[go: up one dir, main page]

WO2016137397A2 - Multi-tenant cloud based systems and methods for secure semiconductor design-to-release manufacturing workflow and digital rights management - Google Patents

Multi-tenant cloud based systems and methods for secure semiconductor design-to-release manufacturing workflow and digital rights management Download PDF

Info

Publication number
WO2016137397A2
WO2016137397A2 PCT/SG2016/050090 SG2016050090W WO2016137397A2 WO 2016137397 A2 WO2016137397 A2 WO 2016137397A2 SG 2016050090 W SG2016050090 W SG 2016050090W WO 2016137397 A2 WO2016137397 A2 WO 2016137397A2
Authority
WO
WIPO (PCT)
Prior art keywords
workflow
user
cloud
execution
client machine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/SG2016/050090
Other languages
French (fr)
Other versions
WO2016137397A3 (en
Inventor
James Marcus EDWARDS
Joseph Kinman Lee
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Silicon Cloud International Pte Ltd
Original Assignee
Silicon Cloud International Pte Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Silicon Cloud International Pte Ltd filed Critical Silicon Cloud International Pte Ltd
Publication of WO2016137397A2 publication Critical patent/WO2016137397A2/en
Publication of WO2016137397A3 publication Critical patent/WO2016137397A3/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine

