Abstract: Dynamic Trust Manager (DTM) having an interface coupled to an embedded system including an Application Processor (AP), boot media, and security processor. The security processor, at a start of a boot sequence of the AP, prevents the AP from proceeding with the boot sequence, verifies bootloader code stored in the boot media via boot media access, and if the bootloader code verification is successful, allows the AP to proceed using the verified bootloader code. The security processor may also be configured to activate an interrupt request of the AP during runtime, request the AP to execute a Security Monitor Driver (SMD) of the embedded system to measure an integrity information of code/data stored in an embedded system memory, receive from the SMD the measured integrity information of code/data, and verify whether the measured integrity information equals a reference integrity information stored in an integrity table of a DTM memory.

Abstract: Dynamic Trust Manager (DTM) having an interface coupled to an embedded system including an Application Processor (AP), boot media, and security processor. The security processor, at a start of a boot sequence of the AP, prevents the AP from proceeding with the boot sequence, verifies bootloader code stored in the boot media via boot media access, and if the bootloader code verification is successful, allows the AP to proceed using the verified bootloader code. The security processor may also be configured to activate an interrupt request of the AP during runtime, request the AP to execute a Security Monitor Driver (SMD) of the embedded system to measure an integrity information of code/data stored in an embedded system memory, receive from the SMD the measured integrity information of code/data, and verify whether the measured integrity information equals a reference integrity information stored in an integrity table of a DTM memory.

Abstract: According to an embodiment, a programmable logic device includes a plurality of logic blocks and a logic unit. The logic blocks are grouped into one or more partitions. The logic unit controls external access to the one or more partitions, controls programming of the one or more partitions and controls interconnection and operation of the one or more partitions during operation of the programmable logic device.

Abstract: An embodiment method for vehicle messaging includes obtaining initial trust information that includes a root public key (RPK), and obtaining a first pool of group certificate (GC) sets and a first vehicle authentication certificate that includes a first encrypted serial number. The method also includes: selecting from the first pool a first GC and a first group private key (Gpk); determining a first signature in accordance with a first message and a digest function; sending a first datagram that includes the first message and the first signature; receiving a second datagram that includes a second GC and a second signature, the second GC duplicating a GC in the first pool; receiving a third datagram that includes a third GC and a third signature, the third GC not duplicating any GC in the first pool; and verifying the second and third datagrams in accordance with the digest function and RPK.

Abstract: An embodiment method for vehicle messaging includes obtaining initial trust information that includes a root public key (RPK), and obtaining a first pool of group certificate (GC) sets and a first vehicle authentication certificate that includes a first encrypted serial number. The method also includes: selecting from the first pool a first GC and a first group private key (Gpk); determining a first signature in accordance with a first message and a digest function; sending a first datagram that includes the first message and the first signature; receiving a second datagram that includes a second GC and a second signature, the second GC duplicating a GC in the first pool; receiving a third datagram that includes a third GC and a third signature, the third GC not duplicating any GC in the first pool; and verifying the second and third datagrams in accordance with the digest function and RPK.

Abstract: A system and method for controlling a device. Data that was encrypted using a first encryption scheme is decrypted, then re-encrypted using a second encryption scheme. The re-encrypted data is then decrypted.

Abstract: According to an embodiment, a programmable logic device includes a plurality of logic blocks, memory, a plurality of connection control elements and a logic unit. The logic blocks are grouped into one or more programmed partitions. The memory stores authentication information and partition information. The connection control elements controllably interconnect different ones of the logic blocks. The logic unit controls external access to the one or more partitions based on the authentication information, controls reprogramming of the one or more partitions based on at least some of the partition information and configures the connection control elements based on at least some of the partition information.

Abstract: Methods and systems for transferring information to a device include assigning a unique identifier to a device and generating a unique key for the device. The device is located at a first site, and the unique identifier is sent from the device to a second site. The unique key is obtained at the second site, and it is used for encrypting information at the second site. The encrypted information is sent from the second site to the device, where it can then be decrypted.

Abstract: A system and method for controlling a device. Data that was encrypted using a first encryption scheme is decrypted, then re-encrypted using a second encryption scheme. The re-encrypted data is then decrypted.

Abstract: A system and method for controlling a device. Data that was encrypted using a first encryption scheme is decrypted, then re-encrypted using a second encryption scheme. The re-encrypted data is then decrypted.

Abstract: According to an embodiment, a programmable logic device includes a plurality of logic blocks, memory and a logic unit. The logic blocks are grouped into one or more partitions. The memory stores authentication and partition information uploaded to the programmable logic device prior to partition programming. The logic unit authenticates programming access to the one or more partitions based on the authentication information and controls programming of the one or more partitions based on the partition information.

Abstract: A method of controlling access to a device. First information is provided. Second information is retrieved from the device. The first information is used to retrieve associated third information. A key is generated based on the second information and the third information. Access to the device is controlled by using the key.

Abstract: A system and method for transferring information include generating a public/private key pair for programming equipment and sending the programming equipment public key to a certificate authority. A programming equipment certificate is generated using the programming equipment public key and a private key of the certificate authority. The programming equipment certificate and a certificate authority certificate are sent to the programming equipment. Information is transferred to or from the programming equipment in response to an authentication using the programming equipment certificate and the certificate authority certificate.

Abstract: According to an embodiment, a programmable logic device includes a plurality of logic blocks, memory and a logic unit. The logic blocks are grouped into one or more partitions. The memory stores authentication and partition information uploaded to the programmable logic device prior to partition programming. The logic unit authenticates programming access to the one or more partitions based on the authentication information and controls programming of the one or more partitions based on the partition information.

Abstract: According to an embodiment, a programmable logic device includes a plurality of logic blocks and a logic unit. The logic blocks are grouped into one or more partitions. The logic unit controls external access to the one or more partitions, controls programming of the one or more partitions and controls interconnection and operation of the one or more partitions during operation of the programmable logic device.

Abstract: According to an embodiment, a programmable logic device includes a plurality of logic blocks, memory, a plurality of connection control elements and a logic unit. The logic blocks are grouped into one or more programmed partitions. The memory stores authentication information and partition information. The connection control elements controllably interconnect different ones of the logic blocks. The logic unit controls external access to the one or more partitions based on the authentication information, controls reprogramming of the one or more partitions based on at least some of the partition information and configures the connection control elements based on at least some of the partition information.

Abstract: A system and method for transferring information to a device include sending a first challenge from an information provider to programming equipment, and responding to the first challenge by the programming equipment. A second challenge is sent from the programming equipment to the information provider, which responds to the second challenge. Information is encrypted by the information provider and sent from the information provider to the programming equipment.

Abstract: A system and method for transferring information include generating a public/private key pair for programming equipment and sending the programming equipment public key to a certificate authority. A programming equipment certificate is generated using the programming equipment public key and a private key of the certificate authority. The programming equipment certificate and a certificate authority certificate are sent to the programming equipment. Information is transferred to or from the programming equipment in response to an authentication using the programming equipment certificate and the certificate authority certificate.

Abstract: A system and method for controlling a device. Data that was encrypted using a first encryption scheme is decrypted, then re-encrypted using a second encryption scheme. The re-encrypted data is then decrypted.

Abstract: A method of controlling access to a device. First information is provided. Second information is retrieved from the device. The first information is used to retrieve associated third information. A key is generated based on the second information and the third information. Access to the device is controlled by using the key.