Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-06-29
2001-04-03
Swann, Tod R. (Department: 2767)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S166000, C713S187000, C713S189000, C713S193000, C713S193000, C380S268000, C326S038000
Reexamination Certificate
active
06212639
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to the field of circuit design. In particular, the invention relates to a method and apparatus for securing data used to configure a programmable logic device.
2. Background Information
Programmable Logic Devices (PLDs) are a class of devices that allow a user to program a device to perform the function of a particular circuit. Examples of PLDs are FPGAs (Field Programmable Gate Arrays) and EPLDs (Erasable Programmable Logic Devices).
To use a PLD, a user captures a circuit design using any of several design capture tools. The user then uses software tools to convert the captured design into a device specific bitwise representation. The bitwise representation is stored in a storage device, such as an EPROM. Upon startup, the storage device supplies the bitwise representation to the PLD, thereby enabling the PLD to perform the function of the circuit design. The PLD, having read in the bitwise representation, then performs the function of the circuit design.
By the time the bitwise representation is created, significant amounts of time and effort have been expended. To encourage individuals and companies to continue to invest in the research and development of new circuit designs, it is desirable to provide some method of protecting the circuit designs from illegal copying and use.
To make an illegal copy of the circuit design, as implemented in the programmable logic device, one need only make a copy of the bitwise representation stored in the storage device. The copied bitwise representation can then be illegally used with other programmable logic devices. Therefore, it is desirable to make it more difficult to copy the bitwise representation of the circuit design.
Additionally, some types of PLDs support multiple configuration modes. For example, the XC4000™ series FPGAs, available from Xilinx, Inc. of San Jose, Calif., supports multiple configuration modes. The 1994 Xilinx Data Book, page 2-25 through page 2-46, describes the unsecured configuration modes for the XC4000™ FPGA product family. Therefore, it is desirable to have secure configuration of PLDs that have multiple configuration modes. Of course no system can be absolutely secure from all potential unauthorized access, therefore, the term “secure” is used to mean more secure than systems without any security.
Some PLDs can be chained together for the purpose of configuration. After one PLD is configured, the configuration data is passed to the next PLD in the chain. Therefore, it is desirable to support the secured configuration of multiple chained PLDs.
SUMMARY OF THE INVENTION
A method and apparatus for encrypting the information used in configuring a programmable logic device is described.
A method of communicating encrypted configuration data between a programmable logic device (PLD) and a storage device is included in one part of the invention. The method includes the following steps. Transmit encrypted configuration data stored in a storage device to the PLD. Decrypt the encrypted configuration data to generate a copy of the configuration data in the PLD. Configure the PLD using the copy of the configuration data. In one embodiment, the PLD transmits a key to the storage device. In another embodiment, the manufacturer, user, or someone else, stores a key in the storage device and in the PLD. In both embodiments, the key is used to encrypt the configuration data.
In one embodiment, the storage device includes an encryption circuit. The encryption circuit generates a bit of the encrypted configuration data, D*, from a bit of the configuration data, D, using the relationship: D⊕X=D*, where ⊕ indicates an exclusive OR logical operation. X is a signal generated from previous bits of the encrypted configuration data. The PLD includes a decryption circuit. The decryption circuit generates a copy of the bit of the configuration data, D, from a bit of the encrypted configuration data, D*, using the relationship: D*⊕X=D.
In one embodiment, the storage device includes no encryption circuit. The PLD and storage device are used in pairs. A software system (work station) or user generates or supplies a key and sends the key or a related key to the PLD. It generates encrypted configuration data using the key and sends the encrypted configuration data to the storage device. The PLD includes a decryption circuit. The key in the PLD is used by this decryption circuit to decrypt the encrypted configuration data received from the storage device.
In one embodiment, multiple PLDs are chained together during the configuration mode. The storage device transmits the encrypted configuration data to the first PLD in the chain, then to the next PLD.
In one embodiment, each PLD listens to all of the encrypted configuration data until the storage device begins transmitting the encrypted configuration data for that PLD. In another embodiment, the first PLD decrypts the configuration data for itself. When fully programmed, the first PLD passes the encrypted configuration data onto the next PLD in the chain. In this embodiment, the programmed PLD also transfers the current state of its decryption circuit to the next PLD in the chain.
Although many details have been included in the description and the figures, the invention is defined by the scope of the claims. Only limitations found in those claims apply to the invention.
REFERENCES:
patent: 5081675 (1992-01-01), Kittirutsunetorn
patent: 5349249 (1994-09-01), Chiang et al.
patent: 5388157 (1995-02-01), Austin
patent: 5406627 (1995-04-01), Thompson et al.
patent: 5748734 (1998-05-01), Mizikovsky
patent: 5768372 (1998-06-01), Sung et al.
patent: 5915017 (1999-06-01), Sung et al.
“The Programmable Logic Data Book,” pp. 2-25 through 2-46, Xilinx, 1994, San Jose, California.
Datasheet for XC5200 FPGA from Xilinx.
Schneier, Applied Cryptography, 2nd edition, pp. 4, 5 and 32-36, Oct. 1995.
Erickson Charles R.
Holen Victor A.
Tavana Danesh
Callahan Paul E.
Paradice III William L.
Swann Tod R.
Xilinx , Inc.
Young Edel M.
LandOfFree
Encryption of configuration stream does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Encryption of configuration stream, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Encryption of configuration stream will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2495435