Electronic verification process flow
By generating a digital signature chain in the process flow and storing it in the blockchain, the problem of the inability to verify the authenticity and integrity of the process flow inputs and outputs in existing technologies is solved, and secure tracking and trusted verification of the process flow are realized.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- INTERNATIONAL BUSINESS MACHINE CORPORATION
- Filing Date
- 2021-03-23
- Publication Date
- 2026-06-09
AI Technical Summary
In the prior art, electronic design automation tools fail to effectively verify the authenticity, integrity, and origin of inputs and outputs in the process flow, and lack protection against unauthorized modifications, making it impossible to determine the authenticity and integrity of the step outputs in the design flow.
By using a processor to verify the inputs and outputs of each step in the process flow, a digital signature chain is generated and stored in the blockchain to ensure the authenticity, integrity, and origin of the inputs and outputs of each step. The blockchain provides immutable records and end-to-end traceability across organizations.
It enables verification of the authenticity, integrity, and origin of the outputs of steps in the process flow, provides immutable records, aids in forensic investigations, and ensures the security and reliability of the design flow.
Smart Images

Figure CN115668195B_ABST
Abstract
Description
Technical Field
[0001] This invention generally relates to the field of process flow. More specifically, one or more embodiments of the invention relate to verifying the authenticity, integrity, and origin of the inputs and / or outputs of steps in a process flow. More specifically, one or more embodiments of the invention relate to 1) providing secure traceability in a process flow consisting of multiple steps, and / or 2) integrating digital signatures and blockchain to protect and verify the process flow. Background Technology
[0002] A process flow describes the multiple steps taken to perform a specific task. Each subsequent step in a process flow uses the output from the previous step as its input. Therefore, a process flow can describe the process used to provide services, manufacture products, etc. An example of a process flow used to manufacture products is the process flow used to manufacture integrated circuits (ICs). An IC consists of multiple components called nodes, intellectual property (IP) blocks, or IP cores. Therefore, the process flow used to generate an IC chip describes how the circuitry will be arranged, what masks are used when creating circuitry and insulators within it, which layers in the IC chip contain certain circuitry, the connections between layers, etc. The actual construction of the IC chip (which can also be part of the process flow) is then carried out by applying mask layers of different materials onto the wafer until multiple copies of the final IC chip are embedded onto the wafer.
[0003] Electronic Design Automation (EDA) tools used to generate IC layouts are complex tools. EDA tools use languages such as those described in IEEE Standard 1800-2017, the Very High Speed Integrated Circuit Hardware Description Language (VHDL), etc., to translate IP blocks at the Register-Transfer Language (RTL) design level. The descriptions using these languages are then converted into a final Graphical Database System (GDS II) format layout, used to describe and / or manufacture a specific IC.
[0004] During the design process, EDA tools perform numerous steps and run multiple processes to create an executable file. This executable file generates a netlist of the IC design (i.e., a list of electronic components in the IC), performs placement and routing of the components in the IC design, and verifies the IC design. EDA tools also load and use IP blocks from third-party libraries to complete the design specifications and final IC placement.
[0005] However, EDA tools do not check the integrity of their inputs regarding content and origin. IP blocks reused from libraries may lack digital signatures for authenticating their integrity and / or information to determine their origin. At each step of the prior art design process, unauthorized modifications to inputs, whether accidental or intentional, are not checked. Furthermore, in the prior art, the outputs of transformations from each step are not signed or protected against modification. Therefore, the authenticity, integrity, and provenance of the outputs from steps in the process flow cannot be determined. Summary of the Invention
[0006] In one or more embodiments of the present invention, a method verifies the authenticity, integrity, and origin of the outputs of steps in a process flow. One or more processors verify one or more inputs for each step in the process flow by verifying at least one of the hashes and digital signatures of each input. The processors then generate digital signatures covering the outputs of each step and the one or more inputs of each step, such that the digital signatures produce a chain of digital signatures used to verify the process flow.
[0007] In one or more embodiments of the present invention, the processor verifies a digital signature chain of a set of binary objects and then uses the set of binary objects in a manufacturing controller that creates the physical product.
[0008] In one or more embodiments of the invention, the processor stores the digital signature chain in a blockchain and then tests the output of each step in the process flow. This test determines whether each step in the process flow performs its predefined function. In response to the test determining that a particular step in the process flow has failed to perform its predefined function, the processor implements adjustments to the particular failing step until the particular failing step performs its predefined function. The processor then stores the adjustments to the particular failing step in the blockchain.
[0009] In one or more embodiments of the invention, testing occurs during digital signature verification. A failed test indicates the detection of some intentional or accidental alteration. In one or more embodiments of the invention, there is no initial mitigation. Instead, when an error is detected, the input or the step itself is not corrected or altered. However, during subsequent design and / or testing, the input and / or the step itself are adjusted until the step produces the desired output. In one or more embodiments of the invention, once the desired output is achieved, a digital signature is generated that includes both the input and output of the step.
[0010] In one or more embodiments of the present invention, the process flow is a manufacturing flow of at least one intellectual property (IP) block in a semiconductor. A processor loads the manufacturing flow into a computer-controlled manufacturing controller, which then directs a wafer fabrication facility to use the manufacturing flow to manufacture the semiconductor.
[0011] In one or more embodiments of the present invention, a computer program product is used to verify the authenticity, integrity, and origin of the outputs of steps in a process flow. The computer program product includes a non-transient computer-readable storage device having program instructions included therewith, which can be read and executed by a computer to perform a method including, but not limited to: verifying one or more inputs of each step by verifying at least one of a hash and a digital signature of each of one or more inputs in the process flow; and generating digital signatures covering the outputs of said each step and the one or more inputs of said each step, wherein the digital signatures produce a chain of digital signatures for verifying the process flow.
[0012] In one or more embodiments of the present invention, a computer system includes one or more processors, one or more computer-readable memories, and one or more computer-readable non-transient storage media, and program instructions stored on at least one of the one or more computer-readable non-transient storage media for execution by at least one of the one or more processors via at least one of the one or more computer-readable memories. Execution of the stored program instructions is used to perform a method, which includes, but is not limited to: verifying one or more inputs at each step by verifying at least one of a hash and a digital signature of each of one or more inputs in a process flow; and generating digital signatures covering the outputs of said each step and the one or more inputs of said each step, wherein the digital signatures produce a chain of digital signatures for verifying the process flow. Attached Figure Description
[0013] Figure 1 Exemplary systems and networks used in one or more embodiments of the present invention are shown;
[0014] Figure 2 A high-level overview of an exemplary blockchain architecture used in one or more embodiments of the present invention is shown;
[0015] Figure 3 Show Figure 2 Further details of the exemplary blockchain network shown;
[0016] Figure 4 An exemplary blockchain ledger as used in one or more embodiments of the present invention is shown;
[0017] Figure 5This illustrates a set of advanced operations using blockchain according to one or more embodiments of the present invention;
[0018] Figure 6 An exemplary neural network as used in one or more embodiments of the present invention is shown;
[0019] Figure 7 This is a high-level flowchart of one or more steps performed in a processor-based method according to one or more embodiments of the present invention;
[0020] Figure 8 The blockchain process as used in one or more embodiments of the present invention is illustrated;
[0021] Figure 9 A cloud computing environment according to an embodiment of the present invention is shown; and
[0022] Figure 10 An abstract model layer of a cloud computing environment according to an embodiment of the present invention is shown. Detailed Implementation
[0023] One or more embodiments of the present invention address security issues in process flows. More specifically, one or more embodiments of the present invention address security issues related to unauthorized changes to inputs and outputs in steps of a process flow, changes to the process flow itself, etc.
[0024] For example, examining the process flow used to create an integrated circuit (IC) design requires consideration of integrity and provenance issues associated with the IC design process involved. Therefore, one or more embodiments of the present invention detect whether intellectual property (IP) blocks (i.e., sub-components of the IC) have been accidentally or intentionally modified, and whether the IP blocks originate from a trusted party at each step of the design flow. That is, an IC (e.g., a processor) consists of multiple sub-components (e.g., adders, registers, arithmetic logic units, etc.). Each sub-component, whether for a specific function or merely defining a region on the IC chip, is referred to as IP.
[0025] One or more embodiments of the present invention also track the inputs used at each step of the design process and protect and verify the transformation from input to output. Such tracking allows the system to identify all inputs used to derive the final output (e.g., IP blocks, netlists). Therefore, one or more embodiments of the present invention can aid in forensic investigations by providing information for determining when implementation flaws or malicious components are introduced into the design flow.
[0026] As described herein, one or more embodiments of the present invention utilize blockchain to provide the integrity and origin of the IP block design process, as well as the traceability and origin of the IP block.
[0027] During the IP block design process, the IP block undergoes a series of steps (e.g., transformations) to produce a final output, such as a Graphical Database System-II (GDS II) file. Specifically, GDS II is a database file format used to describe the layout of integrated circuits (ICs). More specifically, a GDS II file is a binary file format that provides information to wafer fabrication equipment to create an IC wafer (i.e., a semiconductor wafer disk containing multiple copies of one or more types of integrated circuits) based on the circuit layout, the layer in which each circuit resides, the electrical connectors between different layers, etc. This information is used to generate photomasks used in the wafer fabrication process.
