Secure exchange of IP cores

US 7,971,072 B1
Filed: 03/10/2005
Issued: 06/28/2011
Est. Priority Date: 03/10/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

configuring a trusted loader on a target device;

disabling external partial reconfiguration access after said configuring, wherein said target device includes an internal configuration access port that is accessible to said trusted loader for partially programming said target device;

accessing a communications network by said trusted loader and submitting a request for an encrypted IP core from an IP core vendor via said communications network by the trusted loader;

downloading said encrypted IP core from said IP core vendor directly to said target device by said trusted loader via said communications network without passing through a user development system, said target device comprises a programmable device;

generating a decrypted IP core by decrypting said encrypted IP core by said trusted loader;

determining a location in which to place said decrypted configuration bitstream by said trusted loader; and

programming said decrypted IP core into said target device at said location by said trusted loader;

wherein said programming of said target device with said decrypted IP core partially reconfigures said target device via said internal configuration access port.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are disclosed. The system includes a trusted loader. The method includes downloading an IP core from a vendor to a target device. The IP core is received in an encrypted form at the target device, which can be, for example, a programmable logic device.

63 Citations

View as Search Results

20 Claims

1. A method comprising:
- configuring a trusted loader on a target device;
  
  disabling external partial reconfiguration access after said configuring, wherein said target device includes an internal configuration access port that is accessible to said trusted loader for partially programming said target device;
  
  accessing a communications network by said trusted loader and submitting a request for an encrypted IP core from an IP core vendor via said communications network by the trusted loader;
  
  downloading said encrypted IP core from said IP core vendor directly to said target device by said trusted loader via said communications network without passing through a user development system, said target device comprises a programmable device;
  
  generating a decrypted IP core by decrypting said encrypted IP core by said trusted loader;
  
  determining a location in which to place said decrypted configuration bitstream by said trusted loader; and
  
  programming said decrypted IP core into said target device at said location by said trusted loader;
  
  wherein said programming of said target device with said decrypted IP core partially reconfigures said target device via said internal configuration access port.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, further comprising:
    - configuring said programmable device with a skeleton design that is devoid of the IP core, and whereinsaid decrypting is performed using a private key, andsaid private key is stored at said programmable logic device.
  - 3. The method of claim 2, wherein said skeleton design comprises at least one of a gap and a placeholder and wherein said programming comprises inserting said decrypted IP core into said skeleton design within the programmable device.
  - 4. The method of claim 1, further comprising:
    - permanently programming a key into said programmable logic device, wherein said key is permanently programmed into said programmable device by a trusted framework agent.
  - 5. The method of claim 1, further comprising:
    - sending a session key to said programmable device, wherein said session key is associated with a session encryption algorithm.
  - 6. The method of claim 5, further comprising:
    - authenticating said programmable device.
  - 7. The method of claim 5 further comprising:
    - performing a negotiation between said vendor and said programmable device, whereinsaid session encryption algorithm is determined as a result of said negotiation.
  - 8. The method of claim 7, whereinsaid negotiation selects said session encryption algorithm from a plurality of session encryption algorithms;
    - said negotiation causes a decryption program implementing said session encryption algorithm to be conveyed between said vendor and said programmable device, andsaid negotiation also causes a hash value to be conveyed between said vendor and said programmable device.
  - 9. The method of claim 5, further comprising:
    - generating said encrypted IP core by encrypting said IP core using said session key and said session encryption algorithm;
      
      encrypting said encrypted IP core using a public key of said programmable device prior to sending said encrypted IP core to said programmable device; and
      
      sending said encrypted IP core to said programmable logic device.
  - 10. The method of claim 5, wherein said decrypting comprises:
    - decrypting said encrypted IP core using said session key and said session encryption algorithm; and
      
      decrypting said encrypted IP core using a private key of said programmable device.
  - 11. The method of claim 1, further comprising:
    - generating said encrypted IP core by encrypting said IP core prior to said downloading, wherein said encrypted IP core is downloaded from said IP core vendor to said programmable device.
  - 12. The method of claim 11, wherein said generating said decrypted IP core comprises:
    - generating said decrypted IP core by performing said decrypting subsequent to said downloading; and
      
      causing said programmable device to program said decrypted IP core into a skeleton design.
  - 13. The method of claim 11, further comprising:
    - attempting to decode said encrypted IP core using a key; and
      
      indicating an error if said attempting to decode said encrypted IP core fails.
  - 14. The method of claim 13, wherein said downloading comprises:
    - sending said request from said target device to another vendor;
      
      sending a secure request from said another vendor to said vendor;
      
      sending said IP core from said vendor to said another vendor in response to said secure request; and
      
      sending said IP core from said another vendor to said target device in response to said request.
  - 15. The method of claim 1, further comprising:
    - authenticating said target device.
  - 16. The method of claim 15, wherein said authenticating said target device comprises:
    - sending a request for said IP core from said target device to said vendor;
      
      generating a first encrypted message in response to said request by encrypting a message using a public key of said target device;
      
      sending said first encrypted message from said vendor to said target device; and
      
      generating a decrypted message by decrypting said first message with a private key of said target device.
  - 17. The method of claim 16, wherein said authenticating said vendor comprises:
    - generating a second encrypted message by encrypting said decrypted message using a public key of said vendor;
      
      sending said second encrypted message from said target device to said vendor; and
      
      decrypting said second encrypted message with a private key of said vendor.
  - 18. The method of claim 1, further comprising:
    - authenticating said vendor.
  - 19. The method of claim 18, wherein said authenticating comprises:
    - generating said encrypted IP core by encrypting said IP core with a public key of said target device; and
      
      attempting to decrypt an encrypted IP core using a private key; and
      
      indicating an error if said attempting to decrypt said encrypted IP core fails.

20. A method comprising:
- creating a skeleton design, wherein said skeleton design is created using a functional representation of an IP core;
  
  generating a first bitstream, said first bitstream representing said skeleton design, wherein said skeleton design comprises a gap, said gap is defined by a size and a geometry;
  
  downloading said first bitstream from a configuration storage unit to a programmable logic device;
  
  accessing a communications network and requesting an IP core from an IP core vendor via said communications network;
  
  downloading a second bitstream from a vendor directly to said programmable device in response to said request, wherein said second bitstream represents an IP core;
  
  programming said IP core into said skeleton design by causing said programmable device to insert said second bitstream into said first bitstream;
  
  downloading a third bitstream from a trusted framework agent to said programmable logic device, wherein;
  
  said third bitstream represents another IP core,said another IP core is configured to implement a trusted loader,said trusted loader performs the accessing, requesting, and programming; and
  
  disabling external partial reconfiguration access to the programmable logic device after said downloading of said third bitstream, wherein said programmable logic device includes an internal configuration access port that is accessible to said trusted loader for partially programming said target device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Original Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Inventors
Sundararajan, Prasanna, New, Bernard J., Donlin, Adam P.
Primary Examiner(s)
Lanier; Benjamin E

Application Number

US11/077,052
Time in Patent Office

2,301 Days
Field of Search

None
US Class Current

713/194
CPC Class Codes

G06F 21/76   in application-specific int...

G06F 2115/08   Intellectual property [IP] ...

G06F 30/34   for reconfigurable circuits...

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 9/14   using a plurality of keys o...

H04L 9/3271   using challenge-response

Secure exchange of IP cores

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

63 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Secure exchange of IP cores

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others