Method of securing programmable logic configuration data
First Claim
1. A secure method of distributing programmable logic configuration data, comprising:
- encrypting said configuration data using a first key to generate encrypted configuration data;
encrypting a second key using a third key to generate an encrypted second key, said second key cryptographically related to said first key;
transferring said encrypted configuration data and said encrypted second key to a programmable logic device;
within said programmable logic device, decrypting said encrypted second key with said third key to recover said second key, wherein said third key is incorporated into a hardware design of said programmable logic device; and
within said programmable logic device, decrypting said encrypted configuration data with said second key to recover said configuration data.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to a secure method of distributing configuration data for a programmable logic device (PLD). The configuration data is encrypted to generate encrypted configuration data. A decryption key is encrypted using a silicon key. The encrypted configuration data and the encrypted decryption key are transferred to a PLD. Within the PLD, the encrypted decryption key is decrypted using the silicon key. Then, also within the PLD, the encrypted configuration data is decrypted using the decryption key to recover the configuration data. The PLD is then configured using the configuration data. The silicon key may be communicated to the PLD by tying predetermined input pins to an active high voltage level or signal ground, to form a binary code.
-
Citations
62 Claims
-
1. A secure method of distributing programmable logic configuration data, comprising:
-
encrypting said configuration data using a first key to generate encrypted configuration data; encrypting a second key using a third key to generate an encrypted second key, said second key cryptographically related to said first key; transferring said encrypted configuration data and said encrypted second key to a programmable logic device; within said programmable logic device, decrypting said encrypted second key with said third key to recover said second key, wherein said third key is incorporated into a hardware design of said programmable logic device; and within said programmable logic device, decrypting said encrypted configuration data with said second key to recover said configuration data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A digital system, comprising:
-
at least one data storage memory; a programmable logic device having a plurality of input pins; an interconnect medium logically connecting said programmable logic device and said memory in data transfer relationship; configuration data operative to configure said programmable logic device into at least one predetermined logical configuration, said configuration data contained in at least one said memory in an encrypted format and transferred to said programmable logic device in said encrypted format; a first decryption key operative to decrypt said encrypted configuration data, said first decryption key contained in at least one said memory in an encrypted format and transferred to said programmable logic device in said encrypted format; and a plurality of logical connections between a predetermined plurality of said input pins and said interconnect medium operative to form a binary code, said binary code comprising a second decryption key operative to decrypt said encrypted first decryption key. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of securely fielding a digital system containing at least one programmable logic device having a predetermined plurality of input pins, comprising:
-
compiling configuration data operative to configure said programmable logic device; generating a public key and a cryptographically related private key; encrypting said configuration data with said public key to generate encrypted configuration data; encrypting said private key with a silicon key to generate an encrypted private key; modifying a circuit board interconnection netlist to connect said predetermined plurality of input pins to active high voltage level or to signal ground so as to present said silicon key in binary code at said predetermined plurality of input pins; and distributing said encrypted configuration data and said encrypted private key. - View Dependent Claims (19, 20)
-
-
21. A secure method of distributing virtual silicon data for the dynamic virtualization of a virtual hardware architecture integrated circuit, comprising:
-
encrypting said virtual silicon data using a first key to generate cipher silicon data; encrypting a second key using a silicon key to generate a system key, said second key cryptographically related to said first key; transferring said cipher silicon data and said system key to said virtual hardware architecture integrated circuit; within said virtual hardware architecture integrated circuit, decrypting said system key with said silicon key to recover said second key, wherein said silicon key is incorporated into a hardware design of said virtual hardware architecture; and within said virtual hardware architecture integrated circuit, decrypting said cipher silicon data with said second key to recover said virtual silicon data. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A digital system, comprising:
-
a power supply providing at least one active high voltage level and a ground; at least one data storage memory; a virtual hardware architecture integrated circuit having a plurality of input conductors; an interconnect medium logically connecting said virtual hardware architecture integrated circuit and said memory in data transfer relationship, and connecting said power supply to said virtual hardware architecture integrated circuit and said memory; cipher silicon data contained in said data storage memory, said cipher silicon data comprising an encrypted form of virtual silicon data operative to dynamically virtualize said virtual hardware architecture integrated circuit; a system key contained in said data storage memory, said system key comprising an encrypted form of a decryption key operative to decrypt said cipher silicon data; and a plurality of connections, via said interconnect medium, between a predetermined plurality of said input conductors and said power supply, said connections forming a binary code constituting a silicon key operative to decrypt said system decryption key. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
-
-
57. A method of securely fielding a digital system containing at least one virtual hardware architecture integrated circuit packaged for inclusion on a circuit board and having a predetermined plurality of input pins, comprising:
-
compiling virtual silicon data operative to dynamically virtualize said virtual hardware architecture integrated circuit; generating a public key and a cryptographically related private key; encrypting said virtual silicon data with said public key to generate cipher silicon data; encrypting said private key with a silicon key to generate a system key; modifying a circuit board interconnection netlist to connect said predetermined plurality of input pins to active high voltage level or to signal ground so as to present said silicon key in binary code at said predetermined plurality of input pins; and distributing said cipher silicon data and said system key. - View Dependent Claims (58, 59, 60, 61, 62)
-
Specification