Patent application number | Description | Published |
20110302638 | Staged Control Release In Boot Process - Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages. | 12-08-2011 |
20120047551 | Machine-To-Machine Gateway Architecture - Systems, methods, and instrumentalities are disclosed that provide for a gateway outside of a network domain to provide services to a plurality of devices. For example, the gateway may act as a management entity or as a proxy for the network domain. As a management entity, the gateway may perform a security function relating to each of the plurality of devices. The gateway may perform the security function without the network domain participating or having knowledge of the particular devices. As a proxy for the network, the gateway may receive a command from the network domain to perform a security function relating to each of a plurality of devices. The network may know the identity of each of the plurality of devices. The gateway may perform the security function for each of the plurality of devices and aggregate related information before sending the information to the network domain. | 02-23-2012 |
20120079559 | METHODS FOR POLICY MANAGEMENT - Systems, methods, and apparatus are disclosed for coordinating enforcement of policies on a network and/or a wireless transmit/receive unit. The policies may include stakeholder-specific policies of one or more stakeholders that provide services on a user equipment. Enforcement of the stakeholder-specific policies may be securely coordinated using a policy coordination function. Systems, methods, and apparatus are also disclosed that include a network policy coordination function (NPCF) that coordinates service control policies and access control policies. The NPCF may coordinate enforcement of the service control policies for one or more service control entities and the access control policies for one or more access control entities. | 03-29-2012 |
20120198520 | Machine-To-Machine (M2M) Call Flow Security - Systems, methods, and instrumentalities are disclosed to provide secure operations in an M2M device. An M2M device may receive an indication that an operation to be performed is security sensitive. The M2M device may determine that the operation is to be performed in a secure environment on the M2M device. The secure environment may be a logically distinct portion of the M2M device. The determination may be made in in accordance with a policy. For example, the M2M device may determine that the operation meets a requirement specified in the policy indicating that the operation is to be performed in the secure environment. The M2M device may perform the operation in the secure environment on the M2M device. The M2M device may store a result relating to the operation in the secure environment. | 08-02-2012 |
20120290870 | DEVICE VALIDATION, DISTRESS INDICATION, AND REMEDIATION - A wireless communications device may be configured to perform integrity checking and interrogation with a network entity to isolate a portion of a failed component on the wireless network device for remediation. Once an integrity failure is determined on a component of the device, the device may identify a functionality associated with the component and indicate the failed functionality to the network entity. Both the wireless network device and the network entity may identify the failed functionality and/or failed component using a component-to-functionality map. After receiving an indication of an integrity failure at the device, the network entity may determine that one or more additional iterations of integrity checking may be performed at the device to narrow the scope of the integrity failure on the failed component. Once the integrity failure is isolated, the network entity may remediate a portion of the failed component on the wireless communications device. | 11-15-2012 |
20120297473 | CERTIFICATE VALIDATION AND CHANNEL BINDING - A constrained network entity may determine, via an authentication procedure with a core network entity, the trustworthiness of an endpoint attempting to establish a secure channel with the constrained network entity. The constrained network entity may receive a certificate from the endpoint attempting to establish the secure channel and the constrained network entity may send the certificate asserted by the endpoint to a core network entity for validation. The core network entity may receive the certificate during a key exchange with the constrained network entity and the core network entity may indicate to the constrained network entity the validity of the certificate. The constrained network entity may determine whether to establish the secure channel with the endpoint based on the validity of the certificate. | 11-22-2012 |
20130007858 | AUTHENTICATION AND SECURE CHANNEL SETUP FOR COMMUNICATION HANDOFF SCENARIOS - Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application-layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application-layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application-layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers. | 01-03-2013 |
20150026471 | Staged Control Release in Boot Process - Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages. | 01-22-2015 |
