Managing use of a field programmable gate array with isolated components
First Claim
1. A field programmable gate array (FPGA), comprising:
- a plurality of programmable elements; and
isolated FPGA elements enabling secure communication by the field programmable gate array with other components in a computer system, the isolated FPGA elements comprising a first memory and a second memory, the first memory being enabled to receive encrypted data from outside the FPGA and the second memory being isolated during operation from components outside the FPGA and enabled to store data decrypted within the FPGA.
2 Assignments
0 Petitions
Accused Products
Abstract
Field programmable gate arrays can be used as a shared programmable co-processor resource in a general purpose computing system. Components of an FPGA are isolated to protect the FPGA and data transferred between the FPGA and other components of the computer system. For example, data written by the FPGA to memory is encrypted, and is decrypted within the FPGA when read back from memory. Data transferred between the FPGA and other components such as the CPU or GPU, whether directly or through memory, can similarly be encrypted using cryptographic keys known to the communicating components. Transferred data also can be digitally signed by the FPGA or other component to provide authentication. Code for programming the FPGA can be encrypted and signed by the author, loaded into the FPGA in an encrypted state, and then decrypted and authenticated by the FPGA itself, before programming the FPGA with the code.
-
Citations
19 Claims
-
1. A field programmable gate array (FPGA), comprising:
-
a plurality of programmable elements; and isolated FPGA elements enabling secure communication by the field programmable gate array with other components in a computer system, the isolated FPGA elements comprising a first memory and a second memory, the first memory being enabled to receive encrypted data from outside the FPGA and the second memory being isolated during operation from components outside the FPGA and enabled to store data decrypted within the FPGA. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for programming a field programmable gate array (FPGA), comprising:
-
receiving encrypted program logic into a first memory within the FPGA; decrypting the encrypted program logic using a decryption module within the FPGA into a second memory within the FPGA, the second memory being isolated during operation within the FPGA from components outside the FPGA; and programming the FPGA using the decrypted program logic. - View Dependent Claims (8, 9, 10)
-
-
11. In a computer system, a process comprising:
-
establishing a mutually-authenticated and encrypted secure channel between a field programmable gate array (FPGA) and a computer component, wherein unencrypted data is stored in an isolated memory within the FPGA which is isolated during operation from components outside the FPGA and inaccessible to the computer component; and sending data to the computer component securely over the mutually-authenticated and encrypted secure channel. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
Specification