Electronic digital logic circuitry – Security
Reexamination Certificate
2003-04-30
2004-09-07
Tran, Anh Q. (Department: 2819)
Electronic digital logic circuitry
Security
C326S014000, C326S041000, C326S037000
Reexamination Certificate
active
06788097
ABSTRACT:
FIELD OF INVENTION
This invention relates generally to programmable logic devices and specifically to improving security for programmable logic devices.
DESCRIPTION OF RELATED ART
Programmable logic devices (PLDs) are a class of integrated circuits which can be programmed by a user to implement user-defined logic functions. Early PLDs included an AND array which logically ANDs two or more input signals to produce product terms (P-terms), and an OR array which logically ORs two or more of the P-terms provided by the AND array to generate a sum-of-products term. A complex programmable logic device (CPLD) incorporates several early PLDs and associated connection circuitry onto a single integrated circuit.
Typically, a CPLD includes a plurality of function blocks that are selectively connected to one another and to input/output (I/O) modules by a programmable interconnect matrix. Each function block includes an AND array and a set of macrocells. The AND array includes a set of input lines for receiving selected input signals from the programmable interconnect matrix, and a set of product term (P-term) lines for transmitting P-term signals to the macrocells. Each macrocell includes an OR gate which is programmable to receive one or more of the P-term signals transmitted on the P-term lines. The OR gate produces a sum-of-products term that may be selectively transmitted to the I/O modules, to the interconnect matrix, or to adjacent macrocells.
One problem with conventional PLDs is that the input AND array in each function block consumes electric power at all times, even when the input signals are not changing. This power management problem has been addressed by Jenkins, Seltzer, and Curd in U.S. Pat. No. 6,172,518, incorporated herein by reference, which discloses a power management scheme that may selectively power down individual PLD components with minimal performance degradation. More specifically, this power management scheme designates a function block to generate a power control signal (VENA) that may be used to selectively power down the function blocks and the I/O modules. The power control signal VENA may also be used to force selected device input pins to a static state during in-system programming (ISP) operations. Typically, the signal VENA is distributed through the PLD by a power control rail, which in turn is coupled to an external device pin to allow users to externally observe the signal VENA.
In addition, the signal VENA may be used to disable the input pins of a PLD, as described below with respect to the well-known CPLD
1
shown in FIG.
1
. CPLD
1
is shown to include an input signal blocking circuit
10
, a function block
20
, an observation (VENA) pin
30
, a plurality of input pins
40
(
1
)-
40
(n) and corresponding input buffers
42
(
1
)-
42
(n), and a power control (VENA) rail
50
. Input signal blocking circuit
10
includes a datagate
12
, a buffer
14
, and a plurality of NMOS input pass transistors
16
(
1
)-
16
(n). Datagate
12
is an NMOS pass transistor having a gate coupled to a supply voltage V
DD
, and buffer
14
may be any suitable driver circuit. Input pass transistors
16
(
1
)-
16
(n) are coupled between respective input pins
40
(
1
)-
40
(n) and input buffers
42
(
1
)-
42
(n). Input buffers
42
(
1
)-
42
(n) are typically CMOS inverters. Function block
20
, which is shown to include a well-known macrocell
22
having a flip-flop
24
and buffer
26
, is designated as a control function block to generate the signal VENA in a well-known manner as described, for example, in U.S. Pat. No. 6,172,518. The signal VENA is output from macrocell
22
onto VENA rail
50
, which in turn provides VENA to the gates of input pass transistors
16
(
1
)-
16
(n) via datagate
12
and buffer
14
.
When VENA is de-asserted (e.g., to logic high) by function block
20
, input pass transistors
16
(
1
)-
16
(n) are conductive and allow input signals provided on input pins
40
(
1
)-
40
(n) to pass to corresponding input buffers
42
(
1
)
42
(n), which in turn route the input signals to internal PLD logic (not shown). Conversely, when VENA is asserted (e.g., to logic low), input pass transistors
16
(
1
)-
16
(n) are not conductive and prevent input signals provided on input pins
40
(
1
)-
40
(n) from passing to corresponding input buffers
42
(
1
)-
42
(n), thereby disabling input pins
40
(
1
)-
40
(n).
The observation pin
30
is connected to VENA rail
50
to allow for external observation of the signal VENA. In this manner, a user may monitor observation pin
30
to determine whether selected PLD elements (e.g., function blocks, I/O modules, and input pins) are powered down and/or disabled when the signal VENA is asserted. Unfortunately, observation pin
30
may be used to circumvent the input pin disabling feature of PLD
1
by forcing VENA to a desired state.
For example, in secure applications where a register in the PLD is used to store an access key, a user may be prompted to enter a password through input pins
40
to access the PLD or to access a host system (for example, a cellular phone, personal digital assistant, or other device) which includes the PLD. Typically, the password is provided by the user on input pins
40
and compared to the key stored in the PLD. If there is a match, VENA may be de-asserted to enable input pins
40
, and if there is not a match, VENA may remain asserted to disable input pins
40
. However, a user having knowledge of observation pin
30
's connection to VENA rail
50
may be able to drive pin
30
with sufficient strength to force VENA to a de-asserted state, irrespective of whether function block
20
has de-asserted VENA (e.g., in response to a valid password). In this manner, observation pin
30
may be used to override VENA and thus breach the security of the PLD and/or its host system.
Therefore, there is a need for an input pin signal blocking circuit that allows for external observation of the power control signal VENA without being vulnerable to security overrides using the observation pin.
SUMMARY
A method and apparatus are disclosed that prevent a user from overriding a power control signal from an observation pin. In accordance with one embodiment of the present invention, a function block of a PLD that generates the power control signal provides the power control signal to a distributed power control rail, which in turn is externally observable from an observation pin. The function block also provides the power control signal as a feed forward signal to an input signal blocking circuit. In response to the feed forward signal, the input signal blocking circuit selectively controls the device input pins. For one embodiment, an asserted feed forward signal causes the input signal blocking circuit to disable the input pins, and a de-asserted feed forward signal causes the input signal blocking circuit to enable the device input pins.
For some embodiments, the input signal blocking circuit includes a plurality of input pass transistors, each coupled between a corresponding device input pin and internal PLD logic and having a gate to receive the feed forward signal. For other embodiments, the feed forward signal is selectively provided to the input pass transistors via logic gates in response to corresponding control bits. For still other embodiments, the power control signal on the distributed rail may be selected to control the device input pins via the input pass transistors.
The feed forward signal is not accessible from the external observation pin, and therefore cannot be externally altered (e.g., overridden) from the observation pin by a user attempting to circumvent the input pin disabling mechanism. In this manner, embodiments of the present invention provide improved PLD security while allowing the state of the power control signal to be externally observed.
REFERENCES:
patent: 4879688 (1989-11-01), Turner et al.
patent: 6172518 (2001-01-01), Jenkins, IV et al.
“The Programmable Logic Data Book”, 1998, available from Xilinx, Inc. 2100 Logic Drive, San Jose, CA 95124, pp. 3-5 to 3-19.
Jenkins, IV Jesse H.
Lakkapragada Shankar
Liu Justin
Paradice III William L.
Tran Anh Q.
Xilinx , Inc.
LandOfFree
Security improvements for programmable devices does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Security improvements for programmable devices, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Security improvements for programmable devices will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3188589