Definitions

  • aspects of the present disclosure are directed to multi-tenant cloud based systems and methods for securely managing scientific, engineering, and/or other types of multi-party workflows; managing, tracking, and auditing the utilization and generation of proprietary information, including internal and third party intellectual property (IP), associated with the execution of such workflows.
  • Particular aspects of the present disclosure are directed to multi-tenant cloud based systems and methods for securely managing multi- organizational semiconductor design-to-release manufacturing (DTRM) workflows and tracking / auditing semiconductor design IP provenance associated with semiconductor product design workflow execution.
  • DTRM multi- organizational semiconductor design-to-release manufacturing
  • Technological evolution has given rise to increasingly complex technological products, such as semiconductor integrated circuit (IC) chips, which can be characterized by greatly increased structural and functional complexity over time, as well as greatly increased design and manufacturing process complexity over time.
  • the design and production of various types of modern technological products requires (a) the provision of many complex design inputs to many complex, highly structured, and appropriately sequenced design processes, which generate highly complex design outputs that are themselves used as inputs to particular design processes; and (b) the performance of many complex, highly structured, and appropriately sequenced production processes that correspondingly require multiple complex production inputs, and which generate complex production outputs that are used as inputs to particular production processes.
  • a scientific or engineering design workflow or more particularly, a scientific or engineering design-to- release manufacturing (DTRM) workflow
  • DTRM scientific or engineering design-to- release manufacturing
  • the DTRM workflow specifies a set of inputs required and a set of outputs produced by any individual design process that falls within the scope of designing the product.
  • the DTRM workflow further links multiple distinct design processes in an appropriately sequenced manner for generating a set of final design outputs that can be provided as a set of inputs to a production workflow for producing the product in accordance with the predefined production process requirements.
  • the execution of a DTRM workflow for a complex technological product involves interaction between multiple organizations as a result of the aforementioned supply chain disaggregation. More particularly, the execution of a DTRM workflow by multiple organizations is characterized by information exchange between the organizations, in accordance with the specific requirements of the design workflow, with which each organization must comply.
  • the information provided by any given organization typically includes proprietary information, i.e., intellectual property (IP), which is unique to the organization from which it came, which must be kept strictly confidential, and which should be identifiable / traceable / trackable in the product design.
  • IP intellectual property
  • the performance of one or more design processes can result in the generation of additional proprietary information or IP, which is unique to the organization that performed the process(es) that resulted in the additional IP, which must be kept strictly confidential, and which should be identifiable / traceable / trackable in the product design.
  • the supply chain includes four categorical types of participants or organizations, namely, IC chip manufacturing foundries; IP "building block” or IP core providers; electronic design automation (EDA) tool providers; and IC design companies that employ IC designers organized into one or more IC design teams for purpose of designing specific types of semiconductor IC products.
  • Any given semiconductor DTRM workflow is generated and validated in a manner that requires compliance with specific workflow requirements by each of such types of organizations.
  • semiconductor IC design companies face high or very high costs with respect to acquiring licenses to EDA tools that are best suited for designing forthcoming products in accordance with a current product design cycle and current manufacturing technology capabilities.
  • semiconductor IC design companies face difficulties with respect to executing semiconductor DTRM workflows in a manner that enforces IP workflow compliance and strict IP confidentiality; high profile IP breaches, including IP theft, have been known to occur.
  • a multi-tenant cloud based system for secure management of scientific / engineering workflows and digital rights associated therewith provides a plurality of client machines corresponding to each of a plurality of cloud tenants, which are configured for secure, strictly controlled communication with a cloud environment within which workflow management, workflow execution, and associated digital rights tracking occurs.
  • Each client machine is configured such that non-display data storage and transfer are disabled, including local storage of information other than for purpose of display by the client machine.
  • Each client machine serves as a strictly controlled selective data import function and a command / instruction input function for communication with the cloud environment.
  • each client machine provides a strictly controlled selective window, function, or service with respect to (a) the export of data from the cloud environment to the client machine, or equivalently, the import of data to the client machine from the cloud environment; and (b) the input of commands to the client machine and the transfer of such commands to the cloud environment.
  • the cloud environment is configured for providing dynamically allocatable virtualized computing resources including, for each cloud tenant, at least some of: (a) a virtual desktop management system configured for exchanging data with client machines in accordance with a remote desktop / display protocol; (b) a role based user access, data control, and monitoring system configured for securely controlling and monitoring each user's access to and usage of cloud environment resources and data in accordance with predefined user roles; (c) a plurality of databases including at least one graph database in which scientific / engineering workflows corresponding to the cloud tenant are stored as workflow graph property models, wherein each workflow property graph model can have an execution state machine corresponding thereto or stored as a portion thereof, in association with which an intended or expected workflow execution state can be defined or determined; (d) a plurality of virtualized servers configurable to provide at least one workflow execution environment corresponding to the cloud tenant, within which workflow execution occurs; (e) a graph based workflow execution tracking and compliance enforcement system corresponding to each of the cloud tenant's workflow execution environments, which is configured for monitoring workflow execution
  • Those portions of the system corresponding to each cloud tenant, other than the cloud tenant's client machines, can form portions of a virtualized design-to-release manufacturing (DTRM) system corresponding to the tenant, such as a virtualized semiconductor DTRM system.
  • DTRM virtualized design-to-release manufacturing
  • the first workflow is stored in the first cloud tenant's plurality of databases as a first workflow property graph model, which has a first execution state machine corresponding thereto;
  • a first graph based workflow execution tracking and compliance enforcement system is configured for dynamically generating a first workflow execution property graph model during execution of the first workflow, which indicates whether any workflow execution violations have occurred during first workflow execution;
  • a first graph based digital rights management system is configured for generating at least one IP provenance pattern corresponding to IP utilized and/or IP generated during execution of the first workflow.
  • the second workflow is stored in the second cloud tenant's plurality of databases as a second workflow property graph model, which has a second execution state machine corresponding thereto; a second graph based workflow execution tracking and compliance enforcement system is configured for dynamically generating a second workflow execution property graph model during execution of the second workflow, which indicates whether any workflow execution violations have occurred during second workflow execution; and the graph based digital rights management system is configured for generating at least one IP provenance pattern corresponding to IP utilized and/or IP generated during execution of the second workflow.
  • all data, workflows, workflow related IP, workflow execution environments, workflow execution tracking and monitoring results, IP provenance patterns, and incremental backup data are securely segregated from each other cloud tenant, such as by way of separate virtualized DTRM systems corresponding to each cloud tenant, where communication between a given cloud tenant's virtualized DTRM system and that of another cloud tenant is prohibited.
  • no portions of any design data, workflows, workflow related IP, workflow execution environment, workflow execution tracking and monitoring results, IP provenance patterns, or incremental backup data reside on or are stored / storable for purpose other than display by any client machine at any time.
  • data transfer is prohibited from client machines to destinations other than portions of the cloud environment corresponding to the cloud tenant under consideration.
  • the cloud computing system includes: (a) a set of client machines, each client machine comprising hardware and software resources providing a virtual desktop having a data import function and a command input function by which a user associated with the cloud tenant views data and inputs commands, respectively, each client machine having non-display data storage and data export functions disabled, including local storage of information other than for purpose of display by the client machine; and (b) a set of cloud based dynamically allocatable virtualized computing resources configured for remote communication with the set of client machines.
  • the set of cloud based dynamically allocatable virtualized computing resources includes: a central graph database storing a set of workflows, each workflow including a property graph model defining a plurality of workflow phases, wherein for each workflow phase the property graph model defines one or more input datasets, a set of virtualized computing resources utilized for execution of the workflow phase, and one or more output datasets, wherein the property graph model has a reference finite state machine (FSM) corresponding thereto by which an expected workflow execution state is determinable; at least one virtual machine workflow execution environment including a set of virtual machines, each virtual machine workflow environment configured for executing the phases of a workflow stored within the set of graph databases in response to commands received from one or more client machine users by way of the set of client machines; a user roles database storing a user role corresponding to each user associated with the cloud computing tenant, each user role defining a set of rules specifying actions the user corresponding thereto can and cannot perform, and the dynamically allocatable virtualized computing resources that the user can and cannot access, utilize,
  • the set of cloud based dynamically allocatable virtualized computing resources can further include a software defined network (SDN) based project isolation and security system configured for establishing, for each client machine user corresponding to a given cloud tenant, a polymorphic virtual machine computing element configured for communication with a client machine corresponding to the client machine user, by which the client machine user communicates with a specific project management virtual machine corresponding to a specific project by way of an encrypted communication tunnel between the polymorphic virtual machine and the specific project management virtual machine.
  • SDN software defined network
  • the SDN based project isolation and security system can further be configured for: connecting a virtual local area network (VLAN) corresponding to the polymorphic virtual machine to a VLAN corresponding to the specific project in response to a project-specific connection request; preventing the polymorphic virtual machine from accessing a local file system corresponding thereto; and replacing polymorphic virtual machine access to its local file system with polymorphic virtual machine access to a file system corresponding to the specific project that is coupled to the project management virtual machine corresponding to the specific project.
  • VLAN virtual local area network
  • the set of cloud based dynamically allocatable virtual computing resources further includes a graph based workflow execution tracking and compliance enforcement system corresponding to each workflow execution environment, which is configured for monitoring and analyzing the computational behavior of virtual machines corresponding to a given workflow and determining whether compliance violations have occurred during the execution of the workflow.
  • the graph based workflow execution tracking and compliance enforcement system is configured for dynamically generating a workflow execution property graph model during the execution of a given workflow corresponding to the computational behavior of virtual machines that are active during execution of the workflow.
  • the graph based workflow execution tracking and compliance enforcement system can be configured for issuing workflow compliance violation notifications to each user responsible for a compliance violation.
  • the set of cloud based dynamically allocatable virtualized computing resources can further include a graph based digital rights management system corresponding to each workflow execution environment, which is configured for generating a set of intellectual property (IP) provenance patterns that uniquely correspond to IP consumed and/or produced in association with the execution of a given workflow.
  • IP intellectual property
  • the graph based digital rights management system can be configured for generating a unique IP provenance pattern corresponding to each workflow phase output dataset.
  • the graph based digital rights management system can be configured for generating a hash pattern from a unique IP provenance pattern corresponding to an overall product design corresponding to the outputs of each workflow phase.
  • Each client machine can include: a processing unit; a display device coupled to the processing unit; a set of user input devices coupled to the processing unit; a network interface unit coupled to the processing unit; a memory coupled to the processing unit, the memory including a display memory and a command instruction memory; and a removable operating system device coupleable to the processing unit and having an encrypted operating system thereon, wherein operating system support for non-display data storage and transfer as well as local storage of information other than information displayed by the client machine are disabled.
  • Each client machine can further include a one time password device configured for communication with the client machine.
  • the set of cloud based dynamically allocatable virtualized computing resources can further include a user authentication manager configured for performing a four-factor user authentication procedure comprising authentication of each of a user password, an automatically generated one time password, a client machine hardware signature, and a client machine operating system signature.
  • a user authentication manager configured for performing a four-factor user authentication procedure comprising authentication of each of a user password, an automatically generated one time password, a client machine hardware signature, and a client machine operating system signature.
  • the set of client machines and the set of cloud based dynamically allocatable virtualized computing resources can be configured as a virtualized semiconductor Design to Release Manufacturing (DTRM) system, and wherein each workflow corresponds to a semiconductor DTRM workflow.
  • DTRM virtualized semiconductor Design to Release Manufacturing
  • the system provides a single semiconductor product design environment that is entirely cloud resident, wherein no portions of the semiconductor product design environment other than visual representations thereof reside on any client machine at any time, and no design data is providable to any client machine at any time other than for purpose of display thereon, and wherein semiconductor DTRM workflow execution, monitoring, and analysis occurs entirely in the cloud.
  • the set of cloud based dynamically allocatable virtualized computing resources further includes a set of Electronic Design Automation (EDA) tool libraries storing a plurality of EDA tools that are implemented by way of dynamically allocatable virtual machines, and wherein each virtual machine within the at least one virtual machine execution environment corresponds to a virtualized Electrronic Design Automation (EDA) tool.
  • EDA Electronic Design Automation
  • the set of cloud based dynamically allocatable virtualized computing resources further includes a set of Process Development Kit (PDK) libraries and a set of third party semiconductor design IP block libraries.
  • PDK Process Development Kit
  • a process for secure management and execution of scientific or engineering workflows across multiple cloud tenants includes: (a) for each cloud tenant, providing a set of client machines, each client machine including hardware and software resources providing a virtual desktop having a data import function and a command input function by which a user associated with the cloud tenant views data and inputs commands, respectively, each client machine having non-display data storage and data export functions disabled, including local storage of information other than for purpose of display by the client machine; (b) for each cloud tenant, providing a set of cloud based dynamically allocatable virtualized computing resources configured for remote communication with the set of client machines, the set of cloud based dynamically allocatable virtualized computing resources including: (i) a central graph database storing a set of workflows corresponding to the cloud tenant, each workflow comprising a property graph model defining a plurality of workflow phases, wherein for each workflow phase the property graph model defines one or more input datasets, a set of virtualized computing resources utilized for execution of the workflow phase, and
  • Providing the set of cloud based dynamically allocatable virtualized computing resources can further include providing a software defined network (SDN) based project isolation and security system, and the process can further include for each client device user corresponding to a given client tenant, establishing a polymorphic virtual machine computing element configured for communication with a client machine corresponding to the client machine user, by which the client machine user communicates with a specific project management virtual machine corresponding to a specific project by way of an encrypted communication tunnel between the polymorphic virtual machine and the specific project management virtual machine.
  • SDN software defined network
  • the process can additionally include connecting a virtual local area network (VLAN) corresponding to the polymorphic virtual machine to a VLAN corresponding to the specific project in response to a project-specific connection request; preventing the polymorphic virtual machine from accessing a local file system corresponding thereto; and replacing polymorphic virtual machine access to its local file system with polymorphic virtual machine access to a file system corresponding to the specific project that is coupled to the project management virtual machine corresponding to the specific project.
  • the workflow execution management operations can further include monitoring and analyzing the computational behavior of virtual machines corresponding to the given workflow and determining whether compliance violations have occurred during the execution of the given workflow.
  • Monitoring and analyzing the computational behavior of virtual machines corresponding to the given workflow can include dynamically generating a workflow execution property graph model during the execution of the given workflow corresponding to the computational behavior of virtual machines that are active during execution of the given workflow.
  • Monitoring and analyzing the computational behavior of virtual machines corresponding to the given workflow can additionally or alternatively include issuing workflow compliance violation notifications to each user responsible for a compliance violation.
  • the process can also include generating a set of intellectual property (IP) provenance patterns that uniquely correspond to IP consumed and/or produced in association with the execution of the given workflow.
  • IP intellectual property
  • the process can include generating a unique IP provenance pattern corresponding to each workflow phase output dataset corresponding to the given workflow; and generating a hash pattern from a unique IP provenance pattern corresponding to an overall product design corresponding to the outputs of each workflow phase.
  • Providing the set of client machines can include providing for each client machine a removable operating system device coupleable to the client machine and having an encrypted operating system thereon, wherein operating system support for non-display data storage and transfer as well as local storage of information other than information displayed by the client machine are disabled.
  • Providing the set of client machines can further include providing for each client machine a one time password device configured for communication with the client machine.
  • the process can include for each cloud tenant providing four-factor user authentication operations for each user associated with the cloud tenant, wherein the four-factor user authentication operations comprise authentication of each of a user password, an automatically generated one time password, a client machine hardware signature, and a client machine operating system signature.
  • Each cloud tenant the set of client machines and the set of cloud based dynamically allocatable virtualized computing resources can establish or provide a virtualized semiconductor Design to Release Manufacturing (DTRM) system, wherein each workflow corresponds to a semiconductor DTRM workflow, and wherein the process includes providing a single semiconductor product design environment corresponding to the cloud tenant that is entirely cloud resident, wherein no portions of the semiconductor product design environment other than visual representations thereof reside on any client machine at any time, and no design data is providable to any client machine at any time other than for purpose of display thereon, and wherein semiconductor DTRM workflow execution, monitoring, and analysis occurs entirely in the cloud.
  • DTRM virtualized semiconductor Design to Release Manufacturing
  • Such a process can further include for each cloud tenant providing a set of Electronic Design Automation (EDA) tool libraries storing a plurality of EDA tools that are implemented by way of dynamically allocatable virtual machines, and wherein each virtual machine within the at least one virtual machine execution environment corresponds to a virtualized Electronic Design Automation (EDA) tool; and providing for each cloud tenant a set of Process Development Kit (PDK) libraries and a set of third party semiconductor design IP block libraries.
  • EDA Electronic Design Automation
  • PDK Process Development Kit
  • FIG. 1 is a schematic illustration showing portions of a multi-tenant cloud based system for secure semiconductor design-to-release manufacturing (DTRM) workflow and digital design rights management in accordance with an embodiment of the present disclosure.
  • DTRM semiconductor design-to-release manufacturing
  • FIG. 2 is a block diagram of a client machine in accordance with an embodiment of the present disclosure.
  • FIG. 3 is a schematic illustration showing portions of a virtualized semiconductor DTRM system in accordance with an embodiment of the present disclosure.
  • FIG. 4A is a flow diagram of a software defined network (SDN) based project connect / disconnect process in accordance with an embodiment of the present disclosure.
  • FIG. 4B is a schematic illustration showing aspects by which a client machine user under consideration connects to a specific project under consideration in association with the process of FIG. 4A.
  • FIG. 5 illustrates portions of a role based user access, data control, and monitoring system in accordance with an embodiment of the present disclosure.
  • SDN software defined network
  • FIG. 6A illustrates aspects of a four factor user authentication procedure in accordance with an embodiment of the present disclosure.
  • FIG. 6B is a flow diagram of a digital operating system signature authentication error response or recovery procedure in accordance with an embodiment of the present disclosure.
  • FIG. 7 illustrates portions of a representative simplified semiconductor design to release manufacturing (DTRM) workflow in accordance with an embodiment of the present disclosure, in which the workflow is represented and stored as a property graph model.
  • DTRM semiconductor design to release manufacturing
  • FIG. 8 illustrates portions of a representative graph-based workflow execution tracking and compliance enforcement system in accordance with an embodiment of the present disclosure.
  • FIG. 9 illustrates portions of a graph based digital rights management system in accordance with an embodiment of the present disclosure.
  • FIG. 10 is a schematic illustration showing aspects of a secure encrypted backup system configured for performing a secure encrypted backup procedure in accordance with an embodiment of the present disclosure.
  • depiction of a given element or consideration or use of a particular element number in a particular FIG. or a reference thereto in corresponding descriptive material can encompass the same, an equivalent, or an analogous element or element number identified in another FIG. or descriptive material associated therewith.
  • the use of "/" in a FIG. or associated text is understood to mean “and/or” unless otherwise indicated.
  • the recitation of a particular numerical value or value range herein is understood to include or be a recitation of an approximate numerical value or value range (e.g., within +/- 5%, +/- 10%, +/- 15%, or +/- 20%).
  • a set corresponds to or is defined as a non-empty finite organization of elements that mathematically exhibits a cardinality of at least 1 (i.e., a set as defined herein can correspond to a unit, singlet, or single element set, or a multiple element set), in accordance with known mathematical definitions (for instance, in a manner corresponding to that described in An Introduction to Mathematical Reasoning: Numbers, Sets, and Functions, "Chapter 11 : Properties of Finite Sets” (e.g., as indicated on p. 140), by Peter J. Eccles, Cambridge University Press (1998)).
  • an element of a set can include or be a system, an apparatus, a device, a structure, an object, a process, a parameter, or a value depending upon the type of set under consideration.
  • project workflow or "workflow” as used herein encompasses a specifically structured / organized representation of work activities in accordance with which multiple parties associated with multiple organizations (e.g., multiple distinct companies and/or business units) can perform particular types of scientific / engineering work that are necessary for completing a given type of scientific / engineering project.
  • Each project workflow includes or defines a plurality of predefined work stages, steps, or phases, and each phase includes or defines one or more predetermined types of activities, tasks, or operations. Any given phase or task has associated therewith a set of inputs or input datasets, which can include one or more predetermined inputs / input datasets and/or one or more user selectable inputs / input datasets; and at least one predefined output / output dataset.
