Secure external key storage for programmable ICS
First Claim
1. A method of protecting a circuit design for a programmable integrated circuit (IC), comprising:
- configuring programmable logic and interconnect resources of the programmable IC to implement a first instance of a Physically Unclonable Function (PUF) circuit and a registration circuit;
generating a first instance of a PUF value by the first instance of the PUF circuit;
generating a black key from an input first instance of a red key and the first instance of the PUF value by the registration circuit;
storing the black key resulting from the generating of the black key in a memory circuit external to the programmable IC;
reconfiguring the programmable logic and interconnect resources of the programmable IC to implement a second instance of the PUF circuit in a pre-configuration circuit;
generating a second instance of the PUF value by the second instance of the PUF circuit;
inputting the black key from the memory circuit to the pre-configuration circuit;
generating a second instance of the red key from the black key and the second instance of the PUF value by the pre-configuration circuit;
decrypting a ciphertext circuit design into a plaintext circuit design by the programmable IC using the second instance of the red key;
erasing the second instance of the red key from the programmable IC; and
reconfiguring the programmable IC with the plaintext circuit design.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosure describes approaches for protecting a circuit design for a programmable integrated circuit (IC). A black key is generated from an input red key by a registration circuit implemented on the programmable IC, and the black key is stored in a memory circuit external to the programmable IC. The programmable IC is configured to implement a pre-configuration circuit, which inputs the black key from the memory circuit and generates the red key from the black key. A ciphertext circuit design is decrypted into a plaintext circuit design by the programmable IC using the red key, and the red key is erased from the programmable IC. The programmable IC is reconfigured with the plaintext circuit design.
22 Citations
15 Claims
-
1. A method of protecting a circuit design for a programmable integrated circuit (IC), comprising:
-
configuring programmable logic and interconnect resources of the programmable IC to implement a first instance of a Physically Unclonable Function (PUF) circuit and a registration circuit; generating a first instance of a PUF value by the first instance of the PUF circuit; generating a black key from an input first instance of a red key and the first instance of the PUF value by the registration circuit; storing the black key resulting from the generating of the black key in a memory circuit external to the programmable IC; reconfiguring the programmable logic and interconnect resources of the programmable IC to implement a second instance of the PUF circuit in a pre-configuration circuit; generating a second instance of the PUF value by the second instance of the PUF circuit; inputting the black key from the memory circuit to the pre-configuration circuit; generating a second instance of the red key from the black key and the second instance of the PUF value by the pre-configuration circuit; decrypting a ciphertext circuit design into a plaintext circuit design by the programmable IC using the second instance of the red key; erasing the second instance of the red key from the programmable IC; and reconfiguring the programmable IC with the plaintext circuit design. - View Dependent Claims (2, 3, 4)
-
-
5. A method of protecting a circuit design for a programmable integrated circuit (IC), comprising:
-
configuring programmable logic resources and programmable interconnect resources of the programmable IC to implement a registration circuit that includes a first instance of a Physically Unclonable Function (PUF) circuit and a wrapper circuit; generating a first instance of a PUF value by the first instance of the PUF circuit; inputting a first instance of a red key to the wrapper circuit; generating a black key by the wrapper circuit as a function of the first instance of the PUF value and the first instance of the red key; storing the black key resulting from the generating of the black key in a memory circuit external to the programmable IC; reconfiguring the programmable logic resources and programmable interconnect resources of the programmable IC to implement a pre-configuration circuit that includes a second instance of the PUF circuit and an unwrapper circuit; generating a second instance of the PUF value by the second instance of the PUF circuit; inputting the black key from the external memory circuit to the unwrapper circuit; generating a second instance of the red key by the unwrapper circuit as a function of the black key and the second instance of the PUF value; inputting a ciphertext circuit design to the programmable IC; decrypting the ciphertext circuit design into a plaintext circuit design by a decryption circuit of the programmable IC using the second instance of the red key; erasing the second instance of the red key from the programmable IC; and reconfiguring the programmable logic resources and programmable interconnect resources of the programmable IC with the plaintext circuit design. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
11. An electronic system, comprising:
-
a computer system;
a programmable integrated circuit (IC) coupled to the computer system and including programmable logic resources, programmable interconnect resources circuitry and a key memory;a memory circuit coupled to the programmable IC and external to the programmable IC; wherein the computer system is configured to provide a registration bitstream to the programmable IC for configuring the programmable logic resources and programmable interconnect resources to implement a wrapper circuit and a first instance of a Physically Unclonable Function (PUF) circuit; wherein the first instance of the PUF circuit is configured to generate a first instance of a PUF value, and the wrapper circuit is configured to generate a black key from an input first instance of a red key and the first instance of the PUF value and store the black key resulting from generation of the black key in the memory circuit; wherein the memory circuit is configured with a pre-configuration bitstream; wherein the programmable IC is configured to input the pre-configuration bitstream and configure the programmable logic resources and programmable interconnect resources to implement a pre-configuration circuit, and the pre-configuration circuit includes a second instance of the PUF circuit and an unwrapper circuit; wherein the unwrapper circuit is configured to input the black key and generate a second instance of the red key as a function of the black key using a second instance of the PUF value from the second instance of the PUF circuit, and store the second instance of the red key in the key memory; and wherein the programmable IC is further configured to; input a ciphertext circuit design; decrypt the ciphertext circuit design into a plaintext circuit design using the second instance of the red key; erase the second instance of the red key from the key memory; and reconfigure the programmable logic resources and programmable interconnect resources with the plaintext circuit design. - View Dependent Claims (12, 13, 14, 15)
-
Specification