A programmable logic device verifies that configuration data permissibly programs the programmable logic device. The programmable logic device includes a programmable fabric having partitions to be programmed by the configuration data, a secure device manager that may generate masks based on the configuration data, and a local sector manager. The masks determine that the configuration data is configured to permissibly program the permitted partitions or that the permitted partitions have been permissibly programmed. The local sector manager applies the masks to generate an interleaved result, compares the interleaved result to an expected result, and sends an indication that the configuration data is configured to permissibly program the permitted partitions or permissibly programmed the permitted partitions in response to determining that the interleaved result is the expected result, or sends an alert to stop programming in response to determining that the interleaved result is not the expected result.

A programmable logic device verifies that configuration data permissibly programs the programmable logic device. The programmable logic device includes a programmable fabric having partitions to be programmed by the configuration data, a secure device manager that may generate masks based on the configuration data, and a local sector manager. The masks determine that the configuration data is configured to permissibly program the permitted partitions or that the permitted partitions have been permissibly programmed. The local sector manager applies the masks to generate an interleaved result, compares the interleaved result to an expected result, and sends an indication that the configuration data is configured to permissibly program the permitted partitions or permissibly programmed the permitted partitions in response to determining that the interleaved result is the expected result, or sends an alert to stop programming in response to determining that the interleaved result is not the expected result.

Methods and systems are provided for protecting a circuit design for an integrated circuit. Logic circuits are identified in at least a portion of the circuit design for replacement. The logic circuits in the circuit design are replaced with a bitstream and configurable circuits that comprise memory circuits. A transformed circuit design is generated for the integrated circuit that comprises the configurable circuits. The configurable circuits in the transformed circuit design perform logic functions of the logic circuits when the bitstream is stored in the memory circuits in the configurable circuits.

There is provided a method of permitting one or more features on a computer program. The computer program executing on a hardware with a hardware identifier. The method comprises, at the authentication server, receiving an authentication key indicating authorised features of the computer program, generating a server key based on the hardware identifier and a feature list, and comparing the authentication key with the server key. The method further comprises, at the authentication client, receiving a feature request comprising one or more features to be permitted on the computer program, generating a feature verification message based on the one or more features, and transmitting the feature verification message to the authentication server. The method further comprises, at the authentication server, receiving the feature verification message, verifying that the one or more features are within the feature list, generating a response key if the one more or more features are within the feature list and the authentication key matches the server key, and transmitting the response key to the authentication client. The method further comprises, at the authentication client, receiving the response key, and permitting the one or more features on the computer program.

A method for remotely programming a programmable device designed to provide an expected sensitive result. The method including transmitting a first program code to the programmable device, the first program code being configured to get at least one distinctive data unique and physically inherent to the programmable device, retrieving the distinctive data, and transmitting a second program code based on the retrieved distinctive data to the programmable device, so as to load the second program code into the programmable device.

A method for managing licenses for soft IP on a partially reconfigurable hardware system, in particular an FPGA, wherein a license manager is provided in the non-configurable part of the hardware system, or is accessible only for the non-configurable part of the hardware system, where the license manager has exclusive access to a non-volatile memory in which license data having a time restriction of the useful life of at least one soft IP is stored, where before activating a particular soft IP, the license manager checks whether the useful life has expired, where the license manager only releases use of the soft IP if the useful life has not yet expired, where the license data is changed using a key, which is stored in a non-volatile memory for license data, and where a new key is stored and the preceding key is deleted when the license data is changed.

A method for managing licenses for soft IP on a partially reconfigurable hardware system, in particular an FPGA, wherein a license manager is provided in the non-configurable part of the hardware system, or is accessible only for the non-configurable part of the hardware system, where the license manager has exclusive access to a non-volatile memory in which license data having a time restriction of the useful life of at least one soft IP is stored, where before activating a particular soft IP, the license manager checks whether the useful life has expired, where the license manager only releases use of the soft IP if the useful life has not yet expired, where the license data is changed using a key, which is stored in a non-volatile memory for license data, and where a new key is stored and the preceding key is deleted when the license data is changed.

Analytics processing circuitry can include a data scavenger and a data analyzer coupled to receive the data from the data scavenger. The data scavenger collects data from at least one element of interest of a plurality of elements of interest of an IC. The data analyzer identifies patterns in the data from the data scavenger over a time frame or for a snapshot of time based on a predefined metric. The analytics processing circuitry can further include a moderator and a risk predictor. The risk predictor generates a risk assessment regarding whether the data collected by the data scavenger is indicative of normal behavior or abnormal behavior based at least on the output of the data analyzer and a behavioral model for the IC, which can be device and application specific. A threat response can be performed based on the risk assessment.

An integrated circuit chip includes a plurality of function blocks; a mode controller configured to convert an input signal, received from an external device through an input/output pin, into an input pattern and test mode setting data which include a plurality of bits, and to output the test mode setting data and a mode switching enable signal when a secure pattern generated therein is the same as the input pattern; and a mode setting module configured to control the plurality of function blocks to operate in a test mode according to the mode setting data, in response to the test mode switching enable signal.

An integrated circuit chip includes a plurality of function blocks; a mode controller configured to convert an input signal, received from an external device through an input/output pin, into an input pattern and test mode setting data which include a plurality of bits, and to output the test mode setting data and a mode switching enable signal when a secure pattern generated therein is the same as the input pattern; and a mode setting module configured to control the plurality of function blocks to operate in a test mode according to the mode setting data, in response to the test mode switching enable signal.