  • Workflow phases and their corresponding tasks are intentionally organized or sequenced such that the performance or execution of each of the phases and the tasks therein by a plurality of individuals, participants, groups, and/or teams and the corresponding task-to-task and phase-to-phase flow of information (e.g., output datasets) results in the generation or production of a specified or intended result, such as a verified definition, design, and/or generation of a manufacturable or manufactured product.
  • information e.g., output datasets
  • Embodiments in accordance with the present disclosure are directed to multi-tenant cloud based systems and processes by which the management, execution, monitoring, and analysis of project workflows, and associated digital rights management, occurs by way of cloud resident virtual machines. More particularly, embodiments in accordance with the present disclosure are configured for securely and dynamically managing (a) scientific, engineering, and/or other types of multi-participant / multi-party / multi-team / multi-organizational workflows; (b) access to and utilization of proprietary information during workflow execution, including the selective or selectable incorporation of intellectual property (IP) resources such as IP blocks (e.g., third party IP blocks) into workflow phase or task inputs / input datasets and the generation of IP output / output datasets corresponding to workflow phases; and (c) proprietary information / IP resource provenance tracking or tracing within and across each workflow phase, where IP resource provenance tracking encompasses source of origin / ownership verification and project point of usage authentication for each IP block utilized as a workflow task input / input dataset.
  • IP intellectual property
  • Representative types of scientific, engineering, or other complex workflows to which particular embodiments in accordance with the present disclosure are applicable include semiconductor design-to-release manufacturing workflows, pharmaceutical or life sciences related workflows (e.g., pharmaceutical drug development / programming workflows), and other types of workflows.
  • semiconductor design-to-release manufacturing workflows e.g., pharmaceutical drug development / programming workflows
  • DTRM secure semiconductor design-to-release manufacturing
  • SoC Systems on a Chip
  • ICs integrated circuits
  • FIG. 1 is a schematic illustration showing portions of a multi-tenant cloud based system 10 for secure semiconductor DTRM workflow and IP design rights management in accordance with an embodiment of the present disclosure.
  • the system 10 provides or includes a cloud computing environment or cloud 200 providing cloud computing infrastructure including a cloud computing resource provisioning system 202 by which cloud resident or otherwise virtualized cloud computing resources (e.g., hardware, software, finite automata, and/or data storage resources) can be dynamically allocated in accordance with computational requirements or demands corresponding to a plurality of cloud tenants (e.g., tenant 1 to tenant k) for defining, managing, and executing semiconductor DTRM workflows and managing or tracking digital rights associated therewith.
  • cloud computing resource provisioning system 202 by which cloud resident or otherwise virtualized cloud computing resources (e.g., hardware, software, finite automata, and/or data storage resources) can be dynamically allocated in accordance with computational requirements or demands corresponding to a plurality of cloud tenants (e.g., tenant 1 to tenant k) for defining, managing
  • the cloud provisioning system 200 is configured for dynamically allocating virtual servers 212 and associated cloud based / virtualized computing resources (e.g., database resources) to each active cloud tenant for securely managing, executing, monitoring, and analyzing aspects of each tenant's semiconductor DTRM workflow execution and IP design rights corresponding thereto.
  • virtual machines 212 and the associated cloud based / virtualized computing resources form portions of a dynamically allocatable virtualized semiconductor DTRM system 210 corresponding to the tenant.
  • the system 10 additionally includes a firewall 204 and a high performance switching fabric 206 corresponding to each virtualized semiconductor DTRM system 210, in a manner readily understood by an individual having ordinary skill in the relevant art.
  • the system 10 includes a plurality of client machines 100 that are locally accessible to tenant users (e.g., project managers, design engineers, and consultants / contractors), and which are remotely couplable or coupled to the tenant's virtualized semiconductor DTRM system 210 within the cloud environment 200.
  • client machines 100 can remotely communicate with the virtualized semiconductor DTRM system 210 by way of one or more computer networks including the Internet, and a secure communication mechanism, for instance, involving secure sockets layer (SSL) virtual private networking (VPN).
  • SSL secure sockets layer
  • VPN virtual private networking
  • the system 10 is configured such that for each cloud tenant, (a) the entire semiconductor product design infrastructure and each product design environment resides in the cloud 200, including product design workflows, design datasets, design tools, and process design kits (PDKs); and (b) semiconductor DTRM workflow execution, monitoring, and analysis occurs entirely in the cloud 200.
  • PDKs process design kits
  • Each client machine 100 is configured for providing only a virtual desktop having a visual / graphical user interface (UI) by which an authorized user having a predefined role relevant to a given workflow under consideration, such as a product design engineer designated for performing certain tasks within one or more phases of a given project workflow, or a product manager responsible for overseeing one or more specified project workflows, can view particular cloud-resident information based upon their user role, and issue particular types of instructions / commands (e.g., through terminal prompts, such as by way of Secure Shell (SSH) or Telnet) to a virtualized semiconductor DTRM system 210 with which the client machine 100 is configured to communicate.
  • SSH Secure Shell
  • Telnet Telnet
  • Any given client machine 100 corresponding to a given tenant includes hardware and software resources configured for providing a virtual desktop having a data import function by way of which desktop screen display data is transferred to the client machine 100 from a particular virtualized semiconductor DTRM system 210 corresponding to the tenant; and a command input function by which the client machine 100 transfers commands to this DTRM system 210 by way of client machine user input.
  • a virtualized semiconductor DTRM system 210 can perform particular types of operations / processes / procedures for managing, monitoring, and analyzing the execution of a workflow under consideration in accordance with the role of the particular user that is interacting with the client machine 100; as well as track / authenticate corresponding IP resource provenance, as further detailed below.
  • the system 10 provides only a single design environment corresponding to each virtualized semiconductor DTRM system 100, which resides entirely within the cloud environment 200. No portions of a semiconductor product design infrastructure or design environment, other than certain visual / displayed representations thereof, reside on any given client machine 100 at any time. No design data is providable or provided to any client machine 100 at any time other than for purpose of display thereon; and hence no design data is communicable or transferrable from any client machine 100 to another device or machine external to the cloud 200 at any time. In view of the foregoing, the system 10 is not burdened by (a) computing resource duplication requirements, (b) client machine - remote design environment synchronization requirements, or (c) large data transfer requirements associated with excess capacity cloud computing configurations in the prior art. FIG.
  • the client machine 100 includes a processing unit 110; a display device 120 (e.g., a flat panel display); a set of user input / output devices 130 (e.g., a mouse and a keyboard); an operating system device 140 that is removable / decouplable from the client machine 100, and upon which a customized encrypted client machine operating system resides; a one-time password generation device 150; a network interface / communication unit 160; and memory 170, which are configured for signal / data communication by way of a set of communication pathways such as buses 102.
  • the memory 170 includes a display memory 172 and a client instruction / command memory 174.
  • the client machine 100 is configured such that the customized operating system boots directly from the removable operating system device 140.
  • the removable operating system device 140 can interface with the client machine 100 by way of a standard communication port, such as a Universal Serial Bus (USB) port.
  • the operating system is configured such that operating system support for non-display data storage and transfer as well as local storage of information other than information displayed by the client machine 100 are disabled.
  • the client machine 100 thus serves as a strictly controlled selective data export window with respect to the export of data from the virtualized semiconductor DTRM system 100 to the client machine 100, and a strictly controlled command / instruction input window with respect to the transfer of commands to the virtualized semiconductor DTRM system 100.
  • the client machine 100 serves as or provides a strictly controlled selective data import function with respect to the import of data into the client machine 100 from the virtualized semiconductor DTRM system 100, and serves as or provides a strictly controlled selective command input function with respect to the transfer of commands from the client machine 100 to the virtualized semiconductor DTRM system 100.
  • the one-time password generation device 150 includes or is a physical token that is configured for automatically generating a one-time password required for user login purposes as set forth below, and can be, for instance, a Yubikey USB device (Yubico, Inc., Palo Alto, CA USA).
  • FIG. 3 is a schematic illustration showing portions of a virtualized semiconductor DTRM system 210 in accordance with an embodiment of the present disclosure.
  • a virtualized semiconductor DTRM system 210 includes a plurality of dynamically allocated virtualized servers 212 and associated virtualized computing resources for managing, executing, monitoring, and analyzing project workflows as well as IP inputs / input datasets and IP outputs / output datasets corresponding thereto, for a given cloud tenant.
  • the virtualized semiconductor DTRM system 210 includes a virtual desktop management system 220; a software defined network (SDN) based project isolation and security system 230; a role based user access, data control, and monitoring system 300; a plurality of databases 400; a workflow editor 480; at least one virtual machine workflow execution environment 500; a graph based workflow execution tracking and compliance enforcement system 600 as well as a graph based digital rights management system 700 corresponding to each virtual machine workflow execution environment 500; and an encrypted backup system 800.
  • the virtual desktop management system 220 provides a virtual desktop infrastructure that is configured for transferring data to and receiving data from client machines 100 in accordance with a remote desktop / display protocol.
  • the virtual desktop management system 220 can include, for instance, a set of virtual network computing servers in a manner readily understood by an individual having ordinary skill in the relevant art.
  • the SDN based project isolation and security system 230 is configured for communication with the virtual desktop management system 200, and establishes or provides a polymorphic virtual machine computing element (e.g., a Paladin-based virtual machine or Paladin- VM) corresponding to each client machine user that attempts to initiate or initiates a connection to a specific project corresponding to one or more semiconductor DTRM workflows or portions thereof stored on the virtualized semiconductor DTRM management system 210.
  • a polymorphic virtual machine computing element e.g., a Paladin-based virtual machine or Paladin- VM
  • the SDN based project isolation and security system 230 morphs the polymorphic virtual machine computing element into a software defined network pair defined as a virtual local area network (VLAN) in combination with an Internet Protocol (IP) network.
  • VLAN virtual local area network
  • IP Internet Protocol
  • the SDN based project isolation and security system 230 effectively "jails" the polymorphic virtual machine computing element within a set of data storage resources (e.g., a "jail folder") corresponding to the project; and replaces the local file system of the polymorphic virtual machine computing element with one or more predetermined portions of a project-owned file system.
  • the SDN based project isolation and security system 230 further establishes an encrypted communication path or tunnel (e.g., a virtual private network (VPN) tunnel) between the polymorphic virtual machine computing element and internal project storage of the virtualized semiconductor DTRM system 210 (e.g., corresponding to particular information for the project under consideration, which resides in the databases 400), thereby completing the connection.
  • VPN virtual private network
  • the SDN based project isolation and security system 230 In response to a user request or command to disconnect from the project, the SDN based project isolation and security system 230 retains or maintains control of the "jail folder" and its contents, and the SDN based project isolation and security system 230 frees the polymorphic virtual machine computing element from the project-owned file system. As a result, the client machine user under consideration is unable to use the encrypted connection to copy any project- owned data to the polymorphic virtual machine computing element's own file system, thereby preventing exportation of project data. Also, in various embodiments the SDN based project isolation and security system 230 enables the client machine user to connect to only one particular project at a time, thereby isolating the user from other projects and preventing cross-project data contamination. Aspects of the SDN based project isolation and security system 230 are further described in detail below.
  • FIG. 4A is a flow diagram of an SDN-based project connect / disconnect process 270 in accordance with an embodiment of the present disclosure, by which the SDN based project isolation and security system 230 establishes, manages, or controls a given client machine user connection to a specific project (e.g., Project- 1 in a representative example), and prevents the client machine user from connecting to or accessing other projects while connected to the specific project under consideration.
  • FIG. 4B is a corresponding schematic illustration showing aspects by which the client machine user under consideration connects to the specific project under consideration (i.e., Project 1 in this representative example) in association with the process 270 of FIG. 4A.
  • the process 270 includes a first process portion 272 involving the performance of log-in and authentication operations (e.g., as further described elsewhere herein) for a particular client machine user, and the establishment of a local polymorphic virtual machine computing element 240 corresponding to this user, which can include or be a Paladin-based virtual machine (hereafter, the user- Paladin- VM 240).
  • a second process portion 274 the user-Paladin- VM 240 is connected to its own local file system 242 in a manner readily understood by individuals having ordinary skill in the relevant art.
  • the user-Paladin-VM 240 receives a project connection request or command from the client machine 100 corresponding to this user, by way of user input.
  • a VLAN 241 corresponding to the user-Paladin-VM 240 is connected to a VLAN 501a corresponding to the specific project under consideration (i.e., Project-1 in this representative example) by way of a project SDN connection switch 250.
  • the local file system 242 of the user-Paladin-VM 240 is jailed or placed in a state of communication confinement, such that communication between the user-Paladin-VM 240 and its local file system 242 does not or cannot occur (e.g., such that user-Paladin-VM access to its local file system 242 is disabled or prevented by a local file system jail switch 252); and the jailed or confined local file system 242 (or access thereto) is replaced by a file system 504a corresponding to the specific project under consideration (e.g., a Project- 1 file system 504a in this representative example).
  • a file system 504a corresponding to the specific project under consideration
  • the user-Paladin- VM 240 is connected to the file system corresponding to the specific project under consideration (i.e., the Project- 1 file system 504a in this representative example) by way of a VPN through the project SDN connection switch 250, by establishing an encrypted communication tunnel between a project management virtual machine corresponding to the specific project under consideration 502a (hereafter the Project- 1 management VM 502a) and the user-Paladin-VM 240.
  • the Project- 1 management VM 502a can form a portion of the virtual machine workflow execution environment 500 that corresponds to the specific project under consideration (e.g., Project-1 in this representative example).
  • the client machine user under consideration is enabled to access and perform semiconductor DTRM workflow -related design activities or tasks in accordance with their user role, as further set forth below, by way of communication with the Project-1 Management VM 502a through their user-Paladin-VM 240 and the encrypted VPN tunnel.
  • the user upon completion of user design related activities or tasks, the user issues a project disconnect command by way of their client machine 100, which is received by the user-Paladin-VM 240.
  • the SDN connection switch 252 disconnects the VLAN 241 corresponding to the user-Paladin-VM 240 from the VLAN 501a corresponding to the specific project under consideration (i.e., Project-1 in this representative example).
  • the SDN based project isolation and security system 230 releases the local file system 242 of the user-Paladin-VM 240 from its jailed or communication confinement state.
  • the process 270 can then return to the second process portion 274.
  • communication between a given user and a project management VM 502 can occur only by way of communication between the user's corresponding user-Paladin- VM 240 a specific project management VM 502a corresponding to a specific project, through the VPN tunnel between the user-Paladin-VM 240 this project management VM 502a. No communication can occur between the user and a different project management VM 502b.
  • the role based user access, data control, and monitoring system 300 is coupled to the virtual desktop management system 220, and is configured for securely controlling and monitoring each user's access to and usage of virtualized semiconductor DTRM system elements / resources such as database resources, the workflow editor 480, and the virtual machine workflow execution environment(s) 500 in accordance with predefined user roles.
  • the role based user access, data control, and monitoring system 300 is also configured for securely controlling and monitoring user access to and usage of data corresponding to workflow phase inputs / input datasets and outputs / output datasets in accordance with such predefined user roles.
  • each specific user corresponding to a given tenant their user role (a) establishes or identifies a predetermined set of user responsibilities with respect to workflow execution; (b) the manner(s) in which the user can access or interact with any given workflow and each workflow phase thereof; and (c) the specific virtualized semiconductor DTRM system resources and data, including third party IP resources and workflow phase outputs, that the user is allowed to access, utilize, and modify in association with workflow execution.
  • the manner in which each user can interact with the virtualized semiconductor DTRM system 210 is constrained in accordance with their predefined user role.
  • Each user role can have associated therewith or define a set of rules that specify or define the types of actions each user can and cannot perform during interaction with the virtualized semiconductor DTRM system 210, and the virtualized resources that the user can and cannot access, utilize, and modify, in relation to workflow definition, editing, and execution.
  • their user role directly corresponds to their job function(s) with respect to (a) the cloud tenant's organization or corporate structure; (b) a given workflow under consideration; and (c) the nature of the relationship between the cloud tenant and/or the user and each tenant-internal and tenant-external organization (e.g., an external or third party IP block provider) having a proprietary interest in one or more aspects of the workflow under consideration.
  • a system 10 in accordance with an embodiment of the present disclosure enables secure multi-organizational workflow execution in a manner that provides controlled data rights management with respect to proprietary information associated with any given organization supporting or involved in workflow execution.
  • the databases 400 include a set of design libraries 410, which include semiconductor product (e.g., IC chip) design data; a set of Electronic Design Automation (EDA) tool libraries 415; a set of third party IP libraries 420, which include IP blocks that can be selectively incorporated into an IC design (e.g., by a design engineer, in accordance with their user role); a set of PDK libraries 430 in which PDKs reside, each of which defines technology engineering parameters and a reference workflow that specifies workflow execution details and workflow execution tools required for a specific technology process; a set of graph databases 440, which include one or more property graph model libraries 445; and a set of relational or copy - read - updated - delete (CRUD) databases 450, which can include a user roles database 455 for storing user role information corresponding to each user associated with the cloud tenant under consideration.
  • design libraries 410 which include semiconductor product (e.g., IC chip) design data
  • EDA Electronic Design Automation
  • IP libraries 420 which include
  • each project workflow is represented as a property graph model that is stored in a graph database 440, and which has an execution state machine associated therewith or defined therefor.
  • the workflow editor 480 includes a set of visual workflow generation / editing tools configured for defining and editing workflows represented as property graph models in accordance with embodiments of the present disclosure.
  • Each virtual machine workflow execution environment 500 includes a set of virtual machines configured for executing the workflow phases corresponding to a given workflow.
  • the execution of each workflow phase involves the use of one or more EDA tools 550 (e.g., the execution of particular workflow phases, such as a subset of phases within an overall semiconductor DTRM workflow, can involve specific EDA tools 550a - 550d, in a manner detailed below with reference to FIG.
  • each EDA tool 550 is implemented by way of a dynamically allocatable virtual machine.
  • particular EDA tools 550 can be viewed as "plug and play" elements of the system 10, which can be specified or selected by a design engineer or project manager. Consequently, one or more EDA tool databases may reside within the plurality of databases 400.
  • the execution of workflow phases additionally involves the generation of workflow phase outputs / output datasets, which can include generated proprietary / IP datasets, in a manner also readily understood by an individual having ordinary skill in the relevant art.
  • the graph based workflow execution tracking and compliance enforcement system 600 is configured for communicating with a given virtual machine workflow execution environment 500; monitoring the computational behaviors of the workflow execution environment's active virtual machines during the execution of workflow phases by the virtual machine workflow execution environment 500; analyzing such virtual machine computational behavior; identifying whether any workflow execution compliance violations have occurred as a result of user actions during workflow phase execution; and issuing workflow compliance violation notifications to each user responsible for a compliance violation, and possibly also to one or more higher-level users such as a project manager whose role can involve identifying / tracking workflow compliance violations.
  • the graph based digital rights management system 700 is configured for tracking the incorporation of IP blocks into workflow phases, and is further capable of generating a set of IP provenance patterns or signatures corresponding to the output(s) of the workflow phases, which can be used for digital rights management / tracking / authentication purposes.
  • the graph based digital rights management system 700 is configured for generating a hash pattern from a unique IP provenance pattern or signature corresponding to the overall semiconductor product design as reflected by the outputs each workflow phase, which can be linked or combined with one or more other types of hash patterns for semiconductor product design and IP provenance authentication purposes.
  • the encrypted backup system 800 is configured for capturing the virtualized semiconductor DTRM system's execution state at distinct time intervals and generating an execution state signature corresponding to each time interval, which can be used for system backup / system recovery operations.
  • FIG. 5 is a schematic illustration showing portions of a role based user access, data control, and monitoring system 300 in accordance with an embodiment of the present disclosure.
  • the role based user access, data control, and monitoring system 300 includes a user authentication manager 310 configured for communication with client machines 100; an execution tether manager 340; a role based data input / output (I/O) manager 350 configured for communication with client machines 100 as well as an active virtual machine workflow execution environment 500 to which client machine user input and associated workflow phase output can be directed; and a role based workflow data execution manager 360 configured for communication with the virtual machine workflow execution environment 500 under consideration.
  • I/O data input / output
  • the user authentication manager 310 is configured for authenticating (a) the identity of any given user attempting to log into the virtualized semiconductor DTRM system 210, as well as (b) aspects of the particular client machine 100 by which the user communicates with the virtualized semiconductor DTRM system 210. More particularly, with respect to logging in a given user who is interacting with a particular client machine 100, the user authentication manager 310 establishes a user login session and performs a multi-factor authentication procedure.
  • the multi-factor authentication procedure includes or is a four factor user authentication procedure during which each of a user password, an automatically generated one-time password (OTP) (e.g., generated by way of a USB Yubikey), a client machine hardware signature, and a client machine operating system signature must be authenticated or verified prior to enabling further user communication with the virtualized semiconductor DTRM system 210.
  • OTP one-time password
  • client machine hardware signature e.g., generated by way of a USB Yubikey
  • client machine operating system signature e.g., generated by way of a USB Yubikey
  • client machine operating system signature e.g., generated by way of a USB Yubikey
  • an authentication procedure in accordance with an embodiment of the present disclosure can involve additional and/or other types of authentication factors, such as a set of biometric factors (e.g., fingerprint, voice, or facial recognition factors).
