Method of securing programmable logic configuration data

US 7,711,964 B2
Filed: 11/29/2006
Issued: 05/04/2010
Est. Priority Date: 09/30/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A system comprising:

a circuit board;

an integrated circuit package connected to said circuit board, said package having a plurality of input pins; and

a programmable logic device integrated circuit packaged in said integrated circuit package, said integrated circuit having a plurality of input conductors and operative to perform cryptographic calculations employing a cryptographic key,whereby said cryptographic key is provided to said programmable logic device integrated circuit via a binary code applied to a predetermined plurality of said input conductors, said binary code being inaccessible when said system is deployed;

wherein a predetermined plurality of said programmable logic device integrated circuit input conductors is connected to an active high voltage level or signal ground to form said binary code;

wherein said predetermined plurality of conductors is not connected to said integrated circuit package input pins;

wherein a predetermined plurality of said programmable logic device integrated circuit input conductors is connected to a predetermined plurality of said integrated circuit package input pins;

said predetermined plurality of said integrated circuit package input pins is connected via said circuit board to an active high voltage level or signal ground to form said binary code; and

at least said predetermined plurality of said integrated circuit package input pins is inaccessible when said system is deployed.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a secure method of distributing configuration data for a programmable logic device (PLD). The configuration data is encrypted to generate encrypted configuration data. A decryption key is encrypted using a silicon key. The encrypted configuration data and the encrypted decryption key are transferred to a PLD. Within the PLD, the encrypted decryption key is decrypted using the silicon key. Then, also within the PLD, the encrypted configuration data is decrypted using the decryption key to recover the configuration data. The PLD is then configured using the configuration data. The silicon key may be communicated to the PLD by tying predetermined input pins to an active high voltage level or signal ground, to form a binary code.

27 Citations

View as Search Results

16 Claims

1. A system comprising:
- a circuit board;
  
  an integrated circuit package connected to said circuit board, said package having a plurality of input pins; and
  
  a programmable logic device integrated circuit packaged in said integrated circuit package, said integrated circuit having a plurality of input conductors and operative to perform cryptographic calculations employing a cryptographic key,whereby said cryptographic key is provided to said programmable logic device integrated circuit via a binary code applied to a predetermined plurality of said input conductors, said binary code being inaccessible when said system is deployed;
  
  wherein a predetermined plurality of said programmable logic device integrated circuit input conductors is connected to an active high voltage level or signal ground to form said binary code;
  
  wherein said predetermined plurality of conductors is not connected to said integrated circuit package input pins;
  
  wherein a predetermined plurality of said programmable logic device integrated circuit input conductors is connected to a predetermined plurality of said integrated circuit package input pins;
  
  said predetermined plurality of said integrated circuit package input pins is connected via said circuit board to an active high voltage level or signal ground to form said binary code; and
  
  at least said predetermined plurality of said integrated circuit package input pins is inaccessible when said system is deployed.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein said integrated circuit package comprises a ball grid array.
  - 3. The system of claim 1, wherein circuit board traces connected to said predetermined plurality of integrated circuit package input pins are connected to said active high voltage level or said signal ground by internal layers of said circuit board.
  - 4. The system of claim 3 further comprising a power supply connected to said circuit board, and wherein said circuit board traces connect said predetermined plurality of integrated circuit package input pins to an active high voltage level or signal ground output of said power supply.
  - 5. The system of claim 3 further comprising a connector connected to said circuit board and having a plurality of contacts, and wherein said circuit board traces connect said predetermined plurality of integrated circuit package input pins to said plurality of connector contacts.
  - 6. The system of claim 5 further comprising a data source connected to said connector contacts and operative to provide said binary code.
  - 7. The system of claim 6, wherein said data source comprises a wireless receiver.

8. A system comprising:
- a circuit board;
  
  an integrated circuit package connected to said circuit board, said package having a plurality of input pins; and
  
  a programmable logic device integrated circuit packaged in said integrated circuit package, said integrated circuit having a plurality of input conductors and operative to perform cryptographic calculations employing a cryptographic key,wherein a predetermined plurality of said programmable logic device integrated circuit input conductors is connected to an active high voltage level or signal ground to form said binary code and is not connected to said integrated circuit package pins;
  
  wherein another predetermined plurality of said programmable logic device integrated circuit input conductors is connected to a predetermined plurality of said integrated circuit package input pins, said another predetermined plurality of said integrated circuit package input pins is connected via said circuit board to an active high voltage level or signal ground to form said binary code, and at least said predetermined plurality of said integrated circuit package input pins is inaccessible when said system is deployed; and
  
  whereby said cryptographic key is provided to said programmable logic device integrated circuit via a binary code applied to a dedicated, predetermined plurality of said input conductors.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The system of claim 8, wherein said integrated circuit package comprises a ball grid array.
  - 10. The system of claim 8, wherein circuit board traces connected to said predetermined plurality of integrated circuit package input pins are connected to said active high voltage level or said signal ground by internal layers of said circuit board.
  - 11. The system of claim 10 further comprising a power supply connected to said circuit board, and wherein said circuit board traces connect said predetermined plurality of integrated circuit package input pins to an active high voltage level or signal ground output of said power supply.
  - 12. The system of claim 10 further comprising a connector connected to said circuit board and having a plurality of contacts, and wherein said circuit board traces connect said predetermined plurality of integrated circuit package input pins to said plurality of connector contacts.
  - 13. The system of claim 12 further comprising a data source connected to said connector contacts and operative to provide said binary code.
  - 14. The system of claim 13, wherein said data source comprises a wireless receiver.
  - 15. The system of claim 8, wherein said programmable logic device is configured to use the cryptographic key to decrypt a received key.
  - 16. The system of claim 8 wherein said programmable logic device is configured such that said binary code is inaccessible when said system is deployed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Carnegie Mellon University
Original Assignee
Carnegie Mellon University
Inventors
Van Essen, Brian Christopher, Schmit, Herman H., Kidd, Jeffrey Wayne, Petersen, Christopher Maverick
Primary Examiner(s)
Dada; Beemnet W

Application Number

US11/605,669
Publication Number

US 20070074045A1
Time in Patent Office

1,252 Days
Field of Search

380/277, 380/281, 380/284, 713/161, 713/164, 713/168, 713/189, 713/193
US Class Current

713/189
CPC Class Codes

H04L 2209/125   Parallelization or pipelini...

H04L 2463/062   applying encryption of the ...

H04L 63/0428   wherein the data content is...

H04L 9/0897   involving additional device...

Y04S 40/20   Information technology spec...

Method of securing programmable logic configuration data

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Method of securing programmable logic configuration data

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others