Secure storage of program code for an embedded system

US 7,802,108 B1
Filed: 11/01/2002
Issued: 09/21/2010
Est. Priority Date: 07/18/2002
Status: Active Grant

First Claim

Patent Images

1. A system to securely store a program code of an embedded system, the system comprising:

a configurable integrated circuit, the configurable integrated circuit comprising;

a memory to store a digitation file, the digitation file comprising a tightly coupled interdigitated stream comprising configuration information and data to be processed, wherein the memory includes an adaptive silicon foundation, and wherein the digitation file, when applied to the adaptive silicon foundation, provides a hardware designation and software application for the adaptive silicon foundation,a plurality of computational elements, andan interconnection network, the interconnection network adapted to configure the plurality of computational elements in response to the configuration information to perform any one of a plurality of algorithms in response to the configuration information; and

computer readable medium storage external to the configurable integrated circuit for receiving a plurality of segmented encrypted digitation files from the configurable integrated circuit, each of the plurality of segmented encrypted digitation files including one or more of the algorithms,wherein the configurable integrated circuit is further adapted to;

encrypt each of the digitation files and hash each of the digitation files to form hash data,separate each of the encrypted digitation files into a set of data blocks, wherein a size of the data blocks is based on the functions and subroutines included in the encrypted digitation file and is further based on module types associated with the modules included in the configurable integrated circuit,transfer each data block in the set of data blocks to the computer readable medium storage,retain an encryption key and the hash data in on-chip memory,retrieve a selected one of the segmented digitation files from the computer readable medium storage,decrypt on-chip the retrieved segmented encrypted digitation file and hash the decrypted digitation file, andwhen the hash data of the decrypted digitation file matches the retained hash data, separate the decrypted digitation file into a set of data blocks, wherein the size of the data blocks is based on the functions and subroutines included in the decrypted digitation file and is further based on module types associated with the modules included in the configurable integrated circuit, and provide the configuration information of the retrieved segmented digitation file to the interconnection network to configure the plurality of computational elements into one of a plurality of modes of operation to process the coupled data of the retrieved digitation file according to an algorithm in the retrieved segmented digitation file.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects for securely storing program code of an embedded system includes accepting a digitation file from a distribution source into on-chip memory of an adaptive computing engine (ACE). The digitation file is then secured and transferred to off-chip memory.

96 Citations

View as Search Results

15 Claims

1. A system to securely store a program code of an embedded system, the system comprising:
- a configurable integrated circuit, the configurable integrated circuit comprising;
  
  a memory to store a digitation file, the digitation file comprising a tightly coupled interdigitated stream comprising configuration information and data to be processed, wherein the memory includes an adaptive silicon foundation, and wherein the digitation file, when applied to the adaptive silicon foundation, provides a hardware designation and software application for the adaptive silicon foundation,a plurality of computational elements, andan interconnection network, the interconnection network adapted to configure the plurality of computational elements in response to the configuration information to perform any one of a plurality of algorithms in response to the configuration information; and
  
  computer readable medium storage external to the configurable integrated circuit for receiving a plurality of segmented encrypted digitation files from the configurable integrated circuit, each of the plurality of segmented encrypted digitation files including one or more of the algorithms,wherein the configurable integrated circuit is further adapted to;
  
  encrypt each of the digitation files and hash each of the digitation files to form hash data,separate each of the encrypted digitation files into a set of data blocks, wherein a size of the data blocks is based on the functions and subroutines included in the encrypted digitation file and is further based on module types associated with the modules included in the configurable integrated circuit,transfer each data block in the set of data blocks to the computer readable medium storage,retain an encryption key and the hash data in on-chip memory,retrieve a selected one of the segmented digitation files from the computer readable medium storage,decrypt on-chip the retrieved segmented encrypted digitation file and hash the decrypted digitation file, andwhen the hash data of the decrypted digitation file matches the retained hash data, separate the decrypted digitation file into a set of data blocks, wherein the size of the data blocks is based on the functions and subroutines included in the decrypted digitation file and is further based on module types associated with the modules included in the configurable integrated circuit, and provide the configuration information of the retrieved segmented digitation file to the interconnection network to configure the plurality of computational elements into one of a plurality of modes of operation to process the coupled data of the retrieved digitation file according to an algorithm in the retrieved segmented digitation file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1 wherein the computer readable medium storage further comprises storage of a host computer system.
  - 3. The system of claim 1 wherein the configurable integrated circuit further verifies the digitation file data when retrieved from the computer readable medium storage before utilization.
  - 4. The system of claim 3 wherein the configurable integrated circuit decrypts and hashes the retrieved digitation file data and halts use of the retrieved digitation file data when the hash data of the retrieved digitation file data does not match the hash data of the transferred digitation file.
  - 5. The system of claim 4 wherein the digitation file further comprises data, and wherein configurable integrated circuit proceeds with digitation file data use when the hash of the returned digitation file data matches the hash of the transferred digitation file date.
  - 6. A system as claimed in claim 1 wherein the modes of operation comprise differing calculations, algorithms or processing functions to support any one of a plurality of differing types of computational units.
  - 7. The system as claimed in claim 6 wherein the types of units include linear operations, non-linear operations, format state machines, memory management and digitation level manipulation.
  - 8. A system as claimed in claim 1, wherein the coupled data is processed within the next two processor cycles.

