US20220078027A1 - System and method for reconfiguring and deploying soft stock-keeping units - Google Patents
System and method for reconfiguring and deploying soft stock-keeping units Download PDFInfo
- Publication number
- US20220078027A1 US20220078027A1 US17/526,563 US202117526563A US2022078027A1 US 20220078027 A1 US20220078027 A1 US 20220078027A1 US 202117526563 A US202117526563 A US 202117526563A US 2022078027 A1 US2022078027 A1 US 2022078027A1
- Authority
- US
- United States
- Prior art keywords
- processor
- data block
- configuration
- license data
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 72
- 238000004891 communication Methods 0.000 abstract description 26
- 238000013475 authorization Methods 0.000 description 112
- 239000004065 semiconductor Substances 0.000 description 27
- 238000004519 manufacturing process Methods 0.000 description 9
- 238000012360 testing method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 3
- 238000010200 validation analysis Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/08—Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
- G06Q10/087—Inventory or stock management, e.g. order filling, procurement or balancing against orders
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q2220/00—Business processing using cryptography
- G06Q2220/10—Usage protection of distributed data files
- G06Q2220/18—Licensing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/603—Digital right managament [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- Embodiments herein generally relate to digital rights enforcement, and, more particularly, field-upgradable hardware units.
- a stock keeping unit is an identification code for a product or service that is typically assigned by the manufacturer or service provider and helps track an item for inventory and invoicing purposes.
- the SKU is commonly portrayed as a machine-readable bar code, but may take any form.
- Each unique SKU typically represents a distinct type and configuration of an item for sale, but is not meant to identify particular units of stock.
- FIG. 1 illustrates an embodiment of a hardware component that is field upgradeable.
- FIG. 2 illustrates a block diagram of a portion of the contents of the memory of the embodiment of FIG. 1
- FIG. 3 illustrates a digitally-signed version of the memory contents of FIG. 2 .
- FIG. 4 illustrates an embodiment of a first logic flow.
- FIG. 5 illustrates the exchange of memory contents for the embodiment of FIG. 5
- FIG. 6 illustrates the embodiment of FIG. 1 showing data flow.
- FIG. 7 illustrates an embodiment of a second logic flow.
- FIG. 8 illustrates an embodiment of a third logic flow.
- FIG. 9 illustrates an embodiment of a fourth logic flow.
- FIG. 10 illustrates a first embodiment of a licensing apparatus.
- FIG. 11 illustrates an embodiment showing data flow between the hardware component and the licensing apparatus.
- FIG. 12 illustrates a second embodiment of a licensing apparatus.
- FIG. 13 illustrates a third embodiment of a licensing apparatus.
- FIG. 14 illustrates an embodiment of fifth logic flow.
- FIG. 15 illustrates an embodiment of sixth logic flow.
- FIG. 16 illustrates an embodiment of a computer-readable medium.
- FIG. 17 illustrates a fourth embodiment of a licensing apparatus.
- CPU central processing unit
- Various configuration options for example, number of cores, cache size, number of computing threads, memory size, operating frequency, etc. can often be upgradeable in the field by an original equipment manufacturer (OEM), an original design manufacturer (ODM) or an end user.
- OEM original equipment manufacturer
- ODM original design manufacturer
- OEM original equipment manufacturer
- ODM original design manufacturer
- CPUs can be manufactured with all possible options and “fused” to a base configuration, typically the lowest level of configuration.
- a final configuration can be applied in the field by overriding the base configuration.
- the authorization to apply the override may be generated by a licensing appliance.
- One possible strategy to solve this problem is to configure all manufactured items at the lowest possible configuration level (and thus at the lowest price point) and to allow all upgrades and reconfigurations to take place in the field, as needed.
- the configuration and SKU of the upgraded product is then updated based on licensing authorization generated by a licensing appliance, and the license for the upgraded capabilities of the reconfigured product is stored on non-volatile RAM associated with or built into the product.
- the customer can then be invoiced for the upgraded capabilities based on the issued licenses.
- This strategy of having field-upgradable hardware has the added advantage of allowing the stocking of a single base item, instead of items with every possible configuration.
- license data block means a data block conferring a right, permission, authorization, consent, sanction, approval, or endorsement to use certain features of the processor, or to upgrade the capabilities of the processor.
- Various embodiments may be generally directed to apparatuses for issuing licenses for upgrades of hardware components in the field.
- the upgrade may be performed at the manufacturing facility, at an OEM or OED facility, or at the facility of an end user, via a licensing appliance.
- the hardware component may be a microprocessor having associated memory.
- the microprocessor and memory may be manufactured in a single semiconductor package, while in other embodiments, the microprocessor and memory may be manufactured in separate semiconductor packages and may communicate with each other via a wired interface.
- the microprocessor may be loaded with executable code that executes on a cold boot of the microprocessor.
- the executable code will read a license data block from the memory and perform an upgrade of the capabilities of the microprocessor by overriding various fuse settings for the microprocessor.
- the executable code may be embodied as executable code or as a hardware block in the microprocessor, the hardware block comprising a dedicated piece of logic implemented within the microprocessor using logic gates in lieu of firmware. It should be understood by one of skill in the art that, as used herein, the terms executable code, microcode, and firmware are used interchangeably.
- the memory may be radio frequency (RF) capable, allowing portions of the memory to be written to and read from via a wireless connection.
- the embodiment may further include an RF antenna.
- the memory may be written to or read from without power being applied to the memory.
- the memory may be read from or written to via the wired connection through the microprocessor.
- the microprocessor will be provided with a unique identification (ID) number.
- ID unique identification
- the unique ID number may be stored in the executable code.
- the unique ID may be stored in the memory.
- the unique ID maybe stored in both the executable code and the memory.
- a licensing apparatus may be provided.
- the licensing apparatus may receive requests to upgrade a particular microprocessor.
- the request may be received directly from a user interface generated by the licensing apparatus.
- the request may be received from a user equipment via a wireless connection.
- the licensing apparatus may communicate with the memory associated with the microprocessor.
- the memory may be read from or written to using a hardware programming interface.
- the hardware programming interface communicates with the licensing apparatus via the user equipment.
- the licensing apparatus communicates with the memory via a hardware test platform via a wired interface.
- the licensing apparatus write to and reads from the memory.
- a configuration data block is read from the memory.
- the configuration data block may contain, in some embodiments, the unique ID of the microprocessor.
- the licensing apparatus writes a licensing block to the memory containing authorization for the upgraded capabilities.
- data written to or read from the memory by the licensing apparatus may be digitally signed.
- the licensing apparatus may include a hardware signing module, and the licensing data block may be digitally signed using an encryption process and private key unique to the licensing apparatus.
- the configuration data block may be digitally signed, with the digital signature including the unique ID of the microprocessor.
- FIG. 1 illustrates an example of an embodiment that may be representative of various embodiments.
- Semiconductor package 100 includes processor circuitry 110 .
- Processor circuitry 110 may be a typical microprocessor of any type.
- Processor circuitry 110 may include executable code 112 which may be executed on a cold boot of the processor circuitry 110 or via any other means.
- Processor circuitry 110 may also include a configuration 114 which may be established at the point of manufacture. Configuration 114 may be “hard wired” and upgradeable by overriding various “fused” settings in processor circuitry 110 .
- Processor circuitry 110 may also include a unique ID 116 which is capable of uniquely identifying the semiconductor package 100 .
- Semiconductor package 100 may also include memory 120 in communication with processor circuitry 110 via wired interface 118 .
- memory 120 may be non-volatile random access memory (NVRAM).
- NVRAM non-volatile random access memory
- memory 120 may be able to be read from and written to via an RF interface, and is referred to as RF-NVRAM.
- semiconductor package 100 may include wireless RF interface 130 , for example, an RF antenna, which may be external to or integrated with semiconductor package 100 .
- memory 120 may be able to be written to or read from without power being applied to the semiconductor package 100 .
- FIG. 2 illustrates a block diagram of a portion of the contents of the memory of the embodiment.
- memory 120 may comprise a portion containing configuration data, referred to as configuration data block 124 .
- Configuration data block 124 may contain the unique identifier (ID) 116 of the processor circuitry 110 .
- configuration data block 124 may contain information indicating the current configuration 202 of processor circuitry 110 .
- configuration data block 124 may contain a public encryption key 206 .
- unique identifier is meant to refer to an identifier which is capable of uniquely identifying a particular processor, for example, a serial number.
- processors could have, instead of or in addition to the unique identifier, identifiers which associate it with a particular type of processor, a family of processors, or any other way of grouping processors, for example, all processes assigned to particular OEM.
- the configuration data block 124 may store configuration data for one or more elements of the semiconductor package 100 , such as the processor circuitry 110 , for example.
- Configuration data may comprise data uniquely identifying the processor circuitry 110 , memory 120 , or both the processor circuitry and memory. Examples of configuration data may comprise without limitation a serial number assigned by the manufacturer at manufacturing time. Other data useful in the process described herein may also be contained in the configuration data block 124 .
- the configuration data may comprise data representing the current configuration of the processor circuitry 124 and other embodiments the configuration data may comprise for example a public encryption key associated with the semiconductor package. Embodiments are not limited to these examples.
- the configuration data block 124 may store a unique ID 116 of the processor circuitry 110 .
- a unique ID 116 may comprise a serial number assigned by the manufacturer which uniquely identifies processor circuitry 124 .
- Examples of a unique ID 116 may comprise, without limitation, strings of ASCII characters, encryption keys, or random numbers.
- the unique ID 116 may comprise a string of ASCII characters hardcoded into processor circuitry 110 . Embodiments are not limited to these examples.
- the configuration data block 124 may store a public key 206 of the processor circuitry 110 .
- a public key 206 may comprise the public portion of a private/public key asymmetrical cryptographic system.
- public key 206 may comprise, without limitation, the public portion of an elliptic curve digital signature algorithm (ECDSA).
- EDSA elliptic curve digital signature algorithm
- the unique ID 116 may comprise a 256 byte string of characters. Embodiments are not limited to these examples.
- FIG. 3 illustrates a digitally-signed version of the memory contents of memory 120 .
- configuration data block 124 may be digitally signed or encrypted using the unique ID 204 of processor circuitry 110 .
- the digital signature may comprise a private/public key asymmetrical cryptographic system.
- the digital signature may comprise a signature generated by the elliptical curve digital signature algorithm (ECDSA), however, any well-known private/public key encryption system may be utilized.
- EDSA elliptical curve digital signature algorithm
- Memory 120 may also contain a portion containing license data, referred to as the license data block 122 .
- a license data block 122 may comprise information regarding specific upgrades to processor circuitry 110 as well as authorizations for those upgrades.
- the license data block 122 may comprise data which may be processed by executable code 112 stored in processor circuitry 110 to affect the upgrade.
- License data block 122 may hold data indicating that processor circuitry 110 may be configured differently than the configuration indicated in configuration data block 124 . In some cases, the different configuration will represent an upgrade to the current configuration of processor circuitry 110 .
- the license data block 122 may indicate that processor circuitry 110 may be upgraded by overriding certain parameters in the current configuration to provide a performance enhancement.
- Parameters may include, for example, the number of cores, the cache size, the number of computing threads, the memory size, the operating frequency, etc., however, this is not meant to be a comprehensive listing of the parameters that may be overridden.
- the license data block 122 may be digitally signed or encrypted using a private key.
- the license data block 122 may comprise data generated by the manufacturer or by a licensing appliance to specify and authorize upgrades to processor circuitry 110 .
- the license data block may contain manufacturer-specific data specifying and authorizing the upgrade of processor circuitry 110 .
- the configuration data block 124 and the license data block 122 may be read from or written to via wireless RF interface 130 or via wired interface 118 through processor circuitry 110 .
- FIG. 4 illustrates an embodiment of the logic flow 400 for upgrading the operational capabilities of processor circuitry 110 .
- Logic flow 400 may be representative of some or all of the operations executed by one or more embodiments described herein.
- executable code 112 is stored in and executed from processor circuitry 110 .
- executable code 112 may be stored in memory 120 .
- the logic flow in other embodiments, may be implemented in software, firmware, hardware, or any combination thereof.
- a logic flow may be implemented by computer executable instructions stored on a non-transitory computer readable medium or machine readable medium, such as an optical, magnetic or semiconductor storage. The embodiments are not limited in this context.
- the logic flow 400 at block 402 begins on a cold boot of processor circuitry 110 .
- the executable code may be executed by any known means of beginning a logic flow.
- the executable code 124 is configured to read the license data block 122 from memory 120 in semiconductor package 100 via wired interface 118 between memory 120 and processor circuitry 110 .
- the license data block 122 may be encrypted.
- the executable code is configured to decrypt the license data block 122 . License data block 122 may have been encrypted using a private key, and may be decrypted using public key 206 , although any known method of encrypting and decrypting blocks of data may be used.
- the license data block 122 will have been created specifically for the microprocessor 110 identified by unique ID 116 .
- license data block 122 will contain an identification number identifying a particular processor for which the license data block 122 is intended.
- the unique ID contained in license data block 122 will be compared with the processor's unique ID 116 . If there is no match logic flow 400 will end without performing the override of configuration 114 of processor circuitry 110 . If there is a match between the identification number in license data block 122 and the processor's unique ID 116 executable code 112 will override the configuration 114 of processor circuitry 110 with the capabilities reflected in the license data block 122 .
- FIG. 5 shows an embodiment wherein memory 120 is RF enabled (RF-NVRAM), and for which memory 120 can be read from and written to via wireless RF interface 130 .
- FIG. 5 shows configuration data block 124 being read from memory 120 via wireless RF interface 130 , and license data block 122 being written to memory 120 via wireless RF interface 130 .
- RF-enabled memory 120 may be read from or written to with any other device capable of communicating over a wireless RF interface.
- the wireless RF interface may comprise for example a wireless RF interface on a mobile device or on a licensing appliance.
- the wireless RF interface may be part of a special programming tool, discussed later, which may be specially configured to communicate with RF-enabled memory 120 .
- the RF-enabled memory 120 may be read from and written to via the wireless RF interface when not connected to a power source. In such embodiments, the power for reading from and writing to the RF-enabled memory 120 is derived from the wireless RF interface. In yet other embodiments the RF-enabled memory 120 may be read from and written to when power is connected to semiconductor package 100 .
