Electrical computers and digital processing systems: support – Data processing protection using cryptography – Upgrade/install encryption
Reexamination Certificate
1999-02-19
2003-11-25
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
Upgrade/install encryption
C713S189000, C713S188000
Reexamination Certificate
active
06654889
ABSTRACT:
FIELD OF THE INVENTION
This invention relates generally to programmable logic devices, and in particular to methods and apparatus for encrypting data used to configure programmable logic devices to protect that data from theft.
BACKGROUND
FIG. 1
depicts an example of a chip set
100
that includes some general-purpose read-only memory (ROM)
110
connected to a general-purpose FPGA
120
. FPGA
120
conventionally includes an array
130
that can be configured to implement custom functional circuitry
140
. Array
130
is typically an array of configurable logic blocks (CLBs) programmably interconnected to each other and to programmable input/output blocks (IOBs). For a more detailed discussion of FPGAs, see the co-pending U.S. Pat. No. 6,028,445 which issued on Feb. 22, 2000, “ecoder Structure and Method for FPGA Configuration,” by Gary R. Lawman, which is incorporated herein by reference.
A vendor may use a chip set similar to chip set
100
to supply any number of different circuit designs while stocking only a single general-purpose FPGA and some general-purpose memory. The vendor supplies a customer with a custom version of chip set
100
by simply programming ROM
110
with the configuration data required to implement the customer's desired function.
Configuration data are typically downloaded into an FPGA (or other type of programmable logic device) as a series of bits known as a configuration bitstream. Anyone having access to the configuration bitstream for a particular design can easily copy the design. In the foregoing example in which a vendor sells a custom circuit as a set of configuration data combined with a general-purpose FPGA, an unscrupulous customer could easily copy the configuration data and use it to program any number of additional FPGAs. A Design is may also be stolen by reverse engineering the design from the configuration bitstream and then adapting the design for another FPGA or even a different circuit technology. Naturally, developers of custom configuration data for use in programmable chip sets are concerned for the security of their designs.
Some customers develop their own circuit designs and implement them on FPGAs. Designing complex circuits from basic logic gates, or “primitive cells,” can be very time consuming. More complex functions called macros, or “cores,” are therefore developed to represent more complex logic functions. These cores can then be used as building blocks for assembling yet more complex circuit designs.
A number of core developers design and market cores for FPGAs and other types of programmable logic devices (PLDs). Customers purchase these cores and use them to program PLDs to achieve desired functions. For example, a collection of cores for implementing standard bus interfaces and signal-processing functions is available from Xilinx, Inc., of San Jose, Cali., under the name LogiCORE™. As with the configuration data in the example of
FIG. 1
, PLD cores and circuit designs that employ them are easily stolen. Core developers are therefore concerned for the security of their cores. There is therefore a need for a means of securing cores and other proprietary configuration data.
SUMMARY
The present invention is directed to a method of configuring a programmable logic device using encrypted configuration data, and to a programmable logic device adapted to use such encrypted configuration data.
In one embodiment, a type of programmable logic device commonly known as a field-programmable gate array (FPGA) is adapted to include a decryptor and a non-volatile memory element programmed with a secret decryption key. Some or all of the decryptor can be instantiated in configurable logic on the FPGA. Once the decryptor is instantiated, encrypted configuration data representing some desired circuit function is presented to the decryptor. The decryptor then decrypts the configuration data, using the secret decryption key, and configures the FPGA with the decrypted configuration data.
For implementations in which the decryptor is instantiated in configuration memory of the FPGA, a clever thief might engineer an FPGA design that, when instantiated, simply reads the decryption key and presents the key on an output pin of the FPGA. To forestall such a security breach, an FPGA in accordance with a second embodiment of the invention includes authentication circuitry that performs a hash function on the configuration data used to instantiate the decryptor. The result of the hash function is compared to a proprietary hash key programmed into a second non-volatile memory element on the FPGA. Only those decryptors whose configuration data produce the desired hash result will have access to the decryption key.
