Method and apparatus for protecting proprietary configuration data for programmable logic devices
First Claim
1. A programmable logic device comprising:
- a. an input pin adapted to receive encrypted configuration data;
b. a non-volatile memory element adapted to store a decryption key;
c. a decryptor having a first input terminal adapted to receive the encrypted configuration data, a second input terminal adapted to access the decryption key, and an output terminal, wherein the decryptor is adapted to decrypt the encrypted configuration data and to provide resulting decrypted configuration data on the output terminal;
d. an array of configurable logic programmed to implement the decryptor, wherein at least a portion of the decryptor is instantiated in the array of configurable logic; and
e. configuration logic having an input terminal connected to the decryptor output terminal and an output terminal connected to the array, the configuration logic being adapted to receive the decrypted configuration data and to configure the array as directed by the decrypted configuration data.
1 Assignment
0 Petitions
Accused Products
Abstract
Described are a method of programming a programmable logic device using encrypted configuration data and a programmable logic device (PLD) adapted to use such encrypted data. A PLD is adapted to include a decryptor having access to a non-volatile memory element programmed with a secret decryption key. Some or all of the decryptor can be instantiated in configurable logic on the FPGA. Encrypted configuration data representing some desired circuit functionality is presented to the decryptor. The decryptor then decrypts the configuration data, using the secret decryption key, and configures the FPGA with the decrypted configuration data. Some embodiments include authentication circuitry that performs a hash function on the configuration data used to instantiate the decryptor on the PLD. The result of the hash function is compared to a proprietary hash key programmed into the PLD. Only those configuration data that produce the desired hash result will instantiate decryptors that have access to the decryption key.
-
Citations
16 Claims
-
1. A programmable logic device comprising:
-
a. an input pin adapted to receive encrypted configuration data;
b. a non-volatile memory element adapted to store a decryption key;
c. a decryptor having a first input terminal adapted to receive the encrypted configuration data, a second input terminal adapted to access the decryption key, and an output terminal, wherein the decryptor is adapted to decrypt the encrypted configuration data and to provide resulting decrypted configuration data on the output terminal;
d. an array of configurable logic programmed to implement the decryptor, wherein at least a portion of the decryptor is instantiated in the array of configurable logic; and
e. configuration logic having an input terminal connected to the decryptor output terminal and an output terminal connected to the array, the configuration logic being adapted to receive the decrypted configuration data and to configure the array as directed by the decrypted configuration data. - View Dependent Claims (2, 3, 4)
-
-
5. A programmable logic device comprising:
-
a. non-volatile memory adapted to include a secret key;
b. an array of programmable logic configured to include a decryptor, the decryptor including;
i. a first input terminal adapted to receive encrypted configuration data;
ii. a second input terminal connected to the non-volatile memory and adapted to receive the secret key;
iii. decryption circuitry providing a decrypted version of the encrypted configuration data based on the secret key; and
iv. an output terminal adapted to provide e the decrypted version of the encrypted configuration data; and
c. configuration logic having a configuration logic input terminal adapted to receive the decrypted version of the encrypted configuration data. - View Dependent Claims (6)
-
-
7. A method of configuring a programmable logic device to perform a desired logic function, the method comprising:
-
configuring configurable logic of the programmable logic device to include a decryptor;
sending encrypted configuration data to the decryptor;
decrypting the encrypted configuration data to produce decrypted configuration data representing the desired logic function; and
configuring the programmable logic device to perform the desired logic function using the decrypted configuration data. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
a programmable logic device having an input terminal; and
a memory having an output terminal connected to the input terminal of the programmable logic device, the memory programmed to include;
decryptor data adapted to instantiate a decryptor in configurable logic of the programmable logic device; and
encrypted configuration data adapted to instantiate a desired logic function in the programmable logic device.
-
-
14. A system for protecting configuration data adapted to instantiate a desired logic function in a programmable logic device, the system comprising:
-
means for encrypting the configuration data;
means for configuring configurable logic of the programmable logic device to include a decryptor;
means for sending the encrypted configuration data to the decryptor to produce decrypted configuration data; and
means for instantiating the desired logic function using the decrypted configuration data. - View Dependent Claims (15, 16)
-
Specification