- memory 120 may not be RF-enabled. In such cases memory 120 may be written directly via a wired connection 118 through processor circuitry 110 .
- processor circuitry 110 may be connected via a wired connection to another component which wishes to read from or write to memory 120 .
- the component may be a licensing appliance.
- the wired connection made comprise a wired connection through a hardware test platform at a manufacturing, OEM, or OED facility.
- FIG. 6 shows semiconductor package 100 in more detail.
- processor circuitry 110 will be configured with fuse controller 702 , which contains the base configuration of processor circuitry 110 .
- the base configuration will be applied during the manufacturing process. In other embodiments the configuration may be applied during other processes.
- processor circuitry 110 may be configured at the lowest capability level, but, in other embodiments the base configuration 114 can reflect any level of capability.
- Configuration 114 is, in some embodiments, controlled by fuse controller 702 , shown in FIG. 6 , which enables a hardwiring of base configuration 114 .
- processor circuitry 110 will be hardwired to a base configuration via other means.
- License data block 122 contains specifications and authorizations necessary to override configuration 114 contained in fuse controller 702 .
- Executable code 112 which, in some embodiments, will be contained in processor circuitry 110 and, in other embodiments, may be contained in memory 120 , is responsible for reading the license data block 122 from memory 120 and applying the upgrades by overriding the base configuration in fuse controller 702 .
- license data block 122 may comprise an encrypted data block, and may be decrypted by an algorithm encoded in executable code 112 .
- public key 206 may be used by executable code 112 to decrypt license data block 122 .
- FIG. 7 shows logic flow 700 of a method utilized by a hardware component 1050 for upgrading the configuration of processor circuitry 110 .
- the method is started, in one embodiment, via a cold boot of the hardware component.
- Hardware component 1050 in one embodiment, will be semiconductor package 100 with processor circuitry 110 , but, in other embodiments, may be other types of hardware.
- license data block 122 is retrieved from memory 120 .
- the license data block 122 may be validated at block 706 .
- license data block 122 may be encrypted and the validation step may include a decrypting process.
- license data block 122 may be digitally signed, and the digital signature verified.
- license data block 122 will contain an identification number.
- a further validation may be performed on the license data block 122 by comparing the identification number contained in license data block 122 with the processor's unique ID 116 and verifying a match therebetween.
- the method is configured to apply the configuration parameters specified in license data block 122 to processor circuitry 110 to affect the upgrade of the capabilities of processor circuitry 110 .
- FIG. 8 shows validation block 706 of FIG. 7 in more detail.
- license data block 122 will be encrypted with a private key and, at block 802 , may be decrypted using public key 206 , although any known method of encryption and decryption may be used.
- license data block 122 may be digitally signed using the elliptical curve digital signature algorithm.
- license data block 122 may be unencrypted.
- the identification number contained in license data block 122 is extracted and compared with the processor's unique ID 116 to confirm a match.
- licensed authorizations for upgrades to processor circuitry 110 are specific to the processor identified by the processor's unique ID 116 .
- attempts to upgrade processor circuitry 110 with licenses not containing the processor's unique ID 116 will fail.
- specific licensing appliances will be provided with a private key can be used to encrypt license data block 122 only for processors which have been manufactured containing a particular public key 126 which has been paired with the private key. This allows certain facilities, for example an OEM having a licensing appliance, to authorize upgrades only for semiconductor packages 100 which have been sold to that particular OEM, and not to semiconductor packages 100 which have been sold to other entities.
- FIG. 9 shows block 708 of FIG. 7 in more detail.
- a base configuration may be indicated by fuse locations in a fuse controller 702 , as shown in FIG. 6 .
- the upgrade process which in some embodiments occurs at cold boot, overrides the fuse locations in fuse controller 702 with the new configuration indicated in license data block 122 . In some cases, it may also be necessary to modify configuration registered banks in processor circuitry 110 .
- FIG. 10 shows licensing apparatus 1000 , in block form.
- Licensing apparatus 1000 represents another aspect.
- Licensing appliance 1010 may, in some embodiments, comprise a memory configured with logic 1012 .
- Logic 1012 may be configured to execute on a processor.
- logic 1012 is configured to accept requests 1001 for upgrades to hardware component 1050 .
- Request 1001 may be generated via any method known to one of skill in the art. In specific embodiments request 1001 may be generated via a user interface, while in other embodiments request 1001 may be accepted via other methods for example via email, via an application programming interface, or from another device having a user interface
- Licensing appliance 1010 may be configured to issue license authorizations 1003 in response to request 1001 .
- logic 1012 may request or read data from hardware component 1050 .
- data requested from hardware component 1050 may identify hardware component 1050 .
- logic 1012 will read configuration data and a unique ID 1002 from a hardware component 1050 .
- hardware component 1050 may be semiconductor package 100 shown in FIG. 1 .
- configuration data and a unique ID 1002 specific to hardware component 1050 may be contained in configuration data block 124 , shown in FIG. 2 .
- Logic 1012 may be configured to issue authorization 1003 for the specific hardware component 1050 identified by the unique ID 116 contained in the configuration data and unique ID 1002 .
- Configuration data and unique ID 1002 may be read in various ways from hardware component 1050 .
- configuration and unique ID 1002 will be read via a wireless RF interface 130 as shown in FIG. 5 .
- configuration data and unique ID made may be relayed to licensing appliance 1010 via an intermediate hardware component, for example a programming tool or a mobile device having a user interface through which request 1001 has been accepted.
- configuration data and unique ID may be read via a wired interface from hardware component 1050 .
- the wired interface may comprise a hardware test platform containing a wired interface to hardware component 1050
- authorization 1003 may be digitally signed by hardware signing module 1014 .
- Hardware signing module 1014 may in certain embodiments comprise a standard commercially available PCIE-based hardware module for performing secure cryptographic operations.
- the hardware signing module may support a standard cryptographic algorithm for use in signing.
- the hardware signing module may contain a standard elliptical curve digital signature algorithm (ECDSA), which may in some embodiments, require a 256 byte key for signature generation and signature verification of the authorization 1003 .
- EDSA elliptical curve digital signature algorithm
- a private key also contained in the hardware signing module 1014 is used to generate the signature or to encrypt authorization 1003 .
- any well-known method of encrypting the authorization 103 may be used.
- authorization 1003 may be left unencrypted.
- signed authorization 1004 is sent to hardware component 1050 for verification and use in upgrading the capabilities of hardware component 1050 .
- signed authorization 1004 may be license data block 122 .
- FIG. 11 shows licensing appliance 1010 having storage 1102 for the storing of authorizations 1003 which have been generated for various hardware components 1050 .
- status information 1101 may be sent to licensing appliance 1010 .
- status information 1101 is also stored in storage 1102 .
- signed authorization 1004 may be stored in memory 120 contained in hardware component 1050 , and may be accessed only upon a cold boot of hardware component 1050 .
- authorizations and statuses stored in authorization and status storage 1102 may be communicated off-site to another entity.
- the other entity may be the manufacturer of hardware component 1050 .
- the other entity receiving information regarding the authorizations and statuses may be the entity authorizing the use of licensing appliance 1010 .
- the entity authorizing the use of licensing appliance 1010 and the manufacturer of hardware component 1050 may be one in the same.
- the authorizations and statuses in stored in authorization status storage 1102 may be communicated to the other entity via the Internet.
- authorizations and statuses stored in authorization and status storage 1102 may be communicated to the other entity via any well-known method of communication, including for example, email, a direct TCP/IP connection between the licensing appliance 1010 and the other entity, and/or any other well-known method of communicating between two systems known to those of skill in the art.
- FIG. 12 shows another embodiment of licensing apparatus 1000 in which licensing appliance 1010 also is configured with user interface logic 1201 , configured to generate a user interface for accepting requests 1001 directly from users.
- licensing appliance 1010 as shown in FIG. 12 is identical to the embodiment of licensing appliance 1010 shown in FIG. 10 .
- the user interface generated by user interface logic 1201 may be displayed on a local display comprising a visual and a user input device, for example a keyboard and/or mouse connected to licensing appliance 1010 .
- the user interface generated by user interface logic 1201 may be displayed via a remote display accessed over a network.
- user interface logic 1201 may comprise generating a website accessible over the Internet.
- user interface logic 1201 may communicate with an app installed on a user equipment, for example, a mobile computing device, to display the user interface.
- the embodiments are not meant to be limited by the method used to display the user interface but is meant to encompass any method known to those of skill in the art
- FIG. 13 shows yet another embodiment of licensing appliance 1010 in which requests 1001 are received through a user equipment 1301 which may be, for example, a smart phone, a tablet, or any other well-known mobile computing device.
- the user interface is generated by user equipment 1301 , and the particulars of the request 1001 are communicated to the licensing appliance 1010 .
- request 1001 is transmitted to licensing appliance 1010 from user equipment 1301 via a wireless connection, for example, Wi-Fi, Bluetooth, or near field communications (NFC), or is communicated over the Internet.
- a wireless connection for example, Wi-Fi, Bluetooth, or near field communications (NFC), or is communicated over the Internet.
- the communication of signed authorization 1004 to the hardware component 1050 may comprise relaying of signed authorization 1004 by the user equipment 1301 .
- user equipment 1301 will have a user interface for accepting requests from users for the generation of signed authorization 1004 .
- User equipment 1301 may write signed authorization 1004 into memory 120 .
- Hardware component 1050 may further comprise a wireless interface, for example, RF interface 130 as shown in FIG. 1 , or some other form of wireless communication, for example, Bluetooth, Wi-Fi or NFC.
- user equipment 1301 may communicate with hardware component 1050 via an intermediate device comprising, for example, a specialized programming tool.
- user equipment 1301 may communicate with the programming tool via any well-known method of communication, for example, a wired connection, a wireless connection, for example, Bluetooth Wi-Fi or NFC.
- the programming tool may communicate with hardware component 1050 via any well-known wired or wireless method of communication.
- configuration data and unique ID 1002 may be relayed to licensing appliance 1010 via a user equipment 1301 .
- User equipment 1301 may read the configuration data and unique ID 1002 from memory 120 of hardware component 1050 .
- configuration data and unique interface 1002 may be configuration data block 124 .
- Hardware component 1050 may further comprise a wireless interface, for example, RF interface 130 as shown in FIG. 1 , or some other form of wireless communication, for example, Bluetooth, Wi-Fi or NFC.
- user equipment 1301 may communicate with hardware component 1050 via an intermediate device comprising, for example, a specialized programming tool, previously discussed.
- the specialized programming tool may be specially configured to read from and write to memory 120 of hardware component 1050 , via a wired or wireless interface as discussed above.
- the programming tool may be configured to communicate with the user equipment 1301 via a wired or wireless interface.
- FIG. 14 shows logic flow 1400 of logic 1012 of licensing appliance 1010 .
- the logic flow 1400 is receiving a request to modify one or more configuration parameters of a hardware component.
- logic flow 1400 receives request 1001 to modify the configuration of hardware component 1050 .
- request 1001 is received via a user interface generated by user interface logic 1201 while, in other embodiments, request 1001 is received via a wireless interface from a user equipment 1301 , as previously explained.
- request 1001 may be received in any manner, such as via email, or via wireless technology such as Bluetooth or NFC, or via a webpage accessed over the Internet.
- the logic is not meant to be limited by these embodiments.
- logic flow 1400 is receiving configuration data indicating the current configuration parameters of hardware component 1050 and a unique ID 116 identifying the hardware component 1050 .
- the configuration data may also include a public encryption key paired with a private encryption key known only to licensing appliance 1010 .
- logic flow 1400 receives the configuration data and a unique ID 1002 from hardware component 1050 .
- Configuration data and unique ID 1002 may, in some embodiments, be in the form of configuration data block 124 .
- configuration data and unique ID 1002 may be digitally signed or encrypted via any one of a number of well-known methods for encrypting data.
- the configuration data and unique ID 1002 may be digitally signed using the unique identifier 116 of processor circuitry 110 .
- logic flow 1400 is optionally decrypting the configuration data and unique ID 1002 prior to generating the authorization.
- Configuration data and unique ID 1002 may be encrypted via any well-known method of encryption.
- configuration data and unique ID is configured with a public/private key encryption scheme in which the configuration data and unique ID 1002 is encrypted with the public key 206 paired with a private key held by licensing appliance 1010 .
- the private key held by licensing appliance 1010 may be encoded into hardware signing module 1014 , and retrieved therefrom when needed to decrypt the configuration data and unique ID 1002 .
- logic flow 1400 is generating an authorization to modify one or more of the configuration parameters.
- the authorization contains the unique identifier of hardware component 1050 , and the authorization.
- the authorization will be digitally signed using an encryption method and private key of hardware signing module 1014 .
- the authorization may be signed using any well-known method of digitally signing or encrypting data.
- signed authorization 1004 is embodied as license data block 122 shown in FIG. 1 . In other embodiments signed authorization 1004 may be any form of data block, encrypted or unencrypted.
- box 1408 of logic flow 1400 is communicating the signed authorization 104 to hardware component 1050 .
- hardware component 1050 may have a wired connection to licensing appliance 1010 and a signed authorization 1004 may be communicated via the wired connection.
- the signed authorization 1004 may be communicated to the hardware component 1050 via a wireless connection through a user equipment 1301 .
- the user equipment 1301 may relay the signed authorization 1004 through a specialized programming tool, as previously discussed.
- FIG. 15 shows a continuation of logic flow 1400 .
- logic flow 1400 is receiving status information indicating the receipt of the signed authorization 1004 by the hardware component 1050 .
- the status information 1101 may indicate that the signed authorization 1004 was successfully written into memory 120 of hardware component 1050 .
- status information 1101 may indicate that the upgrade to the hardware component 1050 has been successfully completed.
- Status information 1101 may be generated by specialized programming tool and relayed to licensing appliance 1010 via a user equipment 1301 .
- user equipment 1301 may generate the status information 1101 .
- status information 1101 may be generated by the hardware test platform 1712 .
- logic flow 1400 is storing the authorization 1004 and status information 1101 .
- the authorization 1004 and status information 1101 is stored in the authorization and status storage 1102 , as shown in FIG. 11 .
- authorization and status storage 1102 may be embodied as a database.
