Method and apparatus for secure configuration of a field programmable gate array
First Claim
Patent Images
1. A method of operating an integrated circuit containing on-chip volatile program memory comprising:
- inputting a stream of data comprising unencrypted configuration data to the integrated circuit;
encrypting the unencrypted configuration data using a security circuit contained within the integrated circuit and a security key stored in the integrated circuit; and
outputting a stream of encrypted configuration data from the integrated circuit;
wherein the configuration data is for configuring the intergrated circuit.
1 Assignment
0 Petitions
Accused Products
Abstract
A field programmable gate array (70) has security configuration features to prevent monitoring of the configuration data for the field programmable gate array. The configuration data is encrypted by a security circuit (64) of the field programmable gate array using a security key (62). This encrypted configuration data is stored in an external nonvolatile memory (32). To configure the field programmable gate array, the encrypted configuration data is decrypted by the security circuit (64) of the field programmable gate array using the security key stored in the field programmable gate array.
-
Citations
95 Claims
-
1. A method of operating an integrated circuit containing on-chip volatile program memory comprising:
- inputting a stream of data comprising unencrypted configuration data to the integrated circuit;
encrypting the unencrypted configuration data using a security circuit contained within the integrated circuit and a security key stored in the integrated circuit; and
outputting a stream of encrypted configuration data from the integrated circuit;
wherein the configuration data is for configuring the intergrated circuit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- inputting a stream of data comprising unencrypted configuration data to the integrated circuit;
-
30. A method of operating a integrated circuit comprising:
-
receiving first encrypted configuration data and a first security key from a network; decrypting the first encrypted configuration data to obtain unencrypted configuration data using the first security key using user programmed circuitry contained within the integrated circuit; and
encrypting the unencrypted configuration data using a second security key and a fixed security circuit contained within the integrated circuit to obtain second encrypted configuration data;
wherein the configuration data is for configuring the integrated circuit. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. An integrated circuit field programmable gate array comprising:
- a serial interface for loading initial configuration and key information;
a battery-backed on-chip memory for storing the cryptographic key;
a triple-DES encryption circuit; and
an interface to an external nonvolatile memory for storing encrypted configuration data.
- a serial interface for loading initial configuration and key information;
-
40. A method for securely configuring an FPGA comprising:
- loading key information into an on-chip battery-backed register;
loading an initial configuration through a JTAG interface; and
storing an encrypted version of the configuration in an external nonvolatile memory. - View Dependent Claims (41, 42)
- loading key information into an on-chip battery-backed register;
-
43. An integrated circuit field programmable gate array comprising:
- a plurality of static random access memory cells to store a configuration of user-configurable logic of the field programmable gate array;
an ID register to store a security key; and
a decryption circuit to receive and decrypt a stream of encrypted configuration data using the security key, and generate decrypted configuration data for configuring the static random access memory cells. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
- a plurality of static random access memory cells to store a configuration of user-configurable logic of the field programmable gate array;
-
54. A field programmable gate array comprising:
-
an interface for loading configuration information for the field programmable gate array; an on-chip memory for storing a cryptographic key, wherein the on-chip memory is connectable to an external backup battery; a security circuit to receive the configuration information and determine using header information within the configuration information whether the configuration information is encrypted or unencrypted; and an interface to an external nonvolatile memory, the memory for storing configuration data. - View Dependent Claims (55, 56)
-
-
57. A method for securely configuration an FPGA comprising:
-
loading key information into an on-chip register, wherein the on-chip register is connectable to an external backup battery; loading a configuration for the FPGA through an interface; determining using header information within the configuration whether the configuration is encrypted or unencrypted; processing the configuration using the key information; and using th configuration information to configure the FPGA. - View Dependent Claims (58, 59)
-
-
60. A field programmable gate array comprising:
-
a plurality of volatile memory cells to store a configuration of user-configurable logic of the field programmable gate array; an ID register to store a security key; a security circuit to receive a stream of configuration data for the field programmable gate array and determine using header information within the stream whether the stream is encrypted or unencrypted, and if the stream is encrypted to decrypt the stream using the security key, to generate decrypted configuration data for configuring the volatile memory cells; a first positive supply input pin connected to the volatile memory cells, user-configurable logic, and security circuit; and a second positive supply input pin connected to the ID register, wherein the second positive supply input is connectable to an external backup battery. - View Dependent Claims (61, 62, 63, 64, 65, 66)
-
-
67. A circuit comprising:
-
a field programmable gate array, comprising; a plurality of volatile memory cells to store a configuration of user-configurable logic of the field programmable gate array; an ID register to store a security key; a security circuit to receive a stream of configuration data for the field programmable gate array and determine using header information within the stream whether the stream is encrypted or unencrypted, and if the stream is encrypted to decrypt the stream using the security key, to generate decrypted configuration data for configuring the volatile memory cells; a first positive supply input pin connected to the volatile memory cells, user-configurable logic, security circuit; and a second positive supply input pin connected to the ID register; a power supply connected to the second positive supply input pin, to provide operating power to the volatile memory cells, user-configuration logic, and security circuit; and a battery connected to the second positive supply input pin, to power to the ID register. - View Dependent Claims (68, 69, 70)
-
-
71. A method for securely configuring an FPGA using a bitstream, comprising:
-
loading header information contained in the bitstream into the FPGA; determining, based on the header information, a security processing operation to apply to the bitstream; loading configuration information contained in the bitstream into the FPGA; applying the security processing operation to the configuration information being loaded into the FPGA; and using the configuration information to configure the FPGA. - View Dependent Claims (72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83)
-
-
84. A field programmable gate array, comprising:
-
a plurality of volatile memory cells to store a configuration of user configurable logic of the field programmable gate array; a desryption circuit to receive and decrypt a stream of encrypted a stream of configuration data using a security key, and generate decrypted configuration data for configuring the user configurable logic; a non-volatile register to store the security key, wherein a length of the security key comprises n bits and the register comprises m bits, wherein m equals n plus k additional bits, said non-volatile register being built from unreliable memory cells; an error-correcting code circuit which uses one or more of the k additional bits in the non-volatile register to calculate a correct value of the security key even if one or more of the m bits do not operate correctly; wherein the u reliable memory cells are fabricated using memory cell technology compatible with standard CMOS processing, said memory cells being unreliable due to the use of standard CMOS processing. - View Dependent Claims (85, 86, 87, 88)
-
-
89. A field programmable gate array comprising:
-
user configuration logic; a plurality of volatile memory cells to store a configuration of user configurable logic of the field programmable gate array; a register to store a security key; a decryption circuit to receive and decrypt a plurality of streams of encrypted configuration data using the security key, and generate decrypted configuration data for configuring the user configurable logic; wherein each of the plurality of streams of configuration data cause an area of the field programmable gate array to be configured. - View Dependent Claims (90, 91, 92, 93)
-
-
94. A field programmable gate array, comprising:
-
a plurality of volatile memory cells to store a configuration of user configurable logic of the field programmable array; a decryption circuit to receive and decrypt a stream of encrypted configuration data using a security key, and generate decrypted configuration data for configuring the user configurable logic; a non-volatile register to store the security key; a lock down control bit programmable to prevent the security key from being changed once the stream of configuration data is loaded. - View Dependent Claims (95)
-
Specification