  • FIG. 6A illustrates aspects of a four factor user authentication procedure or process 311 in accordance with an embodiment of the present disclosure, which includes a user ID / password authentication portion 312; an OTP authentication portion 314; a digital hardware signature authentication portion 316; and a digital operating system authentication portion 318.
  • a specific user under consideration attempts a login by way of a given client machine 100 using an input device such as the keyboard 150 corresponding to the client machine 100 to specify their user ID and a password.
  • the user additionally interacts with or triggers the client machine's OTP generation device 150, which automatically generates an OTP and sends the OTP to the client machine 100 such that the OTP is associated with the ID and password provided by the user (e.g., by appending the one-time password to the user entered ID and password).
  • the client machine 100 under consideration submits the provided user ID and password along with the automatically generated OTP to the user authentication manager 310.
  • the user authentication manager 310 verifies whether the user provided ID and password are valid, and further additionally verifies whether the OTP associated therewith is valid.
  • Authentication of the OTP can involve communication with a set of external servers corresponding to an OTP authentication service (e.g., a Yubico server), in a manner readily understood by an individual having ordinary skill in the relevant art.
  • an OTP authentication service e.g., a Yubico server
  • the user authentication manager 310 Upon authentication of the user provided ID and password as well as the one-time password, the user authentication manager 310 requests or retrieves a hardware digital signature from the client machine 100 under consideration, such as the client machine's processor ID (PID) and media access control (MAC) address; and additionally requests or retrieves an encrypted operating system digital signature from this client machine 100.
  • PID processor ID
  • MAC media access control
  • the user authentication manager 310 verifies whether this client machine's hardware digital signature and operating digital signature are valid.
  • the authentication manager 310 terminates the user's current login session.
  • the user authentication manager 310 If no authentication error occurs during the authentication process (i.e., the user authentication manager 310 verifies that the provided user ID and password, the OTP, the hardware digital signature, and the operating system digital signature are valid) the user authentication manager 310 enables further client machine communication with the virtualized semiconductor DTRM system 210, and hence further user access to portions thereof, such that the user under consideration can interact with the virtualized semiconductor DTRM system 210 for purpose of managing / executing one or more workflow phases in accordance with their user role.
  • the user authentication manager 310 not only attempts to verify the authenticity of the client machine's digital operating system signature as part of the four factor user authentication procedure during user login operations, but also monitors and attempts to verify the authenticity of the digital operating system signature during ongoing user interaction with the virtualized semiconductor DTRM system 210 following successful user login. In the event that a digital operating system authentication error occurs, i.e., the user authentication manager 310 is unable to authenticate the encrypted digital operating system signature at any given time, this may indicate that the user has introduced a software virus / Trojan to the client machine's operating system.
  • FIG. 6B is a flow diagram of a digital operating system signature authentication error response or recovery procedure or process 320 in accordance with an embodiment of the present disclosure, as described by procedure portions 322, 324, 325, 326, and 328. More particularly, if a digital operating system signature authentication error occurs, the user authentication manager 310 immediately invalidates and terminates the user's login session (procedure portion 322), and issues a hardware disable command to the client machine 100 under consideration (procedure portion 324). As a result, this client machine 100 is disabled such that no user can utilize the client machine 100 to log in to the system 10 until after a "golden" or clean version of the client machine operating system has been downloaded to and installed on this client machine 100.
  • the user authentication manager 310 next downloads the golden version of the operating system to this client machine's removable operating system device 140 (procedure portion 325).
  • the removable operating system device 140 receives and stores the golden version of the operating system therein; updates an operating system authentication key database in the cloud environment 200 with the downloaded golden operating system's encrypted digital signature (procedure portion 326); and subsequently reboots the client machine 100 (procedure portion 328), after which the client machine 100 can again receive user input and provide user login information to the user authentication module 310 during a new login session.
  • the execution tether manager 340 can establish a secure encrypted bidirectional workflow execution channel between the user's client machine 100 and the virtual machine workflow execution environment 500, such that the user can communicate with an active virtual machine for executing a given workflow phase in accordance with the user's role. Communication between the client machine 100 and the active virtual machine over the workflow execution channel can involve, for instance, private key authentication credentials.
  • the initial state of the workflow execution channel can be defined as secure.
  • the execution tether manager 340 monitors the workflow execution channel during workflow phase execution, and determines whether the state of the execution channel has transitioned from secure to compromised, for instance, as a result of a workflow execution channel private key authentication error. If so, the execution tether manager 340 terminates the execution of the active virtual machine, and closes the workflow execution channel.
  • the role based data input / output (I/O) manager 350 controls the data that can be transmitted from the virtualized semiconductor DTRM 210 to any given user's client machine 100 in accordance with the user's role. Additionally, the role based workflow data execution manager 360 controls which, if any, output dataset(s) generated by each workflow phase are accessible to and communicable / usable / modifiable by any given user, in accordance with the user's predefined role.
  • a workflow library 445 includes a catalog of project workflows, each of which has associated therewith or exhibits hierarchical as well as sequential phases of execution.
  • a given workflow includes or specifies multiple sub- workflows, and workflow phases corresponding thereto.
  • the user's role in relation to the workflow can be predefined (e.g., by a project manager) such that the role based data input / output (I/O) manager 350 and the role based workflow data execution manager 360 control user access to and usage of workflow phase input datasets and output datasets in a (a) temporal, (b) causal, (c) sequential, (d) hierarchical, and/or (e) iterative manner.
  • Such control of user access to and usage of workflow phase input and output datasets can depend upon the types of workflow phases and the manner in which the workflow phases are cooperatively organized relative to each other.
  • user 1 has a "designer" role
  • user 1 can access all virtualized semiconductor DTRM system resources related to his own project.
  • user 2 has a "project manager” role
  • user 2 can access virtualized semiconductor DTRM system resources corresponding to multiple projects, and user 2 has the privilege to change static access rights of other users within his project team(s).
  • user 2 intends to undertake some type of unconventional behavior, such as modifying design data, such unconventional behavior will be detected and prevented (and possibly logged) by the role based workflow data execution manager 360, for instance, because of a dynamic separation of duty rule corresponding to the project manager role relative to the designer role.
  • user 3 has a "contractor" role, then by default user 3 can only access certain open-access resources in the virtualized semiconductor DTRM system 100. If user 3 requires access to non-open access resources, then user 3 can request such access from user 2, who can grant an exception to user 3 for one-time or limited time access privileges.
  • FIG. 7 illustrates portions of a representative simplified semiconductor design project workflow (e.g., a semiconductor DTRM workflow) in accordance with an embodiment of the present disclosure, in which the workflow is represented and stored as a property graph model 510 in a graph database 440.
  • a workflow property graph model 510 any given workflow includes a collection of vertices and sub-vertices, which are connected by relationship edges. Each relationship edge has an attribute or label, which is referred to as an edge property.
  • the workflow's vertices, sub-vertices, relationship edges, and edge properties represent or define each of the workflow's phases, the input dataset(s) provided thereto, the tools / resources utilized for the execution thereof, and the output dataset(s) generated thereby.
  • Chip-X requires IP-X as part of its design; and the process of designing Chip-X includes sequential workflow phases PI, P2, P3, and P4, where each of such phases uses distinct EDA tools, e.g., EDA tools A, B, C, and D, respectively; and each of such phases generates corresponding IP-X output data, e.g., IP-X Data-Pi from workflow phase PI, IP-X Data-P2 from workflow phase P2, IP-X Data-P3 from workflow phase P3, and IP-X Data-P4 from workflow phase P4.
  • EDA tools A, B, C, and D respectively
  • a workflow can be defined / generated, edited, and stored as a workflow property graph model 510 by way of the workflow editor 480, which provides a visual / graphical workflow definition / editing tool in a manner readily understood by an individual having ordinary skill in the relevant art.
  • the workflow editor's generation of a workflow includes the creation of a workflow property graph model 510, as well as the creation of a workflow reference finite state automaton / machine (FSM) corresponding to this workflow property graph model 510, where the workflow reference FSM can form a portion of the workflow property graph model 510.
  • FSM finite state automaton / machine
  • the workflow reference FSM defines an immutable sequence of states, where each state has a set of inputs and a set of outputs, as well as allowable state-to-state transitions that traverse the overall sequence of states beginning from a start state and concluding at an end state, which results in the generation of one or more output datasets corresponding to an intended final IC product design (e.g., an SoC design).
  • an intended final IC product design e.g., an SoC design
  • FIG. 8 is a schematic illustration showing portions of a representative graph-based workflow execution tracking and compliance enforcement system 600 in accordance with an embodiment of the present disclosure.
  • the graph-based workflow execution tracking and compliance enforcement system 600 includes the virtual machine execution environment 500; a map-reduced graph analytics engine 610; and an enforcement action generator 620, which are configured for communicating with each other for ensuring user compliance with respect to the sequenced execution of a given workflow in accordance with its corresponding workflow reference FSM, as further detailed hereafter.
  • the virtual machine dynamically records its computational behaviors (e.g., with respect to receiving workflow phase inputs and generating workflow phase outputs) in the form of a workflow execution property graph model, which is stored in a graph database 440.
  • the virtual machine additionally constructs a workflow execution history FSM as part of this workflow execution property graph model, which establishes or defines the workflow execution history property graph model's current execution state in relation to its prior execution states.
  • the collection of such recorded virtual machine execution behaviors can be referred to as the workflow's execution provenance, which identifies across executed workflow phases which virtual machines had "custody" of workflow execution, and the types of computational behaviors performed by such virtual machines.
  • the virtual machine additionally communicates with the map-reduced graph analytics engine 610 to determine whether its current execution state matches an intended or expected counterpart state within the workflow property graph model 510 (e.g., a counterpart / identical state defined by the workflow reference FSM) for the workflow under consideration. If not, the virtual machine updates the current execution state of the workflow execution property graph model to a "violation" state. The virtual machine can then interrupt or terminate further workflow phase execution until the violation state no longer exists.
  • an intended or expected counterpart state within the workflow property graph model 510 e.g., a counterpart / identical state defined by the workflow reference FSM
  • the enforcement action generator 620 issues a violation notification to the client machine 100 corresponding to the user who is currently utilizing the virtual machine for workflow execution.
  • the enforcement action generator 620 can additionally send a violation notification to one or more other client systems 100 and/or electronic destinations (e.g., email addresses), such as a client system or electronic destination corresponding to a project manager.
  • client systems 100 and/or electronic destinations e.g., email addresses
  • the user for whom the virtual machine has been deployed for workflow phase execution can communicate an appropriate instruction or command to the virtual machine to remedy the violation condition.
  • the virtual machine updates the current execution state of the workflow execution property graph model, for instance, to an "in compliance" state.
  • the graph-based workflow execution tracking and compliance enforcement system 600 can include or rely upon an additional agent, such as a virtual machine execution behavior recording system that is distinct from each virtual machine provided by the virtual machine execution environment 500 (and which need not be part of the virtual machine execution environment 500 itself).
  • FIG. 9 is a schematic illustration showing portions of a graph based digital rights management system 700 in accordance with an embodiment of the present disclosure, which includes a graph-based digital rights tracking / authentication system 710 that is configured for accessing workflow property graph models stored in one or more graph databases 440, and which is further configured for communication with a hash function module 720.
  • any given workflow property graph model 510 references, identifies, or specifies particular IP blocks that should be or which have been utilized, and IP blocks that should be or which have been generated in association with workflow execution.
  • a collection or combination of sub-vertices representing IP blocks defines a unique IP provenance pattern in accordance with the specific IP blocks that are referenced / identified / specified by such sub-vertices.
  • This unique IP provenance pattern can correspond to, represent, identify, or be an aggregate dataset formed form each IP block of each sub- vertex representing an IP block that is considered within the workflow property graph model 510. If different IP blocks are used or generated in association with separate or distinct executions of the workflow under consideration, each of such workflow executions will exhibit a different IP provenance pattern.
  • a completed workflow e.g., a workflow for which each phase of the workflow has been completely or successfully executed
  • the entire collection or combination of sub- vertices representing IP blocks defines a unique complete IC design IP provenance pattern for the overall IC design.
  • a partially completed workflow e.g., a workflow for which only a subset of workflow phases have been completely or successfully executed
  • one or more unique intermediate IP provenance patterns can be defined, depending upon the number of workflow phases and corresponding IP-related sub- vertices considered.
  • the graph-based digital rights tracking / authentication system 710 is configured for traversing an entire workflow property graph model 510 stored within a graph database 440 of the virtualized semiconductor DTRM system 100, and identifying or determining the complete IC product IP provenance pattern corresponding to the entire workflow property graph model 510.
  • the graph- based digital rights tracking / authentication system 710 is additionally configured for partially or fractionally traversing the workflow property graph model 510, and identifying or determining one or more corresponding intermediate IP provenance patterns. Any given IP provenance pattern can be stored in a CRUD database 450, in a manner readily understood by an individual having ordinary skill in the relevant art.
  • the graph-based digital rights tracking / authentication system 710 can further communicate with the hash function module 720 to generate a unique hash pattern corresponding to a given IP provenance pattern, which serves as a unique digital fingerprint for the IP provenance pattern in a manner readily understood by an individual having ordinary skill in the art. For instance the graph-based digital rights tracking / authentication system 710 can communicate with the hash function module 720 to generate a hash pattern corresponding to the complete IC design IP provenance pattern.
  • the hash function graph-based digital rights tracking / authentication system 710 can store a hash pattern generated for a given IP provenance pattern (e.g., within a CRUD database 450), and subsequently utilize the stored hash pattern as a table lookup key for future reference or access to the corresponding IP provenance pattern as required.
  • the graph-based digital rights tracking / authentication system 710 can communicate with the hash function module 720 to generate a hash pattern corresponding to each individual IP block identified within a workflow property graph model 510 in association with workflow property graph model traversal; and subsequently generate an aggregate digital fingerprint corresponding to an IP provenance pattern (e.g., the complete IC design IP provenance pattern) using each individual IP block's hash pattern.
  • an IP provenance pattern e.g., the complete IC design IP provenance pattern
  • IC testability information into an IC design under consideration, in particular, design for test (DFT) test vector, boundary scan logic, scan chain, and built-in self-test (BIST) insertion into the IC design, for purpose of aiding or enabling the testability of the manufactured integrated circuit corresponding thereto.
  • DFT design for test
  • BIST built-in self-test
  • Such IC testability information in combination with the complete IC design IP provenance pattern can define an overall workflow provenance pattern for the IC design.
  • the graph-based digital rights tracking / authentication system 710 can associate or link one or more IC testability-related hash patterns corresponding to the IC testability information (e.g., a single hash pattern generated using the collective IC testability information) with the hash pattern corresponding to the complete IC circuit design IP provenance pattern to form an overall workflow provenance hash pattern.
  • IC testability-related hash patterns corresponding to the IC testability information (e.g., a single hash pattern generated using the collective IC testability information) with the hash pattern corresponding to the complete IC circuit design IP provenance pattern to form an overall workflow provenance hash pattern.
  • a complete IC circuit design IP provenance pattern, an overall workflow provenance pattern, and/or the hash patterns corresponding thereto can facilitate or enable IP provenance tracking / auditing for any IC designed by way of a system 10 in accordance with an embodiment of the present disclosure, as well as IP provenance tracking / auditing for the corresponding manufactured IC.
  • FIG. 10 is a schematic illustration showing aspects of a secure encrypted backup system 800 configured for performing a secure encrypted backup procedure in accordance with an embodiment of the present disclosure.
  • the secure encrypted backup system 800 includes a graph-reduced map analytics engine 810, a composite execution signature comparator 820, and a data backup manager 830, which are configured for enabling secure backup of all data within the virtualized semiconductor DTRM system 210 for disaster recovery purposes.
  • the contents of the virtualized semiconductor DTRM system's databases 400 including the workflow property graphs 510 and corresponding workflow execution property graphs and data associated therewith or identified thereby, can be defined as the computational execution provenance for the entire virtualized semiconductor DTRM system 210.
  • the graph-reduced map analytics engine 810 is configured for analyzing each workflow property graph model 510 and each corresponding workflow execution property graph model of the virtualized semiconductor DTRM system 210, and generating a composite execution signature corresponding to the virtualized semiconductor DTRM system's collective workflow property graphs 510 and corresponding workflow execution property graphs across multiple distinct time intervals or time periods. For instance, during a first time interval, the graph-reduced map analytics engine 810 can analyze each workflow property graph model 510 and each corresponding workflow execution property graph model and generate a first composite execution signature corresponding to the first time interval; and during a second time interval, further analyze each workflow property graph model 510 and each corresponding workflow execution property graph model and generate a second composite execution signature corresponding the second time interval. Any given composite execution signature defines a computational execution provenance signature for the virtualized semiconductor DTRM system 210.
  • the composite execution signature comparator 820 compares a composite execution signature generated during a current time interval (e.g., the second time interval) with the composite execution signature generated during an immediately preceding time interval (e.g., the first time interval); and generates a composite execution signature delta pattern that represents the difference between each such composite execution signature.
  • the delta pattern indicates or specifies an incremental backup dataset that is to be remotely stored as a snapshot of the most-current execution state of the entire virtualized semiconductor DTRM system 210.
  • the data backup manager 830 collects the data forming the incremental backup dataset, encrypts it, and stores the encrypted incremental backup dataset at one or more predetermined geographic locations that are physically remote from the physical location(s) of the overall cloud environment 200 within which the virtualized semiconductor DTRM system 210 operates.
  • Such encryption can involve an encryption key that is accessible to or maintained / owned by the tenant corresponding to the virtualized semiconductor DTRM system 210.
  • the data backup manager 830 maintains and monitors a secure communication channel by which communication with a remote data backup coordination system or coordinator 900 occurs on an ongoing basis. Such communication thus establishes or defines a disaster recovery tether between the data backup manager 830 and the remote data backup coordinator 900.
  • the data backup manager 830 sets the execution state of the virtualized semiconductor DTRM system 210 to "dissociated," indicating that the disaster recovery tether has been severed.
  • the virtualized semiconductor DTRM system 210 initiates a shutdown procedure and transitions to a shutdown state with respect to access to tenant information within the databases 400.
  • embodiments in accordance with the present disclosure not limited to systems and methods for semiconductor DRTM workflow and semiconductor design digital rights management, but are also applicable to other types of workflow and digital rights management environments.
  • pharmaceutical programming teams have become increasingly geographically distributed, and the tasks performed by such teams have become increasingly complex. Such tasks can rely upon or be defined in accordance with complex processing sequences that are performable by way of programmatic actions.
  • Pharmaceutical programming workflows can include workflow phases corresponding to clinical data management, biostatistics, statistical programming, for instance, and regulatory submissions, for instance, for purpose of drug testing and development. Such workflows can govern the development and validation of statistical programs using independent double programming practice; the interaction between statisticians and programming teams; and the management and enforcement of secure standardized proprietary information exchange between a pharmaceutical company sponsor and an external partner, such as a clinical research organization (CRO).
  • CRO clinical research organization
  • pharmaceutical industry workflows such as pharmaceutical programming workflows
  • workflows can be securely managed and executed entirely within a cloud environment 200 by way of dynamically allocated virtualized servers and associated virtualized computing resources that provide, for any given pharmaceutical industry cloud tenant, a virtualized workflow and proprietary information management system, which is configured for providing some or each of a virtual desktop management system; a role -based user access, data control, and monitoring system; a plurality of databases; a workflow editor; at least one virtual machine workflow execution environment; a graph based workflow execution tracking and compliance enforcement system; a graph based digital rights management system; and an encrypted backup system in accordance with an embodiment of the present disclosure.
  • aspects of particular embodiments in accordance with the present disclosure address at least one aspect, problem, limitation, and/or disadvantage associated with existing cloud based systems and techniques for managing multi-organizational workflows and the usage and generation of proprietary information associated therewith. While features, aspects, and/or advantages associated with certain embodiments have been described herein, other embodiments can also exhibit such features, aspects, and/or advantages, and not all embodiments need necessarily exhibit such features, aspects, and/or advantages to fall within the scope of the present disclosure and the claims corresponding thereto.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A multi-tenant cloud based system for secure scientific / engineering workflow and digital rights management includes (a) cloud tenant client machines configured such that non-display data storage and data export are disabled; and (b) a cloud environment providing for each cloud tenant: (1) a virtual desktop client machine management system; (2) a software defined network (SDN) based project isolation and security system; (3) a four-factor user login authentication system; (4) a role based user access, data control, and monitoring system; (5) a graph database in which scientific / engineering workflows are stored as workflow graph property models, (6) virtualized servers configurable to provide at least one workflow execution environment; (7) a graph based workflow execution tracking and compliance enforcement system; (8) a graph based digital rights management system configured for generating an intellectual property (IP) provenance pattern uniquely corresponding to IP consumed and/or produced in association with workflow execution; and (9) an encrypted backup system. Such a system can form portions of a virtualized design-to-release manufacturing (DTRM) system, such as a virtualized semiconductor DTRM system.

