1. Field of the Invention
The invention relates to the programmable hardware integrated circuit (IC) devices, commonly referred to as programmable hardware chips. More particularly, the invention relates to a system having a secure processor that authenticates a programmable hardware device of the system and that uses the programmable hardware device to authenticate commands received in the programmable hardware device from the secure processor.
2. Description of the Related Art
A programmable hardware chip is an IC that comprises digital logic circuits that can be programmed, or configured, into different configurations that perform different functions. Examples of programmable hardware chips include programmable logic arrays (PLAs), field programmable gate arrays (FPGAs), complex programmable logic devices (CPLDs), application specific integrated circuits (ASICs), etc. Programmable hardware chips are widely used in many applications and in many different host devices, including, for example, communication devices such as set-top boxes (STBs) and other multimedia processing devices.
Typically, programmable hardware chips are not protected by a password or cryptographic keys. Thus, a programmable hardware chip typically can be programmed and re-programmed to configure and re-configure the logic circuits embedded in them to perform different logic functions. If the programmable hardware chip is used for security functions, some mechanism is needed to provide the chip with the ability to prevent an unauthorized user from modifying the logic circuits.
For example, in content rendering devices, such as STBs and wireless devices with rendering capability, for example, certain types of content is typically protected so that only authorized users and authorized devices are allowed to play back the content. In these types of environments, a secure processor (SP) operates in conjunction with a host processor to perform authentication to prevent unauthorized access to the content. The SP and the host processor are typically microprocessors that generally cannot be reconfigured or reprogrammed by any unauthorized party after their initial programming. The programmable hardware devices generally are not able to be involved in the cryptographic authentication process. The primary reason for this is that programmable hardware devices generally do not have a sufficient number of logic gates to enable them to implement useful cryptographic algorithms. However, in many security-related applications, it is desirable or necessary to ensure that the programmable hardware device has not been reprogrammed or reconfigured in a way that compromises the security of the system.
As stated above, in many cases it is possible to erase and reprogram or reconfigure the logic circuits of a programmable hardware device to enable it to perform functions that were not part of the original programming of the hardware device. In some cases, reprogramming of the programmable hardware device may make it possible to overcome the security of the system provided by the SP and the host processor of the system.
Accordingly, a need exists for a method, apparatus and system for determining whether programmable hardware device has been reprogrammed, reconfigured, erased, or otherwise altered.
In addition, while the initial programming of the SP generally cannot be reprogrammed by an unauthorized party after the system has been installed in a product device and shipped to the customer, it may be possible for an unauthorized person to “spoof” a command that is sent to the programmable hardware device, i.e., to trick the programmable hardware device into accepting a command that did not originate in the SP as if the command did originate in the SP. As stated above, programmable hardware devices generally do not have a sufficient number of logic gates to enable them to implement useful encryption/decryption algorithms. In the absence of encryption/decryption algorithms being employed to encrypt/decrypt commands passing from the SP to the programmable hardware device, the likelihood that a spoofing attempt would be successful increases.
Accordingly, a need exists for a method, apparatus and system for determining whether a command received in a programmable hardware device is a valid command.