Method and apparatus for protecting proprietary decryption keys for programmable logic devices
First Claim
1. A programmable logic device comprising:
- a. configurable interconnect resources;
b. configurable logic elements programmably connectable to the interconnect resources;
c. configurable output pins programmably connectable to the interconnect resources;
d. a memory adapted to store proprietary data and connectable to the interconnect resources; and
e. a switch connected to the interconnect resources between the memory and the output pins and adapted to disconnect the memory from the output pins when the memory is accessed.
1 Assignment
0 Petitions
Accused Products
Abstract
Described are methods and circuits of programming a programmable logic device with encrypted configuration data using one or more secure decryption keys. Configurable resources within PLDS in accordance with one embodiment are divided into first and second collections of configurable interconnect resources separated by a collection of switches. One collection of resources has access to one or more decryption keys required to decrypt the encrypted configuration data. The switches protect the proprietary keys by providing a secure boundary around the portion granted key access during the decryption process. Closing the switches after configuration clears user memory to prevent users from accessing stored versions of the proprietary keys.
70 Citations
24 Claims
-
1. A programmable logic device comprising:
-
a. configurable interconnect resources; b. configurable logic elements programmably connectable to the interconnect resources; c. configurable output pins programmably connectable to the interconnect resources; d. a memory adapted to store proprietary data and connectable to the interconnect resources; and e. a switch connected to the interconnect resources between the memory and the output pins and adapted to disconnect the memory from the output pins when the memory is accessed. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A programmable logic device comprising:
-
a. device output pins adapted to convey signals from the programmable logic device; b. a first collection of programmable logic resources including a first collection of interconnect resources programmably connected to the device output pins; c. a non-volatile memory adapted to store at least one decryption key and having a read-enable terminal and a memory-output port; d. a second collection of programmable logic resources connected to the memory-output terminal, the second collection of programmable logic resources including a second correction of interconnect resources; and e. at least one switch disposed between the first and second collections of programmable logic resources and adapted to selectively connect the first and second collections of programmable logic resources, the switch including a switch control terminal. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of configuring a programmable logic device to perform a desired logic function, the method comprising:
-
a. storing a decryption key on the programmable logic device; b. configuring logic and interconnect resources within the programmable logic device to provide a decryptor; c. granting the decryptor access to the decryption key while blocking external access to the interconnect resources; d. decrypting the encrypted configuration data to produce decrypted configuration data representing the desired logic function; and e. configuring the programmable logic device to perform the desired logic function using the decrypted configuration data. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A method of writing proprietary configuration data representing a user logic circuit to a programmable logic device, the method comprising:
-
a. encrypting the proprietary configuration to create an encrypted circuit representation, wherein the encrypted circuit representation can be decrypted using a configuration key; b. storing a private key on the programmable logic device; c. configuring the programmable logic device to include a decryptor that decrypts proprietary data using the private key and that employs a public/private key decryption algorithm; d. encrypting a configuration key using the public key corresponding to the private key on the programmable logic device to produce an encrypted configuration key; e. sending the encrypted configuration key to the decryptor; f. decrypting the encrypted configuration key using the private key to recreate the configuration key in the programmable logic device; g. conveying the encrypted circuit representation to the programmable logic device; and h. decrypting the encrypted circuit representation, on the programmable logic device, using the recreated configuration key. - View Dependent Claims (21, 22, 23, 24)
-
Specification