Description

MULTI-TENANT CLOUD BASED SYSTEMS AND METHODS FOR SECURE SEMICONDUCTOR DESIGN-TO-RELEASE MANUFACTURING WORKFLOW
AND DIGITAL RIGHTS MANAGEMENT Technical Field
Aspects of the present disclosure are directed to multi-tenant cloud based systems and methods for securely managing scientific, engineering, and/or other types of multi-party workflows; managing, tracking, and auditing the utilization and generation of proprietary information, including internal and third party intellectual property (IP), associated with the execution of such workflows. Particular aspects of the present disclosure are directed to multi-tenant cloud based systems and methods for securely managing multi- organizational semiconductor design-to-release manufacturing (DTRM) workflows and tracking / auditing semiconductor design IP provenance associated with semiconductor product design workflow execution.
Background
Technological evolution has given rise to increasingly complex technological products, such as semiconductor integrated circuit (IC) chips, which can be characterized by greatly increased structural and functional complexity over time, as well as greatly increased design and manufacturing process complexity over time. The design and production of various types of modern technological products requires (a) the provision of many complex design inputs to many complex, highly structured, and appropriately sequenced design processes, which generate highly complex design outputs that are themselves used as inputs to particular design processes; and (b) the performance of many complex, highly structured, and appropriately sequenced production processes that correspondingly require multiple complex production inputs, and which generate complex production outputs that are used as inputs to particular production processes.
As the complexity of designing and manufacturing technological products has increased over time, it has become highly resource and cost prohibitive, and hence effectively infeasible, for a single corporate entity or organization to successfully or competitively provide the majority of functions required for designing and manufacturing such products. Consequently, supply chains associated with complex technological product design and manufacture have become increasingly disaggregated, or more horizontal, over time at key supply chain inflection points. Such supply chains are thus multi- organizational, where any given organization involved with a complex technological product's design or manufacture provides only a specialized subset of functions with respect to the overall supply chain.
To successfully produce an intended complex technological product by way of a particular type of production process (e.g., a high volume production process), the product must be designed in a manner that satisfies specific predefined production process requirements. With respect to designing an intended complex technological product in a manner that satisfies specific production process requirements, a scientific or engineering design workflow, or more particularly, a scientific or engineering design-to- release manufacturing (DTRM) workflow, can be defined. For a given scientific or engineering project directed to designing a particular product under consideration, the DTRM workflow specifies a set of inputs required and a set of outputs produced by any individual design process that falls within the scope of designing the product. The DTRM workflow further links multiple distinct design processes in an appropriately sequenced manner for generating a set of final design outputs that can be provided as a set of inputs to a production workflow for producing the product in accordance with the predefined production process requirements.
The execution of a DTRM workflow for a complex technological product involves interaction between multiple organizations as a result of the aforementioned supply chain disaggregation. More particularly, the execution of a DTRM workflow by multiple organizations is characterized by information exchange between the organizations, in accordance with the specific requirements of the design workflow, with which each organization must comply. The information provided by any given organization typically includes proprietary information, i.e., intellectual property (IP), which is unique to the organization from which it came, which must be kept strictly confidential, and which should be identifiable / traceable / trackable in the product design. Additionally, the performance of one or more design processes can result in the generation of additional proprietary information or IP, which is unique to the organization that performed the process(es) that resulted in the additional IP, which must be kept strictly confidential, and which should be identifiable / traceable / trackable in the product design.
With respect to semiconductor IC design, the supply chain includes four categorical types of participants or organizations, namely, IC chip manufacturing foundries; IP "building block" or IP core providers; electronic design automation (EDA) tool providers; and IC design companies that employ IC designers organized into one or more IC design teams for purpose of designing specific types of semiconductor IC products. Any given semiconductor DTRM workflow is generated and validated in a manner that requires compliance with specific workflow requirements by each of such types of organizations. Unfortunately, semiconductor IC design companies face high or very high costs with respect to acquiring licenses to EDA tools that are best suited for designing forthcoming products in accordance with a current product design cycle and current manufacturing technology capabilities. Additionally, semiconductor IC design companies face difficulties with respect to executing semiconductor DTRM workflows in a manner that enforces IP workflow compliance and strict IP confidentiality; high profile IP breaches, including IP theft, have been known to occur.
A need exists for a cost effective, computationally adaptive, highly secure system and method for managing semiconductor DTRM and other complex scientific / engineering workflows, and the usage, generation, and tracking of digital rights associated therewith.
Summary
In accordance with an aspect of the present disclosure, a multi-tenant cloud based system for secure management of scientific / engineering workflows and digital rights associated therewith provides a plurality of client machines corresponding to each of a plurality of cloud tenants, which are configured for secure, strictly controlled communication with a cloud environment within which workflow management, workflow execution, and associated digital rights tracking occurs. Each client machine is configured such that non-display data storage and transfer are disabled, including local storage of information other than for purpose of display by the client machine. Each client machine serves as a strictly controlled selective data import function and a command / instruction input function for communication with the cloud environment. That is, each client machine provides a strictly controlled selective window, function, or service with respect to (a) the export of data from the cloud environment to the client machine, or equivalently, the import of data to the client machine from the cloud environment; and (b) the input of commands to the client machine and the transfer of such commands to the cloud environment.
The cloud environment is configured for providing dynamically allocatable virtualized computing resources including, for each cloud tenant, at least some of: (a) a virtual desktop management system configured for exchanging data with client machines in accordance with a remote desktop / display protocol; (b) a role based user access, data control, and monitoring system configured for securely controlling and monitoring each user's access to and usage of cloud environment resources and data in accordance with predefined user roles; (c) a plurality of databases including at least one graph database in which scientific / engineering workflows corresponding to the cloud tenant are stored as workflow graph property models, wherein each workflow property graph model can have an execution state machine corresponding thereto or stored as a portion thereof, in association with which an intended or expected workflow execution state can be defined or determined; (d) a plurality of virtualized servers configurable to provide at least one workflow execution environment corresponding to the cloud tenant, within which workflow execution occurs; (e) a graph based workflow execution tracking and compliance enforcement system corresponding to each of the cloud tenant's workflow execution environments, which is configured for monitoring workflow execution and determining whether workflow compliance violations have occurred; (f) a graph based digital rights management system corresponding to each of the client's workflow execution environments, which is configured for generating one or more intellectual property (IP) provenance patterns that uniquely correspond to IP consumed and/or produced in association with the execution of a given workflow; and (g) an encrypted backup system configured for generating a current incremental backup dataset corresponding to each of the cloud tenant's databases, workflows, workflow execution environments, and workflow execution states. Those portions of the system corresponding to each cloud tenant, other than the cloud tenant's client machines, can form portions of a virtualized design-to-release manufacturing (DTRM) system corresponding to the tenant, such as a virtualized semiconductor DTRM system. With respect to a first workflow corresponding to a first cloud tenant: the first workflow is stored in the first cloud tenant's plurality of databases as a first workflow property graph model, which has a first execution state machine corresponding thereto; a first graph based workflow execution tracking and compliance enforcement system is configured for dynamically generating a first workflow execution property graph model during execution of the first workflow, which indicates whether any workflow execution violations have occurred during first workflow execution; and a first graph based digital rights management system is configured for generating at least one IP provenance pattern corresponding to IP utilized and/or IP generated during execution of the first workflow. With respect to a second workflow corresponding to a second cloud tenant: the second workflow is stored in the second cloud tenant's plurality of databases as a second workflow property graph model, which has a second execution state machine corresponding thereto; a second graph based workflow execution tracking and compliance enforcement system is configured for dynamically generating a second workflow execution property graph model during execution of the second workflow, which indicates whether any workflow execution violations have occurred during second workflow execution; and the graph based digital rights management system is configured for generating at least one IP provenance pattern corresponding to IP utilized and/or IP generated during execution of the second workflow. For any given cloud tenant, all data, workflows, workflow related IP, workflow execution environments, workflow execution tracking and monitoring results, IP provenance patterns, and incremental backup data are securely segregated from each other cloud tenant, such as by way of separate virtualized DTRM systems corresponding to each cloud tenant, where communication between a given cloud tenant's virtualized DTRM system and that of another cloud tenant is prohibited. Furthermore, for any given cloud tenant, no portions of any design data, workflows, workflow related IP, workflow execution environment, workflow execution tracking and monitoring results, IP provenance patterns, or incremental backup data reside on or are stored / storable for purpose other than display by any client machine at any time. Furthermore, data transfer is prohibited from client machines to destinations other than portions of the cloud environment corresponding to the cloud tenant under consideration.
In accordance with an aspect of the present disclosure, for each cloud tenant of a cloud computing system for secure management and execution of scientific or engineering workflows across multiple cloud tenants, the cloud computing system includes: (a) a set of client machines, each client machine comprising hardware and software resources providing a virtual desktop having a data import function and a command input function by which a user associated with the cloud tenant views data and inputs commands, respectively, each client machine having non-display data storage and data export functions disabled, including local storage of information other than for purpose of display by the client machine; and (b) a set of cloud based dynamically allocatable virtualized computing resources configured for remote communication with the set of client machines. The set of cloud based dynamically allocatable virtualized computing resources includes: a central graph database storing a set of workflows, each workflow including a property graph model defining a plurality of workflow phases, wherein for each workflow phase the property graph model defines one or more input datasets, a set of virtualized computing resources utilized for execution of the workflow phase, and one or more output datasets, wherein the property graph model has a reference finite state machine (FSM) corresponding thereto by which an expected workflow execution state is determinable; at least one virtual machine workflow execution environment including a set of virtual machines, each virtual machine workflow environment configured for executing the phases of a workflow stored within the set of graph databases in response to commands received from one or more client machine users by way of the set of client machines; a user roles database storing a user role corresponding to each user associated with the cloud computing tenant, each user role defining a set of rules specifying actions the user corresponding thereto can and cannot perform, and the dynamically allocatable virtualized computing resources that the user can and cannot access, utilize, and modify, including workflows, workflow phases, workflow phase input datasets, and workflow phase output datasets; and a role based user access, data control, and monitoring system configured for securely controlling and monitoring each user's access to and usage of the dynamically allocatable virtualized computing resources in accordance with the user roles stored within the user roles database.
The set of cloud based dynamically allocatable virtualized computing resources can further include a software defined network (SDN) based project isolation and security system configured for establishing, for each client machine user corresponding to a given cloud tenant, a polymorphic virtual machine computing element configured for communication with a client machine corresponding to the client machine user, by which the client machine user communicates with a specific project management virtual machine corresponding to a specific project by way of an encrypted communication tunnel between the polymorphic virtual machine and the specific project management virtual machine.
The SDN based project isolation and security system can further be configured for: connecting a virtual local area network (VLAN) corresponding to the polymorphic virtual machine to a VLAN corresponding to the specific project in response to a project-specific connection request; preventing the polymorphic virtual machine from accessing a local file system corresponding thereto; and replacing polymorphic virtual machine access to its local file system with polymorphic virtual machine access to a file system corresponding to the specific project that is coupled to the project management virtual machine corresponding to the specific project. The set of cloud based dynamically allocatable virtual computing resources further includes a graph based workflow execution tracking and compliance enforcement system corresponding to each workflow execution environment, which is configured for monitoring and analyzing the computational behavior of virtual machines corresponding to a given workflow and determining whether compliance violations have occurred during the execution of the workflow.
The graph based workflow execution tracking and compliance enforcement system is configured for dynamically generating a workflow execution property graph model during the execution of a given workflow corresponding to the computational behavior of virtual machines that are active during execution of the workflow. The graph based workflow execution tracking and compliance enforcement system can be configured for issuing workflow compliance violation notifications to each user responsible for a compliance violation.
The set of cloud based dynamically allocatable virtualized computing resources can further include a graph based digital rights management system corresponding to each workflow execution environment, which is configured for generating a set of intellectual property (IP) provenance patterns that uniquely correspond to IP consumed and/or produced in association with the execution of a given workflow. The graph based digital rights management system can be configured for generating a unique IP provenance pattern corresponding to each workflow phase output dataset. The graph based digital rights management system can be configured for generating a hash pattern from a unique IP provenance pattern corresponding to an overall product design corresponding to the outputs of each workflow phase.
Each client machine can include: a processing unit; a display device coupled to the processing unit; a set of user input devices coupled to the processing unit; a network interface unit coupled to the processing unit; a memory coupled to the processing unit, the memory including a display memory and a command instruction memory; and a removable operating system device coupleable to the processing unit and having an encrypted operating system thereon, wherein operating system support for non-display data storage and transfer as well as local storage of information other than information displayed by the client machine are disabled. Each client machine can further include a one time password device configured for communication with the client machine.
The set of cloud based dynamically allocatable virtualized computing resources can further include a user authentication manager configured for performing a four-factor user authentication procedure comprising authentication of each of a user password, an automatically generated one time password, a client machine hardware signature, and a client machine operating system signature.
For each cloud tenant, the set of client machines and the set of cloud based dynamically allocatable virtualized computing resources can be configured as a virtualized semiconductor Design to Release Manufacturing (DTRM) system, and wherein each workflow corresponds to a semiconductor DTRM workflow. For each cloud tenant's virtualized semiconductor DTRM system, the system provides a single semiconductor product design environment that is entirely cloud resident, wherein no portions of the semiconductor product design environment other than visual representations thereof reside on any client machine at any time, and no design data is providable to any client machine at any time other than for purpose of display thereon, and wherein semiconductor DTRM workflow execution, monitoring, and analysis occurs entirely in the cloud. In such a configuration, the set of cloud based dynamically allocatable virtualized computing resources further includes a set of Electronic Design Automation (EDA) tool libraries storing a plurality of EDA tools that are implemented by way of dynamically allocatable virtual machines, and wherein each virtual machine within the at least one virtual machine execution environment corresponds to a virtualized Electrronic Design Automation (EDA) tool. Additionally, the set of cloud based dynamically allocatable virtualized computing resources further includes a set of Process Development Kit (PDK) libraries and a set of third party semiconductor design IP block libraries. In accordance with an aspect of the present disclosure, a process for secure management and execution of scientific or engineering workflows across multiple cloud tenants includes: (a) for each cloud tenant, providing a set of client machines, each client machine including hardware and software resources providing a virtual desktop having a data import function and a command input function by which a user associated with the cloud tenant views data and inputs commands, respectively, each client machine having non-display data storage and data export functions disabled, including local storage of information other than for purpose of display by the client machine; (b) for each cloud tenant, providing a set of cloud based dynamically allocatable virtualized computing resources configured for remote communication with the set of client machines, the set of cloud based dynamically allocatable virtualized computing resources including: (i) a central graph database storing a set of workflows corresponding to the cloud tenant, each workflow comprising a property graph model defining a plurality of workflow phases, wherein for each workflow phase the property graph model defines one or more input datasets, a set of virtualized computing resources utilized for execution of the workflow phase, and one or more output datasets, wherein the property graph model has a reference finite state machine (FSM) corresponding thereto by which an expected workflow execution state can be determined; (ii) at least one virtual machine workflow execution environment comprising a set of virtual machines, each virtual machine workflow environment configured for executing the phases of a workflow stored within the set of graph databases; and (iii) a user roles database storing a user role corresponding to each user associated with the cloud tenant, each user role defining a set of rules specifying actions the user corresponding thereto can and cannot perform, and the dynamically allocatable virtualized computing resources that the user can and cannot access, utilize, and modify, including workflows, workflow phases, workflow phase input datasets, and workflow phase output datasets; and (c) for each cloud tenant, performing workflow execution management operations including: (i) receiving user commands directed to the set of cloud based dynamically allocatable virtualized computing resources by way of the set of client machines associated with the cloud tenant, the user commands corresponding to the execution of a given workflow corresponding to the cloud tenant; and (ii) controlling and monitoring access to and usage of the set of dynamically allocatable virtualized computing resources by each user associated with the cloud tenant during workflow execution in accordance with the user roles stored within the user roles database.
Providing the set of cloud based dynamically allocatable virtualized computing resources can further include providing a software defined network (SDN) based project isolation and security system, and the process can further include for each client device user corresponding to a given client tenant, establishing a polymorphic virtual machine computing element configured for communication with a client machine corresponding to the client machine user, by which the client machine user communicates with a specific project management virtual machine corresponding to a specific project by way of an encrypted communication tunnel between the polymorphic virtual machine and the specific project management virtual machine.
The process can additionally include connecting a virtual local area network (VLAN) corresponding to the polymorphic virtual machine to a VLAN corresponding to the specific project in response to a project-specific connection request; preventing the polymorphic virtual machine from accessing a local file system corresponding thereto; and replacing polymorphic virtual machine access to its local file system with polymorphic virtual machine access to a file system corresponding to the specific project that is coupled to the project management virtual machine corresponding to the specific project. The workflow execution management operations can further include monitoring and analyzing the computational behavior of virtual machines corresponding to the given workflow and determining whether compliance violations have occurred during the execution of the given workflow. Monitoring and analyzing the computational behavior of virtual machines corresponding to the given workflow can include dynamically generating a workflow execution property graph model during the execution of the given workflow corresponding to the computational behavior of virtual machines that are active during execution of the given workflow. Monitoring and analyzing the computational behavior of virtual machines corresponding to the given workflow can additionally or alternatively include issuing workflow compliance violation notifications to each user responsible for a compliance violation.
The process can also include generating a set of intellectual property (IP) provenance patterns that uniquely correspond to IP consumed and/or produced in association with the execution of the given workflow. The process can include generating a unique IP provenance pattern corresponding to each workflow phase output dataset corresponding to the given workflow; and generating a hash pattern from a unique IP provenance pattern corresponding to an overall product design corresponding to the outputs of each workflow phase.
Providing the set of client machines can include providing for each client machine a removable operating system device coupleable to the client machine and having an encrypted operating system thereon, wherein operating system support for non-display data storage and transfer as well as local storage of information other than information displayed by the client machine are disabled. Providing the set of client machines can further include providing for each client machine a one time password device configured for communication with the client machine.
The process can include for each cloud tenant providing four-factor user authentication operations for each user associated with the cloud tenant, wherein the four-factor user authentication operations comprise authentication of each of a user password, an automatically generated one time password, a client machine hardware signature, and a client machine operating system signature.
Each cloud tenant the set of client machines and the set of cloud based dynamically allocatable virtualized computing resources can establish or provide a virtualized semiconductor Design to Release Manufacturing (DTRM) system, wherein each workflow corresponds to a semiconductor DTRM workflow, and wherein the process includes providing a single semiconductor product design environment corresponding to the cloud tenant that is entirely cloud resident, wherein no portions of the semiconductor product design environment other than visual representations thereof reside on any client machine at any time, and no design data is providable to any client machine at any time other than for purpose of display thereon, and wherein semiconductor DTRM workflow execution, monitoring, and analysis occurs entirely in the cloud.
Such a process can further include for each cloud tenant providing a set of Electronic Design Automation (EDA) tool libraries storing a plurality of EDA tools that are implemented by way of dynamically allocatable virtual machines, and wherein each virtual machine within the at least one virtual machine execution environment corresponds to a virtualized Electronic Design Automation (EDA) tool; and providing for each cloud tenant a set of Process Development Kit (PDK) libraries and a set of third party semiconductor design IP block libraries.
Brief Description of the Drawings
FIG. 1 is a schematic illustration showing portions of a multi-tenant cloud based system for secure semiconductor design-to-release manufacturing (DTRM) workflow and digital design rights management in accordance with an embodiment of the present disclosure.
FIG. 2 is a block diagram of a client machine in accordance with an embodiment of the present disclosure.
FIG. 3 is a schematic illustration showing portions of a virtualized semiconductor DTRM system in accordance with an embodiment of the present disclosure.
FIG. 4A is a flow diagram of a software defined network (SDN) based project connect / disconnect process in accordance with an embodiment of the present disclosure. FIG. 4B is a schematic illustration showing aspects by which a client machine user under consideration connects to a specific project under consideration in association with the process of FIG. 4A. FIG. 5 illustrates portions of a role based user access, data control, and monitoring system in accordance with an embodiment of the present disclosure.
FIG. 6A illustrates aspects of a four factor user authentication procedure in accordance with an embodiment of the present disclosure.
FIG. 6B is a flow diagram of a digital operating system signature authentication error response or recovery procedure in accordance with an embodiment of the present disclosure. FIG. 7 illustrates portions of a representative simplified semiconductor design to release manufacturing (DTRM) workflow in accordance with an embodiment of the present disclosure, in which the workflow is represented and stored as a property graph model.
FIG. 8 illustrates portions of a representative graph-based workflow execution tracking and compliance enforcement system in accordance with an embodiment of the present disclosure.
FIG. 9 illustrates portions of a graph based digital rights management system in accordance with an embodiment of the present disclosure.
FIG. 10 is a schematic illustration showing aspects of a secure encrypted backup system configured for performing a secure encrypted backup procedure in accordance with an embodiment of the present disclosure. Detailed Description
In the present disclosure, depiction of a given element or consideration or use of a particular element number in a particular FIG. or a reference thereto in corresponding descriptive material can encompass the same, an equivalent, or an analogous element or element number identified in another FIG. or descriptive material associated therewith. The use of "/" in a FIG. or associated text is understood to mean "and/or" unless otherwise indicated. The recitation of a particular numerical value or value range herein is understood to include or be a recitation of an approximate numerical value or value range (e.g., within +/- 5%, +/- 10%, +/- 15%, or +/- 20%).
