Method and apparatus for protecting proprietary configuration data for programmable logic devices

US 6,654,889 B1
Filed: 02/19/1999
Issued: 11/25/2003
Est. Priority Date: 02/19/1999
Status: Expired due to Term

First Claim

Patent Images

1. A programmable logic device comprising:

a. an input pin adapted to receive encrypted configuration data;

b. a non-volatile memory element adapted to store a decryption key;

c. a decryptor having a first input terminal adapted to receive the encrypted configuration data, a second input terminal adapted to access the decryption key, and an output terminal, wherein the decryptor is adapted to decrypt the encrypted configuration data and to provide resulting decrypted configuration data on the output terminal;

d. an array of configurable logic programmed to implement the decryptor, wherein at least a portion of the decryptor is instantiated in the array of configurable logic; and

e. configuration logic having an input terminal connected to the decryptor output terminal and an output terminal connected to the array, the configuration logic being adapted to receive the decrypted configuration data and to configure the array as directed by the decrypted configuration data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described are a method of programming a programmable logic device using encrypted configuration data and a programmable logic device (PLD) adapted to use such encrypted data. A PLD is adapted to include a decryptor having access to a non-volatile memory element programmed with a secret decryption key. Some or all of the decryptor can be instantiated in configurable logic on the FPGA. Encrypted configuration data representing some desired circuit functionality is presented to the decryptor. The decryptor then decrypts the configuration data, using the secret decryption key, and configures the FPGA with the decrypted configuration data. Some embodiments include authentication circuitry that performs a hash function on the configuration data used to instantiate the decryptor on the PLD. The result of the hash function is compared to a proprietary hash key programmed into the PLD. Only those configuration data that produce the desired hash result will instantiate decryptors that have access to the decryption key.

Citations

16 Claims

1. A programmable logic device comprising:
- a. an input pin adapted to receive encrypted configuration data;
  
  b. a non-volatile memory element adapted to store a decryption key;
  
  c. a decryptor having a first input terminal adapted to receive the encrypted configuration data, a second input terminal adapted to access the decryption key, and an output terminal, wherein the decryptor is adapted to decrypt the encrypted configuration data and to provide resulting decrypted configuration data on the output terminal;
  
  d. an array of configurable logic programmed to implement the decryptor, wherein at least a portion of the decryptor is instantiated in the array of configurable logic; and
  
  e. configuration logic having an input terminal connected to the decryptor output terminal and an output terminal connected to the array, the configuration logic being adapted to receive the decrypted configuration data and to configure the array as directed by the decrypted configuration data.
- View Dependent Claims (2, 3, 4)
- - 2. The programmable logic device of claim 1, further comprising hash-function logic adapted to authenticate the portion of the decryptor.
  - 3. The programmable logic device of claim 2, further comprising a second non-volatile memory element connected to the hash-function logic, the second non-volatile memory element adapted to store a hash key.
  - 4. The programmable logic device of claim 2, further comprising a second non-volatile memory element connected to the hash-function logic, the second non-volatile memory element adapted to store an encryption key.

5. A programmable logic device comprising:
- a. non-volatile memory adapted to include a secret key;
  
  b. an array of programmable logic configured to include a decryptor, the decryptor including;
  
  i. a first input terminal adapted to receive encrypted configuration data;
  
  ii. a second input terminal connected to the non-volatile memory and adapted to receive the secret key;
  
  iii. decryption circuitry providing a decrypted version of the encrypted configuration data based on the secret key; and
  
  iv. an output terminal adapted to provide e the decrypted version of the encrypted configuration data; and
  
  c. configuration logic having a configuration logic input terminal adapted to receive the decrypted version of the encrypted configuration data.
- View Dependent Claims (6)
- - 6. The programmable logic device of claim 5, further comprising a plurality of pins adapted to provide electrical access to and from the programmable logic device from circuits external to the programmable logic device, wherein the output terminal of the decryptor is not connected to any one of the pins.

7. A method of configuring a programmable logic device to perform a desired logic function, the method comprising:
- configuring configurable logic of the programmable logic device to include a decryptor;
  
  sending encrypted configuration data to the decryptor;
  
  decrypting the encrypted configuration data to produce decrypted configuration data representing the desired logic function; and
  
  configuring the programmable logic device to perform the desired logic function using the decrypted configuration data.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising removing the decryptor after decrypting the encrypted configuration data.
  - 9. The method of claim 7, wherein configuring the programmable logic device to include a decryptor comprises providing a bitstream representing the decryptor to the programmable logic device.
  - 10. The method of claim 9, wherein configuring the programmable logic device to include a decryptor further comprises performing a hash function on the bitstream representing the decryptor to authenticate the decryptor.
  - 11. The method of claim 10, wherein performing the hash function produces a hash result, the method further comprising comparing the hash result with a hash key to authenticate the decryptor.
  - 12. The method of claim 11, further comprising providing the decryptor access to a decryption key only if the hash result matches the hash key.

13. A system comprising:
- a programmable logic device having an input terminal; and
  
  a memory having an output terminal connected to the input terminal of the programmable logic device, the memory programmed to include;
  
  decryptor data adapted to instantiate a decryptor in configurable logic of the programmable logic device; and
  
  encrypted configuration data adapted to instantiate a desired logic function in the programmable logic device.

14. A system for protecting configuration data adapted to instantiate a desired logic function in a programmable logic device, the system comprising:
- means for encrypting the configuration data;
  
  means for configuring configurable logic of the programmable logic device to include a decryptor;
  
  means for sending the encrypted configuration data to the decryptor to produce decrypted configuration data; and
  
  means for instantiating the desired logic function using the decrypted configuration data.
- View Dependent Claims (15, 16)
- - 15. The system of claim 14, further comprising means for removing the decryptor after configuring the programmable logic device to perform the desired function.
  - 16. The system of claim 14, further comprising means for authenticating the decryptor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Original Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Inventors
Trimberger, Stephen M.
Primary Examiner(s)
Hayes, Gail
Assistant Examiner(s)
Seal, James

Application Number

US09/253,401
Time in Patent Office

1,740 Days
Field of Search

713/188, 713/189, 713/191
US Class Current

713/191
CPC Class Codes

G06F 21/76   in application-specific int...

H03K 19/17768   for security

H04L 2209/12   Details relating to cryptog...

H04L 9/0625   with splitting of the data ...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/3236   using cryptographic hash fu...

Method and apparatus for protecting proprietary configuration data for programmable logic devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for protecting proprietary configuration data for programmable logic devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links