FPGA configuration bitstream protection using multiple keys
First Claim
1. A method of protecting a configuration bitstream comprising:
- using a computing device to;
receive a plurality of keys at the computing device;
generate a first key by performing a first function on the plurality of keys received at the computing device;
encoding at least a portion of a configuration bitstream using the first key, as generated using the computing device, to generate an encoded configuration bitstream; and
storing the encoded configuration bitstream in a first memory; and
using an integrated circuit that is external to the computing device to;
receive the plurality of keys at the integrated circuit;
perform a second function on the plurality of keys received at the integrated circuit to generate the first key, wherein the second function is the same function as the first function; and
storing the first key, as generated using the integrated circuit, in a second memory.
1 Assignment
0 Petitions
Accused Products
Abstract
Circuits, methods, and apparatus that prevent detection and erasure of encoding or encryption keys. These encoding keys may be used to encode a configuration bitstream or other data for an FPGA or other device. An exemplary embodiment of the present invention masks a first key to form an encoding key in order to prevent detection of the first key. In a specific embodiment, the first key is encoded using a second key. The encoded key is used to encode a configuration bitstream or other data. The encoded key is stored on an FPGA or other device. When the device is to be configured, the encoded key is retrieved and used to decode the bitstream or other data. A further embodiment stores an encryption key in a one-time programmable memory (OTP) array to prevent its erasure or modification. The encoding key may be further obfuscated before storage.
53 Citations
19 Claims
-
1. A method of protecting a configuration bitstream comprising:
-
using a computing device to; receive a plurality of keys at the computing device; generate a first key by performing a first function on the plurality of keys received at the computing device; encoding at least a portion of a configuration bitstream using the first key, as generated using the computing device, to generate an encoded configuration bitstream; and storing the encoded configuration bitstream in a first memory; and using an integrated circuit that is external to the computing device to; receive the plurality of keys at the integrated circuit; perform a second function on the plurality of keys received at the integrated circuit to generate the first key, wherein the second function is the same function as the first function; and storing the first key, as generated using the integrated circuit, in a second memory. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An integrated circuit comprising:
-
a first circuit configured to receive a plurality of keys and configured to perform a function on the plurality of keys to generate a first key, wherein the plurality of keys are received from a computing device that; is external to the integrated circuit; performs the function to generate the first key from the plurality of keys; and encodes at least a portion of a configuration bitstream using the first key, as generated using the computing device; a memory circuit configured to store the first key, as generated using the integrated circuit; and a decoder circuit configured to receive a decoding key and the encoded configuration bitstream and to provide a decoded configuration bitstream, wherein the decoding key is obtained from the first key stored in the memory circuit, and wherein the encoded configuration bitstream is received from a configuration device external from the integrated circuit. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of protecting a configuration bitstream comprising:
-
using a computing device to; receive one or more keys at the computing device; generate a first key by performing a first function on the one or more keys received at the computing device; encoding at least a portion of a configuration bitstream using the first key, as generated using the computing device, to generate an encoded configuration bitstream; and storing the encoded configuration bitstream in a first memory; and using an integrated circuit that is external to the computing device to; receive the one or more keys at the integrated circuit; perform a second function on the one or more keys received at the integrated circuit to generate the first key, wherein the second function is the same function as the first function; and storing the first key, as generated using the integrated circuit, in a second memory. - View Dependent Claims (17, 18, 19)
-
Specification