Method of protecting intellectual property cores on field programmable gate array
First Claim
1. A method comprising:
- manufacturing field programmable gate array integrated circuits, each integrated circuit having an identification code and a secret cryptographic key; and
creating a database of identification codes and secret cryptographic keys, wherein a field programmable gate array integrated circuit with a particular identification code is configurable using a bitstream encrypted using a secret cryptographic key associated with the particular identification code.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are used to protect intellectual property cores on field programmable gate arrays. An approach is to associate each field programmable gate array, or a limited number of field programmable gate arrays, with a secret key. Each field programmable gate array may only be properly configured or programmed by an appropriate encrypted bitstream (which includes one or more intellectual property cores). This encrypted bitstream has been encoded by or for the secret key associated with a particular FPGA. Other techniques are also presented in this application and include network-based, nonnetwork-based, software-based, layered, and other approaches. The techniques allow an intellectual property core vendor to charge a customer per-use or per-configuration of their intellectual property. This is because an encrypted bitstream is useable only in a limited number, possibly just one, of the integrated circuits.
456 Citations
25 Claims
-
1. A method comprising:
-
manufacturing field programmable gate array integrated circuits, each integrated circuit having an identification code and a secret cryptographic key; and
creating a database of identification codes and secret cryptographic keys, wherein a field programmable gate array integrated circuit with a particular identification code is configurable using a bitstream encrypted using a secret cryptographic key associated with the particular identification code. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
receiving an identification code of a programmable integrated circuit;
obtaining an encryption key associated with the identification code;
encrypting a bitstream file using the encryption key into an encrypted bitstream; and
providing the encrypted bitstream, whereby the encrypted bitstream may be used to configure the programmable integrated circuit with a design as specified in the bitstream file. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 18, 19, 20)
-
-
17. A method comprising:
-
receiving a request over a network from a customer to purchase an IP core for a field programmable gate array integrated circuit;
charging the customer a price for the IP core;
obtaining an identification code for the field programmable gate array integrated circuit; and
sending over the network an encrypted bitstream comprising the IP core, wherein the encrypted bitstream may be used to configure the field programmable gate array integrated circuit with the identification code.
-
-
21. A method comprising:
-
receiving a request over a network from a customer to purchase a design file for configuring a field programmable gate array integrated circuit, wherein the design file comprises one or more IP cores;
charging the customer a price for the design file;
obtaining an identification code for the field programmable gate array integrated circuit; and
sending over the network an encrypted bitstream for the design file, wherein the encrypted bitstream may be used to configure the field programmable gate array integrated circuit with the identification code. - View Dependent Claims (22, 24)
-
-
23. A method comprising:
-
receiving a first encrypted bitstream file, which may not be directly used to configure a field programmable gate array; and
decrypting and reencrypting the first encrypted bitstream into a second encrypted bitstream file, which may be used to directly configure the field programmable gate array.
-
-
25. A method comprising:
-
loading and decrypting a first encrypted header in a field programmable gate array using a first key;
determining a second key stored in the first encrypted header;
loading and decrypting a second encrypted header into the field programmable gate array using the second key;
determining a first user identification code stored in the second encrypted header;
comparing the first user identification code stored in the second encrypted header against a second user identification code stored on the field programmable gate array;
if the first and second user identification codes match, loading and decrypting a third encrypted header in the field programmable gate array using the second key; and
configuring the field programmable gate array with bitstream information stored in the third encrypted header if a first checksum stored in the third encrypted header matches a second checksum stored in the second encrypted header.
-
Specification