[0028] According to one or more embodiments of the present invention, at each step in the process of designing a GDS II file for a specific node on an IC (also known as an intellectual property (IP) block or IP node), the inputs used to create that specific node are verified. The inputs are signed using digital signatures to ensure that the input file has been signed by a trusted party and has not been modified. Transformations at each step (e.g., synthesis, location, and route) are verified to check that the transformations from input to output are correct and that no additional information has been added.
[0029] In one or more embodiments of the invention, a trusted verifier of a step acknowledges a transformation by signing the transformation of that step with their private key. The digital signature of a given step protects the integrity of the output of that step as well as the signature of the input of that step. This results in a “chain of digital signatures” that can be used to verify the authenticity, integrity, and / or origin of the entire design flow. In one or more embodiments of the invention, the newly generated IP block (e.g., as described in the GDS II documentation) and the chain of digital signatures are then recorded in a blockchain. This allows designers considering the use of IP blocks in sensitive applications to take into account the entire origin of the IP block.
[0030] The authenticity of a design flow is defined as the confirmation that the design flow conforms to the description of its identity (i.e., its name) and / or what the design flow does (i.e., the function of the process flow).
[0031] Process flow integrity is defined as confirming that the steps in the process flow and / or its inputs / outputs have not been compromised by accidents or malicious acts.
[0032] The origin of the process flow is provided by a protected and reliable record of all changes made to the steps and / or their inputs / outputs in the process flow, thereby showing the source and / or effect of such changes that affect the entire process flow.
[0033] Therefore, the combination of the authenticity, integrity, and / or source of the process flow verifies the output of the steps in the process flow, and / or verifies the entire process flow itself.
[0034] This invention offers several advantages over existing technologies in the IP block design process.
[0035] First, the signature chain described herein ensures the authenticity, integrity, and / or origin of all inputs (e.g., inputs to steps in IP blocks and adding IP blocks to libraries) and outputs in the design flow. This signature chain provides a complete, immutable log of all transformations performed to produce the final output (e.g., a GDS II file).
[0036] Secondly, this invention aids in forensic investigations. Using a signature chain, the system can determine when an operation occurred and which entity performed it. Therefore, the system can track when damage (e.g., implementation flaws or malicious code) was introduced into the design process.
[0037] Third, the signature chain provides information about the origin of the design. That is, prior art GDS II files (the final output of the design flow process) contain low-level layout information but lack information about the origin of their construction process. Using the signature chain, one or more embodiments of the present invention can trace back from the GDS II to the original input (e.g., netlist, library kernel, etc.), thereby ensuring their origin.
[0038] When integrated with a blockchain, one or more embodiments of the present invention provide end-to-end traceability across organizations and track all operations in a comprehensive manner. Therefore, the blockchain provides an immutable trace.
[0039] In one or more embodiments of the present invention, the blockchain includes additional information such as scripts and data for testing and proving the correctness of blocks.
[0040] In one or more embodiments of the present invention, a public key infrastructure is used to bind public keys to entities. Examples of entities include, but are not limited to, developers, organizations, or processes running applications. Therefore, one or more embodiments of the present invention trust a Certificate Authority (CA) to authenticate that a public key belongs to an entity. The entity generates a public key pair (i.e., a private key and a public key). The private key is kept secret and used to digitally sign (i.e., hash and encrypt) an input object (such as an IP block). The public key is used to verify the signature on the object. The entity requests a certificate from the trusted CA. The CA verifies the entity's validity and returns a signed certificate that associates the entity's information with its public key. To check whether an entity is a trusted party, one or more embodiments of the present invention determine that the entity's public key certificate was signed by a trusted CA.
[0041] In one or more embodiments of the present invention, an entity provides a self-signed certificate for its public key.
[0042] Therefore, as described in detail herein, one or more embodiments of the present invention perform multiple operations at each step in the process flow.
[0043] First, validate the inputs at each step of the design process (e.g., using a process flow). Validate digitally signed inputs to ensure they are signed by a trusted party and have not been modified. When developers create new IP blocks, they sign their IP blocks after testing and validating them. If inputs to an IC circuit design (e.g., IP blocks retrieved from an IP block library) lack digital signatures, they are digitally signed (e.g., by the entity responsible for providing and / or implementing the design process) before being used in the design flow to protect them from accidental or intentional modification.
[0044] Secondly, the transformations at each step of the design process flow (e.g., composition, place-and-route) are verified. The verifier evaluates whether the output corresponds to the input provided to the transformation at that step. In one or more embodiments of the invention, the verifier is implemented as a component of the design process or as an external verifier, such as a cloud service. In one or more embodiments of the invention, the verifier operates independently of the component performing the transformation at that step, replays the transformation, and checks whether the generated output matches the output to be verified.
[0045] Third, the verifier endorses the transformation by generating a digital signature that protects the integrity of the step's output and includes the signature of the step's input. In one or more embodiments of the invention, this results in a chain of digital signatures for different steps, which is used to verify the integrity and origin of the output of each step. This chain of signatures links the initial input IP block and subsequent steps (transformations) to the final design flow output (e.g., the final GDS II file).
[0046] In one or more embodiments of the present invention, a blockchain is employed to store and access IP flow traces (e.g., VHSIC Hardware Descriptor Language - VHDL files, GDS II, scripts, test data, etc.). In one or more embodiments of the present invention, descriptions of IP blocks in the IC design flow and the digital signature chains of the IP blocks are added to the blockchain.
[0047] Now refer to the attached diagram, especially the reference... Figure 1 This diagram illustrates a block diagram of an exemplary system and network used in one or more embodiments of the present invention. According to various embodiments of the present invention, some or all of the exemplary architectures are shown, including the hardware and software shown, which are illustrated as being used in and located within a computer 101, the computer being constructed by… Figure 1The software deployment server 149 and / or the processing nodes within the machine learning system 123 and / or the devices within the blockchain system 153 shown are used and / or are provided by the software. Figure 2 One or more of the equivalents 218a-218g shown are used and / or made by Figure 3 The monitoring computer 301 shown uses and / or is powered by Figure 6 One or more of the nodes shown in the Deep Neural Network (DNN) 623 are used.
[0048] In one or more embodiments of the invention, an exemplary computer 101 includes a processor 103 coupled to a system bus 105. The processor 103 utilizes one or more processors, each having one or more processor cores 123. A video adapter 107 driving / supporting a display 109 (in this embodiment, the display is a touchscreen display capable of detecting touch input on the display 109) is also coupled to the system bus 105. The system bus 105 is coupled to an input / output (I / O) bus 113 via a bus bridge 111. An I / O interface 115 is coupled to the I / O bus 113. The I / O interface 115 provides communication with various I / O devices, including a keyboard 117, a microphone 119, a media tray 121 (in one embodiment, which includes storage devices such as a CD-ROM drive, a multimedia interface, etc.), and an external USB port 125. The format of the port connected to the I / O interface 115 is known to those skilled in the art of computer architecture, including but not limited to a Universal Serial Bus (USB) port.
[0049] As shown in the figure, computer 101 can communicate with software deployment server 149 and / or other devices / systems (such as wafer fabrication unit 151, machine learning system 123, etc.) using network interface 129. Network interface 129 is a hardware network interface such as a network interface card (NIC). In one or more embodiments, network 127 is an external network such as the Internet or an internal network such as Ethernet or a virtual private network (VPN). In one or more embodiments, network 127 is a wireless network such as a Wi-Fi network, cellular network, etc. Therefore, computer 101 and / or wafer fabrication unit 151 and / or blockchain system 153 are devices capable of sending and / or receiving wireless and / or wired communications.
[0050] Hard disk drive interface 131 is also coupled to system bus 105. Hard disk drive interface 131 is interfaced with hard disk drive 133. In one embodiment, hard disk drive 133 fills system memory 135, which is also coupled to system bus 105. System memory is defined as the lowest level of volatile memory in computer 101. This volatile memory includes additional higher-level volatile memory (not shown), including but not limited to cache memory, registers, and buffers. The data filling system memory 135 includes the operating system (OS) 137 and applications 143 of computer 101.
[0051] OS 137 includes a shell 139 for providing user access to resources such as application 143. Typically, shell 139 is a program that provides an interpreter and an interface between the user and the operating system. More specifically, shell 139 executes commands entered into a command-line user interface or from a file. Therefore, shell 139, also known as a command processor, is typically at the highest level of the operating system software hierarchy and acts as a command interpreter. The shell provides system prompts, interprets commands entered via the keyboard, mouse, or other user input media, and sends the interpreted commands to the appropriate lower level of the operating system (e.g., kernel 141) for processing. While shell 139 is a text-based, line-oriented user interface, the present invention will equally well support other user interface modes, such as graphics, voice, gestures, etc.
[0052] As shown in the figure, OS 137 also includes a kernel 141, which includes lower-level functions of OS 137, including providing basic services required by other parts of OS 137 and applications 143, including memory management, process and task management, disk management and mouse and keyboard management.
[0053] Application 143 includes a renderer, shown in an exemplary manner as browser 145. Browser 145 includes program modules and instructions that enable a World Wide Web (WWW) client (i.e., computer 101) to send and receive network messages to and from the Internet using Hypertext Transfer Protocol (HTTP) messaging, thereby enabling communication with software deployment server 149 and other systems.
