled on the programmable integrated circuit device.

5. A method of configuring a programmable integrated circuit device, comprising:
- storing a value of at least one bit in a non-volatile memory, the value representing a first set of security feature settings enabled in the programmable integrated circuit device;
  
  receiving configuration data for the programmable integrated circuit device, the configuration data including security requirement data representing a second set of security feature settings required by the configuration data on the programmable integrated circuit device;
  
  comparing the value stored in the non-volatile memory against the security requirement data; and
  
  configuring the programmable integrated circuit device with the configuration data in response to a match between the value stored in the non-volatile memory and the security requirement data, wherein the first set of security feature settings comprises one or more security operations selectively enabled on the programmable integrated circuit device, and the first set of security feature settings is enabled in the device prior to the device receiving the configuration data.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5 further comprising identifying a match between the value stored in the non-volatile memory and the security requirement data when the value stored in the non-volatile memory indicates that JTAG ports associated with the programmable integrated circuit device are disabled.
  - 7. The method of claim 5 further comprising identifying a match between the value stored in the non-volatile memory and the security requirement data when the value stored in the non-volatile memory indicates that a test mode of the programmable integrated circuit device is disabled.
  - 8. The method of claim 7 further comprising identifying a match between the value stored in the non-volatile memory and the security requirement data when the value stored in the non-volatile memory indicates that a test mode of the programmable integrated circuit device has not been previously enabled.

9. A method for configuring a programmable integrated circuit device, the method comprising:
- receiving security requirement data at a test access port of the programmable integrated circuit device, wherein the programmable integrated circuit device is configured to compare the security requirement data to a value stored in a non-volatile memory of the programmable integrated circuit device, the value representing a first set of security feature settings enabled in the programmable integrated circuit device and the security requirement data representing a second set of security feature settings required on the programmable integrated circuit device; and
  
  receiving configuration data at a configuration input of the programmable integrated circuit device responsive to a determination that the value stored in the non-volatile memory is compatible with the security requirement data, wherein the first set of security feature settings comprises one or more security operations selectively enabled on the programmable integrated circuit device, and the first set of security feature settings is enabled in the device prior to the device receiving the configuration data.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein the test access port is a Joint Test Action Group (JTAG) port.
  - 11. The method of claim 9, wherein the method is implemented using a non-transitory computer readable medium that is licensed to an end user by a manufacturer of the programmable integrated circuit device.
  - 12. The method of claim 9 further comprising:
    - validating a user of the computer readable medium prior to receiving security requirement data to the test access port.

13. A programmable integrated circuit device comprising:
- an input for receiving configuration data for the programmable integrated circuit device;
  
  a test access port;
  
  control circuitry configured to;
  
  read security requirement data provided to the test access port of the programmable integrated circuit device,compare the security requirement data against a value stored in a non-volatile memory, the value representing a first set of security feature settings enabled in the programmable integrated circuit device and the security requirement data representing a second set of security feature settings required on the programmable integrated circuit device, andconfigure the programmable integrated circuit device according to configuration data provided to the configuration input in response to a determination that the value stored in the non-volatile memory is compatible with the security requirement data, wherein the first set of security feature settings comprises one or more security operations selectively enabled on the programmable integrated circuit device, and the first set of security feature settings is enabled in the device prior to the device receiving the configuration data.
- View Dependent Claims (14, 15, 16)
- - 14. The programmable integrated circuit device of claim 13, wherein the test access port is a Joint Test Action Group (JTAG) port.
  - 15. The programmable integrated circuit device of claim 13, wherein the security requirement data is provided by a processor executing a method provided by a non-transitory computer readable medium that is licensed to an end user by a manufacturer of the programmable integrated circuit device.
  - 16. The programmable integrated circuit device of claim 13, wherein the logic circuitry is further configured to:
    - validate a user of the computer readable medium prior to providing security requirement data to the test access port.

17. A non-transitory machine-readable data storage medium encoded with non-transitory machine-executable instructions, said instructions comprising:
- instructions to store a value of at least one bit in a non-volatile memory of a programmable integrated circuit device, the value representing a first set of security feature settings enabled in the programmable integrated circuit device;
  
  instructions to compare the value stored in the non-volatile memory against security requirement data, wherein the security requirement data is included in configuration data for the programmable integrated circuit device and represents a second set of security feature settings required by the configuration data on the programmable integrated circuit device; and
  
  instructions to configure the programmable integrated circuit device with the configuration data in response to a match between the value stored in the non-volatile memory and the security requirement data, wherein the first set of security feature settings comprises one or more security operations selectively enabled on the programmable integrated circuit device, and the first set of security feature settings is enabled in the device prior to the device receiving the configuration data.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory machine-readable data storage medium of claim 17 further comprising instructions to identify a match between the value stored in the non-volatile memory and the security requirement data when the value stored in the non-volatile memory indicates that JTAG ports associated with the programmable integrated circuit device are disabled.
  - 19. The non-transitory machine-readable data storage medium of claim 17 further comprising instructions to identify a match between the value stored in the non-volatile memory and the security requirement data when the value stored in the non-volatile memory indicates that a test mode of the programmable integrated circuit device is disabled.
  - 20. The non-transitory machine-readable data storage medium of claim 19 further comprising instructions to identify a match between the value stored in the non-volatile memory and the security requirement data when the value stored in the non-volatile memory indicates that a test mode of the programmable integrated circuit device has not been previously enabled.

