Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Packet header designating cryptographically protected data
Reexamination Certificate
1998-12-14
2002-09-24
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Packet header designating cryptographically protected data
C713S161000, C713S168000
Reexamination Certificate
active
06457125
ABSTRACT:
BACKGROUND OF THE INVENTION
This invention relates to programmable hardware devices and more particularly to an apparatus and method of securely configuring programmable hardware devices that are reprogrammed when powered up.
Programmable hardware devices are general-purpose, combinational or sequential digital components that can be programmed to perform a certain function. They are also referred to as programmable logic devices (PLDs) or programmable arrays, and part of their basic structure includes a matrix of programmable logic modules or switches that can be configured to implement a complex circuit that performs a certain function. The programmable logic modules can consist of nodes of fuses, antifuses, floating-gate metal oxide semiconductor (MOS) transistors, random access memory (RAM) cells, or static RAM (SRAM) cells.
Fuse and antifuse based programmable hardware devices are physically programmed by having the fuse nodes “blown” into a permanently on or off state. Floating gate, or flash, memory cells are nonvolatile and remain electrically programmed until erased. RAM based cells are volatile and must be electrically programmed each time the programmable hardware device is powered-up. Both flash and RAM based cells are programmed by providing to the programmable hardware device a data stream of configuration information. The configuration information defines a function that each programmable logic module will perform, or collectively defines the combinational function of the programmable hardware device. The configuration information is usually highly sensitive and proprietary information.
Programmable hardware devices can generally be classified according to one of two categories: one-time programmable; and reprogrammable. In the first category, the programmable logic modules of the device are programmed once, usually where the device is manufactured, such as with fuse and antifuse based devices. Such devices are permanently nonvolatile, meaning their configuration can not be changed once the device is programmed. In the second category, the configuration information is stored first in an external source such as a memory. The configuration information is downloaded into the device to configure the logic modules. To reprogram the device, an existing configuration of the programmable logic blocks is deliberately erased and another configuration is downloaded, such as with flash memory, or power is simply removed and another configuration is downloaded upon power-up, such as with RAM.
The present invention is directed to configuring programmable hardware devices of the second category.
FIG. 1
shows a simplified block diagram of a prior art system
100
for configuring a reprogrammable hardware device
110
from an external host
130
or other external memory source. The basic architecture of a programmable hardware device
110
includes a matrix of programmable logic modules
120
surrounded by an addressable interconnection network
135
. Each logic module
120
may be any one of a variety of circuits capable of being programmed to implement all logic functions having one or more inputs. Such circuits include transistor-based registers, multiplexers, or look-up tables. Often, they also contain sequential elements such as flip-flops or latches. In gate array technology, the interconnection pattern is defined by metallization layers applied over a programmable logic module pattern at the final stage of manufacture.
The interconnect network
135
is connected by input/output blocks (I/O)
145
to a configuration engine
140
that configures the logic modules
120
according to configuration information, or a program, received from the host
130
via a communications channel
150
. The configuration engine contains a memory for storing the configuration information, which memory can be flash, such as erasable programmable read only memory (EPROM) and electrically erasable programmable ROM (EEPROM), or static RAM (SRAM). Host
130
may be a memory, a processor linked to a memory, or connected to a memory in a data network such as the internet. An example of a programmable hardware device as described above is described in greater detail in U.S. Pat. No. 5,744,980.
One problem that arises is that the communications channel
150
between the host
130
or external memory source and the programmable hardware device
110
is particularly vulnerable to monitoring by an outside “attacker.” By monitoring the download process of transferring configuration information from the host
150
to the programmable hardware device
110
, an undesirable entity could gain enough information to reconstruct a proprietary configuration for their own applications. Accordingly, there is need for a system and method to securely download configuration information into a programmable hardware device.
SUMMARY OF THE INVENTION
The present invention provides a method and apparatus to securely configure a programmable hardware device to inhibit copying of configuration information which defines a programmable function of the device.
Secure configuration of a programmable hardware device is achieved in one embodiment of the invention by the steps of encrypting configuration information according to a cryptographic algorithm, transferring the encrypted configuration information from a host to the programmable hardware device, decrypting the configuration information according to the same cryptographic algorithm, and configuring a plurality of programmable logic modules in the programmable hardware device according to the configuration information.
In an alternate embodiment, the host receives the configuration information from an external memory source in encrypted form. The host may then store the encrypted configuration information for later transfer to the programmable hardware device.
In yet another embodiment, the host decrypts encrypted configuration information received from an external memory source. The host then again encrypts the configuration according to the same or a different cryptographic algorithm. The host transfers the again encrypted configuration information to the programmable hardware device.
In yet another embodiment, the present invention provides a novel download engine for programmable hardware devices. The download engine includes a data-in register having a communications channel for receiving encrypted configuration information from the external host, a cryptographic engine, coupled to the data-in register and configured to decrypt the encrypted configuration information according to a cryptographic algorithm, and an interface coupled to the cryptographic engine, for transferring the decrypted configuration information from the cryptographic engine to the programmable logic modules.
REFERENCES:
patent: 5675645 (1997-10-01), Schwartz et al.
patent: 5784463 (1998-07-01), Chen et al.
Schneier, “Applied Cryptography”, 1995, sec. 9.1, 9.2.
Bestock Ralph R.
Matthews, Jr. Donald P.
Compaq Computer Corporation
Oppenheimer Wolff & Donnelly LLP
Peeso Thomas R.
Sherry Leah
LandOfFree
Encrypted download of SRAM-based FPGAs does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Encrypted download of SRAM-based FPGAs, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Encrypted download of SRAM-based FPGAs will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2839860