[0054] The application program 143 in the system memory of computer 101 (and the system memory of software deployment server 149) also includes a Program for Managing and Utilizing a Process Flow (PMUPF) 147. PMUPF 147 includes features for implementing the following features. Figure 2-7The code describes the process described herein. In one embodiment, computer 101 is able to download PMUPF 147 from software deployment server 149, including on-demand downloading, wherein the code in PMUPF 147 is not downloaded until execution is required. In one embodiment of the invention, software deployment server 149 performs all functions related to the invention (including the execution of PMUPF 147), thereby exempting computer 101 from using its own internal computing resources to execute PMUPF 147.
[0055] In one or more embodiments of the present invention, wafer fabrication equipment 151 is an apparatus for manufacturing a wafer containing multiple copies of a particular integrated circuit (IC). Wafer fabrication equipment 151 performs processes known to those skilled in the art of wafer / IC manufacturing, including the steps of preparing a blank wafer by thermal oxidation of the wafer; masking the wafer to define where certain materials are to be deposited on the wafer; etching the wafer to define channels for such materials; doping the materials to adjust their electrical conductivity / insulation properties; depositing dielectrics and metals onto the wafer; cleaning (passivating) the wafer; electrically testing the wafer; dicing IP chips from the wafer; and assembling the IP chips into a plastic / ceramic package, the package including input / output pins connected to the IP chips within the package.
[0056] Machine learning system 123 is an artificial intelligence (AI) system, which in... Figure 6 The deep neural network (DNN) 623 shown is described in detail by example.
[0057] exist Figure 2 and Figure 3 The blockchain system 153 is described in detail in the blockchain network 253 shown.
[0058] As used herein, the terms “blockchain,” “blockchain environment,” “blockchain system,” and “blockchain architecture” are used interchangeably to describe a system of processing devices that utilize a ledger that supports secure control over transactions described in a series of “blocks” (collectively referred to as “blockchains”).
[0059] The hardware components shown in computer 101 are not intended to be exhaustive, but are representative to highlight the essential components required by the present invention. For example, in one or more embodiments, computer 101 includes alternative memory storage devices such as magnetic tape cassettes, digital universal discs (DVDs), Bernoulli cassettes, etc. These and other variations are considered to be within the scope of the present invention.
[0060] Reference Figure 2 This document presents a high-level overview of the exemplary architecture used in one or more embodiments of the present invention.
[0061] like Figure 2As shown, the blockchain architecture 200 enables users 202a-202g to utilize the blockchain network 253 to verify the authenticity, integrity, and / or origin of the inputs and / or outputs of one or more steps in the process flow. To explain one or more embodiments of the invention, it is now assumed that the process flow is used for designing and / or manufacturing IP blocks in an IC. As described herein, an IP block is a physical segment of the IC. A particular IP block may be used to provide a specific function in the IC (e.g., a buffer for caching data), or it may simply describe a region on the IC (e.g., the upper half of the IC).
[0062] Exemplary processes for designing and / or manufacturing an IC include: 1) writing code describing the IC; 2) compiling the code; 3) inputting the compiled code into a computer-aided design (CAD) program for the IC; 4) synthesizing the output of the CAD program in a high-level program using a Very High Speed Integrated Circuit Hardware Description Language (VHDL); 5) generating a low-level netlist of the IC's components; 6) placing and routing these components in the IC to establish the final layout of the IC; 7) generating masks for producing dies, metal layers, etc., for manufacturing wafers / chips; and 8) packaging the chip (e.g., in ceramic / plastic including input / output pins) into a finished IC product.
[0063] As shown in action 21, the user (e.g., user 202a among users 202a-202g) first creates IP1 describing the IP block in the IC and stores it in IP library 206. Figure 2 As shown and as described below, IP1 is provided by a party (e.g., Figure 2 One of the users shown or Figure 2 (A third-party user, not shown in the image), created during the design process. Later, user 202b checked out the same IP1 to utilize it in a new design, or simply to see what it is / does.
[0064] Software Development Kit (SDK) 210a performs IP recording operation 212a, which describes the creation of IP1 and / or registration of IP in IP database 206, thus creating blockchain endorsement 214a, which is a consensus reached by peers in the blockchain system on the transaction (e.g., the creation of IP by design process 208 and / or the registration of IP in IP database 206), as follows: Figure 7 As described in detail in the text.
[0065] As shown in action 22, user 202c then retrieves IP1 from IP database 206 and sends it to design process 208 behind a firewall or air gap (not remotely accessible). Simultaneously, SDK 210c performs IP record operation 212c, which describes the fact that user 202c has retrieved IP1 from IP database 206 and sends it to design process 208. IP record operation 212c, together with endorsement 214c, creates a blockchain transaction (where peers in the blockchain system verify that design process 208 received the retrieved IP1), which is to be appended to blockchain 216 for manipulation by peers 218a-218g in blockchain network 253.
[0066] As shown in action 23, design process 208 then creates a new IP2 along with signatures indicating what entity created IP2, where IP2 was created, when IP2 was created, etc. That is, design process 208 modifies IP1 by executing steps 1, 2…n (confidentially), where each step 1-n creates its own signature. Ultimately, process 208 produces a new IP2 with an additional chain of signatures.
[0067] As shown in action 24, user 202c then retrieves the new IP2 from design process 208 and checks it into IP database 206. However, IP database 206 may be insecure. Therefore, IP1 and IP2 could be checked out of IP database 206 by unauthorized users and modified in a way that could cause problems for other users unaware of the modification. Therefore, blockchain endorsements 214a and 214c provide verification of the update of IP1 to blockchain 216, the security of which is maintained by peers 218a-218g in blockchain network 253.
[0068] Therefore, as shown in action 25, IP2 is verified by SDK 210c, which creates an IP record operation 212c describing the following facts: user 202c has 1) created IP2 from IP1; 2) added a signature indicating who created IP2, when IP2 was created, etc.; 3) stored IP2 in IP database 206; and 4) sent a transaction verified by peers 218a-218g in blockchain network 254. Thus, peers 218a-218g jointly confirm the validity of the transaction related to IP2.
[0069] As shown in Action 26, IP2 is now accepted into blockchain 216 by blockchain network 253 and integrated with the entire blockchain trace provided by peers 218a-218g.
[0070] Therefore, Blockchain Architecture 200 offers a novel use of blockchain to securely maintain changes to process flows—such as creating IP blocks in an IC.
[0071] In other words, the blockchain architecture 200 ensures that the inputs at each stage (steps in the design process 208) are correct, and that each transformation from one step to the next is correct (e.g., without adding external steps).
[0072] Blockchain Architecture 200 provides independent verification for transformations by "pasting" digital signatures to the output of each step.
[0073] In one or more embodiments of the invention, the original design of the process is initially signed by the "owner," with additional signatures added at each new step to form a chain / blockchain. Thus, this chain / blockchain of signatures from the original design to any of the "artifacts" (variations to the process) will prove the authenticity, integrity, and / or origin of the artifact.
[0074] Although seven users (User 202a-User 202g), seven SDKs (SDK 210a-SDK 210g), seven IP record operations (IP record operation 212a-IP record operation 212g), seven endorsements (Endorsement 214a-Endorsement 214g); seven peers (Peer 218a-Peer 218g), and design process 208 with “n” steps (where “n” is an integer) are shown, it should be understood that more or fewer of these elements can be used. Figure 2 This is part of the blockchain architecture 200 shown.
[0075] More specifically, in addition to IP record operations that check an IP design into IP database 206 (e.g., IP record operations 212a and 212c) and IP record operations that check an IP design out of IP database 206 (e.g., IP record operations 212b and 212c), other IP operations sent to blockchain network 253 include, but are not limited to, updating (not creating) existing IP records (e.g., IP record operation 212d), tracking changes to IP records (e.g., IP record operation 212e), declaring that a particular IP design is being used (e.g., IP record operation 212f), checking the authenticity of a particular IP design (e.g., IP record operation 212g), and so on.
[0076] Now for reference Figure 3 Present Figure 2 Additional details of the blockchain network 253 shown.
[0077] In one or more embodiments of the present invention, using Figure 3The blockchain network 253 shown provides the infrastructure (e.g., chaincode execution) and services (e.g., membership services such as identity management) for the secure and transparent storage, tracking, and management of transactions concerning a “single point of truth.” Blockchain network 253 maintains a verifiable record (single truth) of every single transaction ever performed within the system. Once data is entered into the blockchain, it is never erased (immutable) or altered. That is, any change to the record is considered a publication / introduction of a new transaction. Therefore, such prohibition ensures the auditability and verifiability of the data.
[0078] Blockchain network 253 (also known as a “blockchain structure,” “blockchain system,” “open blockchain,” or “hyperledger ledger structure”) is a distributed database based on records of all transactions or digital events that have been executed and shared among participants. Individual transactions in a blockchain are verified or validated through a consensus mechanism that incorporates a majority of participants in the system. This allows participating entities to be certain that a digital event has occurred by creating an irreversible record in a permissioned public ledger.
[0079] When a transaction is executed, its corresponding chaincode is executed by several validating peers in the system. For example, ... Figure 3 As shown, the equivalent bodies 218a-218d (i.e., Figure 2 As shown, but it may include Figure 2 Peers other than those shown (218a-218g) and / or those replaced by said other peers establish the validity of the transaction parameters, and once they reach a consensus, a new block is generated and appended to the blockchain network. That is, running on monitoring computer 301 (similar to...) Figure 1 Application process 308 on computer 101 shown (e.g., Figure 2 The design process 208 shown executes an application such as App 304 shown, causing the software development kit (SDK) 310 (similar to...) to... Figure 2 The SDK210a-210g shown uses General Remote Procedure Call (gRPC) to communicate with membership service 309, which supports peer-to-peer network 304. Figure 2 The blockchain 216 described uses peer-to-peer 218a-218d.
