FPGA configuration bitstream encryption using modified key

US 9,054,859 B1
Filed: 04/29/2014
Issued: 06/09/2015
Est. Priority Date: 01/25/2005
Status: Active Grant

First Claim

Patent Images

1. A method of decrypting data on an integrated circuit, the method comprising:

processing an encryption key based on a count value to produce a modified encryption key;

modifying contents of a memory containing the count value after producing the modified encryption key; and

decrypting data based on the modified encryption key.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Circuits, methods, and apparatus that prevent detection and erasure of a configuration bitstream or other data for an FPGA or other device. An exemplary embodiment of the present invention masks a user key in order to prevent its detection. In a specific embodiment, the user key is masked by software that performs a function on it a first number of times. The result is used to encrypt a configuration bitstream. The user key is also provided to an FPGA or other device, where the function is performed a second number of times and the result stored. When the device is configured, the result is retrieved, the function is performed on it the first number of times less the second number of times and then it is used to decrypt the configuration bitstream. A further embodiment uses a one-time programmable fuse (OTP) array to prevent erasure or modification.

30 Citations

View as Search Results

20 Claims

1. A method of decrypting data on an integrated circuit, the method comprising:
- processing an encryption key based on a count value to produce a modified encryption key;
  
  modifying contents of a memory containing the count value after producing the modified encryption key; and
  
  decrypting data based on the modified encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising obtaining an encryption function, wherein processing the encryption key based on the count value comprises applying the encryption function to the encryption key for a number of times equal to the count value.
  - 3. The method of claim 2, wherein:
    - the encryption function comprises a first sub-function and a second sub-function; and
      
      the count value comprises a first sub-count value and a second sub-count value corresponding to the first sub-function and second sub-function, respectively.
  - 4. The method of claim 2, wherein the encryption function is based on the Advanced Encryption Standard (AES).
  - 5. The method of claim 1, wherein the encryption key is obtained from a device external to the integrated circuit.
  - 6. The method of claim 1, wherein the processing and modifying steps each occur prior to configuration of the integrated circuit for operational use.
  - 7. The method of claim 1, further comprising:
    - receiving encrypted configuration data; and
      
      decrypting the encrypted configuration data using the modified encryption key.
  - 8. The method of claim 1, wherein the integrated circuit is a field programmable gate array (FPGA).
  - 9. The method of claim 1, wherein the count value is not recoverable from the modified encryption key.
  - 10. The method of claim 1, wherein the count value is an integer value greater than one.

11. An integrated circuit comprising:
- encryption circuitry for;
  
  processing an encryption key based on a count value to produce a modified encryption key;
  
  modifying contents of a memory containing the count value after producing the modified encryption key; and
  
  decrypting data based on the modified encryption key.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The integrated circuit of claim 11, further comprising interface circuitry configured to obtain an encryption function and wherein the encryption circuitry is further configured to process the encryption key based on the count value by applying the encryption function to the encryption key for a number of times equal to the count value.
  - 13. The integrated circuit of claim 11, further comprising interface circuitry configured to obtain the encryption key from a device external to the integrated circuit.
  - 14. The integrated circuit of claim 11, wherein the encryption circuitry is further configured to perform the processing and modifying steps prior to a configuration of the integrated circuit for operational use.
  - 15. The integrated circuit of claim 11, wherein the integrated circuit is a field programmable gate array (FPGA).

16. A method of decrypting data on an integrated circuit, the method comprising:
- receiving encrypted configuration data;
  
  generating a modified encryption key based on the count value;
  
  modifying contents of a memory containing the count value after producing the modified encryption key; and
  
  decrypting the encrypted configuration data using the modified encryption key.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein generating the modified encryption key based on the count value comprises:
    - obtaining an encryption function and an unmodified encryption key from a device external to the integrated circuit, andapplying the encryption function to the unmodified encryption key for a number of times equal to the count value to produce the modified encryption key.
  - 18. The method of claim 17, wherein the modifying step occurs prior to configuration of the integrated circuit for operational use.
  - 19. The method of claim 16, wherein the count value is not recoverable from the modified encryption key.
  - 20. The method of claim 16, wherein said modifying contents of the memory containing the count value comprises deleting the count value from the memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Altera Corporation (Intel Corporation)
Original Assignee
Altera Corporation (Intel Corporation)
Inventors
Streicher, Keone, Jefferson, David, Joyce, Juju, Langhammer, Martin
Primary Examiner(s)
POWERS, WILLIAM S

Application Number

US14/265,117
Time in Patent Office

406 Days
Field of Search

380/44, 713/160, 713/161
US Class Current

1/1
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 9/0631   Substitution permutation ne...

H04L 9/065   Encryption by serially and ...

H04L 9/0822   using key encryption key

H04L 9/0861   Generation of secret inform...

FPGA configuration bitstream encryption using modified key

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

FPGA configuration bitstream encryption using modified key

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links