As used herein, the term "set" corresponds to or is defined as a non-empty finite organization of elements that mathematically exhibits a cardinality of at least 1 (i.e., a set as defined herein can correspond to a unit, singlet, or single element set, or a multiple element set), in accordance with known mathematical definitions (for instance, in a manner corresponding to that described in An Introduction to Mathematical Reasoning: Numbers, Sets, and Functions, "Chapter 11 : Properties of Finite Sets" (e.g., as indicated on p. 140), by Peter J. Eccles, Cambridge University Press (1998)). In general, an element of a set can include or be a system, an apparatus, a device, a structure, an object, a process, a parameter, or a value depending upon the type of set under consideration.
The term "project workflow" or "workflow" as used herein encompasses a specifically structured / organized representation of work activities in accordance with which multiple parties associated with multiple organizations (e.g., multiple distinct companies and/or business units) can perform particular types of scientific / engineering work that are necessary for completing a given type of scientific / engineering project. Each project workflow includes or defines a plurality of predefined work stages, steps, or phases, and each phase includes or defines one or more predetermined types of activities, tasks, or operations. Any given phase or task has associated therewith a set of inputs or input datasets, which can include one or more predetermined inputs / input datasets and/or one or more user selectable inputs / input datasets; and at least one predefined output / output dataset. Workflow phases and their corresponding tasks are intentionally organized or sequenced such that the performance or execution of each of the phases and the tasks therein by a plurality of individuals, participants, groups, and/or teams and the corresponding task-to-task and phase-to-phase flow of information (e.g., output datasets) results in the generation or production of a specified or intended result, such as a verified definition, design, and/or generation of a manufacturable or manufactured product.
Overview
Embodiments in accordance with the present disclosure are directed to multi-tenant cloud based systems and processes by which the management, execution, monitoring, and analysis of project workflows, and associated digital rights management, occurs by way of cloud resident virtual machines. More particularly, embodiments in accordance with the present disclosure are configured for securely and dynamically managing (a) scientific, engineering, and/or other types of multi-participant / multi-party / multi-team / multi-organizational workflows; (b) access to and utilization of proprietary information during workflow execution, including the selective or selectable incorporation of intellectual property (IP) resources such as IP blocks (e.g., third party IP blocks) into workflow phase or task inputs / input datasets and the generation of IP output / output datasets corresponding to workflow phases; and (c) proprietary information / IP resource provenance tracking or tracing within and across each workflow phase, where IP resource provenance tracking encompasses source of origin / ownership verification and project point of usage authentication for each IP block utilized as a workflow task input / input dataset.
Representative types of scientific, engineering, or other complex workflows to which particular embodiments in accordance with the present disclosure are applicable include semiconductor design-to-release manufacturing workflows, pharmaceutical or life sciences related workflows (e.g., pharmaceutical drug development / programming workflows), and other types of workflows. For purpose of brevity, clarity, and to aid understanding, the following description primarily describes embodiments that are directed to multi-tenant cloud based systems and methods for secure semiconductor design-to-release manufacturing (DTRM) workflow and semiconductor design digital rights management by which semiconductor products, such as Systems on a Chip (SoC) and/or other type of integrated circuits (ICs), can be designed. Notwithstanding, an individual having ordinary skill in the relevant art will recognize that embodiments in accordance with the present disclosure are not limited to systems and methods for semiconductor DRTM workflow and semiconductor design digital rights management.
FIG. 1 is a schematic illustration showing portions of a multi-tenant cloud based system 10 for secure semiconductor DTRM workflow and IP design rights management in accordance with an embodiment of the present disclosure. The system 10 provides or includes a cloud computing environment or cloud 200 providing cloud computing infrastructure including a cloud computing resource provisioning system 202 by which cloud resident or otherwise virtualized cloud computing resources (e.g., hardware, software, finite automata, and/or data storage resources) can be dynamically allocated in accordance with computational requirements or demands corresponding to a plurality of cloud tenants (e.g., tenant 1 to tenant k) for defining, managing, and executing semiconductor DTRM workflows and managing or tracking digital rights associated therewith. More particularly, the cloud provisioning system 200 is configured for dynamically allocating virtual servers 212 and associated cloud based / virtualized computing resources (e.g., database resources) to each active cloud tenant for securely managing, executing, monitoring, and analyzing aspects of each tenant's semiconductor DTRM workflow execution and IP design rights corresponding thereto. As further described below, for any given tenant, such virtual machines 212 and the associated cloud based / virtualized computing resources form portions of a dynamically allocatable virtualized semiconductor DTRM system 210 corresponding to the tenant. The system 10 additionally includes a firewall 204 and a high performance switching fabric 206 corresponding to each virtualized semiconductor DTRM system 210, in a manner readily understood by an individual having ordinary skill in the relevant art.
For each cloud tenant, the system 10 includes a plurality of client machines 100 that are locally accessible to tenant users (e.g., project managers, design engineers, and consultants / contractors), and which are remotely couplable or coupled to the tenant's virtualized semiconductor DTRM system 210 within the cloud environment 200. Such client machines 100 can remotely communicate with the virtualized semiconductor DTRM system 210 by way of one or more computer networks including the Internet, and a secure communication mechanism, for instance, involving secure sockets layer (SSL) virtual private networking (VPN). In accordance with embodiments of the present disclosure, the system 10 is configured such that for each cloud tenant, (a) the entire semiconductor product design infrastructure and each product design environment resides in the cloud 200, including product design workflows, design datasets, design tools, and process design kits (PDKs); and (b) semiconductor DTRM workflow execution, monitoring, and analysis occurs entirely in the cloud 200. Each client machine 100 is configured for providing only a virtual desktop having a visual / graphical user interface (UI) by which an authorized user having a predefined role relevant to a given workflow under consideration, such as a product design engineer designated for performing certain tasks within one or more phases of a given project workflow, or a product manager responsible for overseeing one or more specified project workflows, can view particular cloud-resident information based upon their user role, and issue particular types of instructions / commands (e.g., through terminal prompts, such as by way of Secure Shell (SSH) or Telnet) to a virtualized semiconductor DTRM system 210 with which the client machine 100 is configured to communicate. Any given client machine 100 corresponding to a given tenant includes hardware and software resources configured for providing a virtual desktop having a data import function by way of which desktop screen display data is transferred to the client machine 100 from a particular virtualized semiconductor DTRM system 210 corresponding to the tenant; and a command input function by which the client machine 100 transfers commands to this DTRM system 210 by way of client machine user input. In response to instructions / commands received from an associated client machine 100, a virtualized semiconductor DTRM system 210 can perform particular types of operations / processes / procedures for managing, monitoring, and analyzing the execution of a workflow under consideration in accordance with the role of the particular user that is interacting with the client machine 100; as well as track / authenticate corresponding IP resource provenance, as further detailed below. The system 10 provides only a single design environment corresponding to each virtualized semiconductor DTRM system 100, which resides entirely within the cloud environment 200. No portions of a semiconductor product design infrastructure or design environment, other than certain visual / displayed representations thereof, reside on any given client machine 100 at any time. No design data is providable or provided to any client machine 100 at any time other than for purpose of display thereon; and hence no design data is communicable or transferrable from any client machine 100 to another device or machine external to the cloud 200 at any time. In view of the foregoing, the system 10 is not burdened by (a) computing resource duplication requirements, (b) client machine - remote design environment synchronization requirements, or (c) large data transfer requirements associated with excess capacity cloud computing configurations in the prior art. FIG. 2 is a block diagram of a client machine 100 in accordance with an embodiment of the present disclosure. In various embodiments, the client machine 100 includes a processing unit 110; a display device 120 (e.g., a flat panel display); a set of user input / output devices 130 (e.g., a mouse and a keyboard); an operating system device 140 that is removable / decouplable from the client machine 100, and upon which a customized encrypted client machine operating system resides; a one-time password generation device 150; a network interface / communication unit 160; and memory 170, which are configured for signal / data communication by way of a set of communication pathways such as buses 102. The memory 170 includes a display memory 172 and a client instruction / command memory 174.
The client machine 100 is configured such that the customized operating system boots directly from the removable operating system device 140. The removable operating system device 140 can interface with the client machine 100 by way of a standard communication port, such as a Universal Serial Bus (USB) port. The operating system is configured such that operating system support for non-display data storage and transfer as well as local storage of information other than information displayed by the client machine 100 are disabled. The client machine 100 thus serves as a strictly controlled selective data export window with respect to the export of data from the virtualized semiconductor DTRM system 100 to the client machine 100, and a strictly controlled command / instruction input window with respect to the transfer of commands to the virtualized semiconductor DTRM system 100. Stated analogously or equivalently, the client machine 100 serves as or provides a strictly controlled selective data import function with respect to the import of data into the client machine 100 from the virtualized semiconductor DTRM system 100, and serves as or provides a strictly controlled selective command input function with respect to the transfer of commands from the client machine 100 to the virtualized semiconductor DTRM system 100. The one-time password generation device 150 includes or is a physical token that is configured for automatically generating a one-time password required for user login purposes as set forth below, and can be, for instance, a Yubikey USB device (Yubico, Inc., Palo Alto, CA USA).
FIG. 3 is a schematic illustration showing portions of a virtualized semiconductor DTRM system 210 in accordance with an embodiment of the present disclosure. In general, a virtualized semiconductor DTRM system 210 includes a plurality of dynamically allocated virtualized servers 212 and associated virtualized computing resources for managing, executing, monitoring, and analyzing project workflows as well as IP inputs / input datasets and IP outputs / output datasets corresponding thereto, for a given cloud tenant. In various embodiments, the virtualized semiconductor DTRM system 210 includes a virtual desktop management system 220; a software defined network (SDN) based project isolation and security system 230; a role based user access, data control, and monitoring system 300; a plurality of databases 400; a workflow editor 480; at least one virtual machine workflow execution environment 500; a graph based workflow execution tracking and compliance enforcement system 600 as well as a graph based digital rights management system 700 corresponding to each virtual machine workflow execution environment 500; and an encrypted backup system 800. The virtual desktop management system 220 provides a virtual desktop infrastructure that is configured for transferring data to and receiving data from client machines 100 in accordance with a remote desktop / display protocol. The virtual desktop management system 220 can include, for instance, a set of virtual network computing servers in a manner readily understood by an individual having ordinary skill in the relevant art.
The SDN based project isolation and security system 230 is configured for communication with the virtual desktop management system 200, and establishes or provides a polymorphic virtual machine computing element (e.g., a Paladin-based virtual machine or Paladin- VM) corresponding to each client machine user that attempts to initiate or initiates a connection to a specific project corresponding to one or more semiconductor DTRM workflows or portions thereof stored on the virtualized semiconductor DTRM management system 210. In various embodiments, as part of establishing the connection, the SDN based project isolation and security system 230 morphs the polymorphic virtual machine computing element into a software defined network pair defined as a virtual local area network (VLAN) in combination with an Internet Protocol (IP) network. Additionally, the SDN based project isolation and security system 230 effectively "jails" the polymorphic virtual machine computing element within a set of data storage resources (e.g., a "jail folder") corresponding to the project; and replaces the local file system of the polymorphic virtual machine computing element with one or more predetermined portions of a project-owned file system. The SDN based project isolation and security system 230 further establishes an encrypted communication path or tunnel (e.g., a virtual private network (VPN) tunnel) between the polymorphic virtual machine computing element and internal project storage of the virtualized semiconductor DTRM system 210 (e.g., corresponding to particular information for the project under consideration, which resides in the databases 400), thereby completing the connection. In response to a user request or command to disconnect from the project, the SDN based project isolation and security system 230 retains or maintains control of the "jail folder" and its contents, and the SDN based project isolation and security system 230 frees the polymorphic virtual machine computing element from the project-owned file system. As a result, the client machine user under consideration is unable to use the encrypted connection to copy any project- owned data to the polymorphic virtual machine computing element's own file system, thereby preventing exportation of project data. Also, in various embodiments the SDN based project isolation and security system 230 enables the client machine user to connect to only one particular project at a time, thereby isolating the user from other projects and preventing cross-project data contamination. Aspects of the SDN based project isolation and security system 230 are further described in detail below.
FIG. 4A is a flow diagram of an SDN-based project connect / disconnect process 270 in accordance with an embodiment of the present disclosure, by which the SDN based project isolation and security system 230 establishes, manages, or controls a given client machine user connection to a specific project (e.g., Project- 1 in a representative example), and prevents the client machine user from connecting to or accessing other projects while connected to the specific project under consideration. FIG. 4B is a corresponding schematic illustration showing aspects by which the client machine user under consideration connects to the specific project under consideration (i.e., Project 1 in this representative example) in association with the process 270 of FIG. 4A.
In an embodiment, the process 270 includes a first process portion 272 involving the performance of log-in and authentication operations (e.g., as further described elsewhere herein) for a particular client machine user, and the establishment of a local polymorphic virtual machine computing element 240 corresponding to this user, which can include or be a Paladin-based virtual machine (hereafter, the user- Paladin- VM 240). In a second process portion 274, the user-Paladin- VM 240 is connected to its own local file system 242 in a manner readily understood by individuals having ordinary skill in the relevant art. In a third process portion 276, the user-Paladin-VM 240 receives a project connection request or command from the client machine 100 corresponding to this user, by way of user input. In a fourth process portion 278, a VLAN 241 corresponding to the user-Paladin-VM 240 is connected to a VLAN 501a corresponding to the specific project under consideration (i.e., Project-1 in this representative example) by way of a project SDN connection switch 250. In a fifth process portion 280, the local file system 242 of the user-Paladin-VM 240 is jailed or placed in a state of communication confinement, such that communication between the user-Paladin-VM 240 and its local file system 242 does not or cannot occur (e.g., such that user-Paladin-VM access to its local file system 242 is disabled or prevented by a local file system jail switch 252); and the jailed or confined local file system 242 (or access thereto) is replaced by a file system 504a corresponding to the specific project under consideration (e.g., a Project- 1 file system 504a in this representative example). In a sixth process portion 282, the user-Paladin- VM 240 is connected to the file system corresponding to the specific project under consideration (i.e., the Project- 1 file system 504a in this representative example) by way of a VPN through the project SDN connection switch 250, by establishing an encrypted communication tunnel between a project management virtual machine corresponding to the specific project under consideration 502a (hereafter the Project- 1 management VM 502a) and the user-Paladin-VM 240. The Project- 1 management VM 502a can form a portion of the virtual machine workflow execution environment 500 that corresponds to the specific project under consideration (e.g., Project-1 in this representative example).
In a seventh process portion 284, the client machine user under consideration is enabled to access and perform semiconductor DTRM workflow -related design activities or tasks in accordance with their user role, as further set forth below, by way of communication with the Project-1 Management VM 502a through their user-Paladin-VM 240 and the encrypted VPN tunnel. In an eighth process portion 286, upon completion of user design related activities or tasks, the user issues a project disconnect command by way of their client machine 100, which is received by the user-Paladin-VM 240. In a ninth process portion 288, the SDN connection switch 252 disconnects the VLAN 241 corresponding to the user-Paladin-VM 240 from the VLAN 501a corresponding to the specific project under consideration (i.e., Project-1 in this representative example). In a tenth process portion 290, the SDN based project isolation and security system 230 releases the local file system 242 of the user-Paladin-VM 240 from its jailed or communication confinement state. The process 270 can then return to the second process portion 274. As illustrated in FIG. 4B, in a system or project environment in which multiple projects exist, communication between a given user and a project management VM 502 can occur only by way of communication between the user's corresponding user-Paladin- VM 240 a specific project management VM 502a corresponding to a specific project, through the VPN tunnel between the user-Paladin-VM 240 this project management VM 502a. No communication can occur between the user and a different project management VM 502b.
The role based user access, data control, and monitoring system 300 is coupled to the virtual desktop management system 220, and is configured for securely controlling and monitoring each user's access to and usage of virtualized semiconductor DTRM system elements / resources such as database resources, the workflow editor 480, and the virtual machine workflow execution environment(s) 500 in accordance with predefined user roles. The role based user access, data control, and monitoring system 300 is also configured for securely controlling and monitoring user access to and usage of data corresponding to workflow phase inputs / input datasets and outputs / output datasets in accordance with such predefined user roles. For each specific user corresponding to a given tenant, their user role (a) establishes or identifies a predetermined set of user responsibilities with respect to workflow execution; (b) the manner(s) in which the user can access or interact with any given workflow and each workflow phase thereof; and (c) the specific virtualized semiconductor DTRM system resources and data, including third party IP resources and workflow phase outputs, that the user is allowed to access, utilize, and modify in association with workflow execution. The manner in which each user can interact with the virtualized semiconductor DTRM system 210 is constrained in accordance with their predefined user role. Each user role can have associated therewith or define a set of rules that specify or define the types of actions each user can and cannot perform during interaction with the virtualized semiconductor DTRM system 210, and the virtualized resources that the user can and cannot access, utilize, and modify, in relation to workflow definition, editing, and execution. For each specific user, their user role directly corresponds to their job function(s) with respect to (a) the cloud tenant's organization or corporate structure; (b) a given workflow under consideration; and (c) the nature of the relationship between the cloud tenant and/or the user and each tenant-internal and tenant-external organization (e.g., an external or third party IP block provider) having a proprietary interest in one or more aspects of the workflow under consideration. For any given cloud tenant, because tenant user access to and usage of virtualized semiconductor DTRM system resources, workflows, workflow phases, workflow phase input datasets, and workflow phase output datasets is controlled in accordance with predefined user roles, a system 10 in accordance with an embodiment of the present disclosure enables secure multi-organizational workflow execution in a manner that provides controlled data rights management with respect to proprietary information associated with any given organization supporting or involved in workflow execution.
In multiple embodiments, the databases 400 include a set of design libraries 410, which include semiconductor product (e.g., IC chip) design data; a set of Electronic Design Automation (EDA) tool libraries 415; a set of third party IP libraries 420, which include IP blocks that can be selectively incorporated into an IC design (e.g., by a design engineer, in accordance with their user role); a set of PDK libraries 430 in which PDKs reside, each of which defines technology engineering parameters and a reference workflow that specifies workflow execution details and workflow execution tools required for a specific technology process; a set of graph databases 440, which include one or more property graph model libraries 445; and a set of relational or copy - read - updated - delete (CRUD) databases 450, which can include a user roles database 455 for storing user role information corresponding to each user associated with the cloud tenant under consideration. As further detailed below, each project workflow is represented as a property graph model that is stored in a graph database 440, and which has an execution state machine associated therewith or defined therefor. The workflow editor 480 includes a set of visual workflow generation / editing tools configured for defining and editing workflows represented as property graph models in accordance with embodiments of the present disclosure. Each virtual machine workflow execution environment 500 includes a set of virtual machines configured for executing the workflow phases corresponding to a given workflow. The execution of each workflow phase involves the use of one or more EDA tools 550 (e.g., the execution of particular workflow phases, such as a subset of phases within an overall semiconductor DTRM workflow, can involve specific EDA tools 550a - 550d, in a manner detailed below with reference to FIG. 7), and the provision or selection of workflow phase inputs / input datasets, which can include one or more third party IP blocks, in a manner that will be readily understood by an individual having ordinary skill in the relevant art. In accordance with various embodiments of the present disclosure, each EDA tool 550 is implemented by way of a dynamically allocatable virtual machine. For various workflows or the phases thereof, particular EDA tools 550 can be viewed as "plug and play" elements of the system 10, which can be specified or selected by a design engineer or project manager. Consequently, one or more EDA tool databases may reside within the plurality of databases 400. The execution of workflow phases additionally involves the generation of workflow phase outputs / output datasets, which can include generated proprietary / IP datasets, in a manner also readily understood by an individual having ordinary skill in the relevant art.
The graph based workflow execution tracking and compliance enforcement system 600 is configured for communicating with a given virtual machine workflow execution environment 500; monitoring the computational behaviors of the workflow execution environment's active virtual machines during the execution of workflow phases by the virtual machine workflow execution environment 500; analyzing such virtual machine computational behavior; identifying whether any workflow execution compliance violations have occurred as a result of user actions during workflow phase execution; and issuing workflow compliance violation notifications to each user responsible for a compliance violation, and possibly also to one or more higher-level users such as a project manager whose role can involve identifying / tracking workflow compliance violations. The graph based digital rights management system 700 is configured for tracking the incorporation of IP blocks into workflow phases, and is further capable of generating a set of IP provenance patterns or signatures corresponding to the output(s) of the workflow phases, which can be used for digital rights management / tracking / authentication purposes. For a completed semiconductor product design, the graph based digital rights management system 700 is configured for generating a hash pattern from a unique IP provenance pattern or signature corresponding to the overall semiconductor product design as reflected by the outputs each workflow phase, which can be linked or combined with one or more other types of hash patterns for semiconductor product design and IP provenance authentication purposes.
Finally, the encrypted backup system 800 is configured for capturing the virtualized semiconductor DTRM system's execution state at distinct time intervals and generating an execution state signature corresponding to each time interval, which can be used for system backup / system recovery operations.
Representative Aspects of User Access, Data Control, and Data Usage
FIG. 5 is a schematic illustration showing portions of a role based user access, data control, and monitoring system 300 in accordance with an embodiment of the present disclosure. In an embodiment, the role based user access, data control, and monitoring system 300 includes a user authentication manager 310 configured for communication with client machines 100; an execution tether manager 340; a role based data input / output (I/O) manager 350 configured for communication with client machines 100 as well as an active virtual machine workflow execution environment 500 to which client machine user input and associated workflow phase output can be directed; and a role based workflow data execution manager 360 configured for communication with the virtual machine workflow execution environment 500 under consideration.
Representative Aspects of User and Client Machine Authentication
The user authentication manager 310 is configured for authenticating (a) the identity of any given user attempting to log into the virtualized semiconductor DTRM system 210, as well as (b) aspects of the particular client machine 100 by which the user communicates with the virtualized semiconductor DTRM system 210. More particularly, with respect to logging in a given user who is interacting with a particular client machine 100, the user authentication manager 310 establishes a user login session and performs a multi-factor authentication procedure. In several embodiments, the multi-factor authentication procedure includes or is a four factor user authentication procedure during which each of a user password, an automatically generated one-time password (OTP) (e.g., generated by way of a USB Yubikey), a client machine hardware signature, and a client machine operating system signature must be authenticated or verified prior to enabling further user communication with the virtualized semiconductor DTRM system 210. An individual having ordinary skill in the relevant art will recognize that an authentication procedure in accordance with an embodiment of the present disclosure can involve additional and/or other types of authentication factors, such as a set of biometric factors (e.g., fingerprint, voice, or facial recognition factors).