[0080] Now for reference Figure 4 An exemplary blockchain ledger 400 within a blockchain 216, as utilized in one or more embodiments of the present invention, is described.
[0081] In one or more embodiments of the invention, the blockchain ledger 400 includes an identifier for the monitoring computer (shown in box 402), such as in Figure 3 The shown, support and / or utilization Figure 2 The monitoring computer 301 of the blockchain architecture 200 is shown in the diagram. For example, in one or more embodiments of the invention, block 402 includes the monitoring computer's Internet Protocol (IP) address, Uniform Resource Locator (URL), etc. This information is... Figure 3 The peers in the peer-to-peer network 304 shown are used to receive transactions related to the process flow described herein.
[0082] In one or more embodiments of the invention, as shown in box 404, the blockchain ledger 400 also includes identifiers for step inputs to steps in the process flow. For example, if the process flow is for designing / manufacturing IP blocks, the step input could be a change to the circuitry in the IP block, a change to manufacturing conditions (e.g., temperature, pressure, amount of material sputtered on the wafer, etc.), and so on.
[0083] In one or more embodiments of the invention, the blockchain ledger 400 also includes the identity of entities (e.g., people, businesses, systems, etc.) that make changes to the steps by providing step inputs, as shown in box 406.
[0084] In one or more embodiments of the invention, the blockchain ledger 400 also includes a hash of the step input, as shown in box 408. For example, suppose the step input is binary, and when executed, it causes a wafer fabrication machine to perform a specific operation, such as applying a mask material to a wafer being manufactured. To provide additional security, the provider of the step input can create a hash that can be used to verify the step input. Therefore, if additional security is required, box 408 can be added to the blockchain so that a user can verify the validity of step input 404.
[0085] In one or more embodiments of the invention, the blockchain ledger 400 also includes a digital signature for the step input, as shown in box 410. Therefore, box 410 can be added to the blockchain ledger if additional security is required. This allows peers in the blockchain network who have access to the signer's public key to verify the digital signature.
[0086] In one or more embodiments of the invention, the blockchain ledger 400 also includes step outputs of steps that are modified by step inputs, as shown in box 412. For example, if a particular step in the process flow accepts a new input (e.g., the step input shown in box 404), the output of the step using the new input is shown in box 412.
[0087] In one or more embodiments of the invention, the blockchain ledger 400 also includes a description of tests performed on the step inputs after receiving them, as shown in box 414. That is, assuming the process flow is the manufacture of an IC. After altering the process flow and manufacturing (physically building or simulating) the IC by changing the step inputs shown in box 404, box 414 would describe the tests performed on the altered IC (e.g., "Test A - High Temperature Test"). If the test is simply a single test of whether a step will pass, the test description could be "Test B - Isolation Test".
[0088] In one or more embodiments of the invention, the blockchain ledger 400 also includes test results for the tests (box 414) of the step execution, such as “Pass” or “Fail”.
[0089] In one or more embodiments of the invention, the blockchain ledger 400 also includes a description of what adjustments were made based on the test results in block 416, as described in block 418. For example, suppose the step is to control the raw materials fed to a manufacturing facility, and the step input is changed from 4 to 6. However, this results in an excessive amount of raw materials being fed to the manufacturing facility, causing the manufacturing facility to be interrupted. Therefore, suppose that the step input is then reduced from 6 to 5, and the manufacturing facility is then able to operate properly (at a higher rate). This adjustment from 6 to 5 is reflected in block 418.
[0090] Therefore, by identifying new step inputs (boxes 404, 408, and / or 410), providing the entity of the step input (box 406), the new output of the step (box 412), and any tests / adjustments made to the step input (boxes 414, 416, and / or 418), the authenticity, integrity, and / or origin of the output of each step in the process flow is established based on a digital signature chain (such as a blockchain ledger 400).
[0091] Figure 5 Presented in Figure 3 The exemplary operation of the blockchain network 253 is shown in the diagram. As described in step 501, a browser or other device (e.g., Figure 3 The monitoring computer 301 shown executes a transaction (e.g., to identify changes to the input of a step in a process flow). As shown in step 503, the monitoring computer 301 hashes the transaction using a hash algorithm (e.g., a secure hash algorithm (SHA-2)) and then signs the hash with a digital signature. Then, as described in step 505, the signature is broadcast to... Figure 3 The peer-to-peer network 304 is shown. Peers in peer-to-peer network 304 (e.g., peer 218a) aggregate transactions. Figure 3In the blockchain 216 shown, as illustrated in step 507, each block contains a link to a previous block, as shown in box 509. The newly revised blockchain 216 is verified by one or more of the other peers in peers 218a-218d and / or by other peers from other authorized blockchain systems (step 511). Then, as described in step 513, the verified block is broadcast to peers 218b-218d. These peers 218b-218d listen for and receive the new block and merge it into their copies of blockchain 216 (step 515).
[0092] therefore, Figures 2 to 5 The blockchain structure described herein outlines a blockchain deployment topology that provides a distributed ledger that continuously manages digital events, known as transactions, shared among several participants, each with a stake in these events. The ledger can only be updated through consensus among the participants. Furthermore, once transactions are recorded, they can never be altered (they are immutable). Each such recorded transaction can be cryptographically verified using protocol proofs from the participants, thus providing a robust origin mechanism for tracing its origin.
[0093] Therefore, the blockchain structure uses a distributed network to maintain a digital ledger of events, thus providing excellent security for the digital ledger, because the blockchain stored in each peer depends on the earlier blocks, which provide protected data for subsequent blocks in the blockchain.
[0094] In other words, the blockchain architecture described in this paper provides a decentralized system in which each node in the decentralized system has a copy of the blockchain. This avoids the need for a centralized database managed by a trusted third party. Transactions are broadcast to the network using software applications. Network nodes can verify transactions, add them to their copies, and then broadcast these additions to other nodes. However, as mentioned above, the blockchain remains highly secure because each new block is protected based on one or more previous blocks (e.g., a hash).
[0095] As described above, changes to a step in a process flow can cause that step and / or the entire process flow to fail. Therefore, in one or more embodiments of the present invention, a graphical user interface (GUI) may be presented to the user that 1) identifies the process, 2) identifies the failed step, 3) explains why the step failed, 4) provides possible solutions for repairing the failed step, 5) receives a selection of the presented solution from the user, 6) implements the received selection of the presented solution, and 7) returns a message to the user regarding whether the newly modified step is now working.
[0096] For example, suppose a monitoring computer is monitoring the process flow for manufacturing a specific IP block (1- process identification), and suppose the monitoring computer determines that a change to the IP block (a change to the circuitry) causes it to no longer function properly (2- identifying the failed step) because the IP block cannot handle the thermal load it generates (3- explaining why the step failed). Therefore, the monitoring computer searches for a set of possible solutions, such as replacing the changed circuitry with a smaller one, and presents these solutions to the user on a GUI (4- providing possible solutions for fixing the failed step). The user selects one of the proposed solutions and sends that selection to the monitoring computer (5- receiving the selection of the presented solution from the user), and the monitoring computer then modifies the IP block accordingly (6- implementing the received selection of the presented solution). The monitoring computer instructs the newly modified IP block to be tested physically or analogously and informs the user whether the solution selected by the user is effective (7- returning a message to the user regarding whether the newly modified step is now working).
[0097] In embodiments of the present invention, instead of relying on the user to select a solution to the problem, a neural network is trained to make that selection.
[0098] See now Figure 6 This presents an exemplary deep neural network (DNN) 623 (similar to) utilized in one or more embodiments of the present invention. Figure 1 The machine learning system 123 shown is illustrated. Nodes within the DNN 623 represent hardware processors, virtual processors, software algorithms, or combinations of hardware processors, virtual processors, and / or software algorithms.
[0099] In one or more embodiments of the present invention, training data is used to train a DNN 623 to identify specific types of step failures and their appropriate solutions. Subsequently, when a specific type of step failure occurs in the system / user identification process flow, the DNN 623 analyzes the descriptor of that step failure to selectively instruct the execution of an appropriate solution for that failure.
[0100] Therefore, as described herein, a DNN 623 is used to process the failed step descriptor 600 and multiple solutions 612.
[0101] When a step failure descriptor 600 (e.g., a description of a step failure in a process flow) and multiple solutions 612 are input into a trained version of the DNN 623, the output 602 of the DNN 623 identifies which solution was used to resolve the step failure. To provide this functionality, the DNN 623 must first be trained.
[0102] Therefore, in one or more embodiments of the present invention, the DNN 623 is trained by inputting a training step failure descriptor (a form of step failure descriptor 600) and a set of training multiple solutions (a form of multiple solution solutions 612) into the DNN 623. The training step failure descriptor is selected according to the characteristics of the training multiple solutions.
