Method and apparatus for protecting proprietary decryption keys for programmable logic devices

US 6,996,713 B1
Filed: 03/29/2002
Issued: 02/07/2006
Est. Priority Date: 03/29/2002
Status: Active Grant

First Claim

Patent Images

1. A programmable logic device comprising:

a. configurable interconnect resources;

b. configurable logic elements programmably connectable to the interconnect resources;

c. configurable output pins programmably connectable to the interconnect resources;

d. a memory adapted to store proprietary data and connectable to the interconnect resources; and

e. a switch connected to the interconnect resources between the memory and the output pins and adapted to disconnect the memory from the output pins when the memory is accessed.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described are methods and circuits of programming a programmable logic device with encrypted configuration data using one or more secure decryption keys. Configurable resources within PLDS in accordance with one embodiment are divided into first and second collections of configurable interconnect resources separated by a collection of switches. One collection of resources has access to one or more decryption keys required to decrypt the encrypted configuration data. The switches protect the proprietary keys by providing a secure boundary around the portion granted key access during the decryption process. Closing the switches after configuration clears user memory to prevent users from accessing stored versions of the proprietary keys.

70 Citations

View as Search Results

24 Claims

1. A programmable logic device comprising:
- a. configurable interconnect resources;
  
  b. configurable logic elements programmably connectable to the interconnect resources;
  
  c. configurable output pins programmably connectable to the interconnect resources;
  
  d. a memory adapted to store proprietary data and connectable to the interconnect resources; and
  
  e. a switch connected to the interconnect resources between the memory and the output pins and adapted to disconnect the memory from the output pins when the memory is accessed.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The programmable logic device of claim 1, wherein the output pins connect to configurable input/output blocks.
  - 3. The programmable logic device of claim 2, wherein the input/output blocks include output drivers, and wherein the switch disables the output drivers when the memory is accessed.
  - 4. The programmable logic device of claim 1, wherein the switch disconnects a first portion of the interconnect resources from a second portion of the interconnect resources.
  - 5. The programmable logic device of claim 1, wherein the memory is non-volatile memory.
  - 6. The programmable logic device of claim 1, wherein the proprietary data comprises at least on decryption key.

7. A programmable logic device comprising:
- a. device output pins adapted to convey signals from the programmable logic device;
  
  b. a first collection of programmable logic resources including a first collection of interconnect resources programmably connected to the device output pins;
  
  c. a non-volatile memory adapted to store at least one decryption key and having a read-enable terminal and a memory-output port;
  
  d. a second collection of programmable logic resources connected to the memory-output terminal, the second collection of programmable logic resources including a second correction of interconnect resources; and
  
  e. at least one switch disposed between the first and second collections of programmable logic resources and adapted to selectively connect the first and second collections of programmable logic resources, the switch including a switch control terminal.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The programmable logic device of claim 7, wherein the switch control terminal connects to the read-enable terminal.
  - 9. The programmable logic device of claim 7, wherein the switch further comprises a memory element having a memory-element reset terminal.
  - 10. The programmable logic device of claim 7, the switch further comprising a switch reset terminal connected to the memory-element reset terminals.
  - 11. The programmable logic device of claim 7, wherein the switch comprises a tri-state buffer.
  - 12. The programmable logic device of claim 11, further comprising a programmable input/output block that includes the tri-state buffer.
  - 13. The programmable logic device of claim 7, further comprising a configuration access port.
  - 14. The programmable logic device of claim 13, wherein the second collection of programmable logic is configured to include a decryptor, the decryptor including:
    - a. an input terminal adapted to receive encrypted configuration data; and
      
      b. an output terminal connected to the configuration access port.

15. A method of configuring a programmable logic device to perform a desired logic function, the method comprising:
- a. storing a decryption key on the programmable logic device;
  
  b. configuring logic and interconnect resources within the programmable logic device to provide a decryptor;
  
  c. granting the decryptor access to the decryption key while blocking external access to the interconnect resources;
  
  d. decrypting the encrypted configuration data to produce decrypted configuration data representing the desired logic function; and
  
  e. configuring the programmable logic device to perform the desired logic function using the decrypted configuration data.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15, further comprising barring access to the decryption key after configuring the programmable logic device to perform the desired logic function and then granting external access to the interconnect resources.
  - 17. The method of claim 15, further comprising removing the decryptor after decrypting the encrypted configuration data.
  - 18. The method of claim 15, wherein blocking external access to the interconnect resources includes disabling output pins on the programmable logic device.
  - 19. The method of claim 15, wherein configuring the programmable logic device to include a decryptor comprises providing a bitstream representing the decryptor to the programmable logic device.

20. A method of writing proprietary configuration data representing a user logic circuit to a programmable logic device, the method comprising:
- a. encrypting the proprietary configuration to create an encrypted circuit representation, wherein the encrypted circuit representation can be decrypted using a configuration key;
  
  b. storing a private key on the programmable logic device;
  
  c. configuring the programmable logic device to include a decryptor that decrypts proprietary data using the private key and that employs a public/private key decryption algorithm;
  
  d. encrypting a configuration key using the public key corresponding to the private key on the programmable logic device to produce an encrypted configuration key;
  
  e. sending the encrypted configuration key to the decryptor;
  
  f. decrypting the encrypted configuration key using the private key to recreate the configuration key in the programmable logic device;
  
  g. conveying the encrypted circuit representation to the programmable logic device; and
  
  h. decrypting the encrypted circuit representation, on the programmable logic device, using the recreated configuration key.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The method of claim 20, further comprising storing the recreated configuration key in non-volatile memory.
  - 22. The method of claim 20, wherein the programmable logic device include programmable output pins, the method further comprising disabling the output pins while accessing the private key and the configuration key.
  - 23. The method of claim 22, further comprising resetting at least a portion of the programmable logic device while preserving the recreated configuration key in non-volatile memory.
  - 24. The method of claim 23, wherein resetting at least a portion of the programmable logic device comprises clearing volatile storage elements on the programmable logic device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Original Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Inventors
Trimberger, Stephen M.
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US10/112,838
Time in Patent Office

1,411 Days
Field of Search

713/161, 713/168, 713/200, 713/201
US Class Current

713/161
CPC Class Codes

G06F 21/76 in application-specific int...

Method and apparatus for protecting proprietary decryption keys for programmable logic devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

70 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for protecting proprietary decryption keys for programmable logic devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links