- any other form of storage for authorizations 1004 and status information 1101 may be utilized, for example, the authorizations 1004 may be stored in the form of a license data blocks 122 , in the form of a file, or in any other form well-known to those of skill in the art.
- the status information 1101 maybe stored as received, or in a similar fashion to the authorization 1004 . The embodiments are not meant to be limited by the method used to store the authorization and status information.
- licensing appliance 1010 may optionally transmit the authorization and status information to a remote system.
- the authorization and status information was stored in authorization and status storage 1102 And authorization which was stored in authorization status storage 1102 , and retrieved therefrom prior to being sent to the remote system.
- the authorization and status information may be periodically transmitted to the remote system in a group of authorizations and status information, while in other embodiments, the authorization and status information may be set individually as they are generated.
- the authorization and status information is sent to the remote system via the Internet, while in other embodiments the status information authorization may be sent via any one of a number of well-known methods, including, for example, via a direct TCP/IP connection.
- the remote system may be associated with the manufacture and the authorization and status information may be used to generate invoices for the enhanced capability provided by signed authorization 1004 .
- licensing appliance 1010 will be required to periodically communicate with a remote system to continue to be authorized to issue license upgrades.
- FIG. 16 shows a computer readable media 1600 having stored thereon various software modules for use by licensing appliance 1010 .
- the configuration shown in FIG. 16 is an exemplary embodiment and it will be realized by one of skill in the art that many different arrangements of modules may be used to provide the same functionality, and that the embodiments are not meant to be limited by the configuration shown in FIG. 16 .
- Control module 1602 is responsible for the overall control of licensing appliance 1010 , and the flow of logic for the overall process of providing license upgrades for hardware component 1050 .
- control module 1602 may assume control upon receiving the request 1101 for the upgrade of a hardware component 1050 .
- control module may be started manually, via a local user interface, prior to the reception of requests 1101 .
- Communications module 1604 is responsible for receiving requests for upgrades as well as for communicating signed authorizations 1004 to the hardware component 1050 and receiving status information 1101 .
- communications module 1604 will handle communications via wireless methods, for example Wi-Fi Bluetooth and NFC or RF.
- communications module 1604 will affect communications via the Internet or via a direct TCP/IP connection.
- Cryptography module 1606 is responsible for decrypting configuration data and unique ID 1002 which may be in the form of configuration data block 122 .
- Cryptography module 1606 is also responsible for digitally signing and/or encrypting authorization 1003 to create signed authorization 1004 which may in some embodiments take the form of license data block 124 .
- cryptography module 1606 works in concert with hardware signing module 1014 .
- Cryptography module 1606 may utilize encryption scheme encoded in hardware signing module 1014 , or may work independent of hardware signing module 1014 utilizing its own encryption scheme.
- Cryptography module 1606 may comprise a private encryption key utilized for decrypting configuration data and unique ID 1002 which may be in the form of configuration data block 124 , and for digitally signing license data block 122 .
- cryptography module 1606 may utilize the private encryption key encoded in hardware signing module 1014 .
- User interface module 1608 may be present, in some embodiments, wherein requests 1001 are received directly by licensing appliance 1010 . In other embodiments, user interface module 1608 may not be present as requests 1001 may be received via wireless interface from a user equipment 1301 . User interface module 1608 may present a user interface via a local display including a visual display and a user input device, for example a keyboard and/or mouse. In other embodiments, user interface module may utilize other methods of displaying the user interface for example the user interface may be displayed as a webpage and accessible via the Internet or may cause a user equipment 1301 two display user interface in a locally installed app.
- Licensing module 1608 is responsible for generating the authorizations 1003 for the upgrade of hardware component 1050 , as requested in request 1001 .
- Licensing appliance 1010 may be required to be authorized to generate authorizations 1003 , and, in some embodiments may be required to communicate periodically with a remote system to continue to be authorized to generate authorizations 1003 .
- the remote system may be a system associated with the manufacture of hardware component 1050 and/or may be associated with an entity able to authorize upgrades to hardware component 1050 .
- Licensing module 1608 may generate licenses which are specific to the manufacturer of hardware component 1050 . It would be realized by one of skill in the art that the embodiments are not meant to be limited by the contents of the licensing module, but that any contents able to be decoded and utilized by executable code 112 would be acceptable.
- Licensing module 1608 may generate authorizations 1003 which contain metadata sufficient to affect the upgrade of hardware component 1050 .
- licensing module 1608 may only generate authorizations 1003 for specific hardware components 1050 .
- Specific hardware components 1050 may be identified by their ability to decode and validate signed authorization 1004 utilizing public key 206 , as the signed authorization 1004 will been signed utilizing a private encryption key specific to a particular licensing apparatus 1010 .
- specific hardware components may be identified by their unique ID 116 which may be included by licensing module 1608 in authorization 1003 .
- Reporting module 1610 may optionally transmit the authorization and status information to a remote system.
- reporting module 1610 may report all instances of generated authorizations 1003 and their respective status information 1101 periodically, as a group, after retrieving them from application and status storage 1102 .
- reporting module 1610 may report generated authorizations 1003 and respective status information 1101 as they are generated.
- the remote system may be associated with the manufacture of hardware component 1050 and may utilize the information sent by reporting module 1610 for billing and invoicing purposes, to receive payment for the issuing of license upgrades.
- FIG. 17 shows an overall system diagram including licensing appliance 1010 .
- Licensing appliance 1010 comprises CPU or processor 1702 , suitable for executing logic contained in non-transitory computer readable medium 1600 .
- the logic contained in non-transitory computer readable medium 1600 is, in one embodiment, responsible for receiving a request for and generating licenses for the upgrade of hardware components 1050 , as discussed herein.
- Hardware signing module 1014 contains an encryption algorithm and private key used for signing authorizations for upgrades generated by the logic stored in non-transitory computer readable medium 1600 .
- the encryption algorithm and private key used for signing authorizations may be contained in non-transitory computer readable medium 1600 .
- Wireless communications modules 1704 is responsible for all wireless communication with licensing appliance 1010 , including, for example, the receiving of requests 1001 , the transmitting of signed authorizations 1004 to hardware component 1050 and the receiving of status information 1101 .
- Network interface 1706 is responsible for communications via the Internet, which may be used to communicate with hardware component vendor 1714 to report authorizations generated for specific hardware components 1054 , for, in some embodiments, invoicing purposes.
- Network interface 1706 pay also be utilized in the case where the user interface is generated as a website available via the Internet, or in cases where communications with other systems occur via a direct TCP/IP connection
- FIG. 17 also shows both methods for communication between the licensing appliance 1010 and hardware component 1050 .
- user equipment 1301 may receive licensing information from licensing appliance 1010 .
- User equipment 1301 may also interface with programming tool 1710 , which may be specially configured to communicate with the memory 120 stored in hardware component 1050 via a wireless interface, which may be for example, RF interface 130 .
- a wireless interface which may be for example, RF interface 130 .
- hardware component 1050 will be equipped with RF-enabled NVRAM memory.
- Programming tool 1710 may be specifically configured in one embodiment to communicate with memory 120 via RF interface 130 as shown in FIG. 1 .
- memory 120 in hardware component 1050 may not be powered when programming tool 1710 is reading data from or writing data to memory 120 , but may receive power directly from RF interface 130 .
- User equipment 1301 may communicate with programming tool 1710 via a wired or wireless interface, for example, Bluetooth Wi-Fi or NFC.
- licensing appliance 1010 may communicate with hardware component 1050 via a wired interface through a hardware test platform 1712 .
- semiconductor package 100 have power.
- Example 1 is an apparatus comprising a semiconductor package comprising processor circuitry having executable code embedded therein, the processor circuitry configured with one or more operational capabilities and a unique identifier to identify the processor circuitry; and memory, in communication with the processor circuitry, the memory comprising a configuration data block containing at least the unique identifier identifying the processor circuitry, and a current configuration of the processor circuitry, and a license data block, containing a license for a set of configuration parameters for the one or more operational capabilities for the processor circuitry, the license signed with the unique identifier.
- Example 2 is the apparatus of example [0091] wherein the configuration data block includes a public encryption key associated with the semiconductor package.
- Example 3 is the apparatus of example [0093] wherein the configuration data block is signed with the unique identifier and is encrypted.
- Example 4 is the apparatus of example [0091] further comprising means for encrypting the configuration data block.
- Example 5 is the apparatus of example [0091] wherein the executable code contains instructions to read the license data block, validate the license data block by verifying that the identifier used to sign the license data block matches the unique identifier of the processor circuitry and override the configured operational capabilities of the processor circuitry with the set of configuration parameters specified in the license data block.
- Example 6 is the apparatus of example [0096] wherein the license data block is signed with a private key and further wherein the semiconductor package contains a public encryption key and the executable code contains further instructions to decrypt the license data block using the public encryption key.
- Example 7 is the apparatus of example [0096] further comprising means for decrypting the license data block.
- Example 8 is the apparatus of example [0097] wherein the memory is wireless capable and further wherein the configuration data block is read from the memory via a wireless connection and further wherein the license data block is stored into the memory via a wireless connection.
- Example 9 is the apparatus of example 6 further comprising means for wirelessly reading the configuration data block from the memory and writing the license data block to the memory.
- Example 10 is the apparatus of example [0096] wherein the configured operational capabilities are hardware encoded into the processor circuitry via a fusing process and further wherein the set of configuration parameters are applied by overriding various fuse locations within a fuse controller and modifying certain configuration register banks.
- Example 11 is the apparatus of example [0096] further comprising means for overriding the configured operational capabilities of the processor.
- Example 12 is a system comprising an apparatus according to any of examples [0091] to [00101], wherein the memory is radio frequency (RF)-enabled NVRAM.
- RF radio frequency
- Example 13 is the system of example [00103], further comprising an RF antenna.
- Example 14 is the system of example [00103] further comprising means for reading data from and writing data to the memory.
- Example 15 is a system comprising an apparatus according to any of examples [0091] to [00101] wherein the memory can be read from or written to through a wired connection to the processor circuitry.
- Example 16 is a method comprising retrieving a license data block from a memory, the license data block containing a signed license allowing a set of configuration parameters for one or more operational capabilities to be applied to processor circuitry in communication with the memory, validating the license data block; and applying the set of configuration parameters specified in the license data block to the processor circuitry.
- Example 17 is the method of example [00107] wherein the license data block is signed with a private key where the method further comprises verifying the signature with a public key, the public key being encoded into the processor circuitry.
- Example 18 is the method of example [00108], where the method further comprises extracting an identifier from the license data block and verifying that the identifier matches a unique identifier encoded into the processor circuitry.
- Example 19 is the method of example [00109], further comprising extracting the license from the verified license data block and applying the set of configuration parameters to the processor circuitry.
- Example 20 is the method of example [00108] wherein the license data block is signed and verified using the elliptical curve digital signature algorithm.
- Example 21 is the method of example [00110] wherein applying the set of configuration parameters further comprises overriding fuse locations in a fuse controller located in the processor circuitry and modifying configuration register banks located in the processor circuitry.
- Example 22 is the method of example [00109] wherein the method is embodied in executable code encoded into the processor circuitry.
- Example 23 is the method of example [00113] wherein the executable code is executed on a cold boot of the processor circuitry.
- Example 24 is the method of any of examples [00107] to [00114] wherein the memory is radio frequency (RF)-enabled NVRAM.
- RF radio frequency
- Example 25 is a system comprising processor circuitry having executable code embedded therein, the executable code containing instructions to execute the method according to any of examples [00107] to [00114] and memory, in communication with the processor circuitry.
- Example 26 is the system of example [00116] further comprising an RF antenna.
- Example 27 is the system of example [00116] further comprising means for reading data from and writing data to the memory.
- Example 28 is the system of example [00118] wherein the means for reading data from and writing data to the memory is wireless.
- Example 29 is a non-transitory computer-readable storage medium containing microcode that when executed, causes processor circuitry to retrieve a license data block from a memory, the license data block containing a signed license for a set of configuration parameters for one or more operational capabilities for the processor circuitry in communication with the memory, validate the license data block and apply the set of configuration parameters specified in the license data block to the processor circuitry.
- Example 30 is the non-transitory computer-readable storage medium of example [00120] wherein the license data block is signed with a private key, further comprising executable code that when executed, cause processor circuitry to verify the signature with a public key, the public key being encoded into the processor circuitry.
- Example 31 is the non-transitory computer-readable storage medium of example [00121], further comprising executable code that when executed, cause processor circuitry to extract an identifier from the license data block and verify that the identifier matches a unique identifier encoded into the processor circuitry.
- Example 32 is the non-transitory computer-readable storage medium of example [00121] further comprising means for verifying the license data block.
- Example 33 is the non-transitory computer-readable storage medium of example [00122], further comprising executable code that when executed, cause processor circuitry to extract the license from the verified license data block and apply the set of configuration parameters to the processor circuitry.
- Example 34 is the non-transitory computer-readable storage medium of example [00122] further comprising means for updating the set of configuration parameters in the processor circuitry.
- Example 35 is the non-transitory computer-readable storage medium of example [00124] wherein the executable code is executed on a cold boot of the processor circuitry.
- Example 36 is the non-transitory computer-readable storage medium according to any of examples [00120] to [00126] wherein the processor circuitry and memory are combined into a single semiconductor package.
- Example 37 is a system comprising the non-transitory computer-readable storage medium according to any of examples [00120] to [00127] wherein the memory is radio frequency (RF)-enabled NVRAM.
- RF radio frequency
- Example 38 is the system of example [00128], further comprising an RF antenna.
- Example 39 is a system comprising the non-transitory computer-readable storage medium according to any of examples [00120] to [00127] further comprising means for writing data to and reading data from the memory.
- Example 40 is a system, comprising the non-transitory computer-readable storage medium according to any of examples [00120] to [00127] wherein the memory can be read from or written to through a wired connection to the processor circuitry.
- Example 41 is an apparatus comprising memory, containing logic for execution by a processor and a hardware signing module containing a private encryption key, wherein the logic is configured to receive a request to modify one or more configuration parameters of a hardware component, receive configuration data indicating the current configuration parameters of the hardware component and a unique identifier identifying the hardware component, generate an authorization to modify the one or more of the configuration parameters, the authorization containing the unique identifier and the authorization being signed by the private key and communicate the authorization to the hardware component.