[0103] In other words, training a step failure descriptor contains information about what type of failure has occurred. This information includes—but is not limited to—a description of the failure itself (e.g., the known input to a step did not produce the output that the design function based on that step expected to output from that step), as well as risk / impact metadata about how the step is available to the public (i.e., whether it is accessible to anyone, or only to anyone with the encryption key, or only to anyone with access to the blockchain system, or only to the system as part of the blockchain system, etc.; whether the failure of the step caused the entire process to fail; etc.). Therefore, highly accessible steps ("accessible to anyone") are more likely to be compromised than strictly restricted steps ("open only to the system as part of the blockchain system"), and thus, solutions to the problem of step failures will include correspondingly tailored solutions. For example, if the type of step failure only occurs in steps in the blockchain system where access to the process flow is controlled by the system and is only accessible to the system, then training a DNN 623 corrects problems in the blockchain system such as access control, node operation, etc. However, if the type of step failure occurs in steps open to any entity, training DNN 623 corrects the problem caused by the overall lack of security in the process flow.
[0104] The impact of this failure is also a factor in determining how (or even whether) the step failure should be corrected. That is, if a specific change to the input of a step does not lead to degradation in the overall process flow, then the system can determine that a solution is not needed. However, if a change to the input of a step leads to failure in the process flow (e.g., the process cannot complete), then a solution is selected and implemented.
[0105] Therefore, training DNN 623 identifies specific types of step failure descriptors and specific types of multiple solutions when determining what solutions to recommend and / or implement to solve the step problem.
[0106] While the high-level overview of training DNN 623 described above describes only one training step failure descriptor and one type of training multiple solutions, in a preferred embodiment of the invention, during training, multiple training step failure descriptors and their associated training multiple solutions are input into DNN 623, enabling DNN 623 to recognize many types of step failure descriptors and multiple solutions input into the trained DNN 623.
[0107] DNN 623 is an exemplary type of neural network used in one or more embodiments of the present invention. Other neural networks that may be used in one or more embodiments of the present invention include convolutional neural networks (CNNs) and neural networks using other forms of deep learning.
[0108] As the name suggests, neural networks are broadly modeled by mimicking biological neural networks (e.g., the human brain). Biological neural networks consist of a series of interconnected neurons that influence each other. For example, a first neuron can be electrically connected to a second neuron via a synapse by releasing neurotransmitters (from the first neuron) received by the second neuron. These neurotransmitters can cause the second neuron to be activated or inhibited. The pattern of activated / inhibited interconnected neurons ultimately leads to biological outcomes, including thought, muscle movement, memory retrieval, and so on. While this description of biological neural networks is highly simplified, a high-level overview is that one or more biological neurons influence the operation of one or more other bioelectrically connected biological neurons.
[0109] Electronic neural networks are similarly composed of electronic neurons. However, unlike biological neurons, electronic neurons are never technically "inhibitory," but rather "excitatory" to varying degrees.
[0110] In the DNN 623, the electronic neurons (also referred to as "neurons" or "nodes" in this document) are arranged in layers called input layer 603, hidden layer 605, and output layer 607. Input layer 603 contains neurons / nodes that take input data and send it to a series of hidden layers (e.g., hidden layer 605) of neurons, where neurons in one hidden layer are interconnected with all neurons in the next layer. The last layer in hidden layer 605 then outputs the computation results to output layer 607, which is typically a single node used to retain vector information.
[0111] As just mentioned, each node in the DNN 623 shown represents an electronic neuron, such as neuron 609 shown. As shown in box 611, each neuron (including neuron 609) functionally includes at least three features: algorithm, output value, weights, and bias value.
[0112] An algorithm is a mathematical formula used to process data from one or more upstream neurons. For example, suppose one or more neurons in the intermediate hidden layer 605 send data values to neuron 609. Neuron 609 then processes these data values by executing the mathematical function shown in box 611 to create one or more output values, which are then sent to another neuron, such as another neuron within hidden layer 605 or a neuron in output layer 607. Each neuron also has weights specific to that neuron and / or other connected neurons. Furthermore, the output values are added to (multiple) bias values that increase or decrease the output values, thereby allowing the DNN 623 to be further “fine-tuned.”
[0113] For example, suppose neuron 613 is sending its analysis of a piece of data to neuron 609. Neuron 609 has a first weight that defines how important the data specifically from neuron 613 is. If the data is important, the data from neuron 613 is weighted more heavily and / or increased by a bias value, resulting in the mathematical function within neuron 609 generating a higher output, which will have a greater impact on the neurons in output layer 607. Similarly, if it has been determined that neuron 613 is important for the operation of neuron 609, the weights in neuron 613 will be increased, causing neuron 609 to receive a higher value of the output of the mathematical function in neuron 613. Alternatively, the output of neuron 609 can be minimized by reducing the weights and / or biases used to influence the output of neuron 609. These weights / biases are adjustable for one, some, or all of the neurons in DNN 623 to produce a reliable output from output layer 607. In one or more embodiments of the invention, the values of the weights and biases are determined automatically by training the neural network. In one or more embodiments of the invention, manual tuning is applied to adjust hyperparameters such as learning rate, loss function, and regularization factor. Therefore, training the neural network involves running forward and backward propagation on multiple datasets until optimal weights and biases that minimize the loss function are achieved. The loss function measures the difference between the neural network's predictions and the actual labels for different inputs.
[0114] During the training of DNN 623, manual adjustments are made by the user, sensor logic, etc., in a repetitive manner until the output of output layer 607 matches the expected value. For example, suppose input layer 603 receives training input describing a specific type of step failure and a solution for that type of step failure. Once DNN 623 has been properly trained (by adjusting the mathematical functions, output values, weights, and biases in one or more neurons within DNN 623), the trained DNN 623 will output a vector / value to output layer 607, thereby instructing neuron 604 to describe the specific solution for the specific type of step failure presented in output 602.
[0115] During automatic adjustment, weights (and / or mathematical functions) are adjusted using "backpropagation," where the weight values of neurons are adjusted using a "gradient descent" method, which determines which direction each weight value should be adjusted. This gradient descent process moves the weights in each neuron in a specific direction until the output of output layer 607 improves (e.g., accurately describes the requested resource that should be returned to the requester).
[0116] like Figure 6 As shown, different neuron layers are shaded differently, indicating different aspects of the strategies for identifying candidate resources and / or controlling them in one or more embodiments of the invention.
[0117] Thus, in one or more embodiments of the invention, hidden layer 605 contains layers 606, 608, and 610. Layer 606 contains neurons designed to evaluate a first set of step failure features (e.g., a description of what entities made changes to the step that caused its failure); layer 608 contains neurons designed to evaluate a second set of features (e.g., when the changes to the step occurred); and layer 610 contains neurons designed to identify certain types of step failure.
[0118] The output of the neurons in layer 610 then controls the values in the output layer 607.
[0119] Although Figure 6 An embodiment of the invention is described in which DNNs are used to construct embeddings of unlabeled vertices in a hypergraph. Alternatively, unsupervised reinforcement learning (such as Q-learning) may be employed in one or more embodiments of the invention.
[0120] Unsupervised reinforcement learning is a type of artificial intelligence that uses training and errors to eventually find the optimal method for a task. For example, if the task is to hit a ball with a bat, the robot will randomly swing the bat at the ball being thrown. If the bat swings above or below the thrown ball, or if the bat swings before or after the thrown ball passes by the bat, the action is given a negative value (i.e., a negative reward), thus encouraging the robot not to take that swing. However, if the bat "pokes" the thrown ball, then the robot is given a positive reward / value for that swing, thus encouraging the robot to take that swing. If the bat catches the thrown ball firmly, then the robot is given a higher reward / value for taking that swing, thus encouraging the robot to take that swing even further.
[0121] Q-learning reinforcement learning systems use the Q-learning algorithm, which updates the Q-value of the reward when the actor / robot performs a specific action (swinging a bat) in a specific state (when the thrown ball is close to the robot).
[0122] Using the same methods as those in this invention, unsupervised reinforcement learning and / or Q-learning reinforcement learning systems learn which solution is best suited to resolve a specific failure at a specific step in a specific process flow.
[0123] Now for reference Figure 7 A high-level flowchart is provided for one or more operations performed in one or more embodiments of the present invention.
[0124] After starting block 701, one or more processors (e.g., Figure 1 The computer 101 and / or shown Figure 3 The monitoring computer 301 shown verifies the inputs of each step in the process flow by verifying each input in the process flow, as shown in block 703. That is, the processor verifies one or more inputs by verifying at least one of the hash and digital signature of each input in the process flow. Thus, the hash of the input is created by feeding the input into an algorithm that creates another (e.g., smaller) dataset for these inputs. In one or more embodiments of the invention, the process flow describes the creation of a product (such as an IP block, another physical device, a service, etc.).
[0125] As described in block 705, the processor generates digital signatures covering the outputs of each step and one or more inputs of each step, wherein the digital signatures produce a chain of digital signatures used to verify the outputs of one or more steps in the process flow. That is, the processor generates a chain of digital signatures from the digital signatures of each step in the process flow, such that the chain of digital signatures creates an immutable record of the outputs and one or more inputs of each step in the process flow. This verification provides verification of: the authenticity of the inputs of each step in the process flow, the outputs of each step in the process flow, the steps themselves, and / or the entire process flow (i.e., ensuring that the steps and / or the process flow are actually as described by their names, descriptions, etc.); the integrity of the steps and / or outputs and / or the entire process flow (i.e., ensuring that the inputs / outputs of the steps and / or the entire process flow have not been corrupted by unauthorized actions); and / or the origin of the inputs of the steps, the outputs of the steps, the steps themselves, and / or the entire process flow (i.e., as provided by protected and trusted records of all changes made to the steps and / or the inputs / outputs of the steps in the process flow).
