Flexible and secure transformation of data using stream pipes
US-2015372807-A1 · Dec 24, 2015 · US
Systems and methods for performing reverse order cryptographic operations on data streams
US9832022B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9832022-B1 |
| Application number | US-201514632496-A |
| Country | US |
| Kind code | B1 |
| Filing date | Feb 26, 2015 |
| Priority date | Feb 26, 2015 |
| Publication date | Nov 28, 2017 |
| Grant date | Nov 28, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Integrated circuits may be programmed using configuration data to implement desired custom logic functions. The configuration data may be generated using a logic design system in the form of a configuration bit stream. The logic design system may generate a hash value for the stream by performing multiple hashing operations on the stream in a direction from a trailing end to a leading end of the stream in a reverse direction with respect to the order of the stream. The system may append the generated hash value to the leading end of the stream, may encrypt the hash value, and may provide the stream to an integrated circuit. The integrated circuit may decrypt or otherwise authenticate the hash value, may generate multiple test hash values for the stream and may compare the test hash values to hash values in the stream to determine whether the stream is authentic.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of operating data stream generation circuitry to generate a hashed stream of data bits for loading onto an integrated circuit, the method comprising: receiving a stream of data bits having a leading end followed by a trailing end; generating a hash value for the stream of data bits, wherein the hash value is generated by performing a plurality of hashing operations on the obtained stream of data bits from the trailing end to the leading end of the stream of data bits; and appending the generated hash value to the leading end of the stream of data bits to generate the hashed stream of data bits that has the generated hash value appended to a leading end of the hashed stream of data bits. 2. The method defined in claim 1 , further comprising: partitioning the stream of data bits into at least first and second authentication blocks; and generating an additional hash value based on at least the second authentication block, wherein generating the hash value further comprises generating the hash value based on at least the additional hash value. 3. The method defined in claim 2 , wherein the first authentication block is located at the leading end and the second authentication block is located at the trailing end of the stream of data bits, wherein receiving the stream of data bits comprises: receiving the leading end prior to the trailing end of the stream of data bits. 4. The method defined in claim 2 , wherein the first authentication block comprises a first plurality of plaintext blocks, wherein the second authentication block comprises a second plurality of plaintext blocks, the method further comprising: with a cryptographic engine on the data stream generation circuitry, encrypting the first plurality of plaintext blocks to generate a first plurality of ciphertext blocks; and with the cryptographic engine, encrypting the second plurality of plaintext blocks to generate a second plurality of ciphertext blocks, wherein generating an additional hash value further comprises generating the additional hash value by performing a hashing operation on the second set of ciphertext blocks. 5. The method defined in claim 2 , wherein the first authentication block is located at the leading end and the second authentication block is located at the trailing end of the stream of data bits, and wherein partitioning the stream of data bits into at least the first and second authentication blocks comprises partitioning the stream of data bits into at least the first, the second, and a third authentication block each having a common size, the method further comprising: generating a third hash value based on at least the additional hash value. 6. The method defined in claim 5 , wherein generating the hash value comprises performing a hashing operation on the third hash value and the first authentication block. 7. The method defined in claim 6 , wherein generating the additional hash value comprises performing the hashing operation on at least the second authentication block. 8. The method defined in claim 7 , wherein generating the additional hash value further comprises performing the hashing operation on the second authentication block and an auxiliary data field appended to the second authentication block. 9. The method defined in claim 1 , further comprising: generating a plurality of additional hash values such that the plurality of additional hash values are interspersed amongst the stream of data bits and wherein generating the hash value comprises generating the hash value based on at least each of the plurality of additional hash values. 10. The method defined in claim 9 , further comprising: encrypting the appended hash value using a cryptographic key. 11. The method defined in claim 10 , wherein encrypting the appended hash value comprises: encrypting the appended hash value using a private key of an asymmetric key pair without signing any of the additional hash values of the plurality of additional hash values. 12. The method defined in claim 11 , further comprising: providing the encrypted hash value to the integrated circuit; providing the first authentication block to the programmable logic device subsequent to providing the encrypted hash value to the integrated circuit; and providing the additional hash values of the plurality of additional hash values to the integrated circuit subsequent to providing the first authentication block to the integrated circuit. 13. A method of operating an integrated circuit, the method comprising: receiving a first hash value of a data stream, wherein the data stream comprises first and second authentication blocks and wherein the first hash value is computed based on the first authentication block; receiving the first authentication block of the data stream subsequent to receiving the first hash value; receiving a second hash value of the data stream subsequent to receiving the first authentication block, wherein the second hash value is computed based on the second authentication block; performing a hashing operation on the received first authentication block and the received second hash value to generate a test hash value; and comparing the test hash value to the received first hash value to determine whether the first authentication block is authentic. 14. The method defined in claim 13 , further comprising: decrypting the first hash value using a cryptographic key to generate a decrypted first hash value; and comparing the test hash value to the decrypted first hash value to determine whether the first authentication block is authentic. 15. The method defined in claim 13 , wherein comparing the test hash value to the received first hash value to determine whether the first authentication block is authentic comprises: identifying the first authentication block as authentic when the test hash value matches the received first hash value; and identifying the first authentication block as inauthentic when the test hash value is different from the received first hash value. 16. The method defined in claim 15 , further comprising: receiving the second authentication block of the data stream subsequent to receiving the second hash value; and receiving a third hash value of the data stream subsequent to receiving the second authentication block. 17. The method defined in claim 15 , further comprising: in response to identifying that the authentication block is authentic, performing the hashing operation on the second authentication block and the received third hash value to generate an additional test hash value; and comparing the additional test hash value to the received third hash value to determine whether the second authentication block is authentic. 18. The method defined in claim 16 , further comprising: in response to identifying that the authentication block is inauthentic, discarding the second authentication block and the third hash value. 19. A method of operating logic design computing equipment, the method comprising: partitioning a configuration data bit stream into at least first and second consecutive authentication blocks; generating a first authentication tag for the second authentication block by performing a hashing operation on at least the second authentication block; generating a second authentication tag for the first authentication block by performing the hashing operation on the first authentication tag and the first authentication block; providing the second authentication tag to an integrated circuit; a
Assignees
Inventors
Classifications
in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD] · CPC title
Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation · CPC title
- H04L9/3236Primary
using cryptographic hash functions · CPC title
Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3 · CPC title
Hash functions, e.g. MD5, SHA, HMAC or f9 MAC · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9832022B1 cover?
- Integrated circuits may be programmed using configuration data to implement desired custom logic functions. The configuration data may be generated using a logic design system in the form of a configuration bit stream. The logic design system may generate a hash value for the stream by performing multiple hashing operations on the stream in a direction from a trailing end to a leading end of th…
- Who is the assignee on this patent?
- Altera Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3236. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 28 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).