Memory device with secure boot updates and self recovery
US-2024406008-A1 · Dec 5, 2024 · US
Bitstream confirmation for configuration of a programmable logic device
US9367693B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9367693-B2 |
| Application number | US-201514752677-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 26, 2015 |
| Priority date | Dec 4, 2009 |
| Publication date | Jun 14, 2016 |
| Grant date | Jun 14, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A bitstream for configuration of a programmable logic device is received, the bitstream comprising a data segment and authentication data associated with the data segment. The programmable logic device computes a hash of the data segment. The programmable logic device compares the computed hash of the data segment with the authentication data. Configuration of the programmable logic device halts responsive to a determination that the computed hash of the data segment does not match the authentication data. Configuration of the programmable logic device using the data segment continues responsive to a determination that the computed hash of the data segment matches the authentication data.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving a bitstream for configuration of a programmable logic device, the bitstream comprising a data segment and authentication data associated with the data segment; computing, by the programmable logic device, a hash of the data segment; comparing, by the programmable logic device, the computed hash of the data segment with the authentication data; halting configuration of the programmable logic device responsive to a determination that the computed hash of the data segment does not match the authentication data; and continuing configuration of the programmable logic device using the data segment responsive to a determination that the computed hash of the data segment matches the authentication data. 2. The method of claim 1 , wherein the authentication data comprises an expected hash of the data segment. 3. The method of claim 1 , wherein the programmable logic device comprises a field programmable gate array (FPGA). 4. The method of claim 1 , wherein the bitstream further comprises an additional data segment, the method further comprising: configuring the programmable logic device using the data segment; determining whether the additional data segment has been altered using the authentication data; halting configuration of the programmable logic device responsive to a determination that the additional data segment has been altered; and continuing configuration of the programmable logic device using the additional data segment responsive to a determination that the additional data segment has not been altered. 5. The method of claim 4 , wherein the bitstream comprises a plurality of data segments that include the data segment and the additional data segment, the method further comprising: preventing operation of the programmable logic device until all of the plurality of data segments have been successfully used to configure the programmable logic device. 6. The method of claim 1 , wherein computing the hash of the data segment is performed using an SHA-256 message authentication code (MAC) algorithm. 7. The method of claim 1 , further comprising: decrypting the data segment based on use of a shared symmetric key stored at the programmable logic device. 8. The method of claim 7 , wherein the decrypting is performed using an advanced encryption standard (AES) block cipher. 9. The method of claim 7 , wherein comparing the computed hash of the data segment with the authentication data is performed prior to decrypting the data segment. 10. A programmable logic device, comprising: a plurality of programmable regions; an interface to receive a bitstream for configuration of the plurality of programmable regions of the programmable logic device, the bitstream comprising a data segment and authentication data associated with the data segment; and a processing component, coupled to the interface, to: compute a hash of the data segment; compare the computed hash of the data segment with the authentication data; halt configuration of the programmable logic device responsive to a determination that the computed hash of the data segment does not match the authentication data; and continue configuration of the programmable logic device using the data segment responsive to a determination that the computed hash of the data segment matches the authentication data. 11. The programmable logic device of claim 10 , wherein the authentication data comprises an expected hash of the data segment. 12. The programmable logic device of claim 10 , wherein the programmable logic device comprises a field programmable gate array (FPGA). 13. The programmable logic device of claim 10 , wherein the bitstream further comprises an additional data segment, and wherein the processing component is further to: configure the programmable logic device using the data segment; determine whether the additional data segment has been altered using the authentication data; halt configuration of the programmable logic device responsive to a determination that the additional data segment has been altered; and continue configuration of the programmable logic device using the additional data segment responsive to a determination that the additional data segment has not been altered. 14. The programmable logic device of claim 13 , wherein the bitstream comprises a plurality of data segments that include the data segment and the additional data segment, and wherein the processing component is further to: prevent operation of the programmable logic device until all of the plurality of data segments have been successfully used to configure the programmable logic device. 15. The programmable logic device of claim 10 , wherein an SHA-256 message authentication code (MAC) algorithm is used to compute the hash of the data segment. 16. The programmable logic device of claim 10 , further comprising: A memory to store a shared symmetric key, wherein the processing component is further to decrypt the data segment based on use of the shared symmetric key. 17. The programmable logic device of claim 16 , wherein to decrypt the data segment the processing component uses an advanced encryption standard (AES) block cipher. 18. The programmable logic device of claim 16 , wherein the processing component is to compare the computed hash of the data segment with the authentication data prior to decrypting the data segment. 19. A non-transitory computer readable medium comprising instructions that, when executed by a programmable logic device, cause the programmable logic device to perform operations comprising: receiving a bitstream for configuration of the programmable logic device, the bitstream comprising a data segment and authentication data associated with the data segment; computing, by the programmable logic device, a hash of the data segment; comparing, by the programmable logic device, the computed hash of the data segment with the authentication data; halting configuration of the programmable logic device responsive to a determination that the computed hash of the data segment does not match the authentication data; and continuing configuration of the programmable logic device using the data segment responsive to a determination that the computed hash of the data segment matches the authentication data. 20. The non-transitory computer readable medium of claim 19 , the operations further comprising: decrypting the data segment based on use of a shared symmetric key stored at the programmable logic device.
Assignees
Inventors
Classifications
Secret sharing or secret splitting, e.g. threshold schemes · CPC title
in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD] · CPC title
- G06F21/575Primary
Secure boot · CPC title
- G06F21/602Primary
Providing cryptographic facilities or services · CPC title
applying further key derivation, e.g. deriving traffic keys from a pair-wise master key · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9367693B2 cover?
- A bitstream for configuration of a programmable logic device is received, the bitstream comprising a data segment and authentication data associated with the data segment. The programmable logic device computes a hash of the data segment. The programmable logic device compares the computed hash of the data segment with the authentication data. Configuration of the programmable logic device halt…
- Who is the assignee on this patent?
- Cryptography Res Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/575. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 14 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).