[0126] In one or more embodiments of the present invention, the digital signature of a step is an encryption of the hashes of the step's output and input. In one or more embodiments of the present invention, the digital signature is such as... Figure 4 The blockchain ledger shown is a portion of the blockchain ledger 400. Therefore, the processor generates a digital signature chain for each step (one or more steps) in the process flow (e.g., in...). Figure 2 The blockchain introduced in [the article] (216).
[0127] In one or more embodiments of the present invention, a final process flow is then executed to perform a specific process, create a physical product, etc.
[0128] The flowchart ends at termination box 707.
[0129] Figure 7 The processes described in the flowchart can be executed serially or in batches. That is, in one or more embodiments of the invention, whenever a change occurs to the input of a step, a change to the output of that step, a change to the step itself, and / or the step fails, a digital signature is created and / or an entry is created in the blockchain at the time of such an event / change, thereby... Figure 7 The process shown is a series of serial operations. However, in one or more other embodiments, records of changes to the inputs of multiple steps in the process flow, changes to the outputs of multiple steps in the process flow, changes to multiple steps, and / or failures of multiple steps are stored and processed together at a later time in batch transactions to modify the digital signature chain and / or blockchain in a batch operation manner.
[0130] A digital signature is a sequence of binary numbers (or bits) based on a mathematical scheme that can be used to verify the authenticity and integrity of a binary-encoded message or document. In a digital signature-based system, the signer signs the message or document using his or her private key. The verifier uses the signer's public key to verify the authenticity and integrity of the signed message or document or the input and output of the process flow.
[0131] Therefore, in one or more embodiments of the invention, a digital signature chain protects the collection of executable files. That is, by verifying the digital signature chain of the inputs and / or outputs of the steps in the process flow before executing the process flow (e.g., loading the executable files described in steps onto the manufacturing controller), the manufacturing controller ensures that the steps in the process flow and the executable files associated with them are valid. Thus, after verifying the process flow and the executable files (binary files), the binary files are then loaded onto the manufacturing controller for the design and / or manufacture of the physical product.
[0132] For example, if the process flow is a manufacturing flow of at least one intellectual property (IP) block in a semiconductor, the processor loads the binary file of the manufacturing flow into a computer-controlled manufacturing controller (e.g., a wafer fabrication device), which instructs the wafer fabrication device to manufacture the semiconductor using the manufacturing flow.
[0133] In one or more embodiments of the present invention, a process flow is used to design intellectual property (IP) blocks within a semiconductor. That is, a process flow is a set of instructions for how to design or manufacture a specific part / node (referred to as an IP block) within a semiconductor. If the semiconductor is a processor, the IP block within the semiconductor can be an adder, comparator, register, etc.
[0134] Therefore, the hash and digital signature of each of the one or more inputs verify the source of each of the one or more inputs (e.g., who created the input), the description of each of the one or more inputs (e.g., values, instructions, etc. appearing in the input), and / or the tool used to create each of the one or more inputs (e.g., synthesis tools, optical proximity correction tools, placement and routing tools, etc.). That is, the tool used to create each of the one or more inputs comes from the group consisting of synthesis tools, placement and routing tools, and optical proximity correction tools used in the design of IP blocks in semiconductors.
[0135] Therefore, process flows are used to generate physical products when designing / manufacturing integrated circuits or other physical products. Thus, the hash and digital signature of each of one or more inputs describe the source of each of the one or more inputs, the description of each of the one or more inputs, and the unique identifier of the tool used to create each of the one or more inputs.
[0136] In one or more embodiments of the invention, a digital signature chain is added to the blockchain to provide an immutable record of one or more inputs and outputs for each step, as described herein.
[0137] In one or more embodiments of the invention, the previously generated output is used as input to a step in the process flow, and the authenticity, integrity, and / or origin of the previously generated output is verified using a blockchain digital signature chain, as described herein.
[0138] In one or more embodiments of the present invention, the processor stores a digital signature chain in a blockchain; tests the output of each step in a process flow, wherein the test determines whether each step in the process flow performs a predetermined function; in response to the test determining that a particular step in the process flow fails to perform a predefined function, an adjustment is made to that particular failing step in the process flow until that particular failing step in the process flow performs the predefined function; and the adjustment to that particular failing step is stored in the blockchain. That is, if the test fails, the step itself is changed (not as an input to the step). For example, if a step is a process specified to output a specific level of raw material used in the manufacturing process, but the output value becomes something other than the desired specific level of raw material, then changing the step itself by adding another source of raw material, etc., is not changing the input to the step.
[0139] In one or more embodiments of the present invention, the processor presents a step in a process flow that fails to perform a predefined function on a graphical user interface, wherein the graphical user interface includes options for the user to adjust the steps in the process flow; receives a user selection of one or more of the options; and implements the user selection of the one or more options until the step in the process flow performs the predefined function. In this way, the user can determine how to resolve the problem of the failed step.
[0140] In one or more embodiments of the invention, the processor trains a neural network to identify solutions to problems that lead to failed steps in the process flow. The processor then feeds a description of the failed steps into the trained neural network and implements the solutions identified by the neural network, such that the failed steps in the process flow now perform a predefined function. (See also...) Figure 6 。 )
[0141] In one or more embodiments of the present invention, the input to the verification step includes at least one of a hash and a digital signature of each input to the steps in the verification process flow. That is, the hash of the input to the verification step (in...) is determined by comparing the hash / digital signature with a known hash / digital signature of the input. Figure 4 (shown in box 408) and digital signature (in Figure 4 (As shown in box 410) is accurate.
[0142] In one or more embodiments of the present invention, one or more of the inputs to one or more steps in the process flow are modified inputs derived from the original inputs of one or more steps in the process flow. That is, it is assumed that the input of the step has been changed. Therefore, one or more embodiments of the present invention verify the authenticity, integrity, and / or origin of the outputs from the step resulting from these modified inputs.
[0143] Furthermore, and in one or more embodiments of the invention, the authenticity, integrity, and / or origin of the inputs for changes to the steps are established based on digital records (e.g., blockchain).
[0144] Therefore, in one or more embodiments of the present invention, the processor verifies the origin of the input based on the digital signature of each input in the process flow.
[0145] In one or more embodiments of the present invention, one or more processors generate a plurality of blockchain transactions, wherein each of the plurality of blockchain transactions is for a specific step in a process flow, wherein each blockchain transaction describes a change to at least one of one or more inputs of each specific step in the process flow, and wherein each blockchain transaction further describes a change to the output of each specific step in the process flow. The processor stores the plurality of blockchain transactions in a nonlinear blockchain, the nonlinear blockchain including multiple distinct paths leading to the original blockchain ledger of the specific step in the nonlinear blockchain.
[0146] For example, consider Figure 8 .
[0147] like Figure 8 As shown, linear blockchain 801 adds transactions sequentially to the blockchain ledger, making the ledger a linear / sequential record of the inputs and / or outputs of a specific step in a process flow. For example, assume blockchain ledger 800a (similar to...) Figure 4 The blockchain ledger 400 shown includes step inputs for specific steps in the process flow (in... Figure 4 (As shown in box 404). This initial step input is shown as transaction TxA in the blockchain ledger 800a. If this input is changed (e.g., to...) Figure 8If transaction TxB is shown, then blockchain ledger 800a will be transformed into blockchain ledger 800b, which contains the records of both TxA and TxB in box 404. Similarly, a subsequent change to the input (transaction TxC) transforms blockchain ledger 800b into blockchain ledger 800c, which includes the records of transactions TxA, TxB, and TxC. Another subsequent change to the input (transaction TxD) transforms blockchain ledger 800c into blockchain ledger 800d, which includes the records of transactions TxA, TxB, TxC, and TxD. Similar but different transactions (not shown) that show changes in the output of specific steps are also used to change blockchain ledgers 800a-800d.
[0148] However, non-linear blockchain 803 allows blockchains to be generated in a non-linear "tree" manner.
[0149] For example, for illustrative purposes, it is assumed that the transactions described by the inputs / outputs of a specific step in the process flow of a linear blockchain 801 are the same as those used in a nonlinear blockchain 803.
[0150] However, instead of recording multiple transactions linearly / sequentially, such transactions are stored in different blockchain ledgers in a non-linear manner. For example... Figure 8 As shown in the example, blockchain ledger 802a contains the record of the original transaction TxA, while blockchain ledger 802b contains the records of transactions TxA and TxB, blockchain ledger 802c contains the records of transactions TxA and TxC, and blockchain ledger 802d contains the records of transactions TxA, TxC, and TxD. Although each blockchain ledger 802a-802d contains a different set of transactions, they all include transaction TxA, which originates from the original blockchain ledger 802a that produced all other blockchain ledgers 802b-802d. Therefore, each of the blockchain ledgers 802b-802d includes a record of the original parent blockchain ledger 802a, making it possible to trace back to the origin / original blockchain ledger 802a regardless of where / when other blockchain ledgers 802b-802d enter the blockchain process.
[0151] In one or more embodiments of the present invention, the processor verifies the transformation from input to output by verifying the correctness of the transformation from input to output of a step in the process flow. The verifier then signs the transformation using digital signatures describing both the input and the output. That is, the processor first checks whether the content of the step output matches the expected content based on the content input to the step in the process flow. If so, the verifier signs the transformation using digital signatures describing both the input and the output.