FIG. 6A illustrates aspects of a four factor user authentication procedure or process 311 in accordance with an embodiment of the present disclosure, which includes a user ID / password authentication portion 312; an OTP authentication portion 314; a digital hardware signature authentication portion 316; and a digital operating system authentication portion 318. In various embodiments, a specific user under consideration attempts a login by way of a given client machine 100 using an input device such as the keyboard 150 corresponding to the client machine 100 to specify their user ID and a password. The user additionally interacts with or triggers the client machine's OTP generation device 150, which automatically generates an OTP and sends the OTP to the client machine 100 such that the OTP is associated with the ID and password provided by the user (e.g., by appending the one-time password to the user entered ID and password). In response to further user input, the client machine 100 under consideration submits the provided user ID and password along with the automatically generated OTP to the user authentication manager 310. In response, the user authentication manager 310 verifies whether the user provided ID and password are valid, and further additionally verifies whether the OTP associated therewith is valid. Authentication of the OTP can involve communication with a set of external servers corresponding to an OTP authentication service (e.g., a Yubico server), in a manner readily understood by an individual having ordinary skill in the relevant art. Upon authentication of the user provided ID and password as well as the one-time password, the user authentication manager 310 requests or retrieves a hardware digital signature from the client machine 100 under consideration, such as the client machine's processor ID (PID) and media access control (MAC) address; and additionally requests or retrieves an encrypted operating system digital signature from this client machine 100. The user authentication manager 310 then verifies whether this client machine's hardware digital signature and operating digital signature are valid.
If any authentication error occurs during any portion of the authentication process (i.e., the user authentication manager 310 is unable to verify that any of the provided user ID and password, the OTP, the hardware digital signature, and the operating system digital signature are valid), the authentication manager 310 terminates the user's current login session. If no authentication error occurs during the authentication process (i.e., the user authentication manager 310 verifies that the provided user ID and password, the OTP, the hardware digital signature, and the operating system digital signature are valid) the user authentication manager 310 enables further client machine communication with the virtualized semiconductor DTRM system 210, and hence further user access to portions thereof, such that the user under consideration can interact with the virtualized semiconductor DTRM system 210 for purpose of managing / executing one or more workflow phases in accordance with their user role.
In a number of embodiments, the user authentication manager 310 not only attempts to verify the authenticity of the client machine's digital operating system signature as part of the four factor user authentication procedure during user login operations, but also monitors and attempts to verify the authenticity of the digital operating system signature during ongoing user interaction with the virtualized semiconductor DTRM system 210 following successful user login. In the event that a digital operating system authentication error occurs, i.e., the user authentication manager 310 is unable to authenticate the encrypted digital operating system signature at any given time, this may indicate that the user has introduced a software virus / Trojan to the client machine's operating system.
FIG. 6B is a flow diagram of a digital operating system signature authentication error response or recovery procedure or process 320 in accordance with an embodiment of the present disclosure, as described by procedure portions 322, 324, 325, 326, and 328. More particularly, if a digital operating system signature authentication error occurs, the user authentication manager 310 immediately invalidates and terminates the user's login session (procedure portion 322), and issues a hardware disable command to the client machine 100 under consideration (procedure portion 324). As a result, this client machine 100 is disabled such that no user can utilize the client machine 100 to log in to the system 10 until after a "golden" or clean version of the client machine operating system has been downloaded to and installed on this client machine 100. The user authentication manager 310 next downloads the golden version of the operating system to this client machine's removable operating system device 140 (procedure portion 325). The removable operating system device 140 receives and stores the golden version of the operating system therein; updates an operating system authentication key database in the cloud environment 200 with the downloaded golden operating system's encrypted digital signature (procedure portion 326); and subsequently reboots the client machine 100 (procedure portion 328), after which the client machine 100 can again receive user input and provide user login information to the user authentication module 310 during a new login session.
Representative Aspects of Workflow Execution Channel Monitoring
With reference again to FIG. 5, after a given user has successfully logged in, the execution tether manager 340 can establish a secure encrypted bidirectional workflow execution channel between the user's client machine 100 and the virtual machine workflow execution environment 500, such that the user can communicate with an active virtual machine for executing a given workflow phase in accordance with the user's role. Communication between the client machine 100 and the active virtual machine over the workflow execution channel can involve, for instance, private key authentication credentials. The initial state of the workflow execution channel can be defined as secure. The execution tether manager 340 monitors the workflow execution channel during workflow phase execution, and determines whether the state of the execution channel has transitioned from secure to compromised, for instance, as a result of a workflow execution channel private key authentication error. If so, the execution tether manager 340 terminates the execution of the active virtual machine, and closes the workflow execution channel.
Representative Aspects of Secure Data Input / Output and Data Usage / Modification With additional reference to FIG. 5, during the virtual machine workflow execution environment's execution of a given workflow, the role based data input / output (I/O) manager 350 controls the data that can be transmitted from the virtualized semiconductor DTRM 210 to any given user's client machine 100 in accordance with the user's role. Additionally, the role based workflow data execution manager 360 controls which, if any, output dataset(s) generated by each workflow phase are accessible to and communicable / usable / modifiable by any given user, in accordance with the user's predefined role.
Workflow execution involves multiple users interacting with a prescribed suite of software applications / virtual machines defined for the workflow, across multiple phases of the workflow. In general, a workflow library 445 includes a catalog of project workflows, each of which has associated therewith or exhibits hierarchical as well as sequential phases of execution. A given workflow includes or specifies multiple sub- workflows, and workflow phases corresponding thereto. For a particular user and workflow under consideration, the user's role in relation to the workflow can be predefined (e.g., by a project manager) such that the role based data input / output (I/O) manager 350 and the role based workflow data execution manager 360 control user access to and usage of workflow phase input datasets and output datasets in a (a) temporal, (b) causal, (c) sequential, (d) hierarchical, and/or (e) iterative manner. Such control of user access to and usage of workflow phase input and output datasets can depend upon the types of workflow phases and the manner in which the workflow phases are cooperatively organized relative to each other.
As a simplified representative example involving a pool of multiple users, if user 1 has a "designer" role, then user 1 can access all virtualized semiconductor DTRM system resources related to his own project. If user 2 has a "project manager" role, then user 2 can access virtualized semiconductor DTRM system resources corresponding to multiple projects, and user 2 has the privilege to change static access rights of other users within his project team(s). However, during the course of a given project, if user 2 intends to undertake some type of unconventional behavior, such as modifying design data, such unconventional behavior will be detected and prevented (and possibly logged) by the role based workflow data execution manager 360, for instance, because of a dynamic separation of duty rule corresponding to the project manager role relative to the designer role. If user 3 has a "contractor" role, then by default user 3 can only access certain open-access resources in the virtualized semiconductor DTRM system 100. If user 3 requires access to non-open access resources, then user 3 can request such access from user 2, who can grant an exception to user 3 for one-time or limited time access privileges.
As a further example, if two design projects designated as project A corresponding to design team A and project B corresponding to design team B use third party IP block set A and third party IP block set B, respectively, then users in design team A are only authorized to access IP block set A, and users in design team B are only authorized to access IP block set B. However, a multi -project manager, such as user 2 above, can access both IP block set A and IP block set B.
Representative Aspects of Graph Based Workflows
FIG. 7 illustrates portions of a representative simplified semiconductor design project workflow (e.g., a semiconductor DTRM workflow) in accordance with an embodiment of the present disclosure, in which the workflow is represented and stored as a property graph model 510 in a graph database 440. In accordance with a workflow property graph model 510, any given workflow includes a collection of vertices and sub-vertices, which are connected by relationship edges. Each relationship edge has an attribute or label, which is referred to as an edge property. The workflow's vertices, sub-vertices, relationship edges, and edge properties represent or define each of the workflow's phases, the input dataset(s) provided thereto, the tools / resources utilized for the execution thereof, and the output dataset(s) generated thereby. The simplified workflow of FIG. 7 indicates that IC Chip-X requires IP-X as part of its design; and the process of designing Chip-X includes sequential workflow phases PI, P2, P3, and P4, where each of such phases uses distinct EDA tools, e.g., EDA tools A, B, C, and D, respectively; and each of such phases generates corresponding IP-X output data, e.g., IP-X Data-Pi from workflow phase PI, IP-X Data-P2 from workflow phase P2, IP-X Data-P3 from workflow phase P3, and IP-X Data-P4 from workflow phase P4.
A workflow can be defined / generated, edited, and stored as a workflow property graph model 510 by way of the workflow editor 480, which provides a visual / graphical workflow definition / editing tool in a manner readily understood by an individual having ordinary skill in the relevant art. In several embodiments, the workflow editor's generation of a workflow includes the creation of a workflow property graph model 510, as well as the creation of a workflow reference finite state automaton / machine (FSM) corresponding to this workflow property graph model 510, where the workflow reference FSM can form a portion of the workflow property graph model 510. As will also be readily understood by an individual having ordinary skill in the relevant art, the workflow reference FSM defines an immutable sequence of states, where each state has a set of inputs and a set of outputs, as well as allowable state-to-state transitions that traverse the overall sequence of states beginning from a start state and concluding at an end state, which results in the generation of one or more output datasets corresponding to an intended final IC product design (e.g., an SoC design).
Representative Aspects of Workflow Execution Tracking and Compliance Enforcement FIG. 8 is a schematic illustration showing portions of a representative graph-based workflow execution tracking and compliance enforcement system 600 in accordance with an embodiment of the present disclosure. In various embodiments, the graph-based workflow execution tracking and compliance enforcement system 600 includes the virtual machine execution environment 500; a map-reduced graph analytics engine 610; and an enforcement action generator 620, which are configured for communicating with each other for ensuring user compliance with respect to the sequenced execution of a given workflow in accordance with its corresponding workflow reference FSM, as further detailed hereafter.
For any given workflow phase within a workflow under consideration, during the execution of the workflow phase by a particular virtual machine, the virtual machine dynamically records its computational behaviors (e.g., with respect to receiving workflow phase inputs and generating workflow phase outputs) in the form of a workflow execution property graph model, which is stored in a graph database 440. The virtual machine additionally constructs a workflow execution history FSM as part of this workflow execution property graph model, which establishes or defines the workflow execution history property graph model's current execution state in relation to its prior execution states. At any given time, the collection of such recorded virtual machine execution behaviors can be referred to as the workflow's execution provenance, which identifies across executed workflow phases which virtual machines had "custody" of workflow execution, and the types of computational behaviors performed by such virtual machines. The virtual machine additionally communicates with the map-reduced graph analytics engine 610 to determine whether its current execution state matches an intended or expected counterpart state within the workflow property graph model 510 (e.g., a counterpart / identical state defined by the workflow reference FSM) for the workflow under consideration. If not, the virtual machine updates the current execution state of the workflow execution property graph model to a "violation" state. The virtual machine can then interrupt or terminate further workflow phase execution until the violation state no longer exists.
In response to the existence of a violation state, the enforcement action generator 620 issues a violation notification to the client machine 100 corresponding to the user who is currently utilizing the virtual machine for workflow execution. The enforcement action generator 620 can additionally send a violation notification to one or more other client systems 100 and/or electronic destinations (e.g., email addresses), such as a client system or electronic destination corresponding to a project manager. In response to a violation notification, the user for whom the virtual machine has been deployed for workflow phase execution can communicate an appropriate instruction or command to the virtual machine to remedy the violation condition. Once a violation condition has been remedied, the virtual machine updates the current execution state of the workflow execution property graph model, for instance, to an "in compliance" state.
An individual having ordinary skill in the relevant art will understand that depending upon embodiment details, virtual machines need not be directly capable themselves of generating a workflow execution property graph model or a workflow execution history FSM corresponding thereto; rather, in some embodiments, the graph-based workflow execution tracking and compliance enforcement system 600 can include or rely upon an additional agent, such as a virtual machine execution behavior recording system that is distinct from each virtual machine provided by the virtual machine execution environment 500 (and which need not be part of the virtual machine execution environment 500 itself).
Representative Aspects of Graph based Digital Rights Management
FIG. 9 is a schematic illustration showing portions of a graph based digital rights management system 700 in accordance with an embodiment of the present disclosure, which includes a graph-based digital rights tracking / authentication system 710 that is configured for accessing workflow property graph models stored in one or more graph databases 440, and which is further configured for communication with a hash function module 720.
With additional reference to FIG. 7, any given workflow property graph model 510 references, identifies, or specifies particular IP blocks that should be or which have been utilized, and IP blocks that should be or which have been generated in association with workflow execution. For any given workflow property graph model 510, a collection or combination of sub-vertices representing IP blocks defines a unique IP provenance pattern in accordance with the specific IP blocks that are referenced / identified / specified by such sub-vertices. This unique IP provenance pattern can correspond to, represent, identify, or be an aggregate dataset formed form each IP block of each sub- vertex representing an IP block that is considered within the workflow property graph model 510. If different IP blocks are used or generated in association with separate or distinct executions of the workflow under consideration, each of such workflow executions will exhibit a different IP provenance pattern.
For a completed workflow (e.g., a workflow for which each phase of the workflow has been completely or successfully executed), the entire collection or combination of sub- vertices representing IP blocks defines a unique complete IC design IP provenance pattern for the overall IC design. For a partially completed workflow (e.g., a workflow for which only a subset of workflow phases have been completely or successfully executed), one or more unique intermediate IP provenance patterns can be defined, depending upon the number of workflow phases and corresponding IP-related sub- vertices considered.
In various embodiments, the graph-based digital rights tracking / authentication system 710 is configured for traversing an entire workflow property graph model 510 stored within a graph database 440 of the virtualized semiconductor DTRM system 100, and identifying or determining the complete IC product IP provenance pattern corresponding to the entire workflow property graph model 510. In some embodiments, the graph- based digital rights tracking / authentication system 710 is additionally configured for partially or fractionally traversing the workflow property graph model 510, and identifying or determining one or more corresponding intermediate IP provenance patterns. Any given IP provenance pattern can be stored in a CRUD database 450, in a manner readily understood by an individual having ordinary skill in the relevant art.
The graph-based digital rights tracking / authentication system 710 can further communicate with the hash function module 720 to generate a unique hash pattern corresponding to a given IP provenance pattern, which serves as a unique digital fingerprint for the IP provenance pattern in a manner readily understood by an individual having ordinary skill in the art. For instance the graph-based digital rights tracking / authentication system 710 can communicate with the hash function module 720 to generate a hash pattern corresponding to the complete IC design IP provenance pattern. The hash function graph-based digital rights tracking / authentication system 710 can store a hash pattern generated for a given IP provenance pattern (e.g., within a CRUD database 450), and subsequently utilize the stored hash pattern as a table lookup key for future reference or access to the corresponding IP provenance pattern as required.
In certain embodiments, the graph-based digital rights tracking / authentication system 710 can communicate with the hash function module 720 to generate a hash pattern corresponding to each individual IP block identified within a workflow property graph model 510 in association with workflow property graph model traversal; and subsequently generate an aggregate digital fingerprint corresponding to an IP provenance pattern (e.g., the complete IC design IP provenance pattern) using each individual IP block's hash pattern.
An individual having ordinary skill in the relevant art will understand that a final subset of semiconductor DTRM workflow phases is directed to the insertion of IC testability information into an IC design under consideration, in particular, design for test (DFT) test vector, boundary scan logic, scan chain, and built-in self-test (BIST) insertion into the IC design, for purpose of aiding or enabling the testability of the manufactured integrated circuit corresponding thereto. Such IC testability information in combination with the complete IC design IP provenance pattern can define an overall workflow provenance pattern for the IC design. In several embodiments, the graph-based digital rights tracking / authentication system 710 can associate or link one or more IC testability-related hash patterns corresponding to the IC testability information (e.g., a single hash pattern generated using the collective IC testability information) with the hash pattern corresponding to the complete IC circuit design IP provenance pattern to form an overall workflow provenance hash pattern.
A complete IC circuit design IP provenance pattern, an overall workflow provenance pattern, and/or the hash patterns corresponding thereto can facilitate or enable IP provenance tracking / auditing for any IC designed by way of a system 10 in accordance with an embodiment of the present disclosure, as well as IP provenance tracking / auditing for the corresponding manufactured IC. Representative Aspects of Secure Encrypted Backup
FIG. 10 is a schematic illustration showing aspects of a secure encrypted backup system 800 configured for performing a secure encrypted backup procedure in accordance with an embodiment of the present disclosure. In various embodiments, the secure encrypted backup system 800 includes a graph-reduced map analytics engine 810, a composite execution signature comparator 820, and a data backup manager 830, which are configured for enabling secure backup of all data within the virtualized semiconductor DTRM system 210 for disaster recovery purposes. At any given time, the contents of the virtualized semiconductor DTRM system's databases 400, including the workflow property graphs 510 and corresponding workflow execution property graphs and data associated therewith or identified thereby, can be defined as the computational execution provenance for the entire virtualized semiconductor DTRM system 210.
The graph-reduced map analytics engine 810 is configured for analyzing each workflow property graph model 510 and each corresponding workflow execution property graph model of the virtualized semiconductor DTRM system 210, and generating a composite execution signature corresponding to the virtualized semiconductor DTRM system's collective workflow property graphs 510 and corresponding workflow execution property graphs across multiple distinct time intervals or time periods. For instance, during a first time interval, the graph-reduced map analytics engine 810 can analyze each workflow property graph model 510 and each corresponding workflow execution property graph model and generate a first composite execution signature corresponding to the first time interval; and during a second time interval, further analyze each workflow property graph model 510 and each corresponding workflow execution property graph model and generate a second composite execution signature corresponding the second time interval. Any given composite execution signature defines a computational execution provenance signature for the virtualized semiconductor DTRM system 210.
The composite execution signature comparator 820 compares a composite execution signature generated during a current time interval (e.g., the second time interval) with the composite execution signature generated during an immediately preceding time interval (e.g., the first time interval); and generates a composite execution signature delta pattern that represents the difference between each such composite execution signature. The delta pattern indicates or specifies an incremental backup dataset that is to be remotely stored as a snapshot of the most-current execution state of the entire virtualized semiconductor DTRM system 210.
The data backup manager 830 collects the data forming the incremental backup dataset, encrypts it, and stores the encrypted incremental backup dataset at one or more predetermined geographic locations that are physically remote from the physical location(s) of the overall cloud environment 200 within which the virtualized semiconductor DTRM system 210 operates. Such encryption can involve an encryption key that is accessible to or maintained / owned by the tenant corresponding to the virtualized semiconductor DTRM system 210.
In several embodiments, the data backup manager 830 maintains and monitors a secure communication channel by which communication with a remote data backup coordination system or coordinator 900 occurs on an ongoing basis. Such communication thus establishes or defines a disaster recovery tether between the data backup manager 830 and the remote data backup coordinator 900. In the event that communication between the data backup manager 830 and the remote data backup coordinator 900 is interrupted for more than a predetermined period of time, the data backup manager 830 sets the execution state of the virtualized semiconductor DTRM system 210 to "dissociated," indicating that the disaster recovery tether has been severed. In response, the virtualized semiconductor DTRM system 210 initiates a shutdown procedure and transitions to a shutdown state with respect to access to tenant information within the databases 400.
Aspects of Application to Other Representative Scientific / Engineering Workflows
As indicated above, embodiments in accordance with the present disclosure not limited to systems and methods for semiconductor DRTM workflow and semiconductor design digital rights management, but are also applicable to other types of workflow and digital rights management environments. For instance, in the pharmaceutical industry, pharmaceutical programming teams have become increasingly geographically distributed, and the tasks performed by such teams have become increasingly complex. Such tasks can rely upon or be defined in accordance with complex processing sequences that are performable by way of programmatic actions. Pharmaceutical programming workflows can include workflow phases corresponding to clinical data management, biostatistics, statistical programming, for instance, and regulatory submissions, for instance, for purpose of drug testing and development. Such workflows can govern the development and validation of statistical programs using independent double programming practice; the interaction between statisticians and programming teams; and the management and enforcement of secure standardized proprietary information exchange between a pharmaceutical company sponsor and an external partner, such as a clinical research organization (CRO).
In view of the foregoing, pharmaceutical industry workflows, such as pharmaceutical programming workflows, can be generated and stored as workflow property graph models in a graph database in accordance with embodiments of the present disclosure, in a manner similar or analogous to that described above. Furthermore, such workflows can be securely managed and executed entirely within a cloud environment 200 by way of dynamically allocated virtualized servers and associated virtualized computing resources that provide, for any given pharmaceutical industry cloud tenant, a virtualized workflow and proprietary information management system, which is configured for providing some or each of a virtual desktop management system; a role -based user access, data control, and monitoring system; a plurality of databases; a workflow editor; at least one virtual machine workflow execution environment; a graph based workflow execution tracking and compliance enforcement system; a graph based digital rights management system; and an encrypted backup system in accordance with an embodiment of the present disclosure.
Aspects of particular embodiments in accordance with the present disclosure address at least one aspect, problem, limitation, and/or disadvantage associated with existing cloud based systems and techniques for managing multi-organizational workflows and the usage and generation of proprietary information associated therewith. While features, aspects, and/or advantages associated with certain embodiments have been described herein, other embodiments can also exhibit such features, aspects, and/or advantages, and not all embodiments need necessarily exhibit such features, aspects, and/or advantages to fall within the scope of the present disclosure and the claims corresponding thereto. It will be appreciated by a person of ordinary skill in the art that several of the above- disclosed systems, components, processes, or alternatives thereof, may be desirably combined into other different systems, components, processes, and/or applications, which fall within the scope of the present disclosure and the claims corresponding thereto. In addition, various modifications, alterations, and/or improvements may be made to various embodiments, which fall within the scope of the present disclosure and the claims corresponding thereto.