9. A method for securely transferring program code of a configurable integrated circuit in an embedded system from an off chip distribution source to an on chip memory of an adaptive computing engine which is operable in a plurality of different modes, the configurable integrated circuit comprising the memory, a plurality of computational elements and an interconnection network, the interconnection network adapted to configure the plurality of computational elements to execute one of a plurality of different modes of operation in response to the configuration information, the method comprising:
- encrypting a digitation file at the configurable integrated circuit, the digitation file comprising configuration information for a selected one of the modes of the configurable integrated circuit and coupled data to be executed by the integrated circuit upon being configured according to the mode, wherein the memory includes an adaptive silicon foundation, and wherein the digitation file, when applied to the adaptive silicon foundation, provides a hardware designation and software application for the adaptive silicon foundation;
  
  hashing the digitation file on chip to form hash data;
  
  separating the digitation file into a set of data blocks, wherein a size of the data blocks is based on the functions and subroutines included in the digitation file and is further based on module types associated with the modules included in the configurable integrated circuit;
  
  transferring the encrypted and separated digitation file to a data storage device, the data storage device receiving and storing a plurality of different encrypted and separated digitation files from the configurable integrated circuit, and retaining an encryption key and the hash data in the on chip memory;
  
  the configurable integrated circuit retrieving the encrypted and separated digitation file from the off chip data storage device and decrypting the encrypted and separated digitation file in response to a received command;
  
  hashing the decrypted digitation file; and
  
  when the hash data of the decrypted digitation file matches the retained hash data, separating the decrypted digitation file into a set of data blocks, wherein the size of the data blocks is based on the functions and subroutines included in the decrypted digitation file and is further based on module types associated with the modules included in the configurable integrated circuit, and providing configuration from the decrypted digitation file information to the interconnection network to configure the plurality of computational elements into one of the plurality of modes of operation as defined by the decrypted digitation file to process the coupled data of the decrypted digitation file according to the one mode of operation, whereby the configurable integrated circuit is protected from tampered digitation file data.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9 further comprising utilizing algorithms within the configurable integrated circuit for encrypting and hashing digitation file data being moved from the memory to the data storage device.
  - 11. The method of claim 10 further comprising utilizing algorithms within the configurable integrated circuit for decrypting and hashing the digitation file data retrieved from the data storage device.
  - 12. The method of claim 11 further determining within the configurable integrated circuit whether the hash data of the retrieved digitation file data matches the retained hash data of the digitation file, and halting use of the retrieved digitation file data when the hash does not match.
  - 13. The method of claim 9 wherein the step of transferring comprises transferring the digitation file data as segmented blocks of program code.
  - 14. The method of claim 9, including repeating the steps of retrieving, hashing and processing at the same configurable integrated circuit for a plurality of the different modes of operation as defined by the hashed digitation files.
  - 15. A system as claimed in claim 9, wherein the coupled data is processed within the next two processor cycles.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
QST Holdings LLC
Original Assignee
NVIDIA Corporation
Inventors
Plunkett, Robert Thomas, Mehegan, Joseph, Murray, Eric, Master, Paul L.
Primary Examiner(s)
Homayounmehr; Farid

Application Number

US10/286,633
Time in Patent Office

2,881 Days
Field of Search

713/193
US Class Current

713/193
CPC Class Codes

G06F 15/7867 with reconfigurable archite...

Secure storage of program code for an embedded system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

96 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Secure storage of program code for an embedded system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

96 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links