FPGA configuration bitstream protection using multiple keys
First Claim
1. A method of processing a configuration bitstream at a computing device comprising:
- obtaining, at the computing device, a plurality of encryption keys and the configuration bitstream;
encoding the configuration bitstream using an encoded key produced from the plurality of encryption keys to generate an encrypted bit stream;
providing the encrypted bit stream to a first memory external to the computing device; and
providing the plurality of encryption keys to a second memory external to the computing device.
0 Assignments
0 Petitions
Accused Products
Abstract
Circuits, methods, and apparatus that prevent detection and erasure of encoding or encryption keys. These encoding keys may be used to encode a configuration bitstream or other data for an FPGA or other device. An exemplary embodiment of the present invention masks a first key to form an encoding key in order to prevent detection of the first key. In a specific embodiment, the first key is encoded using a second key. The encoded key is used to encode a configuration bitstream or other data. The encoded key is stored on an FPGA or other device. When the device is to be configured, the encoded key is retrieved and used to decode the bitstream or other data. A further embodiment stores an encryption key in a one-time programmable memory (OTP) array to prevent its erasure or modification. The encoding key may be further obfuscated before storage.
-
Citations
18 Claims
-
1. A method of processing a configuration bitstream at a computing device comprising:
-
obtaining, at the computing device, a plurality of encryption keys and the configuration bitstream; encoding the configuration bitstream using an encoded key produced from the plurality of encryption keys to generate an encrypted bit stream; providing the encrypted bit stream to a first memory external to the computing device; and providing the plurality of encryption keys to a second memory external to the computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of processing a configuration bitstream at a computing device comprising:
-
obtaining, at the computing device, a plurality of encryption keys and the configuration bitstream; processing the configuration bit stream based, at least in part, on an encoded key produced from the plurality of encryption keys to generate an encrypted bit stream; providing the encrypted bit stream to a configuration device external to the computing device; and providing the plurality of encryption keys to an integrated circuit external to the computing device. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computing device comprising:
-
a software module configured to; receive a plurality of encryption keys; and process the plurality of encryption keys according to a function to produce an encoded key; an encoder configured to; receive a configuration bitstream; and process the configuration bitstream using the encoded key to produce an encrypted bit stream; a first interface configured to provide the encrypted bit stream to a first memory external to the computing device; and a second interface configured to provide at least one encryption key of the plurality of encryption keys to a second memory external to the computing device. - View Dependent Claims (15, 16, 17, 18)
-
Specification