Claims

Claims
1. A cloud computing system for secure management and execution of scientific or engineering workflows across multiple cloud tenants, wherein for each cloud tenant the system comprises:
a set of client machines, each client machine comprising hardware and software resources providing a virtual desktop having a data import function and a command input function by which a user associated with the cloud tenant views data and inputs commands, respectively, each client machine having non-display data storage and data export functions disabled, including local storage of information other than for purpose of display by the client machine; and
a set of cloud based dynamically allocatable virtualized computing resources configured for remote communication with the set of client machines, the set of cloud based dynamically allocatable virtualized computing resources comprising:
a central graph database storing a set of workflows, each workflow comprising a property graph model defining a plurality of workflow phases, wherein for each workflow phase the property graph model defines one or more input datasets, a set of virtualized computing resources utilized for execution of the workflow phase, and one or more output datasets, wherein the property graph model has a reference finite state machine (FSM) corresponding thereto by which an expected workflow execution state is determinable;
at least one virtual machine workflow execution environment comprising a set of virtual machines, each virtual machine workflow environment configured for executing the phases of a workflow stored within the set of graph databases in response to commands received from one or more client machine users by way of the set of client machines;
a user roles database storing a user role corresponding to each user associated with the cloud computing tenant, each user role defining a set of rules specifying actions the user corresponding thereto can and cannot perform, and the dynamically allocatable virtualized computing resources that the user can and cannot access, utilize, and modify, including workflows, workflow phases, workflow phase input datasets, and workflow phase output datasets; and a role based user access, data control, and monitoring system configured for securely controlling and monitoring each user's access to and usage of the dynamically allocatable virtualized computing resources in accordance with the user roles stored within the user roles database.
2. The system of claim 1, wherein the set of cloud based dynamically allocatable virtualized computing resources further comprises a software defined network (SDN) based project isolation and security system configured for establishing, for each client machine user corresponding to a given cloud tenant, a polymorphic virtual machine computing element configured for communication with a client machine corresponding to the client machine user, by which the client machine user communicates with a specific project management virtual machine corresponding to a specific project by way of an encrypted communication tunnel between the polymorphic virtual machine and the specific project management virtual machine.
3. The system of claim 2, wherein the SDN based project isolation and security system is further configured for:
connecting a virtual local area network (VLAN) corresponding to the polymorphic virtual machine to a VLAN corresponding to the specific project in response to a project-specific connection request;
preventing the polymorphic virtual machine from accessing a local file system corresponding thereto; and
replacing polymorphic virtual machine access to its local file system with polymorphic virtual machine access to a file system corresponding to the specific project that is coupled to the project management virtual machine corresponding to the specific project.
4. The system of any one of claims 1 - 3, wherein the set of cloud based dynamically allocatable virtual computing resources further comprises a graph based workflow execution tracking and compliance enforcement system corresponding to each workflow execution environment, which is configured for monitoring and analyzing the computational behavior of virtual machines corresponding to a given workflow and determining whether compliance violations have occurred during the execution of the workflow.
5. The system of claim 4, wherein the graph based workflow execution tracking and compliance enforcement system is configured for dynamically generating a workflow execution property graph model during the execution of a given workflow corresponding to the computational behavior of virtual machines that are active during execution of the workflow.
6. The system of claim 4 or 5, wherein the graph based workflow execution tracking and compliance enforcement system is configured for issuing workflow compliance violation notifications to each user responsible for a compliance violation.
7. The system of any one of claims 1 - 6, wherein the set of cloud based dynamically allocatable virtualized computing resources further comprises a graph based digital rights management system corresponding to each workflow execution environment, which is configured for generating a set of intellectual property (IP) provenance patterns that uniquely correspond to IP consumed and/or produced in association with the execution of a given workflow.
8. The system of claim 7, wherein the graph based digital rights management system is configured for generating a unique IP provenance pattern corresponding to each workflow phase output dataset.
9. The system of claim 7, wherein the graph based digital rights management system is configured for generating a hash pattern from a unique IP provenance pattern corresponding to an overall product design corresponding to the outputs of each workflow phase.
10. The system of any one of claims 1 - 9, wherein each client machine comprises: a processing unit;
a display device coupled to the processing unit;
a set of user input devices coupled to the processing unit;
a network interface unit coupled to the processing unit;
a memory coupled to the processing unit, the memory including a display memory and a command instruction memory; and
a removable operating system device coupleable to the processing unit and having an encrypted operating system thereon, wherein operating system support for non- display data storage and transfer as well as local storage of information other than information displayed by the client machine are disabled.
11. The system of claim 10, wherein each client machine further comprises a one time password device configured for communication with the client machine.
12. The system of claim 10 or 11, wherein the set of cloud based dynamically allocatable virtualized computing resources further comprises a user authentication manager configured for performing a four-factor user authentication procedure comprising authentication of each of a user password, an automatically generated one time password, a client machine hardware signature, and a client machine operating system signature.
13. The system of any one of claims 1 - 12, wherein for each cloud tenant the set of client machines and the set of cloud based dynamically allocatable virtualized computing resources provides a virtualized semiconductor Design to Release Manufacturing (DTRM) system, and wherein each workflow corresponds to a semiconductor DTRM workflow.
14. The system of claim 13, wherein for each cloud tenant's virtualized semiconductor DTRM system, the system provides a single semiconductor product design environment that is entirely cloud resident, wherein no portions of the semiconductor product design environment other than visual representations thereof reside on any client machine at any time, and no design data is providable to any client machine at any time other than for purpose of display thereon, and wherein semiconductor DTRM workflow execution, monitoring, and analysis occurs entirely in the cloud.
15. The system of claim 13 or 14, wherein the set of cloud based dynamically allocatable virtualized computing resources further comprises a set of Electronic Design Automation
(EDA) tool libraries storing a plurality of EDA tools that are implemented by way of dynamically allocatable virtual machines, and wherein each virtual machine within the at least one virtual machine execution environment corresponds to a virtualized Electrronic Design Automation (EDA) tool.
16. The system of any one of claims 13 - 15, wherein the set of cloud based dynamically allocatable virtualized computing resources further comprises a set of Process Development Kit (PDK) libraries and a set of third party semiconductor design IP block libraries.
17. A cloud computing method for secure management and execution of scientific or engineering workflows across multiple cloud tenants, the method comprising:
for each cloud tenant, providing a set of client machines, each client machine comprising hardware and software resources providing a virtual desktop having a data import function and a command input function by which a user associated with the cloud tenant views data and inputs commands, respectively, each client machine having non-display data storage and data export functions disabled, including local storage of information other than for purpose of display by the client machine;
for each cloud tenant, providing a set of cloud based dynamically allocatable virtualized computing resources configured for remote communication with the set of client machines, the set of cloud based dynamically allocatable virtualized computing resources comprising:
a central graph database storing a set of workflows corresponding to the cloud tenant, each workflow comprising a property graph model defining a plurality of workflow phases, wherein for each workflow phase the property graph model defines one or more input datasets, a set of virtualized computing resources utilized for execution of the workflow phase, and one or more output datasets, wherein the property graph model has a reference finite state machine (FSM) corresponding thereto by which an expected workflow execution state can be determined;
at least one virtual machine workflow execution environment comprising a set of virtual machines, each virtual machine workflow environment configured for executing the phases of a workflow stored within the set of graph databases; and a user roles database storing a user role corresponding to each user associated with the cloud tenant, each user role defining a set of rules specifying actions the user corresponding thereto can and cannot perform, and the dynamically allocatable virtualized computing resources that the user can and cannot access, utilize, and modify, including workflows, workflow phases, workflow phase input datasets, and workflow phase output datasets; and
for each cloud tenant, performing workflow execution management operations comprising:
receiving user commands directed to the set of cloud based dynamically allocatable virtualized computing resources by way of the set of client machines associated with the cloud tenant, the user commands corresponding to the execution of a given workflow corresponding to the cloud tenant; and
controlling and monitoring access to and usage of the set of dynamically allocatable virtualized computing resources by each user associated with the cloud tenant during workflow execution in accordance with the user roles stored within the user roles database.
18. The method of claim 17, wherein providing the set of cloud based dynamically allocatable virtualized computing resources further comprises providing a software defined network (SDN) based project isolation and security system, and wherein the method further comprises for each client device user corresponding to a given client tenant, establishing a polymorphic virtual machine computing element configured for communication with a client machine corresponding to the client machine user, by which the client machine user communicates with a specific project management virtual machine corresponding to a specific project by way of an encrypted communication tunnel between the polymorphic virtual machine and the specific project management virtual machine.
19. The method of claim 18, wherein the method further comprises:
connecting a virtual local area network (VLAN) corresponding to the polymorphic virtual machine to a VLAN corresponding to the specific project in response to a project-specific connection request;
preventing the polymorphic virtual machine from accessing a local file system corresponding thereto; and
replacing polymorphic virtual machine access to its local file system with polymorphic virtual machine access to a file system corresponding to the specific project that is coupled to the project management virtual machine corresponding to the specific project.
20. The method of any one of claims 17 - 19, wherein the workflow execution management operations further comprise monitoring and analyzing the computational behavior of virtual machines corresponding to the given workflow and determining whether compliance violations have occurred during the execution of the given workflow.
21.. The method of claim 20, wherein the monitoring and analyzing the computational behavior of virtual machines corresponding to the given workflow comprises dynamically generating a workflow execution property graph model during the execution of the given workflow corresponding to the computational behavior of virtual machines that are active during execution of the given workflow.
22. The method of claim 20 or 21, wherein monitoring and analyzing the computational behavior of virtual machines corresponding to the given workflow further comprises issuing workflow compliance violation notifications to each user responsible for a compliance violation.
23. The method of any one of claims 17 - 22, further comprising generating a set of intellectual property (IP) provenance patterns that uniquely correspond to IP consumed and/or produced in association with the execution of the given workflow.
24. The method of claim 23, further comprising generating a unique IP provenance pattern corresponding to each workflow phase output dataset corresponding to the given workflow.
25. The method of claim 24, further comprising generating a hash pattern from a unique IP provenance pattern corresponding to an overall product design corresponding to the outputs of each workflow phase.
26. The method of any one of claims 17 - 25, wherein providing the set of client machines comprises providing for each client machine a removable operating system device coupleable to the client machine and having an encrypted operating system thereon, wherein operating system support for non-display data storage and transfer as well as local storage of information other than information displayed by the client machine are disabled.
27. The method of claim 26, wherein providing the set of client machines further comprises providing for each client machine a one time password device configured for communication with the client machine.
28. The method of any one of claims 17 - 27, further comprising for each cloud tenant providing four-factor user authentication operations for each user associated with the cloud tenant, wherein the four-factor user authentication operations comprise authentication of each of a user password, an automatically generated one time password, a client machine hardware signature, and a client machine operating system signature.
29. The method of any one of claims 17 - 28, wherein for each cloud tenant the set of client machines and the set of cloud based dynamically allocatable virtualized computing resources provides a virtualized semiconductor Design to Release Manufacturing (DTRM) system, wherein each workflow corresponds to a semiconductor DTRM workflow, and wherein the method comprises providing a single semiconductor product design environment corresponding to the cloud tenant that is entirely cloud resident, wherein no portions of the semiconductor product design environment other than visual representations thereof reside on any client machine at any time, and no design data is providable to any client machine at any time other than for purpose of display thereon, and wherein semiconductor DTRM workflow execution, monitoring, and analysis occurs entirely in the cloud.
30. The method of claim 29, further comprising for each cloud tenant providing a set of Electronic Design Automation (EDA) tool libraries storing a plurality of EDA tools that are implemented by way of dynamically allocatable virtual machines, and wherein each virtual machine within the at least one virtual machine execution environment corresponds to a virtualized Electrronic Design Automation (EDA) tool.
31. The method of claim 29 or 30, further comprising providing for each cloud tenant a set of Process Development Kit (PDK) libraries and a set of third party semiconductor design IP block libraries.
PCT/SG2016/050090 2015-02-24 2016-02-24 Multi-tenant cloud based systems and methods for secure semiconductor design-to-release manufacturing workflow and digital rights management Ceased WO2016137397A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201562120038P 2015-02-24 2015-02-24
US62/120,038 2015-02-24

Publications (2)

Publication Number Publication Date
WO2016137397A2 true WO2016137397A2 (en) 2016-09-01
WO2016137397A3 WO2016137397A3 (en) 2016-10-27

Family

ID=56788867

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2016/050090 Ceased WO2016137397A2 (en) 2015-02-24 2016-02-24 Multi-tenant cloud based systems and methods for secure semiconductor design-to-release manufacturing workflow and digital rights management

Country Status (1)

Country Link
WO (1) WO2016137397A2 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107065793A (en) * 2017-02-07 2017-08-18 西门子传感器与通讯有限公司 Assembly line real-time monitoring and management method, assembly line real-time monitoring and management device
WO2018082537A1 (en) * 2016-11-03 2018-05-11 Huawei Technologies Co., Ltd. Method and apparatus for stateful control of forwarding elements
CN110177148A (en) * 2019-05-30 2019-08-27 上海通联金融科技发展有限公司 A kind of prosperous cloud service platform of IaaS
CN110488769A (en) * 2018-05-14 2019-11-22 中国石油化工股份有限公司 A kind of virtual instrument device that cloud platform is isolated with DCS screen
CN110488768A (en) * 2018-05-14 2019-11-22 中国石油化工股份有限公司 A kind of virtual instrument equipment of cloud platform and DCS hardware isolated
US10536446B2 (en) 2017-01-31 2020-01-14 Microsoft Technology Licensing, Llc. Single authentication to a multi-tenancy single-page cloud application
US20210165876A1 (en) * 2017-11-22 2021-06-03 Aqua Security Software, Ltd. System for securing software containers with embedded agent
US11182530B1 (en) 2020-11-03 2021-11-23 Dialog Semiconductor (Uk) Limited Automatic routing system workflow
US11323427B2 (en) 2016-12-02 2022-05-03 Carrier Corporation Mixed-mode cloud on-premise secure communication
US11662716B2 (en) 2021-02-26 2023-05-30 Kla Corporation Secure remote collaboration for equipment in a manufacturing facility
WO2024030395A3 (en) * 2022-08-01 2024-03-14 Modwell Holdings Inc. An improved real estate experience
US11954524B2 (en) 2021-05-26 2024-04-09 International Business Machines Corporation Compliance aware application scheduling

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7653689B1 (en) * 2002-05-17 2010-01-26 Abacast, Inc. Intelligent virtual content distribution network system and method
US7848834B2 (en) * 2003-03-28 2010-12-07 Gm Global Technology Operations, Inc. Computerized system for network-based management of engineering projects
US7707642B1 (en) * 2004-08-31 2010-04-27 Adobe Systems Incorporated Document access auditing
US8402514B1 (en) * 2006-11-17 2013-03-19 Network Appliance, Inc. Hierarchy-aware role-based access control
CA2763148C (en) * 2009-05-20 2016-11-22 Redcliff Investments, L.L.C. Secure workflow and data management facility
US8666850B2 (en) * 2011-06-03 2014-03-04 Freescale Semiconductor, Inc. Systems and methods for tracking intellectual property
US8732282B1 (en) * 2011-09-30 2014-05-20 Emc Corporation Model framework to facilitate robust programming of distributed workflows
US8863298B2 (en) * 2012-01-06 2014-10-14 Mobile Iron, Inc. Secure virtual file management system

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018082537A1 (en) * 2016-11-03 2018-05-11 Huawei Technologies Co., Ltd. Method and apparatus for stateful control of forwarding elements
US11323427B2 (en) 2016-12-02 2022-05-03 Carrier Corporation Mixed-mode cloud on-premise secure communication
US10536446B2 (en) 2017-01-31 2020-01-14 Microsoft Technology Licensing, Llc. Single authentication to a multi-tenancy single-page cloud application
CN107065793A (en) * 2017-02-07 2017-08-18 西门子传感器与通讯有限公司 Assembly line real-time monitoring and management method, assembly line real-time monitoring and management device
CN107065793B (en) * 2017-02-07 2019-03-29 西门子传感器与通讯有限公司 Pipeline real-time monitoring and management method, and pipeline real-time monitoring and management device
US20210165876A1 (en) * 2017-11-22 2021-06-03 Aqua Security Software, Ltd. System for securing software containers with embedded agent
US11762986B2 (en) * 2017-11-22 2023-09-19 Aqua Security Software, Ltd. System for securing software containers with embedded agent
CN110488769A (en) * 2018-05-14 2019-11-22 中国石油化工股份有限公司 A kind of virtual instrument device that cloud platform is isolated with DCS screen
CN110488768A (en) * 2018-05-14 2019-11-22 中国石油化工股份有限公司 A kind of virtual instrument equipment of cloud platform and DCS hardware isolated
CN110177148A (en) * 2019-05-30 2019-08-27 上海通联金融科技发展有限公司 A kind of prosperous cloud service platform of IaaS
US11182530B1 (en) 2020-11-03 2021-11-23 Dialog Semiconductor (Uk) Limited Automatic routing system workflow
US11662716B2 (en) 2021-02-26 2023-05-30 Kla Corporation Secure remote collaboration for equipment in a manufacturing facility
US12189374B2 (en) 2021-02-26 2025-01-07 Kla Corporation Secure remote collaboration for equipment in a manufacturing facility
US11954524B2 (en) 2021-05-26 2024-04-09 International Business Machines Corporation Compliance aware application scheduling
WO2024030395A3 (en) * 2022-08-01 2024-03-14 Modwell Holdings Inc. An improved real estate experience

Also Published As

Publication number Publication date
WO2016137397A3 (en) 2016-10-27

Similar Documents

Publication Publication Date Title
WO2016137397A2 (en) Multi-tenant cloud based systems and methods for secure semiconductor design-to-release manufacturing workflow and digital rights management
CN112840326B (en) Test engine for automated operation management
US10454927B2 (en) Systems and methods for managing relationships among digital identities
CN111819538B (en) Artifact Lifecycle Management on Cloud Computing Systems
US20230208882A1 (en) Policy - aware vulnerability mapping and attack planning
US8695075B2 (en) System and method for discovery enrichment in an intelligent workload management system
Xu et al. Remote attestation with domain-based integrity model and policy analysis
EP3065077B1 (en) Gap analysis of security requirements against deployed security capabilities
US12299106B2 (en) Project-based permission system
CN114745158A (en) Apply rights management policies to protected files
Elkhodary et al. A survey of approaches to adaptive application security
EP2887703B1 (en) Application protection in a mobile telecommunication device
WO2022126372A1 (en) Multi-service multi-environment management method and system
CN117708223A (en) A big data hyper-converged visual management method
EP4478663A1 (en) Method for setting cloud service access permissions of enclave instance, and cloud management platform
US20240095029A1 (en) Catalog for managing modular code
You et al. [Retracted] Research and Design of Docker Technology Based Authority Management System
Reed et al. Bulwark: A framework to store iot data in user accounts
CN108600198A (en) Access control method, device, computer storage media and the terminal of fire wall
CN119520147A (en) Access control strategy construction method, device, electronic device and storage medium
de Aguiar Monteiro et al. A survey on microservice security–trends in architecture privacy and standardization on cloud computing environments
Kern et al. Using RBAC to enforce the principle of least privilege in industrial remote maintenance sessions
Chen et al. Breaking the Bulkhead: Demystifying Cross-Namespace Reference Vulnerabilities in Kubernetes Operators
Bin et al. Research of fine grit access control based on time in cloud computing
CN119293821B (en) Multi-module software hierarchical authorization management method and device and computer equipment

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 09/01/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16755989

Country of ref document: EP

Kind code of ref document: A2