- Example 42 is the apparatus of example [00132] wherein the logic is further configured to receive status information indicating the receipt of the authorization by the hardware component and store the authorization and status information for transmission to a remote system.
- Example 43 is the apparatus of example [00132] further comprising user interface logic configured to generate a user interface.
- Example 44 is the apparatus of example [00132] further comprising means for generating a user interface.
- Example 45 is the apparatus of examples [00134] or [00135] wherein the request to modify one or more configuration parameters of a hardware component is received through the user interface.
- Example 46 is the apparatus of example [00136] wherein the configuration data is received through a wired connection and further wherein the authorization is communicated to the hardware component via the wired connection.
- Example 47 is the apparatus of example [00132] wherein the request to modify one or more configuration parameters of a hardware component is received from a mobile device.
- Example 48 is the apparatus of example [00137] wherein the configuration data is received from the hardware component through the mobile device and further wherein the authorization is communicated to the hardware component through the mobile device.
- Example 49 is the apparatus of example [00132] further comprising means for receiving the configuration data from the hardware component and means for communicating the authorization to the hardware component.
- Example 50 is the apparatus of example [00132] wherein the configuration data is received in encrypted form, the logic being further configured to decrypt the configuration data.
- Example 51 is the apparatus of example [00132] wherein the configuration data is received in encrypted form further comprising means for decrypting the configuration data.
- Example 52 is the apparatus of any of examples [00132] to [00142] wherein the hardware component is a semiconductor package containing a processor and a memory in communication with the processor.
- the hardware component is a semiconductor package containing a processor and a memory in communication with the processor.
- Example 53 is a system comprising the apparatus of examples [00138] or [00139] further comprising a wireless interface, the wireless interface being used to communicate with the mobile device.
- Example 54 is a system comprising the apparatus of examples [00138] or [00139] further comprising means for communicating with the mobile device.
- Example 55 is the system of example [00144] wherein the mobile device generates a user interface through which the request to modify one or more configuration parameters is received.
- Example 56 is the system of example [00144] wherein the wireless interface is selected from a group consisting of RF, WiFi, Bluetooth and NFC.
- Example 57 is a method comprising receiving a request to modify one or more configuration parameters of a hardware component, receiving configuration data indicating the current configuration parameters of the hardware component and a unique identifier identifying the hardware component, generating an authorization to modify the one or more of the configuration parameters, the authorization containing the unique identifier and the authorization being signed by the private key and communicating the authorization to the hardware component.
- Example 58 is the method of example [00148] further comprising receiving status information indicating the receipt of the authorization by the hardware component, storing the authorization and status information and transmitting the authorization and status information to a remote system.
- Example 59 is the method of example [00148] wherein the request to modify one or more configuration parameters of a hardware component is received through a user interface.
- Example 60 is the method of example [00150] wherein the configuration data is received through a wired connection and further wherein the authorization is communicated to the hardware component via the wired connection.
- Example 61 is the method of example [00148] wherein the request to modify one or more configuration parameters of a hardware component is received from a mobile device.
- Example 62 is the method of example [00152] wherein the configuration data is received through the mobile device and further wherein the authorization is communicated to the hardware component through the mobile device.
- Example 63 is the method of example [00148] wherein the configuration data is encrypted, the method further comprising decrypting the configuration data prior to generating the authorization.
- Example 64 is the apparatus of any of examples [00148] to [00154] wherein the hardware component is a semiconductor package containing a processor and a memory in communication with the processor.
- Example 65 is a system comprising a processor, memory, containing logic for execution by the processor, the logic implementing the method according to any of examples [00148] to [00155] and a hardware signing module containing a private encryption key.
- Example 66 is the system of example [00156] further comprising a wireless interface, the wireless interface being used to communicate with the mobile device.
- Example 67 is the system of example [00156] further comprising means for communicating with the mobile device.
- Example 68 is the system of example [00157] wherein the wireless interface is selected from a group consisting of RF, WiFi, Bluetooth and NFC.
- Example 69 is the system of example [00157] wherein the mobile device generates a user interface through which the request to modify one or more configuration parameters is received.
- Example 70 is the system of example [00157] further comprising means for receiving the request to modify one or more configuration parameters.
- Example 71 is a non-transitory machine-readable medium comprising plurality of instructions that, when executed by a processor, cause the processor to receive a request to modify one or more configuration parameters of a hardware component, receive configuration data indicating the current configuration parameters of the hardware component and a unique identifier identifying the hardware component, generate an authorization to modify the one or more of the configuration parameters, the authorization containing the unique identifier and the authorization being signed by the private key and communicate the authorization to the hardware component.
- Example 72 is the non-transitory machine-readable medium of example [00162] further comprising instructions that, when executed by a processor, cause the processor to receive status information indicating the receipt of the authorization by the hardware component, store the authorization and status information and transmit the authorization and status information to a remote system.
- Example 73 is the non-transitory machine-readable medium of example [00162] wherein the configuration data is encrypted, further comprising instructions that, when executed by a processor, cause the processor to decrypt the configuration data.
- Example 74 is the non-transitory machine-readable medium of example [00162] wherein the configuration data is encrypted, further comprising means for decrypting the configuration data.
- Example 75 is the non-transitory machine-readable medium of any of examples [00162] to [00164] wherein the hardware component is a semiconductor package containing a processor and a memory in communication with the processor.
- Example 76 is the non-transitory machine-readable medium of any of examples [00162] to [00166] wherein the instructions further cause the processor to generate a user interface.
- Example 77 is the non-transitory machine-readable medium of any of examples [00162] to [00166] further comprising means for generating a user interface.
- Example 78 is the non-transitory machine-readable medium of examples [00167] or [00168] wherein the request to modify one or more configuration parameters of a hardware component is received through the user interface.
- Example 79 is the non-transitory machine-readable medium of any of examples [00162] to [00169] wherein the authorization is communicated to the hardware component via a wired connection.
- Example 80 is the non-transitory machine-readable medium of any of examples [00162] to [00169] further comprising means for communicating the authorization to the hardware component.
- Example 81 is the non-transitory machine-readable medium of any of examples [00162] to [00166] wherein the request to modify one or more configuration parameters of a hardware component is received from a mobile device and further wherein the authorization is communicated to the hardware component through the mobile device.
- Example 82 is the non-transitory machine-readable medium of any of examples [00162] to [00166] further comprising means for receiving the request to modify one or more configuration parameters from a hardware component and means for communicating the authorization to the hardware component.
- Example 83 is a system comprising the non-transitory machine-readable medium of example [00172] further comprising a wireless interface, the wireless interface being used to communicate with the mobile device.
- Example 84 is the system of example [00174] wherein the mobile device generates a user interface through which the request to modify one or more configuration parameters is received.
- Example 85 is the system of any of examples [00174] or [00175] wherein the wireless interface is selected from a group consisting of RF, WiFi, Bluetooth and NFC. It should be noted that the methods described herein do not have to be executed in the order described, or in any particular order. Moreover, various activities described with respect to the methods identified herein can be executed in serial or parallel fashion.
Abstract
Techniques and apparatuses for issuance of license upgrades for hardware components in the field, as well as the hardware components, are described. In one embodiment, for example an apparatus may include processor circuitry and memory in communication with the processor circuitry, wherein the memory contains a configuration data block and license data block, the configuration data block being read from the memory via a licensing apparatus and the licensing data block being written to the memory by the licensing apparatus. The processor may include executable code to process the licensing data block to facilitate an upgrade of the capabilities of the processor circuitry.
Description
- This application is a continuation of, claims the benefit of and priority to previously filed U.S. patent application Ser. No. 15/719,375 filed Sep. 28, 2017, entitled “SYSTEM AND METHOD FOR RECONFIGURING AND DEPLOYING SOFT STOCK-KEEPING UNITS”, which is hereby incorporated by reference in its entirety.
- Embodiments herein generally relate to digital rights enforcement, and, more particularly, field-upgradable hardware units.
- A stock keeping unit (or “SKU”) is an identification code for a product or service that is typically assigned by the manufacturer or service provider and helps track an item for inventory and invoicing purposes. The SKU is commonly portrayed as a machine-readable bar code, but may take any form. Each unique SKU typically represents a distinct type and configuration of an item for sale, but is not meant to identify particular units of stock.
-
FIG. 1 illustrates an embodiment of a hardware component that is field upgradeable. -
FIG. 2 illustrates a block diagram of a portion of the contents of the memory of the embodiment ofFIG. 1 -
FIG. 3 illustrates a digitally-signed version of the memory contents ofFIG. 2 . -
FIG. 4 illustrates an embodiment of a first logic flow. -
FIG. 5 illustrates the exchange of memory contents for the embodiment ofFIG. 5 -
FIG. 6 illustrates the embodiment ofFIG. 1 showing data flow. -
FIG. 7 illustrates an embodiment of a second logic flow. -
FIG. 8 illustrates an embodiment of a third logic flow. -
FIG. 9 illustrates an embodiment of a fourth logic flow. -
FIG. 10 illustrates a first embodiment of a licensing apparatus. -
FIG. 11 illustrates an embodiment showing data flow between the hardware component and the licensing apparatus. -
FIG. 12 illustrates a second embodiment of a licensing apparatus. -
FIG. 13 illustrates a third embodiment of a licensing apparatus. -
FIG. 14 illustrates an embodiment of fifth logic flow. -
FIG. 15 illustrates an embodiment of sixth logic flow. -
FIG. 16 illustrates an embodiment of a computer-readable medium. -
FIG. 17 illustrates a fourth embodiment of a licensing apparatus. - There are certain types of goods for which variations in the configuration can be applied after the product leaves the manufacturer. An example of one such product is the central processing unit (“CPU”) of a computer. Various configuration options, for example, number of cores, cache size, number of computing threads, memory size, operating frequency, etc. can often be upgradeable in the field by an original equipment manufacturer (OEM), an original design manufacturer (ODM) or an end user. Furthermore, it is often more economical to manufacture the CPU with all available capabilities for the highest level of configuration and disable some capabilities to provide lower cost exemplars of the product. Thus, CPUs can be manufactured with all possible options and “fused” to a base configuration, typically the lowest level of configuration. Thereafter, a final configuration can be applied in the field by overriding the base configuration. The authorization to apply the override may be generated by a licensing appliance.
- With many configuration options available, the number of possible SKUs could rise exponentially to cover all possible combinations of options. Furthermore, unless inventory can be manufactured to meet immediate demand, it is often necessary to stock many different combinations of options.
- One possible strategy to solve this problem is to configure all manufactured items at the lowest possible configuration level (and thus at the lowest price point) and to allow all upgrades and reconfigurations to take place in the field, as needed. The configuration and SKU of the upgraded product is then updated based on licensing authorization generated by a licensing appliance, and the license for the upgraded capabilities of the reconfigured product is stored on non-volatile RAM associated with or built into the product. The customer can then be invoiced for the upgraded capabilities based on the issued licenses. This strategy of having field-upgradable hardware has the added advantage of allowing the stocking of a single base item, instead of items with every possible configuration.
- Note that, as used herein, the term “license data block” means a data block conferring a right, permission, authorization, consent, sanction, approval, or endorsement to use certain features of the processor, or to upgrade the capabilities of the processor.
- Various embodiments may be generally directed to apparatuses for issuing licenses for upgrades of hardware components in the field. The upgrade may be performed at the manufacturing facility, at an OEM or OED facility, or at the facility of an end user, via a licensing appliance. In some embodiments, the hardware component may be a microprocessor having associated memory. In some embodiments, the microprocessor and memory may be manufactured in a single semiconductor package, while in other embodiments, the microprocessor and memory may be manufactured in separate semiconductor packages and may communicate with each other via a wired interface.
- In various embodiments, the microprocessor may be loaded with executable code that executes on a cold boot of the microprocessor. In some embodiments, the executable code will read a license data block from the memory and perform an upgrade of the capabilities of the microprocessor by overriding various fuse settings for the microprocessor.
- In some embodiments, the executable code may be embodied as executable code or as a hardware block in the microprocessor, the hardware block comprising a dedicated piece of logic implemented within the microprocessor using logic gates in lieu of firmware. It should be understood by one of skill in the art that, as used herein, the terms executable code, microcode, and firmware are used interchangeably.
- In various embodiments, the memory may be radio frequency (RF) capable, allowing portions of the memory to be written to and read from via a wireless connection. In such cases, the embodiment may further include an RF antenna. In some embodiments, the memory may be written to or read from without power being applied to the memory. In other embodiments, the memory may be read from or written to via the wired connection through the microprocessor.
- In various embodiments, the microprocessor will be provided with a unique identification (ID) number. In some embodiments, the unique ID number may be stored in the executable code. In other embodiments, the unique ID may be stored in the memory. In yet other embodiments, the unique ID maybe stored in both the executable code and the memory.
- In another aspect, a licensing apparatus may be provided. In various embodiments, the licensing apparatus may receive requests to upgrade a particular microprocessor. In some embodiments, the request may be received directly from a user interface generated by the licensing apparatus. In other embodiments, the request may be received from a user equipment via a wireless connection.
- In various embodiments, the licensing apparatus may communicate with the memory associated with the microprocessor. In some embodiments, the memory may be read from or written to using a hardware programming interface. In some embodiments, the hardware programming interface communicates with the licensing apparatus via the user equipment. In other embodiments, the licensing apparatus communicates with the memory via a hardware test platform via a wired interface.
- In various embodiments, the licensing apparatus write to and reads from the memory. In some embodiments, a configuration data block is read from the memory. The configuration data block may contain, in some embodiments, the unique ID of the microprocessor. In other embodiments, the licensing apparatus writes a licensing block to the memory containing authorization for the upgraded capabilities.
- In various embodiments, data written to or read from the memory by the licensing apparatus may be digitally signed. In some embodiments, the licensing apparatus may include a hardware signing module, and the licensing data block may be digitally signed using an encryption process and private key unique to the licensing apparatus. In some embodiments, the configuration data block may be digitally signed, with the digital signature including the unique ID of the microprocessor. The fact that each licensing apparatus has its own private key allows for customer-specific CPU grouping. That is, only specific CPUs targeted for a specific customer who has possession of the corresponding licensing apparatus with a specific private key is able to generate a license for a specific CPU.
