Encryption key obfuscation and storage
First Claim
Patent Images
1. A method of protecting a configuration bitstream, the method comprising:
- encoding at least a portion of a configuration bitstream using a first key to generate an encoded configuration bitstream;
storing the encoded configuration bitstream in a first memory on a first integrated circuit;
receiving, at a first circuit of a second integrated circuit, the first key, wherein the first key is received at the second integrated circuit from a source external to the second integrated circuit;
obfuscating, with the first circuit, the first key to generate a second key; and
storing the second key in a second memory on the second integrated circuit, wherein the second memory is a non-volatile memory.
1 Assignment
0 Petitions
Accused Products
Abstract
Circuits, methods, and apparatus that prevent easy detection and erasure or modification of an encryption or encoding key. This key may be used to encode and decode a configuration bitstream for an FPGA or other programmable or configurable device. One embodiment of the present invention obfuscates a key then stores it in a memory array on an FPGA. This memory array may be a one-time programmable memory to prevent erasure or modification of the key. After retrieval from storage, a reverse or de-obfuscation is performed to recover the key. Further obfuscation may be achieved by proper layout of the relevant circuitry.
-
Citations
19 Claims
-
1. A method of protecting a configuration bitstream, the method comprising:
-
encoding at least a portion of a configuration bitstream using a first key to generate an encoded configuration bitstream; storing the encoded configuration bitstream in a first memory on a first integrated circuit; receiving, at a first circuit of a second integrated circuit, the first key, wherein the first key is received at the second integrated circuit from a source external to the second integrated circuit; obfuscating, with the first circuit, the first key to generate a second key; and storing the second key in a second memory on the second integrated circuit, wherein the second memory is a non-volatile memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An integrated circuit comprising:
-
an input interface for receiving a plurality of input keys; a first function block having an input coupled with the input interface, wherein the first function block generates a key by performing a function on the plurality of input keys; a first circuit configured to receive the key, and further configured to obfuscate the key; a memory configured to receive the obfuscated key from the first circuit, and further configured to store the obfuscated key; and a second circuit configured to receive the obfuscated key from the memory, and further configured to de-obfuscate the obfuscated key. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A programmable integrated circuit comprising:
-
an input interface for receiving a plurality of input keys; a first function block having an input coupled with the input interface, wherein the first function block generates a first key by performing a function on the plurality of input keys; a memory configured to receive the first key from the first function block, and further configured to store the first key; an encryption circuit that receives the first key from the memory and that encrypts the first key with itself to obtain an encryption key, wherein the encryption key is different than any of the input keys; and a decoding circuit that uses the encryption key to decode configuration data that configures the programmable integrated circuit.
-
Specification