21. A field-programmable gate array (FPGA), comprising:
- an input for receiving configuration data for the FPGA, the configuration data including security requirement data; and
  
  control circuitry configured to;
  
  compare a value against the security requirement data, wherein the value is represents a first set of security feature settings enabled in the FPGA and the security requirement data represents a second set of security feature settings required on the programmable integrated circuit device by the configuration data, andconfigure the FPGA with the configuration data in response to a match between the value and the security requirement data, and wherein the first set of security feature settings comprises one or more security operations selectively enabled on the FPGA, and the first set of security feature settings is enabled in the FPGA prior to the FPGA receiving the configuration data.
- View Dependent Claims (22, 23, 24)
- - 22. The FPGA of claim 21, wherein the control circuitry is further configured to identify a match between the value and the security requirement data when the value indicates that JTAG ports associated with the FPGA are disabled.
  - 23. The FPGA of claim 21, wherein the control circuitry is further configured to identify a match between the value and the security requirement data when the value indicates that a test mode of the FPGA is disabled.
  - 24. The FPGA of claim 23, wherein the control circuitry is further configured to identify a match between the value and the security requirement data when the value indicates that a test mode of the FPGA has not been previously enabled.

25. A non-transitory machine-readable data storage medium encoded with non-transitory machine-executable instructions, said instructions comprising:
- instructions for receiving security requirement data at a test access port of a programmable integrated circuit device, wherein the programmable integrated circuit device is configured to compare the security requirement data to a value stored in a non-volatile memory of the programmable integrated circuit device, the value representing a first set of security feature settings enabled in the programmable integrated circuit device and the security requirement data representing a second set of security feature settings required on the programmable integrated circuit device; and
  
  instructions for receiving configuration data at a configuration input of the programmable integrated circuit device responsive to a determination that the value stored in the non-volatile memory is compatible with the security requirement data, wherein the first set of security feature settings comprises one or more security operations selectively enabled on the programmable integrated circuit device, and the first set of security feature settings is enabled in the device prior to the device receiving the configuration data.
- View Dependent Claims (26, 27, 28)
- - 26. The non-transitory machine-readable data storage medium of claim 25, wherein the test access port is a Joint Test Action Group (JTAG) port.
  - 27. The non-transitory machine-readable data storage medium of claim 25, wherein the non-transitory machine-readable data storage medium is licensed to an end user by a manufacturer of the programmable integrated circuit device.
  - 28. The non-transitory machine-readable data storage medium of claim 25 further comprising instructions for validating a user of the computer readable medium prior to receiving security requirement data to the test access port.

29. A field-programmable gate array (FPGA), comprising:
- an input for receiving configuration data for the FPGA;
  
  a test access port;
  
  control circuitry configured to;
  
  read security requirement data provided to the test access port of the FPGA,compare the security requirement data against a value, the value representing a first set of security feature settings enabled in the FPGA and the security requirement data representing a second set of security feature settings required on the programmable integrated circuit device, andconfigure the FPGA according to configuration data provided to the configuration input in response to a determination that the value is compatible with the security requirement data, wherein the first set of security feature settings comprises one or more security operations selectively enabled on FPGA, and the first set of security feature settings is enabled in the FPGA prior to the FPGA receiving the configuration data.
- View Dependent Claims (30, 31, 32)
- - 30. The FPGA of claim 29, wherein the test access port is a Joint Test Action Group (JTAG) port.
  - 31. The FPGA of claim 29, wherein the security requirement data is provided by a processor executing a method provided by a non-transitory computer readable medium that is licensed to an end user by a manufacturer of the FPGA.
  - 32. The FPGA of claim 29, wherein the logic circuitry is further configured to:
    - validate a user of the computer readable medium prior to providing security requirement data to the test access port.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tahoe Research Limited (f/k/a Learndale Limited) (Vector Capital Corporation)
Original Assignee
Altera Corporation (Intel Corporation)
Inventors
Pedersen, Bruce B.
Primary Examiner(s)
Taningco, Alexander H
Assistant Examiner(s)
LO, CHRISTOPHER KWOK YEUNG

Application Number

US13/098,316
Time in Patent Office

1,124 Days
Field of Search

326 8- 9, 326/16, 326 37- 41, 326/47, 713168-191, 380277-285
US Class Current

326/8
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/74   operating in dual or compar...

G06F 21/76   in application-specific int...

H03K 19/17768   for security

Setting security features of programmable logic devices

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Setting security features of programmable logic devices

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links