Abstract: Generating a hardware description for configuring a digital electronic circuit, such as an application-specific integrated circuit (ASIC) or a field-programmable gate array (FPGA), wherein the hardware description configures the digital electronic circuit to parse input data comprising a sequence of input tokens against an LL (1) grammar. This is achieved by implementing a recursive transition network (RTN) or an augmented transition network (ATN) representing the grammar within the digital electronic circuit. When the grammar defines a data format, such as a JSON schema, XML Schema Definition (XSD), or ASN.1 schema, a document can be validated against the data format by the configured digital electronic circuit processing the document as the input data.

Abstract: A process performed at a first computer system for establishing a connection over a network between a second computer system and a logic block of the first computer system, comprises: providing an attestation from the first computer system to the second computer system that the logic block of the first computer system has not previously established a connection over the network with any computer system since the most recent power-up or reset of the logic block.

Abstract: A secure boot computer system is provided. The system comprises a logic block comprising one or more processing units that executes instructions, the logic block being configured to request boot instructions over a first interface, according to a first communication protocol, on power-up or reset of the logic block. A controller component is configured to communicate with the logic block over the first interface according to the first communication protocol, the controller being further configured to implement a communications link to a second computer system and to receive the boot instructions from the second computer system. The logic block is preconfigured to communicate with the controller over the first interface according to the first communication protocol in a manner that cannot be altered by instructions executed by the logic block. The controller is configured to prevent the completion of any write requests from the logic block.

Abstract: A computer system for securely controlling an insecure computer is provided. The system comprises an insecure computer, a secure computer and a unidirectional dataflow enforcer. The insecure computer comprises a dedicated video output with a hardware interface, and is configured to transmit its video output to a secure computer over a first connection and to receive instructions for controlling the insecure computer over a second connection. The secure computer is configured to receive the video output of the insecure computer over the first connection and to transmit instructions for controlling the insecure computer over the second connection. The unidirectional dataflow enforcer is configured to enforce unidirectional dataflow between the secure computer and the insecure computer, such that dataflow from the secure computer to the insecure computer over the second connection is allowed, but dataflow from the insecure computer to the secure computer over the second connection is prevented.