FPGA configuration bitstream encryption using modified key
First Claim
1. A method of decrypting data on an integrated circuit, the method comprising:
- retrieving a count value from a memory of the integrated circuit;
processing a data encryption key based on the count value to produce a modified data encryption key;
modifying contents of the memory containing the count value after producing the modified data encryption key; and
decrypting data based on the modified data encryption key.
0 Assignments
0 Petitions
Accused Products
Abstract
Circuits, methods, and apparatus that prevent detection and erasure of a configuration bitstream or other data for an FPGA or other device. An exemplary embodiment of the present invention masks a user key in order to prevent its detection. In a specific embodiment, the user key is masked by software that performs a function on it a first number of times. The result is used to encrypt a configuration bitstream. The user key is also provided to an FPGA or other device, where the function is performed a second number of times and the result stored. When the device is configured, the result is retrieved, the function is performed on it the first number of times less the second number of times and then it is used to decrypt the configuration bitstream. A further embodiment uses a one-time programmable fuse (OTP) array to prevent erasure or modification.
-
Citations
20 Claims
-
1. A method of decrypting data on an integrated circuit, the method comprising:
-
retrieving a count value from a memory of the integrated circuit; processing a data encryption key based on the count value to produce a modified data encryption key; modifying contents of the memory containing the count value after producing the modified data encryption key; and decrypting data based on the modified data encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An integrated circuit comprising:
-
read circuitry configured to retrieve a count value from a memory of the integrated circuit; and encryption circuitry configured to; process a data encryption key based on the count value to produce a modified data encryption key; modify contents of the memory containing the count value after producing the modified data encryption key; and decrypt data based on the modified data encryption key. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method of decrypting data on an integrated circuit, the method comprising:
-
receiving encrypted configuration data; retrieving a count value from a memory of the integrated circuit; generating a modified data encryption key based on the count value; modifying contents of the memory containing the count value after producing the modified data encryption key; and decrypting the encrypted configuration data using the modified data encryption key. - View Dependent Claims (17, 18, 19, 20)
-
Specification