-
FIG. 1 illustrates an example of an embodiment that may be representative of various embodiments.Semiconductor package 100 includesprocessor circuitry 110.Processor circuitry 110 may be a typical microprocessor of any type.Processor circuitry 110 may includeexecutable code 112 which may be executed on a cold boot of theprocessor circuitry 110 or via any other means.Processor circuitry 110 may also include a configuration 114 which may be established at the point of manufacture. Configuration 114 may be “hard wired” and upgradeable by overriding various “fused” settings inprocessor circuitry 110.Processor circuitry 110 may also include aunique ID 116 which is capable of uniquely identifying thesemiconductor package 100. -
Semiconductor package 100 may also includememory 120 in communication withprocessor circuitry 110 viawired interface 118. In one embodiment,memory 120 may be non-volatile random access memory (NVRAM). In another embodiment,memory 120 may be able to be read from and written to via an RF interface, and is referred to as RF-NVRAM. In such embodiments,semiconductor package 100 may includewireless RF interface 130, for example, an RF antenna, which may be external to or integrated withsemiconductor package 100. In some embodiments,memory 120 may be able to be written to or read from without power being applied to thesemiconductor package 100. -
FIG. 2 illustrates a block diagram of a portion of the contents of the memory of the embodiment. As shown inFIG. 2 ,memory 120 may comprise a portion containing configuration data, referred to as configuration data block 124. Configuration data block 124, in some embodiments, may contain the unique identifier (ID) 116 of theprocessor circuitry 110. In some embodiments, configuration data block 124 may contain information indicating the current configuration 202 ofprocessor circuitry 110. In yet other embodiments, configuration data block 124 may contain apublic encryption key 206. - Note that, as used herein, the term “unique identifier” is meant to refer to an identifier which is capable of uniquely identifying a particular processor, for example, a serial number. However, the processors could have, instead of or in addition to the unique identifier, identifiers which associate it with a particular type of processor, a family of processors, or any other way of grouping processors, for example, all processes assigned to particular OEM.
- In general, the configuration data block 124 may store configuration data for one or more elements of the
semiconductor package 100, such as theprocessor circuitry 110, for example. Configuration data may comprise data uniquely identifying theprocessor circuitry 110,memory 120, or both the processor circuitry and memory. Examples of configuration data may comprise without limitation a serial number assigned by the manufacturer at manufacturing time. Other data useful in the process described herein may also be contained in the configuration data block 124. In one embodiment, for example, the configuration data may comprise data representing the current configuration of the processor circuitry 124 and other embodiments the configuration data may comprise for example a public encryption key associated with the semiconductor package. Embodiments are not limited to these examples. - In various embodiments, the configuration data block 124 may store a
unique ID 116 of theprocessor circuitry 110. Aunique ID 116 may comprise a serial number assigned by the manufacturer which uniquely identifies processor circuitry 124. Examples of aunique ID 116 may comprise, without limitation, strings of ASCII characters, encryption keys, or random numbers. In one embodiment, for example, theunique ID 116 may comprise a string of ASCII characters hardcoded intoprocessor circuitry 110. Embodiments are not limited to these examples. - In various embodiments, the configuration data block 124 may store a
public key 206 of theprocessor circuitry 110. Apublic key 206 may comprise the public portion of a private/public key asymmetrical cryptographic system. For example,public key 206 may comprise, without limitation, the public portion of an elliptic curve digital signature algorithm (ECDSA). In one embodiment, for example, theunique ID 116 may comprise a 256 byte string of characters. Embodiments are not limited to these examples. -
FIG. 3 illustrates a digitally-signed version of the memory contents ofmemory 120. In various embodiments, configuration data block 124, as shown inFIG. 3 may be digitally signed or encrypted using theunique ID 204 ofprocessor circuitry 110. The digital signature may comprise a private/public key asymmetrical cryptographic system. In one embodiment for example the digital signature may comprise a signature generated by the elliptical curve digital signature algorithm (ECDSA), however, any well-known private/public key encryption system may be utilized. -
Memory 120 may also contain a portion containing license data, referred to as the license data block 122. A license data block 122 may comprise information regarding specific upgrades toprocessor circuitry 110 as well as authorizations for those upgrades. In one embodiment, for example the license data block 122 may comprise data which may be processed byexecutable code 112 stored inprocessor circuitry 110 to affect the upgrade. License data block 122 may hold data indicating thatprocessor circuitry 110 may be configured differently than the configuration indicated in configuration data block 124. In some cases, the different configuration will represent an upgrade to the current configuration ofprocessor circuitry 110. In some embodiments, the license data block 122 may indicate thatprocessor circuitry 110 may be upgraded by overriding certain parameters in the current configuration to provide a performance enhancement. Parameters may include, for example, the number of cores, the cache size, the number of computing threads, the memory size, the operating frequency, etc., however, this is not meant to be a comprehensive listing of the parameters that may be overridden. In some embodiments, the license data block 122 may be digitally signed or encrypted using a private key. In some embodiments, the license data block 122 may comprise data generated by the manufacturer or by a licensing appliance to specify and authorize upgrades toprocessor circuitry 110. In some embodiments, the license data block may contain manufacturer-specific data specifying and authorizing the upgrade ofprocessor circuitry 110. - In various embodiments, the configuration data block 124 and the license data block 122 may be read from or written to via
wireless RF interface 130 or viawired interface 118 throughprocessor circuitry 110. -
FIG. 4 illustrates an embodiment of thelogic flow 400 for upgrading the operational capabilities ofprocessor circuitry 110.Logic flow 400 may be representative of some or all of the operations executed by one or more embodiments described herein. In one embodiment,executable code 112 is stored in and executed fromprocessor circuitry 110. In other embodiments,executable code 112 may be stored inmemory 120. The logic flow, in other embodiments, may be implemented in software, firmware, hardware, or any combination thereof. In software and firmware embodiments, a logic flow may be implemented by computer executable instructions stored on a non-transitory computer readable medium or machine readable medium, such as an optical, magnetic or semiconductor storage. The embodiments are not limited in this context. - In the illustrated embodiment shown in
FIG. 4 , thelogic flow 400 atblock 402 begins on a cold boot ofprocessor circuitry 110. In other embodiments, the executable code may be executed by any known means of beginning a logic flow. Atblock 404 the executable code 124 is configured to read the license data block 122 frommemory 120 insemiconductor package 100 viawired interface 118 betweenmemory 120 andprocessor circuitry 110. In certain embodiments, the license data block 122 may be encrypted. Atblock 405, the executable code is configured to decrypt the license data block 122. License data block 122 may have been encrypted using a private key, and may be decrypted usingpublic key 206, although any known method of encrypting and decrypting blocks of data may be used. In certain embodiments, the license data block 122 will have been created specifically for themicroprocessor 110 identified byunique ID 116. As such, license data block 122 will contain an identification number identifying a particular processor for which the license data block 122 is intended. Atblock 406, the unique ID contained in license data block 122 will be compared with the processor'sunique ID 116. If there is nomatch logic flow 400 will end without performing the override of configuration 114 ofprocessor circuitry 110. If there is a match between the identification number in license data block 122 and the processor'sunique ID 116executable code 112 will override the configuration 114 ofprocessor circuitry 110 with the capabilities reflected in the license data block 122. -
FIG. 5 and shows an embodiment whereinmemory 120 is RF enabled (RF-NVRAM), and for whichmemory 120 can be read from and written to viawireless RF interface 130.FIG. 5 shows configuration data block 124 being read frommemory 120 viawireless RF interface 130, and license data block 122 being written tomemory 120 viawireless RF interface 130. - In various embodiments RF-enabled
memory 120 may be read from or written to with any other device capable of communicating over a wireless RF interface. In some embodiments, the wireless RF interface may comprise for example a wireless RF interface on a mobile device or on a licensing appliance. In other embodiments, the wireless RF interface may be part of a special programming tool, discussed later, which may be specially configured to communicate with RF-enabledmemory 120. In certain embodiments, the RF-enabledmemory 120 may be read from and written to via the wireless RF interface when not connected to a power source. In such embodiments, the power for reading from and writing to the RF-enabledmemory 120 is derived from the wireless RF interface. In yet other embodiments the RF-enabledmemory 120 may be read from and written to when power is connected tosemiconductor package 100. - In other embodiments,
memory 120 may not be RF-enabled. Insuch cases memory 120 may be written directly via awired connection 118 throughprocessor circuitry 110. In some embodiments,processor circuitry 110 may be connected via a wired connection to another component which wishes to read from or write tomemory 120. In some embodiments, the component may be a licensing appliance. In some embodiments, the wired connection made comprise a wired connection through a hardware test platform at a manufacturing, OEM, or OED facility. -
FIG. 6 showssemiconductor package 100 in more detail. In certainembodiments processor circuitry 110 will be configured withfuse controller 702, which contains the base configuration ofprocessor circuitry 110. In some embodiments, the base configuration will be applied during the manufacturing process. In other embodiments the configuration may be applied during other processes. In some embodiments,processor circuitry 110 may be configured at the lowest capability level, but, in other embodiments the base configuration 114 can reflect any level of capability. - Configuration 114 is, in some embodiments, controlled by
fuse controller 702, shown inFIG. 6 , which enables a hardwiring of base configuration 114. In other embodiments,processor circuitry 110 will be hardwired to a base configuration via other means. License data block 122 contains specifications and authorizations necessary to override configuration 114 contained infuse controller 702.Executable code 112 which, in some embodiments, will be contained inprocessor circuitry 110 and, in other embodiments, may be contained inmemory 120, is responsible for reading the license data block 122 frommemory 120 and applying the upgrades by overriding the base configuration infuse controller 702. In some embodiments license data block 122 may comprise an encrypted data block, and may be decrypted by an algorithm encoded inexecutable code 112. In some embodiments,public key 206 may be used byexecutable code 112 to decrypt license data block 122. -
FIG. 7 showslogic flow 700 of a method utilized by ahardware component 1050 for upgrading the configuration ofprocessor circuitry 110. Atblock 702 the method is started, in one embodiment, via a cold boot of the hardware component.Hardware component 1050, in one embodiment, will besemiconductor package 100 withprocessor circuitry 110, but, in other embodiments, may be other types of hardware. Atblock 704, license data block 122 is retrieved frommemory 120. In some embodiments, the license data block 122 may be validated atblock 706. In some embodiments license data block 122 may be encrypted and the validation step may include a decrypting process. In other embodiments, license data block 122 may be digitally signed, and the digital signature verified. In some embodiments, license data block 122 will contain an identification number. In such cases, a further validation may be performed on the license data block 122 by comparing the identification number contained in license data block 122 with the processor'sunique ID 116 and verifying a match therebetween. Atblock 708, if license data block 122 is validated the method is configured to apply the configuration parameters specified in license data block 122 toprocessor circuitry 110 to affect the upgrade of the capabilities ofprocessor circuitry 110. -
FIG. 8 showsvalidation block 706 ofFIG. 7 in more detail. In some embodiments, license data block 122 will be encrypted with a private key and, atblock 802, may be decrypted usingpublic key 206, although any known method of encryption and decryption may be used. In some embodiments license data block 122 may be digitally signed using the elliptical curve digital signature algorithm. In other embodiments license data block 122 may be unencrypted. Atblock 804, the identification number contained in license data block 122 is extracted and compared with the processor'sunique ID 116 to confirm a match. In some embodiments, licensed authorizations for upgrades toprocessor circuitry 110 are specific to the processor identified by the processor'sunique ID 116. - In some embodiments attempts to upgrade
processor circuitry 110 with licenses not containing the processor'sunique ID 116 will fail. In some embodiments, specific licensing appliances will be provided with a private key can be used to encrypt license data block 122 only for processors which have been manufactured containing a particular public key 126 which has been paired with the private key. This allows certain facilities, for example an OEM having a licensing appliance, to authorize upgrades only forsemiconductor packages 100 which have been sold to that particular OEM, and not tosemiconductor packages 100 which have been sold to other entities. -
FIG. 9 shows block 708 ofFIG. 7 in more detail. In some embodiments, where thehardware component 1050 that is being upgraded isprocessor circuitry 110, a base configuration may be indicated by fuse locations in afuse controller 702, as shown inFIG. 6 . The upgrade process, which in some embodiments occurs at cold boot, overrides the fuse locations infuse controller 702 with the new configuration indicated in license data block 122. In some cases, it may also be necessary to modify configuration registered banks inprocessor circuitry 110. - In some embodiments, other manufacturer-specific methods of applying the upgrades may be utilized without departing from the intended scope. The specific method of applying the upgrade may be embodied in
executable code 112, but may be applied in other ways known to those of skill in the art. The embodiments are not meant to be limited by specific methods of applying the upgrade, but is meant to encompass methods which may be specific to types of hardware components other than those described herein. -
FIG. 10 shows licensing apparatus 1000, in block form. Licensing apparatus 1000 represents another aspect.Licensing appliance 1010 may, in some embodiments, comprise a memory configured withlogic 1012.Logic 1012 may be configured to execute on a processor. In some embodiments,logic 1012 is configured to acceptrequests 1001 for upgrades tohardware component 1050.Request 1001 may be generated via any method known to one of skill in the art. In specific embodiments request 1001 may be generated via a user interface, while in other embodiments request 1001 may be accepted via other methods for example via email, via an application programming interface, or from another device having a user interface -
Licensing appliance 1010 may be configured to issuelicense authorizations 1003 in response torequest 1001. In various embodiments,logic 1012 may request or read data fromhardware component 1050. In some embodiments data requested fromhardware component 1050 may identifyhardware component 1050. In specific embodiments,logic 1012 will read configuration data and aunique ID 1002 from ahardware component 1050. In some embodiments,hardware component 1050 may besemiconductor package 100 shown inFIG. 1 . In some embodiments, configuration data and aunique ID 1002 specific tohardware component 1050 may be contained in configuration data block 124, shown inFIG. 2 .Logic 1012 may be configured to issueauthorization 1003 for thespecific hardware component 1050 identified by theunique ID 116 contained in the configuration data andunique ID 1002. - Configuration data and
unique ID 1002 may be read in various ways fromhardware component 1050. In certain embodiments configuration andunique ID 1002 will be read via awireless RF interface 130 as shown inFIG. 5 . In specific embodiments configuration data and unique ID made may be relayed tolicensing appliance 1010 via an intermediate hardware component, for example a programming tool or a mobile device having a user interface through whichrequest 1001 has been accepted. In other specific embodiments configuration data and unique ID may be read via a wired interface fromhardware component 1050. In in specific embodiments the wired interface may comprise a hardware test platform containing a wired interface tohardware component 1050 - In certain embodiments, once
authorization 1003 is generated, it may be digitally signed byhardware signing module 1014.Hardware signing module 1014 may in certain embodiments comprise a standard commercially available PCIE-based hardware module for performing secure cryptographic operations. The hardware signing module may support a standard cryptographic algorithm for use in signing. In certain embodiments, the hardware signing module may contain a standard elliptical curve digital signature algorithm (ECDSA), which may in some embodiments, require a 256 byte key for signature generation and signature verification of theauthorization 1003. In various embodiments, a private key, also contained in thehardware signing module 1014 is used to generate the signature or to encryptauthorization 1003. In other embodiments, any well-known method of encrypting the authorization 103 may be used. In yetother embodiments authorization 1003 may be left unencrypted. - Referring to
FIG. 10 , signedauthorization 1004 is sent tohardware component 1050 for verification and use in upgrading the capabilities ofhardware component 1050. In certain embodiments signedauthorization 1004 may be license data block 122. -
FIG. 11 showslicensing appliance 1010 having storage 1102 for the storing ofauthorizations 1003 which have been generated forvarious hardware components 1050. In some embodiments, once signedauthorization 1004 has been successfully stored in thememory 120 ofhardware component 1050, status information 1101 may be sent tolicensing appliance 1010. In some embodiments status information 1101 is also stored in storage 1102. In some embodiments signedauthorization 1004 may be stored inmemory 120 contained inhardware component 1050, and may be accessed only upon a cold boot ofhardware component 1050. - In some embodiments authorizations and statuses stored in authorization and status storage 1102 may be communicated off-site to another entity. In some embodiments, the other entity may be the manufacturer of
