SECURE FIELD-PROGRAMMABLE GATE ARRAY (FPGA) ARCHITECTURE
First Claim
1. A method of configuring a field-programmable gate array (FPGA), the method comprising:
- receiving, at an FPGA, an encrypted FPGA load-decryption key from a remote key-storage device, wherein the remote key-storage device is external to and operatively connected with the FPGA;
decrypting the encrypted FPGA load-decryption key in a key-security unit to provide a decrypted FPGA load-decryption key;
receiving encrypted FPGA-configuration data at the FPGA; and
decrypting and authenticating, in a configuration-data security unit, the FPGA-configuration data using the decrypted FPGA load-decryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for configuring a field-programmable gate array (FPGA) includes receiving an encrypted FPGA load-decryption key at an FPGA from a remote key-storage device. The remote key-storage device may be external to and operatively connected with the FPGA. The encrypted FPGA load-decryption key is decrypted using a session key, which may be stored at both the FPGA and the remote key-storage device. Encrypted FPGA-configuration data is received at the FPGA, and decrypted and authenticated using the decrypted FPGA load-decryption key. The decryption of the FPGA-configuration data may indicate a cryptographic state associated with the FPGA-configuration data, which may be used in recurring authentication of the FPGA-configuration data. For recurring authentication, a challenge message may be received at the FPGA from an authentication device, which may be encrypted using the cryptographic state and the session key to generate a response message. The response message may then be sent to the authentication device to determine authenticity of the FPGA-configuration data.
-
Citations
27 Claims
-
1. A method of configuring a field-programmable gate array (FPGA), the method comprising:
-
receiving, at an FPGA, an encrypted FPGA load-decryption key from a remote key-storage device, wherein the remote key-storage device is external to and operatively connected with the FPGA; decrypting the encrypted FPGA load-decryption key in a key-security unit to provide a decrypted FPGA load-decryption key; receiving encrypted FPGA-configuration data at the FPGA; and decrypting and authenticating, in a configuration-data security unit, the FPGA-configuration data using the decrypted FPGA load-decryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 27)
-
-
12. A system for configuring a field-programmable gate array (FPGA), the system comprising:
-
a key interface that receives an encrypted FPGA load-decryption key at an FPGA from a remote key-storage device, wherein the remote key-storage device is external to and operatively connected with the FPGA; a key-security unit that decrypts the encrypted FPGA load-decryption key to provide a decrypted FPGA load-decryption key; a load interface that receives encrypted FPGA-configuration data at the FPGA; and a configuration-data security unit that decrypts and authenticates the FPGA-configuration data using the decrypted FPGA load-decryption key. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A system for configuring a field-programmable gate array (FPGA), the system comprising:
-
a load interface that receives encrypted FPGA-configuration data at the FPGA; a configuration-data security unit that decrypts and authenticates the FPGA-configuration data using a FPGA load-decryption key, wherein the configuration-data security unit generates a cryptographic state associated with the FPGA-configuration data; an authentication input interface that receives a challenge message at the FPGA from an authentication device, wherein the authentication device is external to and operatively connected with the FPGA; a state-encryption unit that encrypts the challenge message using the cryptographic state to generate a response message; and an authentication output interface for sending the response message to the authentication device, wherein the authentication device decrypts the response message to generate a decrypted challenge message, and compares the challenge message with the decrypted challenge message to indicate an authenticity of the FPGA-configuration data. - View Dependent Claims (26)
-
Specification