Structure and method for loading encryption keys through a test access port

US 6,965,675 B1
Filed: 11/28/2000
Issued: 11/15/2005
Est. Priority Date: 11/28/2000
Status: Active Grant

First Claim

Patent Images

1. In a programmable logic device (PLD) having a JTAG port, a decryptor for decrypting an encrypted bitstream, and a memory for storing decryption keys used by the decryptor to decrypt the encrypted bitstream, a method for loading the keys comprising:

placing the PLD into a printed circuit board;

testing the printed circuit board using the JTAG port of the PLD; and

loading the decryption keys into the memory using the JTAG port.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

It is sometimes desirable to encrypt a design for loading into a PLD so that an attacker may not learn and copy the design as it is being written into the PLD. It is desirable that decryption keys be stored within the PLD, and that they be loaded conveniently before a board including the PLD is sold. The invention allows the PLD to be placed into a printed circuit board and the board to be tested using a JTAG port of the PLD, and then allows the decryption keys to be loaded into a key memory using the JTAG port. Loading of the keys can be performed without also loading of a design into the PLD. Loading may be performed without the use of a device programmer.

81 Citations

View as Search Results

16 Claims

1. In a programmable logic device (PLD) having a JTAG port, a decryptor for decrypting an encrypted bitstream, and a memory for storing decryption keys used by the decryptor to decrypt the encrypted bitstream, a method for loading the keys comprising:
- placing the PLD into a printed circuit board;
  
  testing the printed circuit board using the JTAG port of the PLD; and
  
  loading the decryption keys into the memory using the JTAG port.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the step of loading the decryption keys into the memory is performed without also loading a design into the PLD.
  - 3. The method of claim 1 wherein the step of loading the decryption keys into the memory is performed without the use of a device programmer.
  - 4. The method of claim 1, further comprising:
    - configuring the PLD for a non-secure mode prior to the loading the decryption keys; and
      
      configuring the PLD for a secure mode after the loading the decryption keys.
  - 5. The method of claim 4, further comprising:
    - erasing the decryption keys from the memory when configuring the PLD for the non-secure mode.
  - 6. The method of claim 5, further comprising:
    - clearing a design from a configuration memory of the PLD when configuring the PLD for the non-secure mode.
  - 7. The method of claim 1, further comprising:
    - reading the decryption keys using the JTAG port for verification.

8. A programmable logic device (PLD) comprising:
- a test access port for testing the PLD; and
  
  a circuit for loading at least one decryption key through the test access port.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The PLD of claim 8 wherein the test access port is a JTAG port.
  - 10. The PLD of claim 8, further comprising:
    - a decryptor for decrypting an encrypted bitstream using the at least one decryption key.
  - 11. The PLD of claim 10, further comprising:
    - a key memory for storing the at least one decryption key.
  - 12. The PLD of claim 11, further comprising:
    - programmable logic;
      
      configuration memory coupled to the programmable logic for configuring the programmable logic to perform a desired function; and
      
      configuration logic coupled between the decryptor and the configuration memory for providing programming information to the configuration memory;
      
      wherein the programming information comprises at least a portion of a decrypted bitstream provided by the decryptor.

13. A programmable logic device (PLD), comprising:
- a programmable logic arrangement and configuration memory coupled to the programmable logic arrangement;
  
  a configuration control circuit coupled to the configuration memory and to a configuration port, the configuration control circuit adapted to store configuration data in the configuration memory;
  
  a boundary scan control circuit coupled to a scan port and to the configuration control circuit;
  
  a key memory coupled to the boundary scan control circuit, the key memory adapted to store at least one decryption key input via the scan port, transition to one of a secure mode and an non-secure mode in response to a control signal from the boundary scan control circuit, disable read and write of the key memory via the boundary scan control circuit in response to the key memory operating in the secure mode, and enable read and write of the key memory via the boundary scan control circuit in response to the key memory operating in the non-secure mode; and
  
  a decryptor coupled to the configuration control circuit and to the key memory, the decryptor adapted to read the at least one decryption key from the key memory and decrypt an encrypted configuration bitstream from the configuration control circuit.
- View Dependent Claims (14, 15, 16)
- - 14. The PLD of claim 13, wherein the key memory is further adapted to erase each decryption key from the key memory in response to transition of the key memory from the secure mode to the non-secure mode.
  - 15. The PLD of claim 14, wherein:
    - the key memory is further adapted to output to the configuration control circuit a security mode signal that indicates a current operating mode of the key memory; and
      
      the configuration control circuit is further adapted to clear the configuration memory in response to the security mode signal indicating a transition of the key memory from the secure mode to the non-secure mode.
  - 16. The PLD of claim 13, wherein the boundary scan control circuit is adapted to test the PLD.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Original Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Inventors
Thendean, John M., Trimberger, Stephen M., Pang, Raymond C.
Primary Examiner(s)
Smithers, Matthew

Application Number

US09/724,865
Time in Patent Office

1,813 Days
Field of Search

326/41, 326/38, 380/44, 380/277, 714/727, 713/191, 713/189
US Class Current

380/277
CPC Class Codes

G06F 21/76   in application-specific int...

H04L 2209/12   Details relating to cryptog...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/08   Key distribution or managem...

H04L 9/0894   Escrow, recovery or storing...

Structure and method for loading encryption keys through a test access port

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

81 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Structure and method for loading encryption keys through a test access port

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others