[0152] In one or more embodiments of the present invention, a digital signature chain is stored in a blockchain, wherein the blockchain maintains a directory of IP blocks, and each IP block is protected by the digital signature chain. That is, a blockchain ledger such as blockchain ledger 400 includes not only records of the inputs and outputs of the steps and tests, but also a directory describing the IP blocks created by the process flow.
[0153] In one or more embodiments of the present invention, wherein the digital signature chain is stored in a blockchain, the method further includes a processor: auditing each step in the process flow; tracking each step in the process flow; verifying each step in the process flow; verifying the digital signature chain; and, in response to verifying the digital signature chain, storing the digital signature chain in the blockchain. That is, Figure 3 The monitoring computer 301 audits each identified step in the process flow, tracks the execution of each step in the process flow, and also verifies (confirms) that each step in the process flow belongs to the process flow. Then, the processor verifies the digital signature chain. In response to verifying the digital signature chain, the processor stores the digital signature chain in the blockchain. That is, the digital signature chain of the steps in the process flow is verified to be correct (based on the underlying step description and the digital signature of the underlying step using a signature), and then stored in the blockchain.
[0154] In one or more embodiments of the invention, the processor stores the blockchain in a process flow library, and then stores the process flow library in a secure execution environment, such that the secure execution environment protects the process flow library from other software on the system. That is, the process flow library containing the digitally signed blockchain is stored in a secure execution environment, such as a protected / dedicated storage area reserved for the library, or on a dedicated storage device (e.g., a dedicated hard drive) reserved for the library, etc.
[0155] In one or more embodiments of the present invention, digital signature verification and generation, as well as the generation of a digital signature chain, are performed within a secure execution environment that protects the digital signature verification and generation, as well as the generation of the digital signature chain, from the influence of other software on the system. In one or more embodiments of the present invention, this secure execution environment is a protected / dedicated processor and / or core reserved for this operation. For example, assume the computer system has a quad-core processor. Further assume that one of the quad-cores is not designated for any particular operation. Therefore, this unspecified core will be reserved for the operation of verifying and generating digital signatures of the outputs of each step in the process flow and hashes / digital signatures of the inputs of each step, as well as generating a digital signature chain for each step in the process flow.
[0156] In one or more embodiments, the present invention is a system, method, and / or computer program product at any possible level of technical detail integration. In one or more embodiments, the computer program product includes one or more computer-readable storage media having computer-readable program instructions on the storage media for causing a processor to perform aspects of the present invention.
[0157] A computer-readable storage medium is a tangible device that can retain and store instructions for use by an instruction execution device. A computer-readable storage medium can be, for example, but not limited to, electronic storage devices, magnetic storage devices, optical storage devices, electromagnetic storage devices, semiconductor storage devices, or any suitable combination of the foregoing. A non-exhaustive list of more specific examples of computer-readable storage media includes: portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), static random access memory (SRAM), portable compact disk read-only memory (CD-ROM), digital universal disk (DVD), memory sticks, floppy disks, mechanical encoding devices such as punch cards or protrusions in slots having instructions recorded thereon, and any suitable combination of the foregoing. As used herein, a computer-readable storage medium should not be construed as a transient signal itself, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (e.g., light pulses passing through fiber optic cables), or electrical signals emitted through wires.
[0158] The computer-readable program instructions described herein can be downloaded from a computer-readable storage medium to a corresponding computing / processing device, or downloaded to an external computer or external storage device via a network (e.g., the Internet, a local area network, a wide area network, and / or a wireless network). The network may include copper transmission cables, optical transmission fibers, wireless transmissions, routers, firewalls, switches, gateway computers, and / or edge servers. A network adapter card or network interface in each computing / processing device receives computer-readable program instructions from the network and forwards them to a computer-readable storage medium within the corresponding computing / processing device.
[0159] In one or more embodiments, the computer-readable program instructions for performing the operations of the present invention include assembly instructions, instruction set architecture (ISA) instructions, machine instructions, machine-dependent instructions, microcode, firmware instructions, state setting data, or source code or object code written in any combination of one or more programming languages, including object-oriented programming languages (such as Java, Smalltalk, C++, etc.) and conventional procedural programming languages (such as the "C" programming language or similar programming languages). In one or more embodiments, the computer-readable program instructions are executed entirely on a user's computer, partially on a user's computer, as a standalone software package, partially on a user's computer and partially on a remote computer, or entirely on a remote computer or server. In the latter case, the remote computer may be connected to the user's computer via any type of network (including a local area network (LAN) or a wide area network (WAN)) or may be connected to an external computer (e.g., via the Internet using an Internet service provider). In some embodiments, electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGAs), or programmable logic arrays (PLAs) can be personalized to execute computer-readable program instructions by utilizing state information from the computer-readable program instructions in order to perform aspects of the present invention.
[0160] This invention is described herein with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It should be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, is implemented by computer-readable program instructions in one or more embodiments of the invention.
[0161] In one or more embodiments, these computer-readable program instructions are provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions / actions specified in one or more blocks of a flowchart and / or block diagram. In one or more embodiments, these computer-readable program instructions are also stored in a computer-readable storage medium, which, in one or more embodiments, directs a computer, programmable data processing apparatus, and / or other device to operate in a particular manner, such that the computer-readable storage medium having the instructions stored therein comprises an article of manufacture containing instructions that implement aspects of the functions / actions specified in one or more blocks of a flowchart and / or block diagram.
[0162] In one or more embodiments, computer-readable program instructions are loaded onto a computer, other programmable data processing apparatus, or other device to cause a series of operational steps to be performed on the computer, other programmable apparatus, or other device to produce a computer-implemented process, such that the instructions, which execute on the computer, other programmable apparatus, or other device, perform the functions / actions specified in one or more blocks of a flowchart and / or block diagram.
[0163] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present invention. Each block in a flowchart or block diagram may represent a module, segment, or portion of instructions, including one or more executable instructions for implementing a specified logical function. In some alternative implementations, the functions marked in the blocks may occur in a different order than indicated in the figures. For example, depending on the functions involved, two consecutively shown blocks may actually be executed substantially simultaneously, or these blocks may sometimes be executed in reverse order. It should also be noted that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can be implemented using a dedicated hardware-based system that performs the specified function or action or executes a combination of dedicated hardware and computer instructions.
[0164] In one or more embodiments, cloud computing is used to implement the invention. It should be understood in advance that while this disclosure includes a detailed description of cloud computing, the implementation of the teachings given herein is not limited to a cloud computing environment. Rather, embodiments of the invention can be implemented in conjunction with any other type of computing environment now known or developed hereafter.
[0165] Cloud computing is a service delivery model that enables convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services), which can be rapidly provisioned and released with minimal management effort or interaction with the service provider. This cloud model may include at least five features, at least three service models, and at least four deployment models.
[0166] The features are as follows:
[0167] On-demand self-service: Cloud consumers can unilaterally and automatically provide computing power, such as server time and network storage, as needed, without requiring human interaction with the service provider.
[0168] Extensive network access: Capabilities are available through networks and accessed via standard mechanisms that facilitate the use of heterogeneous thin client or thick client platforms (e.g., mobile phones, laptops, and PDAs).
[0169] Resource pooling: A provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, where different physical and virtual resources are dynamically assigned and reassigned as needed. There is a sense of location independence because consumers typically do not have control or knowledge of the exact location of the resources provided, but may be able to specify the location at a higher level of abstraction (e.g., country, state, or data center).
[0170] Rapid flexibility: The ability to provide capacity quickly and flexibly, automatically scaling down and up rapidly in some situations to scale up rapidly. For consumers, the available supply capacity often appears unlimited and can be purchased in any quantity at any time.
[0171] Measuring services: Cloud systems automatically control and optimize resource usage by leveraging metering capabilities at a level of abstraction appropriate to the service type (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency to both service providers and consumers.
[0172] The service model is as follows:
[0173] Software as a Service (SaaS): This provides consumers with the ability to use the provider's applications running on cloud infrastructure. Applications can be accessed from different client devices via thin client interfaces such as web browsers (e.g., web-based email). Consumers do not manage or control the underlying cloud infrastructure, including the network, servers, operating system, storage, or even individual application capabilities, with possible exceptions such as limited user-specific application configuration settings.
[0174] Platform as a Service (PaaS): This provides consumers with the ability to deploy applications created or acquired by the consumer using programming languages and tools supported by the provider onto cloud infrastructure. Consumers do not manage or control the underlying cloud infrastructure, including networks, servers, operating systems, or storage, but they have control over the deployed applications and the configuration of any application hosting environment.
[0175] Infrastructure as a Service (IaaS): The capabilities offered to consumers are processing, storage, networking, and other basic computing resources that enable consumers to deploy and run arbitrary software, which may include operating systems and applications. Consumers do not manage or control the underlying cloud infrastructure, but rather have control over the operating system, storage, deployed applications, and potentially limited control over selected networking components (e.g., host firewalls).
[0176] The deployment model is as follows:
[0177] Private cloud: A cloud infrastructure that operates solely for an organization. It can be managed by the organization or a third party and can exist on-site or off-site.
[0178] Community cloud: A cloud infrastructure shared by several organizations and supporting a specific community with shared concerns (e.g., tasks, security requirements, policies, and compliance considerations). It can be managed by an organization or a third party and can exist on-site or off-site.
[0179] Public cloud: Makes cloud infrastructure available to the public or large industry groups and is owned by an organization that sells cloud services.
