Configuration stream encryption

US 5,970,142 A
Filed: 08/26/1996
Issued: 10/19/1999
Est. Priority Date: 08/26/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method of communicating encrypted configuration data between a programmable logic device (PLD) and a storage device, the method comprising the following steps:

(a) storing original configuration data for the PLD in the storage device;

(b) pseudo-randomly generating a key in the PLD;

(c) transmitting the key from the PLD to the storage device;

(d) in the storage device, using the key, generating encrypted configuration data from the original configuration data stored in the storage device;

(e) transmitting the encrypted configuration data from the storage device to the PLD;

(f) decrypting the encrypted configuration data in the PLD using the key to generate a copy of the original configuration data; and

(g) original configuring the PLD using the copy of the original configuration data produced by the decrypting step (f).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of communicating encrypted configuration data between a programmable logic device (PLD) and a storage device is included in one part of the invention. The method includes the following steps. Transmit encrypted configuration data stored in a storage device to the PLD. Decrypt the encrypted configuration data to generate a copy of the configuration data in the PLD. Configure the PLD using the copy of the configuration data. In one embodiment, the PLD transmits a key to the storage device. In another embodiment the key is separately entered into the storage device and the PLD and never transmitted between the PLD and the storage device. In another embodiment, the key is entered only into the PLD. The key is used to encrypt the configuration data.

Citations

12 Claims

1. A method of communicating encrypted configuration data between a programmable logic device (PLD) and a storage device, the method comprising the following steps:
- (a) storing original configuration data for the PLD in the storage device;
  
  (b) pseudo-randomly generating a key in the PLD;
  
  (c) transmitting the key from the PLD to the storage device;
  
  (d) in the storage device, using the key, generating encrypted configuration data from the original configuration data stored in the storage device;
  
  (e) transmitting the encrypted configuration data from the storage device to the PLD;
  
  (f) decrypting the encrypted configuration data in the PLD using the key to generate a copy of the original configuration data; and
  
  (g) original configuring the PLD using the copy of the original configuration data produced by the decrypting step (f).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising the additional steps of:
    - (h) pseudo-randomly generating and then transmitting a second key from the PLD at a second time to the storage device;
      
      (i) generating additional encrypted configuration data in the storage device, using the second key, from the original configuration data stored in the storage device;
      
      (j) transmitting the additional encrypted configuration data from the storage device to the PLD;
      
      (k) decrypting the additional encrypted configuration data in the PLD using the second key to generate additional original configuration data; and
      
      (l) configuring the PLD using the additional original configuration data produced by the decrypting step (k).
  - 3. The method of claim 1 wherein the encrypting step (d) in the storage device includes generating a bit of the encrypted configuration data, D*, from the original configuration data, D, using the relationship:
    - D⊕
      
      X=D*, where ⊕
      
      indicates an exclusive OR logical operation, and where X is a signal generated from at least one previous bit of the encrypted configuration data, D*old, and the key generated by the PLD.
  - 4. The method of claim 3 wherein the decrypting step (f) includes generating a bit of the original configuration data, D, using the relationship:
    - D*≈
      
      X=D.
  - 5. The method of claim 3 wherein the encrypting step includes storing D*old in the storage device in one or more storage locations having outputs coupled to logic to generate X.
  - 6. The method of claim 5 wherein the logic includes a second set of storage locations, and wherein the method further comprises the steps of:
    - generating a first value in the second set of storage locations;
      
      in response to a value of the key, causing at least a first bit of the first value to be selectively communicated to at least a first logic gate;
      
      at the first logic gate, performing a logic operation with the first bit and at least a bit from D*old to generate a first partial result; and
      
      generating X from at least the first partial result.
  - 7. The method of claim 6 wherein the first logic gate includes an AND gate and wherein the first partial result is exclusively OR'"'"'d with a plurality of other partial results generated from other parts of the first value to generate X.
  - 8. A method of communicating encrypted configuration data between a PLD and a storage device according to claim 1, wherein the steps (b) through (g) are repeated each time the PLD is to be configured, with a different key being generated each time.

9. An apparatus for programming a programmable logic device (PLD), comprising:
- (a) a storage device external to the PLD, the data storage device including;
  
  a configuration data storage memory in which unencrypted configuration data for configuring the PLD is stored;
  
  an encryption circuit for encrypting the unencrypted configuration data stored in the configuration data storage memory in response to a key received from the PLD and transmitting encrypted configuration data to the PLD;
  
  (b) a plurality of configurable logic elements within the PLD, the plurality of configurable logic elements being programmable with the configuration data to perform one or more functions of a desired circuit design;
  
  (c) a security circuit within the PLD, the security circuit including;
  
  a key generator for both pseudo-randomly generating a key and transmitting the key to the encryption circuit in response to an instruction to configure the PLD, anda decryption circuit, coupled to receive the key from the key generator and the encrypted configuration data from the encryption circuit, for generating unencrypted configuration data, the decryption circuit having a configuration data output coupled to program the plurality of configurable logic elements with the unencrypted configuration data in response to receiving the encrypted configuration data.
- View Dependent Claims (10, 11, 12)
- - 10. The apparatus for programming a PLD according to claim 9 wherein the decryption circuit includes a register for storing a portion of the encrypted configuration data, the portion of the encrypted configuration data being coupled to generate a bit of the unencrypted configuration data in response to receiving a second portion of the encrypted configuration data.
  - 11. The apparatus for programming a PLD according to claim 10 wherein the decryption circuit includes:
    - a second register for storing the key and having a second key output for transmitting data stored in the second register, andan initialization state output for transmitting at least the key as stored in the second register.
  - 12. The apparatus for programming a PLD according to claim 9, wherein the PLD includes a field programmable gate array, and wherein the configurable logic elements include a plurality of configurable logic blocks and a plurality of configurable input/output blocks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Original Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Inventors
Erickson, Charles R.
Primary Examiner(s)
Hayes, Gail O.
Assistant Examiner(s)
White, Carmen

Application Number

US08/703,117
Time in Patent Office

1,149 Days
Field of Search

380/21, 380/49, 380/4, 380/44, 380/46, 380/48
US Class Current

713/189
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/57   Certifying or maintaining t...

G06F 21/85   interconnection devices, e....

Configuration stream encryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Configuration stream encryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links