Programmable logic device with decryption and structure for preventing design relocation

US 7,117,372 B1
Filed: 11/28/2000
Issued: 10/03/2006
Est. Priority Date: 11/28/2000
Status: Active Grant

First Claim

Patent Images

1. A PLD with decryption and structure for preventing design relocation comprising:

a decryptor for decrypting an encrypted bitstream;

an address indicator for indicating an address into which configuration data will be loaded; and

a decryption algorithm implemented by the decryptor, wherein the decryption algorithm uses data from the address indicator for decrypting the encrypted bitstream;

wherein the decryption algorithm comprises the DES algorithm; and

wherein the DES algorithm includes at least one cipher block algorithm selected from the group consisting of a cipher block chaining algorithm and a cipher feedback mode algorithm, and the address indicator is placed into a starter value of the at least one cipher block algorithm.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

It is sometimes desirable to protect a design used in a PLD from being copied. According to the present invention, the design is encrypted, then loaded into a PLD, then decrypted, and then loaded into the configuration memory of the PLD. An attacker could relocate the design to a visible part of the PLD and learn the design. The present invention prevents design relocation by attaching address information to the encryption key or by encrypting an address where the design is to be loaded as well as encrypting the design itself. Thus, if an attacker tries to load the design into a different part of the PLD, the encrypted design will not decrypt properly.

76 Citations

View as Search Results

19 Claims

1. A PLD with decryption and structure for preventing design relocation comprising:
- a decryptor for decrypting an encrypted bitstream;
  
  an address indicator for indicating an address into which configuration data will be loaded; and
  
  a decryption algorithm implemented by the decryptor, wherein the decryption algorithm uses data from the address indicator for decrypting the encrypted bitstream;
  
  wherein the decryption algorithm comprises the DES algorithm; and
  
  wherein the DES algorithm includes at least one cipher block algorithm selected from the group consisting of a cipher block chaining algorithm and a cipher feedback mode algorithm, and the address indicator is placed into a starter value of the at least one cipher block algorithm.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The PLD of claim 1 wherein the address indicator is an initial address indicator.
  - 3. The PLD of claim 2 wherein the initial address indicator is a frame address for indicating a starting frame of the PLD into which configuration data will be loaded.
  - 4. The PLD of claim 1 wherein the address indicator is loaded with a value in the bitstream.
  - 5. The PLD of claim 4 wherein the value in the bitstream is encrypted.
  - 6. The PLD of claim 4 wherein the value in the bitstream is not encrypted.

7. A method for configuring a programmable logic device (PLD), comprising:
- storing a plurality of decryption keys in storage elements of the PLD;
  
  receiving a configuration bitstream at the PLD, wherein the configuration bitstream includes control data and configuration data, the control data includes an address that references configuration memory of the PLD, and at least the configuration data is encrypted;
  
  decrypting the configuration bitstream in the PLD using the address from the configuration bitstream and the plurality of decryption keys, whereby a decrypted configuration bitstream is generated;
  
  storing configuration data from the decrypted configuration bitstream in configuration memory of the PLD;
  
  disabling readback of configuration data from the PLD after storing the configuration data in configuration memory; and
  
  disabling partial reconfiguration of the PLD in response to decryption of the configuration bitstream.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7 wherein the address in the configuration bitstream indicates an initial address in configuration memory at which configuration data is to be stored.
  - 9. The method of claim 7, wherein the decrypting step includes performing DES decryption.
  - 10. The method of claim 9, wherein the decrypting step further includes performing DES decryption using cipher block chaining and including the address in an input starter value to the cipher block chaining.
  - 11. The method of claim 9, wherein the decrypting step further includes performing DES decryption using cipher feedback and including the address in an input value to the cipher feedback.
  - 12. The method of claim 7, wherein the address in the bitstream is encrypted.
  - 13. The method of claim 7, wherein the address in the bitstream is not encrypted.

14. An apparatus for configuring a programmable logic device (PLD), comprising:
- means for storing a plurality of decryption keys in storage elements of the PLD;
  
  means for receiving a configuration bitstream at the PLD, wherein the configuration bitstream includes control data and configuration data, the control data includes an address that references configuration memory of the PLD, and at least the configuration data is encrypted;
  
  means for decrypting the configuration bitstream in the PLD using the address from the configuration bitstream and the plurality of decryption keys, whereby a decrypted configuration bitstream is generated;
  
  means for storing configuration data from the decrypted configuration bitstream in configuration memory of the PLD;
  
  means for disabling readback of configuration data from the PLD after storing the configuration data in configuration memory; and
  
  means for disabling partial reconfiguration of the PLD in response to the means for decrypting the configuration bitstream.

15. A programmable logic device (PLD), comprising:
- a configuration memory;
  
  programmable logic circuitry coupled to the configuration memory;
  
  a key management circuit adapted for storage of a plurality of keys;
  
  a configuration circuit coupled to the configuration memory and to the plurality of storage elements, the configuration circuit adapted to configure the configuration memory with an input configuration bitstream, wherein the configuration bitstream includes control data and configuration data, the control data includes an address that references configuration memory of the PLD, and at least the configuration data is encrypted; and
  
  a decryptor coupled to the configuration circuit and to the plurality of storage elements, the decryptor configured to decrypt, responsive to the configuration circuit, an input configuration bitstream using the address from the configuration bitstream and a plurality of decryption keys stored in the plurality of storage elements;
  
  wherein the decryptor is adapted to perform DES decryption using at least one of cipher block chaining and cipher feedback and include the address in an input value to the at least one of cipher block chaining and cipher feedback.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The PLD of claim 15 wherein the address in the configuration bitstream indicates an initial address in configuration memory at which configuration data is to be stored.
  - 17. The PLD of claim 15, wherein the address in the bitstream is encrypted.
  - 18. The PLD of claim 15, wherein the address in the bitstream is not encrypted.
  - 19. The PLD of claim 15, wherein the configuration circuit is further adapted to disable partial reconfiguration of the PLD and disable readback of configuration data from the PLD responsive to input of an encrypted configuration bitstream, decryption of the encrypted configuration bitstream, and configuration with the decrypted configuration bitstream.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Original Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Inventors
Wong, Jennifer, Sze, Walter N., Trimberger, Stephen M., Pang, Raymond C.
Primary Examiner(s)
Moise, Emmanuel L.
Assistant Examiner(s)
NGUYEN, MINH DIEU T

Application Number

US09/724,972
Time in Patent Office

2,135 Days
Field of Search

713189-191, 380/28, 380/39, 326/39, 716/16
US Class Current

713/189
CPC Class Codes

G01R 31/31719   Security aspects, e.g. prev...

G06F 12/1408   by using cryptography for d...

G06F 21/76   in application-specific int...

H04L 9/0625   with splitting of the data ...

H04L 9/0637   Modes of operation, e.g. ci...

Programmable logic device with decryption and structure for preventing design relocation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

76 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Programmable logic device with decryption and structure for preventing design relocation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others