Patent application number | Description | Published |
20100199077 | AUTHENTICATED DEBUG ACCESS FOR FIELD RETURNS - Under the direction of a first party, an integrated circuit (IC) device is configured to temporarily enable access to a debug interface of the IC device via authentication of the first party by a challenge/response process using a key of the IC device and a challenge value generated at the IC device. The first party then may conduct a software evaluation of the IC device via the debug interface. In response to failing to identify an issue with the IC device from the software evaluation, the first party can permanently enable open access to the debug interface while authenticated and provide the IC device to a second party. Under the direction of the second party, a hardware evaluation of the IC device is conducted via the debug interface that was permanently opened by the first party. | 08-05-2010 |
20140064480 | SECURE PROVISIONING IN AN UNTRUSTED ENVIRONMENT - Embodiments of methods of provisioning an electronic circuit enable security of sensitive data in a design and manufacturing process that includes multiple parties. In an illustrative embodiment, a method of provisioning an electronic circuit includes generating at least one secret value, embedding the at least one secret value into the electronic circuit, programming into the electronic circuit a private key derivation function that derives the private key from the at least one secret value and a trust anchor, and programming into the electronic circuit a public key generation function that generates a public key matching the private key. The method can further include receiving for execution trust anchor-authenticated logic that contacts a predetermined actor of the plurality of distinct actors and communicates to the predetermined actor a message signed with the private key. | 03-06-2014 |
20140068246 | CIRCUIT FOR SECURE PROVISIONING IN AN UNTRUSTED ENVIRONMENT - Embodiments of electronic circuits enable security of sensitive data in a design and manufacturing process that includes multiple parties. An embodiment of an electronic circuit can include a private key embedded within the electronic circuit that is derived from a plurality of components including at least one component known only to the electronic circuit and at least one immutable value cryptographically bound into messages and residing on the electronic circuit, public key generation logic that generates a public key to match the private key, and message signing logic that signs messages with the private key. | 03-06-2014 |
20140164779 | SECURE PROVISIONING IN AN UNTRUSTED ENVIRONMENT - Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the electronic circuit. A second entity (e.g., an OEM): 1) embeds a trust anchor in a first copy of the electronic circuit; 2) causes the electronic circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second copy of the electronic circuit and causes the electronic circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the electronic circuit. The electronic circuit can authenticate itself to the OEM using the message signing key pair. | 06-12-2014 |
20140205092 | SECURE PROVISIONING IN AN UNTRUSTED ENVIRONMENT - Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the electronic circuit. A second entity (e.g., an OEM): 1) embeds a trust anchor in a first copy of the electronic circuit; 2) causes the electronic circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second copy of the electronic circuit and causes the electronic circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the electronic circuit. The electronic circuit can authenticate itself to the OEM using the message signing key pair. | 07-24-2014 |
20150039916 | DATA PROCESSING SYSTEM WITH PROTOCOL DETERMINATION CIRCUITRY - A semiconductor device includes a processing system including a section of power domain circuitry and a section of coin cell power domain circuitry. The coin cell power domain circuitry is configured to, when power is initially provided to the coin cell power domain circuitry, using power provided by a power management circuit as feedback to determine that the power management circuit provides the power in response to a power request signal being a toggle signal, and determine that the power management circuit provides the power in response to the power request signal being a pulse signal. | 02-05-2015 |
Patent application number | Description | Published |
20100042965 | Method and System for Scalable Reduction in Registers With Sat-Based Resubstitution - A method, system, and computer program product for reducing the size of a logic network design, prior to verification of the logic network design. The method includes eliminating registers to reduce the size of the logic network design; thereby, increasing the speed and functionality of the verification process, and decreasing the size of the logic network design. The system identifies one or more compatible resubstitutions of a selected register, wherein the compatible resubstitution expresses the selected register as one or more pre-existing registers of fixed initial state. The resubstitutions are refined utilizing design invariants. When one more resubstitutions are preformed, the system eliminates the selected registers to reduce the size of the logic network design. As a result of the resubstitution process, a logic network design of reduced size is generated. | 02-18-2010 |
