Secure field-programmable gate array (FPGA) architecture
First Claim
1. A method of configuring a field-programmable gate array (FPGA), the method comprising:
- receiving, at an FPGA, an encrypted FPGA load-decryption key from a remote key-storage device, wherein the remote key-storage device is external to and operatively connected with the FPGA;
calculating, at the FPGA, an entirety of an ephemeral session key;
decrypting the encrypted FPGA load-decryption key in a key-security unit using the ephemeral session key to provide a decrypted FPGA load-decryption key;
receiving encrypted FPGA-configuration data at the FPGA; and
decrypting and authenticating, in a configuration-data security unit, the FPGA-configuration data using the decrypted FPGA load-decryption key, andfurther comprising;
obtaining an initialization vector from the FPGA-configuration data;
receiving a challenge message from an authentication device;
encrypting a challenge message using the initialization vector to generate a response message; and
sending the response message to the authentication device for an authenticity determination of the FPGA-configuration data.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for configuring a field-programmable gate array (FPGA) includes receiving an encrypted FPGA load-decryption key at an FPGA from a remote key-storage device. The remote key-storage device may be external to and operatively connected with the FPGA. The encrypted FPGA load-decryption key is decrypted using a session key, which may be stored at both the FPGA and the remote key-storage device. Encrypted FPGA-configuration data is received at the FPGA, and decrypted and authenticated using the decrypted FPGA load-decryption key. The decryption of the FPGA-configuration data may indicate a cryptographic state associated with the FPGA-configuration data, which may be used in recurring authentication of the FPGA-configuration data. For recurring authentication, a challenge message may be received at the FPGA from an authentication device, which may be encrypted using the cryptographic state and the session key to generate a response message. The response message may then be sent to the authentication device to determine authenticity of the FPGA-configuration data.
17 Citations
5 Claims
-
1. A method of configuring a field-programmable gate array (FPGA), the method comprising:
-
receiving, at an FPGA, an encrypted FPGA load-decryption key from a remote key-storage device, wherein the remote key-storage device is external to and operatively connected with the FPGA; calculating, at the FPGA, an entirety of an ephemeral session key; decrypting the encrypted FPGA load-decryption key in a key-security unit using the ephemeral session key to provide a decrypted FPGA load-decryption key; receiving encrypted FPGA-configuration data at the FPGA; and
decrypting and authenticating, in a configuration-data security unit, the FPGA-configuration data using the decrypted FPGA load-decryption key, andfurther comprising; obtaining an initialization vector from the FPGA-configuration data; receiving a challenge message from an authentication device; encrypting a challenge message using the initialization vector to generate a response message; and sending the response message to the authentication device for an authenticity determination of the FPGA-configuration data. - View Dependent Claims (2, 3, 4, 5)
-
Specification