hardware component 1050. In other embodiments, the other entity receiving information regarding the authorizations and statuses may be the entity authorizing the use oflicensing appliance 1010. In some embodiments, the entity authorizing the use oflicensing appliance 1010 and the manufacturer ofhardware component 1050 may be one in the same. In specific embodiments, the authorizations and statuses in stored in authorization status storage 1102 may be communicated to the other entity via the Internet. In other embodiments the authorizations and statuses stored in authorization and status storage 1102, may be communicated to the other entity via any well-known method of communication, including for example, email, a direct TCP/IP connection between thelicensing appliance 1010 and the other entity, and/or any other well-known method of communicating between two systems known to those of skill in the art. -
FIG. 12 shows another embodiment of licensing apparatus 1000 in whichlicensing appliance 1010 also is configured with user interface logic 1201, configured to generate a user interface for acceptingrequests 1001 directly from users. In all otherrespects licensing appliance 1010 as shown inFIG. 12 is identical to the embodiment oflicensing appliance 1010 shown inFIG. 10 . - The user interface generated by user interface logic 1201 may be displayed on a local display comprising a visual and a user input device, for example a keyboard and/or mouse connected to
licensing appliance 1010. In other embodiments, the user interface generated by user interface logic 1201 may be displayed via a remote display accessed over a network. For example, user interface logic 1201 may comprise generating a website accessible over the Internet. In yet other embodiments, user interface logic 1201 may communicate with an app installed on a user equipment, for example, a mobile computing device, to display the user interface. The embodiments are not meant to be limited by the method used to display the user interface but is meant to encompass any method known to those of skill in the art -
FIG. 13 shows yet another embodiment oflicensing appliance 1010 in which requests 1001 are received through a user equipment 1301 which may be, for example, a smart phone, a tablet, or any other well-known mobile computing device. In one embodiment, the user interface is generated by user equipment 1301, and the particulars of therequest 1001 are communicated to thelicensing appliance 1010. In some embodiments,request 1001 is transmitted tolicensing appliance 1010 from user equipment 1301 via a wireless connection, for example, Wi-Fi, Bluetooth, or near field communications (NFC), or is communicated over the Internet. - In the embodiment of
FIG. 13 , the communication of signedauthorization 1004 to thehardware component 1050 may comprise relaying of signedauthorization 1004 by the user equipment 1301. In certain embodiments, user equipment 1301 will have a user interface for accepting requests from users for the generation of signedauthorization 1004. User equipment 1301 may write signedauthorization 1004 intomemory 120.Hardware component 1050 may further comprise a wireless interface, for example,RF interface 130 as shown inFIG. 1 , or some other form of wireless communication, for example, Bluetooth, Wi-Fi or NFC. In some embodiments user equipment 1301 may communicate withhardware component 1050 via an intermediate device comprising, for example, a specialized programming tool. In some embodiments, user equipment 1301 may communicate with the programming tool via any well-known method of communication, for example, a wired connection, a wireless connection, for example, Bluetooth Wi-Fi or NFC. In some embodiments, the programming tool may communicate withhardware component 1050 via any well-known wired or wireless method of communication. - Further with respect
FIG. 13 , configuration data andunique ID 1002 may be relayed tolicensing appliance 1010 via a user equipment 1301. User equipment 1301 may read the configuration data andunique ID 1002 frommemory 120 ofhardware component 1050. In some embodiments, configuration data andunique interface 1002 may be configuration data block 124.Hardware component 1050 may further comprise a wireless interface, for example,RF interface 130 as shown inFIG. 1 , or some other form of wireless communication, for example, Bluetooth, Wi-Fi or NFC. In some embodiments user equipment 1301 may communicate withhardware component 1050 via an intermediate device comprising, for example, a specialized programming tool, previously discussed. The specialized programming tool may be specially configured to read from and write tomemory 120 ofhardware component 1050, via a wired or wireless interface as discussed above. In addition, the programming tool may be configured to communicate with the user equipment 1301 via a wired or wireless interface. -
FIG. 14 showslogic flow 1400 oflogic 1012 oflicensing appliance 1010. Atblock 1402, thelogic flow 1400 is receiving a request to modify one or more configuration parameters of a hardware component. For example,logic flow 1400 receivesrequest 1001 to modify the configuration ofhardware component 1050. In some embodiments,request 1001 is received via a user interface generated by user interface logic 1201 while, in other embodiments,request 1001 is received via a wireless interface from a user equipment 1301, as previously explained. In alternative embodiments request 1001 may be received in any manner, such as via email, or via wireless technology such as Bluetooth or NFC, or via a webpage accessed over the Internet. However, the logic is not meant to be limited by these embodiments. - In
box 1404,logic flow 1400 is receiving configuration data indicating the current configuration parameters ofhardware component 1050 and aunique ID 116 identifying thehardware component 1050. In some embodiments, the configuration data may also include a public encryption key paired with a private encryption key known only tolicensing appliance 1010. For example,logic flow 1400 receives the configuration data and aunique ID 1002 fromhardware component 1050. Configuration data andunique ID 1002 may, in some embodiments, be in the form of configuration data block 124. In various embodiments, configuration data andunique ID 1002 may be digitally signed or encrypted via any one of a number of well-known methods for encrypting data. In one embodiment, wherehardware component 1050 issemiconductor package 100 shown inFIG. 1 . In some embodiments, the configuration data andunique ID 1002 may be digitally signed using theunique identifier 116 ofprocessor circuitry 110. - In
box 1405,logic flow 1400 is optionally decrypting the configuration data andunique ID 1002 prior to generating the authorization. Configuration data andunique ID 1002 may be encrypted via any well-known method of encryption. In specific embodiments configuration data and unique ID is configured with a public/private key encryption scheme in which the configuration data andunique ID 1002 is encrypted with thepublic key 206 paired with a private key held bylicensing appliance 1010. In some embodiments, the private key held bylicensing appliance 1010 may be encoded intohardware signing module 1014, and retrieved therefrom when needed to decrypt the configuration data andunique ID 1002. - In
box 1406,logic flow 1400 is generating an authorization to modify one or more of the configuration parameters. In some embodiments, the authorization contains the unique identifier ofhardware component 1050, and the authorization. In some embodiments, the authorization will be digitally signed using an encryption method and private key ofhardware signing module 1014. In other embodiments, the authorization may be signed using any well-known method of digitally signing or encrypting data. In some embodiments, signedauthorization 1004 is embodied as license data block 122 shown inFIG. 1 . In other embodiments signedauthorization 1004 may be any form of data block, encrypted or unencrypted. - In
box 1408 oflogic flow 1400 is communicating the signed authorization 104 tohardware component 1050. In some embodiments,hardware component 1050 may have a wired connection tolicensing appliance 1010 and a signedauthorization 1004 may be communicated via the wired connection. In other embodiments, the signedauthorization 1004 may be communicated to thehardware component 1050 via a wireless connection through a user equipment 1301. In still other embodiments, the user equipment 1301 may relay the signedauthorization 1004 through a specialized programming tool, as previously discussed. -
FIG. 15 shows a continuation oflogic flow 1400. At block 1510,logic flow 1400 is receiving status information indicating the receipt of the signedauthorization 1004 by thehardware component 1050. In some embodiments, wherein the actual application of the upgrade only takes place upon a cold boot of thehardware configuration 1050, the status information 1101 may indicate that the signedauthorization 1004 was successfully written intomemory 120 ofhardware component 1050. In other embodiments status information 1101 may indicate that the upgrade to thehardware component 1050 has been successfully completed. - Status information 1101, in some embodiments, may be generated by specialized programming tool and relayed to
licensing appliance 1010 via a user equipment 1301. In other embodiments, user equipment 1301 may generate the status information 1101. In yet other embodiments, in which there is a wired interface betweenlicensing appliance 1010 and thehardware component 1050 via, for example, a hardware test platform, shown asreference number 1712 inFIG. 17 , status information 1101 may be generated by thehardware test platform 1712. - At
block 1512,logic flow 1400 is storing theauthorization 1004 and status information 1101. In some embodiments, theauthorization 1004 and status information 1101 is stored in the authorization and status storage 1102, as shown inFIG. 11 . In some embodiments, authorization and status storage 1102 may be embodied as a database. In other embodiments, any other form of storage forauthorizations 1004 and status information 1101 may be utilized, for example, theauthorizations 1004 may be stored in the form of a license data blocks 122, in the form of a file, or in any other form well-known to those of skill in the art. Likewise, the status information 1101, maybe stored as received, or in a similar fashion to theauthorization 1004. The embodiments are not meant to be limited by the method used to store the authorization and status information. - At
block 1514,licensing appliance 1010 may optionally transmit the authorization and status information to a remote system. In some embodiments, the authorization and status information was stored in authorization and status storage 1102 And authorization which was stored in authorization status storage 1102, and retrieved therefrom prior to being sent to the remote system. In some embodiments, the authorization and status information may be periodically transmitted to the remote system in a group of authorizations and status information, while in other embodiments, the authorization and status information may be set individually as they are generated. - In some embodiments, the authorization and status information is sent to the remote system via the Internet, while in other embodiments the status information authorization may be sent via any one of a number of well-known methods, including, for example, via a direct TCP/IP connection. In some embodiments, the remote system may be associated with the manufacture and the authorization and status information may be used to generate invoices for the enhanced capability provided by signed
authorization 1004. In other embodiments,licensing appliance 1010 will be required to periodically communicate with a remote system to continue to be authorized to issue license upgrades. -
FIG. 16 shows a computerreadable media 1600 having stored thereon various software modules for use bylicensing appliance 1010. The configuration shown inFIG. 16 is an exemplary embodiment and it will be realized by one of skill in the art that many different arrangements of modules may be used to provide the same functionality, and that the embodiments are not meant to be limited by the configuration shown inFIG. 16 . -
Control module 1602 is responsible for the overall control oflicensing appliance 1010, and the flow of logic for the overall process of providing license upgrades forhardware component 1050. In some embodiments,control module 1602 may assume control upon receiving the request 1101 for the upgrade of ahardware component 1050. In other embodiments, control module may be started manually, via a local user interface, prior to the reception of requests 1101. -
Communications module 1604 is responsible for receiving requests for upgrades as well as for communicating signedauthorizations 1004 to thehardware component 1050 and receiving status information 1101. In some embodiments,communications module 1604 will handle communications via wireless methods, for example Wi-Fi Bluetooth and NFC or RF. In other embodiments,communications module 1604 will affect communications via the Internet or via a direct TCP/IP connection. -
Cryptography module 1606 is responsible for decrypting configuration data andunique ID 1002 which may be in the form of configuration data block 122.Cryptography module 1606 is also responsible for digitally signing and/or encryptingauthorization 1003 to create signedauthorization 1004 which may in some embodiments take the form of license data block 124. In some embodiments,cryptography module 1606 works in concert withhardware signing module 1014.Cryptography module 1606 may utilize encryption scheme encoded inhardware signing module 1014, or may work independent ofhardware signing module 1014 utilizing its own encryption scheme.Cryptography module 1606 may comprise a private encryption key utilized for decrypting configuration data andunique ID 1002 which may be in the form of configuration data block 124, and for digitally signing license data block 122. In otherembodiments cryptography module 1606 may utilize the private encryption key encoded inhardware signing module 1014. -
User interface module 1608 may be present, in some embodiments, whereinrequests 1001 are received directly bylicensing appliance 1010. In other embodiments,user interface module 1608 may not be present asrequests 1001 may be received via wireless interface from a user equipment 1301.User interface module 1608 may present a user interface via a local display including a visual display and a user input device, for example a keyboard and/or mouse. In other embodiments, user interface module may utilize other methods of displaying the user interface for example the user interface may be displayed as a webpage and accessible via the Internet or may cause a user equipment 1301 two display user interface in a locally installed app. -
Licensing module 1608 is responsible for generating theauthorizations 1003 for the upgrade ofhardware component 1050, as requested inrequest 1001.Licensing appliance 1010 may be required to be authorized to generateauthorizations 1003, and, in some embodiments may be required to communicate periodically with a remote system to continue to be authorized to generateauthorizations 1003. The remote system may be a system associated with the manufacture ofhardware component 1050 and/or may be associated with an entity able to authorize upgrades tohardware component 1050.Licensing module 1608 may generate licenses which are specific to the manufacturer ofhardware component 1050. It would be realized by one of skill in the art that the embodiments are not meant to be limited by the contents of the licensing module, but that any contents able to be decoded and utilized byexecutable code 112 would be acceptable. -
Licensing module 1608 may generateauthorizations 1003 which contain metadata sufficient to affect the upgrade ofhardware component 1050. In some embodiments,licensing module 1608 may only generateauthorizations 1003 forspecific hardware components 1050.Specific hardware components 1050, in one embodiment, may be identified by their ability to decode and validate signedauthorization 1004 utilizingpublic key 206, as the signedauthorization 1004 will been signed utilizing a private encryption key specific to aparticular licensing apparatus 1010. In other embodiments, specific hardware components may be identified by theirunique ID 116 which may be included bylicensing module 1608 inauthorization 1003. -
Reporting module 1610, in some embodiments, may optionally transmit the authorization and status information to a remote system. In some embodiments, as previously discussedreporting module 1610 may report all instances of generatedauthorizations 1003 and their respective status information 1101 periodically, as a group, after retrieving them from application and status storage 1102. In another embodiment,reporting module 1610 may report generatedauthorizations 1003 and respective status information 1101 as they are generated. In some embodiments, the remote system may be associated with the manufacture ofhardware component 1050 and may utilize the information sent by reportingmodule 1610 for billing and invoicing purposes, to receive payment for the issuing of license upgrades. -
FIG. 17 shows an overall system diagram includinglicensing appliance 1010.Licensing appliance 1010 comprises CPU orprocessor 1702, suitable for executing logic contained in non-transitory computerreadable medium 1600. The logic contained in non-transitory computer readable medium 1600 is, in one embodiment, responsible for receiving a request for and generating licenses for the upgrade ofhardware components 1050, as discussed herein.Hardware signing module 1014 contains an encryption algorithm and private key used for signing authorizations for upgrades generated by the logic stored in non-transitory computerreadable medium 1600. In other embodiments, the encryption algorithm and private key used for signing authorizations may be contained in non-transitory computerreadable medium 1600. -
Wireless communications modules 1704 is responsible for all wireless communication withlicensing appliance 1010, including, for example, the receiving ofrequests 1001, the transmitting of signedauthorizations 1004 tohardware component 1050 and the receiving of status information 1101.Network interface 1706 is responsible for communications via the Internet, which may be used to communicate withhardware component vendor 1714 to report authorizations generated for specific hardware components 1054, for, in some embodiments, invoicing purposes.Network interface 1706 pay also be utilized in the case where the user interface is generated as a website available via the Internet, or in cases where communications with other systems occur via a direct TCP/IP connection -
FIG. 17 also shows both methods for communication between thelicensing appliance 1010 andhardware component 1050. In one embodiment, user equipment 1301 may receive licensing information fromlicensing appliance 1010. User equipment 1301 may also interface withprogramming tool 1710, which may be specially configured to communicate with thememory 120 stored inhardware component 1050 via a wireless interface, which may be for example,RF interface 130. In suchcases hardware component 1050 will be equipped with RF-enabled NVRAM memory.Programming tool 1710 may be specifically configured in one embodiment to communicate withmemory 120 viaRF interface 130 as shown inFIG. 1 . In someembodiments memory 120 inhardware component 1050 may not be powered whenprogramming tool 1710 is reading data from or writing data tomemory 120, but may receive power directly fromRF interface 130. User equipment 1301 may communicate withprogramming tool 1710 via a wired or wireless interface, for example, Bluetooth Wi-Fi or NFC. - In another embodiment,
licensing appliance 1010 may communicate withhardware component 1050 via a wired interface through ahardware test platform 1712. In such cases,semiconductor package 100 have power. - The following include non-limiting examples according to some embodiments:
- Example 1 is an apparatus comprising a semiconductor package comprising processor circuitry having executable code embedded therein, the processor circuitry configured with one or more operational capabilities and a unique identifier to identify the processor circuitry; and memory, in communication with the processor circuitry, the memory comprising a configuration data block containing at least the unique identifier identifying the processor circuitry, and a current configuration of the processor circuitry, and a license data block, containing a license for a set of configuration parameters for the one or more operational capabilities for the processor circuitry, the license signed with the unique identifier.