20100185993 | METHOD FOR SCALABLE DERIVATION OF AN IMPLICATION-BASED REACHABLE STATE SET OVERAPPROXIMATION - A method, system and computer program product for integrating implication-based analysis and equivalent gate analysis to maintain transitive reduction in an implication graph over a sequence of graph operations. One or more gates of a design are identified that are equivalent in all reachable states. Equivalent gates are assigned to an equivalence class when all gates within the equivalence class are equal. During the implication-based analysis the system determines when one or more implication paths are associated with the one or more equivalence classes, and an implication is generated at the implication path associated with the equivalence classes. A transitively reduced graph is received depicting the implications and equivalence classes of the design. When one or more operations are assigned to the transitively reduced graph, the graph is automatically adjusted to maintain transitive reduction. | 07-22-2010 |
20100251199 | Method and system for automated convergence of ternary simulation by saturation of deep gates - A method, system and computer program product for X-Saturated ternary simulation based reduction. An X-Saturated ternary simulation (XSTS) utility, which executes on a computer system, receives design information, where the design information includes a netlist. The XSTS utility initializes one or more data structures and/or variables and simulates, in a ternary fashion, the netlist at a time value by applying logical X values to all RANDOM gates of the netlist and to registers marked X_SATURATED. For each register of the netlist XSTS utility: determines whether or not the register departs from its expected prefix behavior, and if the register departs from its expected prefix behavior, the register is marked as X_SATURATED and the current state is updated with an X value upon the register. XSTS utility can store the current state in a data structure and can use the information from the data structure to simplify the design. | 09-30-2010 |
20100293513 | Method and System for Design Simplification Through Implication-Based Analysis - Methods and systems are provided for reducing an original circuit design into a simplified circuit design by merging gates that may not be equivalent but can be demonstrated to preserve target assertability with respect to the original circuitry design. A composite netlist is created from the simplified netlist and the original netlist. The composite netlist includes a number of targets that imply the existence of a target in the simplified netlist and a corresponding target in the original netlist. The implications are verified and then validated to ensure the simplied circuit design is a suitable replacement for the original circuit design. | 11-18-2010 |
20110093824 | TECHNIQUES FOR PERFORMING CONDITIONAL SEQUENTIAL EQUIVALENCE CHECKING OF AN INTEGRATED CIRCUIT LOGIC DESIGN - A technique for conditional sequential equivalence checking of logic designs embodied in netlists includes creating an equivalence-checking netlist over a first netlist and a second netlist. The conditional sequential equivalence checking includes conditions under which equivalences of the first and second netlists are checked. The technique derives a set of candidate conditional equivalence invariants for each correlated gate in a correlated gate pair set and attempts to prove that each candidate conditional equivalence invariant in the set of candidate conditional equivalence invariants is accurate. The candidate conditional equivalence invariants that cannot be proven accurate are removed from the set of candidate conditional equivalence invariants. The candidate conditional equivalence invariants that have been proven accurate are recorded as a set of conditional equivalence invariants. Finally, the conditional sequential equivalence checking of the equivalence-checking netlist is completed using the set of conditional equivalence invariants that are recorded. | 04-21-2011 |
20110093825 | TECHNIQUES FOR ANALYSIS OF LOGIC DESIGNS WITH TRANSIENT LOGIC - A technique for performing an analysis of a logic design includes detecting an initial transient behavior in a logic design embodied in a netlist. A duration of the initial transient behavior is also determined. Reduction information on the logic design is gathered based on the initial transient behavior. The netlist is then modified based on the reduction information. | 04-21-2011 |