[0180] Hybrid cloud: A cloud infrastructure is a combination of two or more clouds (private, community, or public) that remain a single entity but are bound together by standardized or proprietary technologies that enable data and applications to be ported (e.g., cloud bursting for load balancing between clouds).
[0181] Cloud computing environments are service-oriented, focusing on statelessness, loose coupling, modularity, and semantic interoperability. At the heart of cloud computing is the infrastructure comprising a network of interconnected nodes.
[0182] See now Figure 9 This describes an illustrative cloud computing environment 50. As shown, the cloud computing environment 50 includes one or more cloud computing nodes 10 to which local computing devices used by cloud consumers can communicate. These local computing devices include, for example, personal digital assistants (PDAs) or cellular phones 54A, desktop computers 54B, laptop computers 54C, and / or automotive computer systems 54N. The nodes 10 can communicate with each other. They can be physically or virtually grouped (not shown) in one or more networks, such as private clouds, community clouds, public clouds, or hybrid clouds, or combinations thereof, as described above. This allows the cloud computing environment 50 to provide infrastructure, platforms, and / or software as services that cloud consumers do not need to maintain on their local computing devices. It should be understood that... Figure 9 The types of computing devices 54A-N shown are intended to be illustrative only, and computing node 10 and cloud computing environment 50 can communicate with any type of computerized device via any type of network and / or network-addressable connection (e.g., using a web browser).
[0183] See now Figure 10 This demonstrates a cloud computing environment of 50 ( Figure 9 This provides a set of functional abstractions. It should be understood beforehand. Figure 10 The components, layers, and functions shown are intended to be illustrative only, and embodiments of the invention are not limited thereto. As shown, the following layers and corresponding functions are provided:
[0184] The hardware and software layer 60 includes hardware and software components. Examples of hardware components include: a mainframe 61; a RISC (Reduced Instruction Set Computer) based server 62; a server 63; a blade server 64; a storage device 65; and network and networking components 66. In some embodiments, software components include network application server software 67 and database software 68.
[0185] The virtualization layer 70 provides an abstraction layer from which the following examples of virtual entities can be provided: virtual server 71; virtual storage 72; virtual network 73, including virtual private network; virtual application and operating system 74; and virtual client 75.
[0186] In one example, management layer 80 may provide the following functionalities: Resource Provisioning 81 provides dynamic procurement of computing resources and other resources used to perform tasks within the cloud computing environment. Metering and Pricing 82 provides cost tracking as resources are utilized within the cloud computing environment and bills or invoices for the consumption of these resources. In one example, these resources may include application software licenses. Security provides authentication for cloud consumers and tasks, as well as protection for data and other resources. User Portal 83 provides access to the cloud computing environment for consumers and system administrators. Service Level Management 84 provides cloud resource allocation and management to ensure that required service levels are met. Service Level Agreement (SLA) Planning and Fulfillment 85 provides pre-scheduling and procurement of cloud resources based on anticipated future needs according to the SLA.
[0187] Workload layer 90 provides examples of functionalities that can leverage a cloud computing environment. Examples of workloads and functionalities that can be provided from this layer include: mapping and navigation 91; software development and lifecycle management 92; virtual classroom instruction delivery 93; data analytics processing 94; transaction processing 95; process flow management processing 96, which perform one or more features of the invention described herein.
[0188] The terminology used herein is for the purpose of describing particular embodiments only and is not intended to limit the invention. As used herein, unless the context clearly indicates otherwise, the singular forms “a,” “an,” and “the” are intended to include the plural forms as well. It should also be understood that when the terms “comprising” and / or “including” are used in this specification, they specify the presence of the stated features, integrals, steps, operations, elements, and / or components, but do not exclude the presence or addition of one or more other features, integrals, steps, operations, elements, components, and / or combinations thereof.
[0189] All means or steps in the following claims, plus corresponding structures, materials, actions, and equivalents of the functional elements, are intended to include any structure, material, or action for performing the function in conjunction with other claimed elements as specifically claimed. Various embodiments of the invention have been described for purposes of illustration and description, but are not intended to be exhaustive or limited to the forms disclosed. Many modifications and variations will be apparent to those skilled in the art without departing from the scope of the invention. The embodiments were chosen and described in order to best explain the principles and practical application of the invention and to enable others skilled in the art to understand the various embodiments of the invention with various modifications suitable for the intended particular purpose.
[0190] Embodiments of the invention described herein have been so described in detail that it will be apparent from reference to their illustrative embodiments that various modifications and variations are possible without departing from the scope of the invention as defined in the appended claims.
Claims
1. A computer-implemented method for a verification process flow, comprising: The one or more inputs are verified by one or more processors by verifying at least one of the hash and digital signature of each of the one or more inputs of one or more steps in the process flow, wherein the process flow is a design flow of at least one intellectual property (IP) block in a semiconductor; as well as A digital signature is generated by one or more processors for each step in one or more steps of a process flow, wherein the digital signature covers the output of each step and one or more inputs of each step, and wherein the digital signature is incorporated into a digital signature chain for verifying the process flow, and wherein the digital signature chain includes at least one of the hash of test data and test results of at least one IP block or the digital signature of the test data and test results.
2. The method according to claim 1, further comprising: One or more processors use a digital signature chain to verify a set of binary objects used in the process flow; as well as This set of binary objects is used by one or more processors in the manufacturing controller that creates the physical product.
3. The method according to claim 1, wherein, The process flow also includes a manufacturing flow of at least one IP block in the semiconductor, and wherein the method further includes: One or more processors load the manufacturing flow into a computer-controlled manufacturing controller; and A computer-controlled manufacturing controller guides wafer fabrication equipment to manufacture semiconductors using a manufacturing flow.
4. The method according to claim 1, wherein, The hash and digital signature of each of the one or more inputs describe the source of each of the one or more inputs, the description of each of the one or more inputs, and the unique identifier of the tool used to create each of the one or more inputs.
5. The method according to claim 4, wherein, The tool is derived from a group consisting of synthesis tools, placement and routing tools, and optical proximity correction tools used in the design of at least one IP block in a semiconductor.
6. The method according to claim 1, wherein, A digital signature chain is added to the blockchain to provide an immutable record of one or more inputs and outputs for each step.
7. The method according to claim 1, wherein, The previously generated output of the first step in the process flow is used as the input of the subsequent second step, and the previously generated output is verified using a digital signature chain in the blockchain.
8. The method of claim 1, further comprising: The digital signature chain is stored on the blockchain by one or more processors; The output of each step in the process flow is tested by one or more processors, wherein the test determines whether each step in the process flow performs a predefined function of each step; In response to the test determining that a specific step in the process flow fails to execute a predefined function, one or more processors implement adjustments to the specific failed step in the process flow until the specific failed step in the process flow can execute the predefined function; and One or more processors store adjustments for specific failed steps in the blockchain.
9. The method of claim 8, further comprising: A neural network is trained by one or more processors to identify solutions to problems that lead to failed steps in the process flow; One or more processors input a description of the failed steps into a trained neural network; as well as The solution identified by the neural network is implemented by one or more processors, enabling failed steps in the process flow to perform their intended functions.
10. The method of claim 1, further comprising: Multiple blockchain transactions are generated by one or more processors, wherein each blockchain transaction is used for a specific step in a process flow, wherein each blockchain transaction describes a change to at least one of one or more inputs of each said specific step in the process flow, and wherein each blockchain transaction further describes a change to the output of each said specific step in the process flow; and Multiple blockchain transactions are stored in a non-linear blockchain by one or more processors. The non-linear blockchain includes multiple different paths leading to the original blockchain ledger for specific steps in the non-linear blockchain.
11. The method of claim 1, further comprising: The transformation from input to output is confirmed by one or more processors by verifying the correctness of the transformation from input to output in the steps of the process flow; as well as In response to confirming the transformation, the verifier signs the transformation using digital signatures of the input and output.
12. The method according to claim 1, wherein, The digital signature chain is stored in a blockchain, and the blockchain maintains a directory of IP blocks.
13. The method according to claim 1, wherein, Storing the digital signature chain on a blockchain, and wherein the method further includes: Each step in the process flow is audited by one or more processors; Each step of the process flow is tracked by one or more processors; Each step in the process flow is confirmed by one or more processors; The digital signature chain is verified by one or more processors; and In response to verifying the digital signature chain, one or more processors store the digital signature chain on the blockchain.
14. The method of claim 13, further comprising: The blockchain is stored in a process flow library by one or more processors; as well as The process flow library is stored in a secure execution environment by one or more processors, which protects the process flow library from other software on the system.
15. The method according to claim 1, wherein, Perform the verification of one or more inputs and the generation of digital signatures within a secure execution environment that protects the confidentiality and integrity of the verification of one or more inputs and the generation of digital signatures from other software on the system.
16. A computer program product for verifying process flow, wherein, The computer program product includes program instructions that can be read and executed by a computer to perform the method according to any one of claims 1 to 15.
17. The computer program product according to claim 16, wherein, Provide program code as a service in a cloud environment.
18. A computer system comprising one or more processors, one or more computer-readable storage media and one or more computer-readable non-transient storage media, and program instructions stored on at least one of the one or more computer-readable non-transient storage media for execution by at least one of the one or more processors via at least one of the one or more computer-readable storage media, the stored program instructions being executed to perform the method according to any one of claims 1 to 15.
19. The computer system according to claim 18, wherein, The program instructions are provided as a service in a cloud environment.