-
- Example 2 is the apparatus of example [0091] wherein the configuration data block includes a public encryption key associated with the semiconductor package.
- Example 3 is the apparatus of example [0093] wherein the configuration data block is signed with the unique identifier and is encrypted.
- Example 4 is the apparatus of example [0091] further comprising means for encrypting the configuration data block.
- Example 5 is the apparatus of example [0091] wherein the executable code contains instructions to read the license data block, validate the license data block by verifying that the identifier used to sign the license data block matches the unique identifier of the processor circuitry and override the configured operational capabilities of the processor circuitry with the set of configuration parameters specified in the license data block.
- Example 6 is the apparatus of example [0096] wherein the license data block is signed with a private key and further wherein the semiconductor package contains a public encryption key and the executable code contains further instructions to decrypt the license data block using the public encryption key.
- Example 7 is the apparatus of example [0096] further comprising means for decrypting the license data block.
- Example 8 is the apparatus of example [0097] wherein the memory is wireless capable and further wherein the configuration data block is read from the memory via a wireless connection and further wherein the license data block is stored into the memory via a wireless connection.
- Example 9 is the apparatus of example 6 further comprising means for wirelessly reading the configuration data block from the memory and writing the license data block to the memory.
- Example 10 is the apparatus of example [0096] wherein the configured operational capabilities are hardware encoded into the processor circuitry via a fusing process and further wherein the set of configuration parameters are applied by overriding various fuse locations within a fuse controller and modifying certain configuration register banks.
- Example 11 is the apparatus of example [0096] further comprising means for overriding the configured operational capabilities of the processor.
- Example 12 is a system comprising an apparatus according to any of examples [0091] to [00101], wherein the memory is radio frequency (RF)-enabled NVRAM.
- Example 13 is the system of example [00103], further comprising an RF antenna.
- Example 14 is the system of example [00103] further comprising means for reading data from and writing data to the memory.
- Example 15 is a system comprising an apparatus according to any of examples [0091] to [00101] wherein the memory can be read from or written to through a wired connection to the processor circuitry.
- Example 16 is a method comprising retrieving a license data block from a memory, the license data block containing a signed license allowing a set of configuration parameters for one or more operational capabilities to be applied to processor circuitry in communication with the memory, validating the license data block; and applying the set of configuration parameters specified in the license data block to the processor circuitry.
- Example 17 is the method of example [00107] wherein the license data block is signed with a private key where the method further comprises verifying the signature with a public key, the public key being encoded into the processor circuitry.
- Example 18 is the method of example [00108], where the method further comprises extracting an identifier from the license data block and verifying that the identifier matches a unique identifier encoded into the processor circuitry.
- Example 19 is the method of example [00109], further comprising extracting the license from the verified license data block and applying the set of configuration parameters to the processor circuitry.
- Example 20 is the method of example [00108] wherein the license data block is signed and verified using the elliptical curve digital signature algorithm.
- Example 21 is the method of example [00110] wherein applying the set of configuration parameters further comprises overriding fuse locations in a fuse controller located in the processor circuitry and modifying configuration register banks located in the processor circuitry.
- Example 22 is the method of example [00109] wherein the method is embodied in executable code encoded into the processor circuitry.
- Example 23 is the method of example [00113] wherein the executable code is executed on a cold boot of the processor circuitry.
- Example 24 is the method of any of examples [00107] to [00114] wherein the memory is radio frequency (RF)-enabled NVRAM.
- Example 25 is a system comprising processor circuitry having executable code embedded therein, the executable code containing instructions to execute the method according to any of examples [00107] to [00114] and memory, in communication with the processor circuitry.
- Example 26 is the system of example [00116] further comprising an RF antenna.
- Example 27 is the system of example [00116] further comprising means for reading data from and writing data to the memory.
- Example 28 is the system of example [00118] wherein the means for reading data from and writing data to the memory is wireless.
- Example 29 is a non-transitory computer-readable storage medium containing microcode that when executed, causes processor circuitry to retrieve a license data block from a memory, the license data block containing a signed license for a set of configuration parameters for one or more operational capabilities for the processor circuitry in communication with the memory, validate the license data block and apply the set of configuration parameters specified in the license data block to the processor circuitry.
- Example 30 is the non-transitory computer-readable storage medium of example [00120] wherein the license data block is signed with a private key, further comprising executable code that when executed, cause processor circuitry to verify the signature with a public key, the public key being encoded into the processor circuitry.
- Example 31 is the non-transitory computer-readable storage medium of example [00121], further comprising executable code that when executed, cause processor circuitry to extract an identifier from the license data block and verify that the identifier matches a unique identifier encoded into the processor circuitry.
- Example 32 is the non-transitory computer-readable storage medium of example [00121] further comprising means for verifying the license data block.
- Example 33 is the non-transitory computer-readable storage medium of example [00122], further comprising executable code that when executed, cause processor circuitry to extract the license from the verified license data block and apply the set of configuration parameters to the processor circuitry.
- Example 34 is the non-transitory computer-readable storage medium of example [00122] further comprising means for updating the set of configuration parameters in the processor circuitry.
- Example 35 is the non-transitory computer-readable storage medium of example [00124] wherein the executable code is executed on a cold boot of the processor circuitry.
- Example 36 is the non-transitory computer-readable storage medium according to any of examples [00120] to [00126] wherein the processor circuitry and memory are combined into a single semiconductor package.
- Example 37 is a system comprising the non-transitory computer-readable storage medium according to any of examples [00120] to [00127] wherein the memory is radio frequency (RF)-enabled NVRAM.
- Example 38 is the system of example [00128], further comprising an RF antenna.
- Example 39 is a system comprising the non-transitory computer-readable storage medium according to any of examples [00120] to [00127] further comprising means for writing data to and reading data from the memory.
- Example 40 is a system, comprising the non-transitory computer-readable storage medium according to any of examples [00120] to [00127] wherein the memory can be read from or written to through a wired connection to the processor circuitry.
- Example 41 is an apparatus comprising memory, containing logic for execution by a processor and a hardware signing module containing a private encryption key, wherein the logic is configured to receive a request to modify one or more configuration parameters of a hardware component, receive configuration data indicating the current configuration parameters of the hardware component and a unique identifier identifying the hardware component, generate an authorization to modify the one or more of the configuration parameters, the authorization containing the unique identifier and the authorization being signed by the private key and communicate the authorization to the hardware component.
- Example 42 is the apparatus of example [00132] wherein the logic is further configured to receive status information indicating the receipt of the authorization by the hardware component and store the authorization and status information for transmission to a remote system.
- Example 43 is the apparatus of example [00132] further comprising user interface logic configured to generate a user interface.
- Example 44 is the apparatus of example [00132] further comprising means for generating a user interface.
- Example 45 is the apparatus of examples [00134] or [00135] wherein the request to modify one or more configuration parameters of a hardware component is received through the user interface.
- Example 46 is the apparatus of example [00136] wherein the configuration data is received through a wired connection and further wherein the authorization is communicated to the hardware component via the wired connection.
- Example 47 is the apparatus of example [00132] wherein the request to modify one or more configuration parameters of a hardware component is received from a mobile device.
- Example 48 is the apparatus of example [00137] wherein the configuration data is received from the hardware component through the mobile device and further wherein the authorization is communicated to the hardware component through the mobile device.
- Example 49 is the apparatus of example [00132] further comprising means for receiving the configuration data from the hardware component and means for communicating the authorization to the hardware component.
- Example 50 is the apparatus of example [00132] wherein the configuration data is received in encrypted form, the logic being further configured to decrypt the configuration data.
- Example 51 is the apparatus of example [00132] wherein the configuration data is received in encrypted form further comprising means for decrypting the configuration data.
- Example 52 is the apparatus of any of examples [00132] to [00142] wherein the hardware component is a semiconductor package containing a processor and a memory in communication with the processor.
- Example 53 is a system comprising the apparatus of examples [00138] or [00139] further comprising a wireless interface, the wireless interface being used to communicate with the mobile device.
- Example 54 is a system comprising the apparatus of examples [00138] or [00139] further comprising means for communicating with the mobile device.
- Example 55 is the system of example [00144] wherein the mobile device generates a user interface through which the request to modify one or more configuration parameters is received.
- Example 56 is the system of example [00144] wherein the wireless interface is selected from a group consisting of RF, WiFi, Bluetooth and NFC.
- Example 57 is a method comprising receiving a request to modify one or more configuration parameters of a hardware component, receiving configuration data indicating the current configuration parameters of the hardware component and a unique identifier identifying the hardware component, generating an authorization to modify the one or more of the configuration parameters, the authorization containing the unique identifier and the authorization being signed by the private key and communicating the authorization to the hardware component.
- Example 58 is the method of example [00148] further comprising receiving status information indicating the receipt of the authorization by the hardware component, storing the authorization and status information and transmitting the authorization and status information to a remote system.
- Example 59 is the method of example [00148] wherein the request to modify one or more configuration parameters of a hardware component is received through a user interface.
- Example 60 is the method of example [00150] wherein the configuration data is received through a wired connection and further wherein the authorization is communicated to the hardware component via the wired connection.
- Example 61 is the method of example [00148] wherein the request to modify one or more configuration parameters of a hardware component is received from a mobile device.
- Example 62 is the method of example [00152] wherein the configuration data is received through the mobile device and further wherein the authorization is communicated to the hardware component through the mobile device.
- Example 63 is the method of example [00148] wherein the configuration data is encrypted, the method further comprising decrypting the configuration data prior to generating the authorization.
- Example 64 is the apparatus of any of examples [00148] to [00154] wherein the hardware component is a semiconductor package containing a processor and a memory in communication with the processor.
- Example 65 is a system comprising a processor, memory, containing logic for execution by the processor, the logic implementing the method according to any of examples [00148] to [00155] and a hardware signing module containing a private encryption key.
- Example 66 is the system of example [00156] further comprising a wireless interface, the wireless interface being used to communicate with the mobile device.
- Example 67 is the system of example [00156] further comprising means for communicating with the mobile device.
- Example 68 is the system of example [00157] wherein the wireless interface is selected from a group consisting of RF, WiFi, Bluetooth and NFC.