20110270597 | Tracking Array Data Contents Across Three-Valued Read and Write Operations - A mechanism is provided in an integrated circuit simulator for tracking array data contents across three-value read and write operations. The mechanism accounts for write operations with data values and address values having X symbols. The mechanism performs writes to a tree data structure that is used to store the three-valued contents to the array. The simulator includes functionality for updating the array contents for a three-valued write and to read data for a three-valued read. The simulator also includes optimizations for dynamically reducing the size of the data structure when possible in order to save memory in the logic simulator. | 11-03-2011 |
20110271242 | Efficient Redundancy Identification, Redundancy Removal, and Sequential Equivalence Checking within Designs Including Memory Arrays - A mechanism is provided for efficient redundancy identification, redundancy removal, and sequential equivalence checking with designs including memory arrays. The mechanism includes an array merging component to optimally merge an array output such that if the address is out-of-bounds or the port is not asserted, the array output is converted to a random output. The mechanism also includes a component for determining the equivalence of enabled array outputs rather than the array outputs directly and creating an enabled array output. The mechanism also includes a component that precludes potentially-redundant array cells from participating in the sequential redundancy removal determination. This component first checks for compatibility of the corresponding arrays, then the corresponding read port enables and addresses, then the corresponding initial values, and finally checking that writes to the corresponding columns yield a compatible set of values. | 11-03-2011 |
20110271243 | Enhanced Analysis of Array-Based Netlists Via Phase Abstraction - A mechanism is provided for increasing the scalability of transformation-based formal verification solutions through enabling the use of phase abstraction on logic models that include memory arrays. The mechanism manipulates the array to create a plurality of copies of its read and write ports, representing the different modulo time frames. The mechanism converts all write-before-read arrays to read-before-write and adds a bypass path around the array from write ports to read ports to capture any necessary concurrent read and write forwarding. The mechanism uses an additional set of bypass paths to ensure that the proper write data that becomes effectively concurrent through the unfolding inherent in phase abstraction is forwarded to the proper read port. If a given read port is disabled or fetches out-of-bounds data, the mechanism applies randomized data to the read port data output. | 11-03-2011 |
20110271244 | Enhanced Analysis of Array-Based Netlists via Reparameterization - A mechanism is provided for increasing the scalability of formal verification solutions through enabling the use of input reparameterization on logic models that include memory arrays. A pre-processing mechanism enables the selection of a cut-based design partition which enables optimal reductions though input reparameterization given a netlist with constraints. A post-processing mechanism next prevents input reparameterization from creating topologically inconsistent models in the presence of arrays. Additionally, this technique may be used to rectify inconsistent topologies that may arise when reparameterizing even netlists without arrays, namely false sequential dependencies across initialization constructs. Furthermore, a mechanism is provided to undo the effects of memory array based input reparameterization on verification results. | 11-03-2011 |
20110276930 | Minimizing Memory Array Representations for Enhanced Synthesis and Verification - Mechanisms are provided in a design environment for minimizing memory array representations for enhanced synthesis and verification. The design environment comprises one mechanism to compress the width of arrays using disconnected pin information. The design environment comprises another mechanism to simplify the enable conditions of array ports using “don't care” computations. The design environment comprises yet another mechanism to reduce address pins from an array through analysis of limitations of readable addresses. | 11-10-2011 |
20110276931 | Eliminating, Coalescing, or Bypassing Ports in Memory Array Representations - Mechanisms are provided in a design environment for eliminating, coalescing, or bypassing ports. The design environment comprises one mechanism to eliminate unnecessary ports in arrays using disabled and disconnected pin information. The design environment may comprise another mechanism to combine and reduce the number of array ports using address comparisons. The design environment may comprise another mechanism to combine and reduce the number of array ports using disjoint enable comparisons. The design environment may comprise one mechanism to combine and reduce the number of array ports using “don't care” computations. The design environment may comprise another mechanism to reduce the number of array ports through bypassing write-to-read paths around arrays. | 11-10-2011 |