REFERENCES:
patent: 3849760 (1974-11-01), Endou et al.
patent: 4405829 (1983-09-01), Rivest et al.
patent: 5084636 (1992-01-01), Yoneda
patent: RE34363 (1993-08-01), Freeman
patent: 5237218 (1993-08-01), Josephson et al.
patent: 5237219 (1993-08-01), Cliff
patent: 5343406 (1994-08-01), Freeman et al.
patent: 5349249 (1994-09-01), Chiang et al.
patent: 5369708 (1994-11-01), Kawamura et al.
patent: 5388157 (1995-02-01), Austin
patent: 5394031 (1995-02-01), Britton et al.
patent: 5457408 (1995-10-01), Leung
patent: 5623549 (1997-04-01), Ritter
patent: 5705938 (1998-01-01), Kean
patent: 5768372 (1998-06-01), Sung et al.
patent: 5774544 (1998-06-01), Lee et al.
patent: 5838901 (1998-11-01), Curd et al.
patent: 6002769 (1999-12-01), McGough
patent: 6081597 (2000-06-01), Hoffstein et al.
patent: 6298137 (2001-10-01), Hoffstein et al.
patent: 0253530 (1987-06-01), None
patent: WO92/20157 (1992-11-01), None
patent: WO94/10754 (1993-11-01), None
patent: WO94/01867 (1994-01-01), None
Meneze et. al. Handbook of Applied Cryptography pp. 2-5, 24-25 and 364-367.*
Wolfgang Hoflich, Applications Note, “Using the XC4000 Readback Capability”, XAPP 015.000, 1993, available from Xilinx, Inc., 2100 Logic Drive, San Jose, CA 95124, pp. 8-37 to 8-44.
Bruce Schneier, “Applied Cryptography”, Second Edition, 1996, published by John Wiley & Sons, Inc., pp. 193-197 and 265-285.
Ann Duncan, Application Note, “DES Encryption and Decryption on the XC6216”, available from Xilinx, Inc., 2100 Logic Drive, San Jose, CA 95124, XAPP 106, Feb. 2, 1998 (version 1.0), pp. 1-7.
“The Programmable Logic Data Book”, published Sep., 1996, in its entirety and also specifically pp. 4-54 to 4-79 and 4-253 to 4-286, available from Xilinx, Inc., 2100 Logic Drive, San Jose, California 95124.
Xilinx, Inc.; “The Programmable Logic Data Book”; published Sep. 1996; available from Xilinx, Inc., 2100 Logic Drive, San Jose, California 95124; in its entirety and also specifically pp. 4-54 to 4-79 and 4-253 to 4-286.
Xilinx, Inc.; “Core Solutions Data Book”; published May 1997; available from Xilinx, Inc., 2100 Logic Drive, San Jose, California 95124; pp. 2-5 to 2-13.
Xilinix, Inc.; “The Programmable Logic Data Book”; published 1994; available from Xilinx, Inc., 2100 Logic Drive, San Jose, California 95124; pp. 2-105 to 2-132 and 2-231 to 2-238.
D.D. Gajski, V.M. Milutinovic, H.J. Siegel, and B.P. Furht; “Tutorial—Computer Architecture”; Published by IEEE Computer Society Press, Copyright 1987; pp. v-i.
Gediminas P. Kurpis, Chair and Christopher J. Booth, Editor; “The New IEEE Standard Dictionary of Electrical and Electronics Terms”; Fifth Edition, published Jan. 15, 1993; p. 1011.
“IEEE Standard Test Access Port and Boundary-Scan Architecture”, IEEE Std. 1149.1-1990; published Oct. 21, 1993; IEEE Computer Society; pp. 1-1 thru 1-5, 2-1 thru 2,6, 3-1 thru 3-9, 4-1 thru 4-3, 5-1 thru 5-16, 7-1 thru 7-28.
David A. Patterson and John L. Hennessy; “Computer Architecture A Quantitative Approach”; published by Morgan Kaufmann Publishers, Inc., San Mateo, California; published 1990; pp. 200-201.
Betty Prince; “Semiconductor Memories—A Handbook of Design, Manufacture, and Application”; published by John Wiley & Sons; Copyright 1983, 1991; pp. 149-174.
Paul R. Gray, David A. Hodges, Robert W. Brodersen; “Analog MOS Integrated Circuits—Potential of MOS Technologies for Analog Integrated Circuits”;
Behiel Arthur Joseph
Cartier Lois D.
Hayes Gail
Seal James
Xilinx , Inc.
LandOfFree
Method and apparatus for protecting proprietary... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for protecting proprietary..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for protecting proprietary... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3138700