FPGA configuration bitstream encryption using modified key

US 7,606,362 B1
Filed: 01/25/2005
Issued: 10/20/2009
Est. Priority Date: 01/25/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method of decrypting a configuration bitstream that configures an integrated circuit, the method comprising:

receiving a first key on the integrated circuit;

performing a function on the first key a first number of times to generate a second key;

storing the second key in a memory on the integrated circuit;

at power up of the integrated circuit, retrieving the second key from the memory;

subsequent to retrieving the second key, performing the function on the second key a second number of times to generate a third key, wherein the third key is different from the first key; and

using the third key to decrypt the configuration bitstream.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Circuits, methods, and apparatus that prevent detection and erasure of a configuration bitstream or other data for an FPGA or other device. An exemplary embodiment of the present invention masks a user key in order to prevent its detection. In a specific embodiment, the user key is masked by software that performs a function on it a first number of times. The result is used to encrypt a configuration bitstream. The user key is also provided to an FPGA or other device, where the function is performed a second number of times and the result stored. When the device is configured, the result is retrieved, the function is performed on it the first number of times less the second number of times and then it is used to decrypt the configuration bitstream. A further embodiment uses a one-time programmable fuse (OTP) array to prevent erasure or modification.

47 Citations

View as Search Results

20 Claims

1. A method of decrypting a configuration bitstream that configures an integrated circuit, the method comprising:
- receiving a first key on the integrated circuit;
  
  performing a function on the first key a first number of times to generate a second key;
  
  storing the second key in a memory on the integrated circuit;
  
  at power up of the integrated circuit, retrieving the second key from the memory;
  
  subsequent to retrieving the second key, performing the function on the second key a second number of times to generate a third key, wherein the third key is different from the first key; and
  
  using the third key to decrypt the configuration bitstream.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the first number is stored on the integrated circuit.
  - 3. The method of claim 1 wherein the first number is received with the first key.
  - 4. The method of claim 3 wherein the first number is stored in a first non-volatile memory.
  - 5. The method of claim 1 wherein the second key is stored in a non-volatile memory on the integrated circuit.
  - 6. The method of claim 1 wherein the first key is provided by a user.
  - 7. The method of claim 1 wherein the function is AES encryption.
  - 8. The method of claim 1 wherein the integrated circuit is a field programmable gate array.
  - 9. The method of claim 1 further comprising:
    - receiving the user key;
      
      performing the function on the key a first number of times followed by a second number of times to generate a fourth key; and
      
      using the fourth key to encrypt the configuration bitstream.

10. A method of decrypting a configuration bitstream comprising:
- receiving, at a first time, a first key using an integrated circuit;
  
  performing a function on the first key a first number of times to generate a second key;
  
  using the second key to set a first number of non-volatile memory locations wherein the first number of non-volatile memory locations configure a decoder circuit;
  
  receiving, at a second time, the first key using the integrated circuit;
  
  decoding the first key using the configured decoder circuit to generate a third key;
  
  performing the function on the third key the first number of times to generate a fourth key;
  
  storing the fourth key in a second number of non-volatile memory locations; and
  
  decrypting the configuration bitstream using a fifth key derived from the fourth key.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10 further comprising:
    - at power up of the integrated circuit, retrieving the fourth key from the second number of non-volatile memory locations;
      
      performing the function on the fourth key a second number of times to generate the fifth key.
  - 12. The method of claim 11 wherein the first and second number of non-volatile memory locations are fuses.
  - 13. The method of claim 11 wherein the first key is received via a JTAG interface.
  - 14. The method of claim 11 wherein the function is AES encryption.
  - 15. The method of claim 11 wherein the integrated circuit is a field programmable gate array.

16. An integrated circuit that decrypts a configuration bitstream that configures the integrated circuit, the integrated circuit comprising:
- an input for receiving a first key;
  
  a first circuit that performs a function on the first key a first number of times to generate a second key and that stores the second key in a memory;
  
  a second circuit that, at power up of the integrated circuit, retrieves the second key from the memory and that performs the function on the second key a second number of times to generate a third key, wherein the third key is different from the first key; and
  
  a decryption circuit that uses the third key to decrypt the configuration bitstream.
- View Dependent Claims (17)
- - 17. The integrated circuit of claim 16 wherein the first number is stored on the integrated circuit.

18. An integrated circuit that decrypts a configuration bitstream that configures the integrated circuit, the integrate circuit comprising:
- an input for receiving a first key a first time;
  
  a first circuit that performs a function on the first key a first number of times to generate a second key;
  
  a first number of non-volatile memory locations that are set using the second key;
  
  a decoding circuit that is configured by the first number of non-volatile memory locations and that decodes the first key using the configured decoder circuit to generate a third key;
  
  a second circuit that performs a function on the third key the first number of times to generate a fourth key; and
  
  a second number of non-volatile memory locations that store the fourth key;
  
  a decryption circuit that uses a fifth key, derived from the fourth key, to decrypt the configuration bitstream.
- View Dependent Claims (19, 20)
- - 19. The integrated circuit of claim 18, wherein the second circuit is the first circuit.
  - 20. The integrated circuit of claim 19, further comprising:
    - a third circuit that retrieves the third key from the second number of non-volatile memory locations and that performs the function on the fourth key a second number of times to generate the fifth key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Altera Corporation (Intel Corporation)
Original Assignee
Altera Corporation (Intel Corporation)
Inventors
Langhammer, Martin, Jefferson, David, Joyce, Juju, Streicher, Keone
Primary Examiner(s)
Nalven; Andrew L

Application Number

US11/042,019
Time in Patent Office

1,729 Days
Field of Search

380/29
US Class Current

380/29
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 9/0631   Substitution permutation ne...

H04L 9/065   Encryption by serially and ...

H04L 9/0822   using key encryption key

H04L 9/0861   Generation of secret inform...

FPGA configuration bitstream encryption using modified key

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

FPGA configuration bitstream encryption using modified key

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links