20110276932 | Array Concatenation in an Integrated Circuit Design - Mechanisms are provided in a design environment for array concatenation. The design environment comprises one mechanism to concatenate arrays with enable- and address-compatible ports, thereby reducing the number of arrays in a netlist. The design environment comprises another mechanism to migrate read ports from one array to another based upon compatible enable-, address-, and data-compatible write ports, thereby reducing the number of arrays in a netlist. The design environment comprises yet another mechanism to eliminate unnecessary arrays. | 11-10-2011 |
20120167024 | METHOD AND SYSTEM FOR SCALABLE REDUCTION IN REGISTERS WITH SAT-BASED RESUBSTITUTION - A method, system, and computer program product for reducing the size of a logic network design, prior to verification of the logic network design. The method includes eliminating registers to reduce the size of the logic network design; thereby, increasing the speed and functionality of the verification process, and decreasing the size of the logic network design. The system identifies one or more compatible resubstitutions of a selected register, wherein the compatible resubstitution expresses the selected register as one or more pre-existing registers of fixed initial state. The resubstitutions are refined utilizing design invariants. When one more resubstitutions are preformed, the system eliminates the selected registers to reduce the size of the logic network design. As a result of the resubstitution process, a logic network design of reduced size is generated. | 06-28-2012 |
20120271786 | Efficiently Determining Boolean Satisfiability with Lazy Constraints - A mechanism is provided for efficiently determining Boolean satisfiability (SAT) using lazy constraints. A determination is made as to whether a SAT problem is satisfied without constraints in a list of constraints. Responsive to the SAT problem being satisfied without constraints, a set of variable assignments that are determined in satisfying the SAT problem without constraints are fixed. For each constraint in the list of constraints, a determination is made as to whether the SAT problem with the constraint results in the set of variable assignments remaining constant. Responsive to the SAT problem with the constraint resulting in the set of variable assignments remaining constant, the constraint is added to a list of non-affecting constraints and a satisfied result is returned. | 10-25-2012 |
20120271792 | Efficiently Determining Boolean Satisfiability with Lazy Constraints - A mechanism is provided for efficiently determining Boolean satisfiability (SAT) using lazy constraints. A determination is made as to whether a SAT problem is satisfied without constraints in a list of constraints. Responsive to the SAT problem being satisfied without constraints, a set of variable assignments that arc determined in satisfying the SAT problem without constraints are fixed. For each constraint in the list of constraints, a determination is made as to whether the SAT problem with the constraint results in the set of variable assignments remaining constant. Responsive to the SAT problem with the constraint resulting in the set of variable assignments remaining constant, the constraint is added to a list of non-affecting constraints and a satisfied result is returned. | 10-25-2012 |
20120272197 | Enhancing Redundancy Removal with Early Merging - A mechanism is provided for simplifying a netlist before computational resources are exceeded. For each of a set of suspected equivalences in a proof graph of a netlist, a determination is made as to whether equivalence holds for at least one of an equivalence or an equivalence class by identifying whether the equivalence or equivalence class is either affecting or non-affecting. Responsive to the equivalence or equivalence class being affecting, a proof dependency is recorded as an edge in a proof graph. For each node in the proof graph, a determination is made as to whether the node has a falsified dependency. Responsive to the node failing to have a falsified dependency, identification is made that all dependencies are satisfied and that the equivalences represented by the node in the proof graph are sequential equivalences. The netlist is then simplified by consuming the sequential equivalences. | 10-25-2012 |
20120272198 | Enhancing Redundancy Removal with Early Merging - A mechanism is provided for simplifying a netlist before computational resources are exceeded. For each of a set of suspected equivalences in a proof graph of a netlist, a determination is made as to whether equivalence holds for at least one of an equivalence or an equivalence class by identifying whether the equivalence or equivalence class is either affecting or non-affecting. Responsive to the equivalence or equivalence class being affecting, a proof dependency is recorded as an edge in a proof graph. For each node in the proof graph, a determination is made as to whether the node has a falsified dependency. Responsive to the node failing to have a falsified dependency, identification is made that all dependencies are satisfied and that the equivalences represented by the node in the proof graph are sequential equivalences. The netlist is then simplified by consuming the sequential equivalences. | 10-25-2012 |