- Example 69 is the system of example [00157] wherein the mobile device generates a user interface through which the request to modify one or more configuration parameters is received.
- Example 70 is the system of example [00157] further comprising means for receiving the request to modify one or more configuration parameters.
- Example 71 is a non-transitory machine-readable medium comprising plurality of instructions that, when executed by a processor, cause the processor to receive a request to modify one or more configuration parameters of a hardware component, receive configuration data indicating the current configuration parameters of the hardware component and a unique identifier identifying the hardware component, generate an authorization to modify the one or more of the configuration parameters, the authorization containing the unique identifier and the authorization being signed by the private key and communicate the authorization to the hardware component.
- Example 72 is the non-transitory machine-readable medium of example [00162] further comprising instructions that, when executed by a processor, cause the processor to receive status information indicating the receipt of the authorization by the hardware component, store the authorization and status information and transmit the authorization and status information to a remote system.
- Example 73 is the non-transitory machine-readable medium of example [00162] wherein the configuration data is encrypted, further comprising instructions that, when executed by a processor, cause the processor to decrypt the configuration data.
- Example 74 is the non-transitory machine-readable medium of example [00162] wherein the configuration data is encrypted, further comprising means for decrypting the configuration data.
- Example 75 is the non-transitory machine-readable medium of any of examples [00162] to [00164] wherein the hardware component is a semiconductor package containing a processor and a memory in communication with the processor.
- Example 76 is the non-transitory machine-readable medium of any of examples [00162] to [00166] wherein the instructions further cause the processor to generate a user interface.
- Example 77 is the non-transitory machine-readable medium of any of examples [00162] to [00166] further comprising means for generating a user interface.
- Example 78 is the non-transitory machine-readable medium of examples [00167] or [00168] wherein the request to modify one or more configuration parameters of a hardware component is received through the user interface.
- Example 79 is the non-transitory machine-readable medium of any of examples [00162] to [00169] wherein the authorization is communicated to the hardware component via a wired connection.
- Example 80 is the non-transitory machine-readable medium of any of examples [00162] to [00169] further comprising means for communicating the authorization to the hardware component.
- Example 81 is the non-transitory machine-readable medium of any of examples [00162] to [00166] wherein the request to modify one or more configuration parameters of a hardware component is received from a mobile device and further wherein the authorization is communicated to the hardware component through the mobile device.
- Example 82 is the non-transitory machine-readable medium of any of examples [00162] to [00166] further comprising means for receiving the request to modify one or more configuration parameters from a hardware component and means for communicating the authorization to the hardware component.
- Example 83 is a system comprising the non-transitory machine-readable medium of example [00172] further comprising a wireless interface, the wireless interface being used to communicate with the mobile device.
- Example 84 is the system of example [00174] wherein the mobile device generates a user interface through which the request to modify one or more configuration parameters is received.
- Example 85 is the system of any of examples [00174] or [00175] wherein the wireless interface is selected from a group consisting of RF, WiFi, Bluetooth and NFC. It should be noted that the methods described herein do not have to be executed in the order described, or in any particular order. Moreover, various activities described with respect to the methods identified herein can be executed in serial or parallel fashion.
- Although specific embodiments have been illustrated and described herein, it should be appreciated that any arrangement calculated to achieve the same purpose may be substituted for the specific embodiments shown. This disclosure is intended to cover any and all adaptations or variations of various embodiments. It is to be understood that the above description has been made in an illustrative fashion, and not a restrictive one. Combinations of the above embodiments, and other embodiments not specifically described herein will be apparent to those of skill in the art upon reviewing the above description. Thus, the scope of various embodiments includes any other applications in which the above compositions, structures, and methods are used.
- It is emphasized that the Abstract of the Disclosure is provided to comply with 37 C.F.R. § 1.72(b), requiring an abstract that will allow the reader to quickly ascertain the nature of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. In addition, in the foregoing Detailed Description, it can be seen that various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive subject matter lies in less than all features of a single disclosed embodiment. Thus the following claims are hereby incorporated into the Detailed Description, with each claim standing on its own as a separate preferred embodiment. In the appended claims, the terms “including” and “in which” are used as the plain-English equivalents of the respective terms “comprising” and “wherein,” respectively. Moreover, the terms “first,” “second,” and “third,” etc. are used merely as labels, and are not intended to impose numerical requirements on their objects.
- Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
Claims (20)
1. An apparatus, comprising:
a processor, the processor comprising circuitry to:
receive a license data block, the license data block to comprise a modified configuration for one or more operational capabilities of the processor; and
upgrade a current configuration of the one or more operational capabilities of the processor based on the modified configuration of the license data block.
2. The apparatus of claim 1 , the current configuration to disable a first operational capability of the one or more operational capabilities of the processor, the modified configuration to enable the first operational capability.
3. The apparatus of claim 1 , the processor comprising circuitry to:
validate the license data block based on an identifier to be used to sign the license data block and a unique identifier of the processor.
4. The apparatus of claim 1 , wherein a configuration data block of the processor is to store the current configuration of the one or more operational capabilities of the processor, wherein the circuitry to upgrade the current configuration is to comprise circuitry to:
override the configuration data block with the modified configuration of the license data block.
5. The apparatus of claim 1 , wherein the license data block is to be encrypted based on a private key, the processor comprising circuitry to:
decrypt the encrypted license data block based on a public key.
6. The apparatus of claim 1 , wherein the one or more operational capabilities are to comprise: (i) a number of computing threads to be executed by a processor core of the processor, (ii) a count of enabled processor cores of the processor, (iii) a size of a cache of the processor, or (iv) an operating frequency of the processor.
7. The apparatus of claim 1 , the license data block to be received via a network, the modified configuration different than the current configuration.
8. A non-transitory computer-readable storage medium, the computer-readable storage medium including instructions that when executed by a processor, cause the processor to:
receive a license data block, the license data block to comprise a modified configuration for one or more operational capabilities of the processor; and
upgrade a current configuration of the one or more operational capabilities of the processor based on the modified configuration of the license data block.
9. The computer-readable storage medium of claim 8 , the current configuration to disable a first operational capability of the one or more operational capabilities of the processor, the modified configuration to enable the first operational capability.
10. The computer-readable storage medium of claim 8 , wherein the instructions further cause the processor to:
validate the license data block based on an identifier to be used to sign the license data block and a unique identifier of the processor.
11. The computer-readable storage medium of claim 8 , wherein a configuration data block of the processor is to store the current configuration of the one or more operational capabilities of the processor, wherein the instructions to upgrade the current configuration are to comprise instructions that when executed by the processor, cause the processor to:
override the configuration data block with the modified configuration of the license data block.
12. The computer-readable storage medium of claim 8 , wherein the license data block is encrypted based on a private key, wherein the instructions further cause the processor to:
decrypt the encrypted license data block based on a public key.
13. The computer-readable storage medium of claim 8 , wherein the one or more operational capabilities are to comprise: (i) a number of computing threads to be executed by a processor core of the processor, (ii) a count of enabled processor cores of the processor, (iii) a size of a cache of the processor, or (iv) an operating frequency of the processor.
14. The computer-readable storage medium of claim 8 , the license data block to be received via a network, the modified configuration different than the current configuration.
15. A method, comprising:
receiving, by a processor, a license data block comprising a modified configuration for one or more operational capabilities of the processor; and
upgrading, by the processor, a current configuration of the one or more operational capabilities of the processor based on the modified configuration of the license data block.
16. The method of claim 15 , the current configuration to disable a first operational capability of the one or more operational capabilities of the processor, the modified configuration to enable the first operational capability.
17. The method of claim 15 , further comprising:
validating, by the processor, the license data block based on an identifier used to sign the license data block and a unique identifier of the processor.
18. The method of claim 15 , wherein a configuration data block of the processor is to store the current configuration of the one or more operational capabilities of the processor, wherein upgrading the current configuration comprises:
overriding, by the processor, the configuration data block with the modified configuration of the license data block.
19. The method of claim 15 , wherein the license data block is encrypted based on a private key, the method further comprising:
decrypting, by the processor, the encrypted license data block based on a public key.
20. The method of claim 15 , wherein the one or more operational capabilities comprise: (i) a number of computing threads to be executed by a processor core of the processor, (ii) a count of enabled processor cores of the processor, (iii) a size of a cache of the processor, or (iv) an operating frequency of the processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/526,563 US20220078027A1 (en) | 2017-09-28 | 2021-11-15 | System and method for reconfiguring and deploying soft stock-keeping units |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/719,375 US11218322B2 (en) | 2017-09-28 | 2017-09-28 | System and method for reconfiguring and deploying soft stock-keeping units |
US17/526,563 US20220078027A1 (en) | 2017-09-28 | 2021-11-15 | System and method for reconfiguring and deploying soft stock-keeping units |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/719,375 Continuation US11218322B2 (en) | 2017-09-28 | 2017-09-28 | System and method for reconfiguring and deploying soft stock-keeping units |
Publications (1)
Publication Number | Publication Date |
---|---|
US20220078027A1 true US20220078027A1 (en) | 2022-03-10 |
Family
ID=65808421
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/719,375 Active 2040-05-04 US11218322B2 (en) | 2017-09-28 | 2017-09-28 | System and method for reconfiguring and deploying soft stock-keeping units |
US17/526,563 Pending US20220078027A1 (en) | 2017-09-28 | 2021-11-15 | System and method for reconfiguring and deploying soft stock-keeping units |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/719,375 Active 2040-05-04 US11218322B2 (en) | 2017-09-28 | 2017-09-28 | System and method for reconfiguring and deploying soft stock-keeping units |
Country Status (1)
Country | Link |
---|---|
US (2) | US11218322B2 (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11196747B2 (en) | 2017-12-07 | 2021-12-07 | Bank Of America Corporation | Automated event processing computing platform for handling and enriching blockchain data |
US20190180276A1 (en) | 2017-12-07 | 2019-06-13 | Bank Of America Corporation | Automated Event Processing Computing Platform for Handling and Enriching Blockchain Data |
US11157624B2 (en) * | 2019-08-14 | 2021-10-26 | Silicon Motion, Inc. | Scheme of using electronic device to activate mass production software tool to initialize memory device including flash memory controller and flash memory |
WO2021062243A2 (en) | 2019-09-27 | 2021-04-01 | Intel Corporation | Systems, methods, and apparatus for software defined silicon security |
CN114341917A (en) * | 2019-09-27 | 2022-04-12 | 英特尔公司 | Software defined silicon implementation and management |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030134675A1 (en) * | 2002-01-16 | 2003-07-17 | Mike Oberberger | Gaming system license management |
US20130031363A1 (en) * | 2011-07-25 | 2013-01-31 | Andrew Wnuk | Generating a crl using a sub-system having resources separate from a main certificate authority sub-system |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012122994A1 (en) * | 2011-03-11 | 2012-09-20 | Kreft Heinz | Off-line transfer of electronic tokens between peer-devices |
US20150205614A1 (en) * | 2012-03-21 | 2015-07-23 | Mika Lähteenmäki | Method in a processor, an apparatus and a computer program product |
US10771448B2 (en) | 2012-08-10 | 2020-09-08 | Cryptography Research, Inc. | Secure feature and key management in integrated circuits |
GB201321148D0 (en) * | 2013-11-29 | 2014-01-15 | Bridgeworks Ltd | Data transfer |
JP5946068B2 (en) * | 2013-12-17 | 2016-07-05 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | Computation method, computation apparatus, computer system, and program for evaluating response performance in a computer system capable of operating a plurality of arithmetic processing units on a computation core |
US20150341229A1 (en) * | 2014-05-20 | 2015-11-26 | Krystallize Technologies, Inc | Load generation application and cloud computing benchmarking |
US9734103B2 (en) * | 2015-01-25 | 2017-08-15 | Dell Products, L.P. | Systems and methods for transforming a central processing unit (CPU) socket into a memory and/or input/output (I/O) expander |
US20170221017A1 (en) * | 2015-04-01 | 2017-08-03 | Ron Gonen | System and method to manage collection of waste resources |
US10034407B2 (en) * | 2016-07-22 | 2018-07-24 | Intel Corporation | Storage sled for a data center |
US10445141B2 (en) * | 2016-08-18 | 2019-10-15 | Honeywell International Inc. | System and method supporting single software code base using actor/director model separation |
-
2017
- 2017-09-28 US US15/719,375 patent/US11218322B2/en active Active
-
2021
- 2021-11-15 US US17/526,563 patent/US20220078027A1/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030134675A1 (en) * | 2002-01-16 | 2003-07-17 | Mike Oberberger | Gaming system license management |
US20130031363A1 (en) * | 2011-07-25 | 2013-01-31 | Andrew Wnuk | Generating a crl using a sub-system having resources separate from a main certificate authority sub-system |
Also Published As
Publication number | Publication date |
---|---|
US11218322B2 (en) | 2022-01-04 |
US20190097810A1 (en) | 2019-03-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220078027A1 (en) | System and method for reconfiguring and deploying soft stock-keeping units | |
US11640600B2 (en) | Using on-demand applications to process encrypted data from a contactless card | |
US20230306419A1 (en) | Payment system | |
CN107111500B (en) | Wireless provisioning of application libraries | |
EP3436937B1 (en) | Blocking and non-blocking firmware update | |
JP2022539773A (en) | Systems and methods for enabling mobile near field communication to update displays on payment cards | |
US11645646B2 (en) | Determining specific terms for contactless card activation | |
US11676152B2 (en) | Application-based point of sale system in mobile operating systems | |
US20220358533A1 (en) | Verified reviews using a contactless card | |
CN107197025B (en) | Remote management system and method of intelligent POS | |
KR101583726B1 (en) | Apparatus and method for proccesing card transaction in a payment system | |
TWM545956U (en) | Mobile payment system | |
CN108173845B (en) | Metering instrument with core chip and information security interaction system | |
US20190122205A1 (en) | Card issuing and payment system and method using mobile device | |
KR20160137087A (en) | Method for distributing encrypt key, card reader, authentification server and system for distributing encrypt key thereof | |
KR20130128296A (en) | Method and system for providing a prepaid voucher service based on nfc tag | |
JP2013025607A (en) | Information processor and information processing method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: ADVISORY ACTION MAILED |