20120290282 | REACHABILITY ANALYSIS BY LOGICAL CIRCUIT SIMULATION FOR PROVIDING OUTPUT SETS CONTAINING SYMBOLIC VALUES - A logic simulation program, method and system for obtaining a set of reachable states for a logic design that can be used to provide input to other algorithms that simplify the netlist describing the logic design or perform other types of processing, provides an efficient, compact behavior when simulating large designs. Rather than simulating using ternary input and state value representations that are restricted to true, false and unknown, the techniques of the present invention use input symbolic values that are retained in the set of reachable states retained as the output. Behaviors such as oscillators, transient values, identical signals, dependent logical states and chicken-switch determined states can be detected in the simulation results and the netlist simplified using the results of the detection. | 11-15-2012 |
20120290992 | LOGICAL CIRCUIT NETLIST REDUCTION AND MODEL SIMPLIFICATION USING SIMULATION RESULTS CONTAINING SYMBOLIC VALUES - A logic synthesis program, method and system for simplifying and/or reducing a logic design receives output from a logic simulator that uses symbolic values for stimulus and contains symbolic values in the logic simulator output. Relationships between the nodes dependent on symbolic values can be used to merge nodes or otherwise simplify the logic design. Behaviors such as oscillators, transient values, identical signals, dependent logical states and chicken-switch determined states that depend on the symbolic values can be detected in the simulation results and the netlist simplified using the results of the detection. The netlist can be simplified by inserting registers to represent nodes that assume a symbolic value or combination based on symbolic values either statically or after an initial transient. Oscillating nodes can be replaced with equivalent oscillator circuits, and nodes having values dependent on chicken-switch operation can be detected and replaced with registers initialized from the chicken-switch input states. | 11-15-2012 |
20130290918 | CONSTRUCTING INDUCTIVE COUNTEREXAMPLES IN A MULTI-ALGORITHM VERIFICATION FRAMEWORK - A computer-implemented method simplifies a netlist, verifies the simplified netlist using induction, and remaps resulting inductive counterexamples via inductive trace lifting within a multi-algorithm verification framework. The method includes: a processor deriving a first unreachable state information that can be utilized to simplify the netlist; performing a simplification of the netlist utilizing the first unreachable state information; determining whether the first unreachable state information can be inductively proved on an original version of the netlist; and in response to the first unreachable state information not being inductively provable on the original netlist: projecting the first unreachable state information to a minimal subset; and adding the projected unreachable state information as an invariant to further constrain a child induction process. Adding the projected state information as an invariant ensures that any resulting induction counterexamples can be mapped to valid induction counterexamples on the original netlist before undergoing the simplification. | 10-31-2013 |
20130305197 | METHOD AND SYSTEM FOR OPTIMAL DIAMETER BOUNDING OF DESIGNS WITH COMPLEX FEED-FORWARD COMPONENTS - A computer-implemented method includes a processor identifying, within the netlist, at least one strongly connected components (SCCs) that has a reconvergent fanin input with at least two input paths from the reconvergent fanin input having a different propagation delay to the SCC. The method then computes an additive diameter for the netlist comprising at least one SCC, where the additive diameter includes a fanin additive diameter determined based on a propagation delay difference of the at least two input paths to a SCC and a number of complex feed-forward components within at least one input path. In response to the reconvergent fanin input to the SCC providing a binate function, the method computes a multiplicative diameter for the SCC utilizing a least common multiple (LCM) derived from one or more propagation delay differences across each reconvergent fanin input leading to the SCC. | 11-14-2013 |
20140067897 | FORMAL VERIFICATION OF BOOTH MULTIPLIERS - Disclosed below are representative embodiments of methods, apparatus, and systems for performing formal verification. For example, certain embodiments can be used to formally verify a Booth multiplier. For instance, in one example embodiment, a specification of a Booth multiplier circuit is received; an initial model checking operation is performed for a smaller version of the Booth multiplier circuit; a series of subsequent model checking operations are performed for versions of the Booth multiplier circuit that are incrementally larger than the smaller version of the Booth multiplier circuit, wherein, for each incrementally larger Booth multiplier circuit, two or more model checking operations are performed, the two or more model checking operations representing decomposed proof obligations for showing; and a verification result of the Booth multiplier circuit is output. | 03-06-2014 |