Cryptography and key management device and architecture
US-2015381592-A1 · Dec 31, 2015 · US
Secure external key storage for programmable ICS
US10044514B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-10044514-B1 |
| Application number | US-201514866712-A |
| Country | US |
| Kind code | B1 |
| Filing date | Sep 25, 2015 |
| Priority date | Sep 25, 2015 |
| Publication date | Aug 7, 2018 |
| Grant date | Aug 7, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The disclosure describes approaches for protecting a circuit design for a programmable integrated circuit (IC). A black key is generated from an input red key by a registration circuit implemented on the programmable IC, and the black key is stored in a memory circuit external to the programmable IC. The programmable IC is configured to implement a pre-configuration circuit, which inputs the black key from the memory circuit and generates the red key from the black key. A ciphertext circuit design is decrypted into a plaintext circuit design by the programmable IC using the red key, and the red key is erased from the programmable IC. The programmable IC is reconfigured with the plaintext circuit design.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of protecting a circuit design for a programmable integrated circuit (IC), comprising: configuring programmable logic and interconnect resources of the programmable IC to implement a first instance of a Physically Unclonable Function (PUF) circuit and a registration circuit; generating a first instance of a PUF value by the first instance of the PUF circuit; generating a black key from an input first instance of a red key and the first instance of the PUF value by the registration circuit; storing the black key resulting from the generating of the black key in a memory circuit external to the programmable IC; reconfiguring the programmable logic and interconnect resources of the programmable IC to implement a second instance of the PUF circuit in a pre-configuration circuit; generating a second instance of the PUF value by the second instance of the PUF circuit; inputting the black key from the memory circuit to the pre-configuration circuit; generating a second instance of the red key from the black key and the second instance of the PUF value by the pre-configuration circuit; decrypting a ciphertext circuit design into a plaintext circuit design by the programmable IC using the second instance of the red key; erasing the second instance of the red key from the programmable IC; and reconfiguring the programmable IC with the plaintext circuit design. 2. The method of claim 1 , wherein the configuring the programmable IC to implement the pre-configuration circuit includes: inputting a pre-configuration bitstream to the programmable IC; authenticating the pre-configuration bitstream; and halting the configuring of the programmable logic and interconnect resources of the programmable IC to implement the pre-configuration circuit in response to the pre-configuration bitstream failing the authenticating. 3. The method of claim 2 , further comprising: inputting the ciphertext circuit design to the programmable IC; authenticating the ciphertext circuit design; and halting the reconfiguring of the programmable logic and interconnect resources of the programmable IC with the plaintext circuit design in response to the ciphertext circuit design failing the authenticating. 4. The method of claim 1 , wherein the generating the second instance of the red key includes: authenticating the black key; and halting the generating of the second instance of the red key, the decrypting, the erasing and the reconfiguring in response to the black key failing the authenticating. 5. A method of protecting a circuit design for a programmable integrated circuit (IC), comprising: configuring programmable logic resources and programmable interconnect resources of the programmable IC to implement a registration circuit that includes a first instance of a Physically Unclonable Function (PUF) circuit and a wrapper circuit; generating a first instance of a PUF value by the first instance of the PUF circuit; inputting a first instance of a red key to the wrapper circuit; generating a black key by the wrapper circuit as a function of the first instance of the PUF value and the first instance of the red key; storing the black key resulting from the generating of the black key in a memory circuit external to the programmable IC; reconfiguring the programmable logic resources and programmable interconnect resources of the programmable IC to implement a pre-configuration circuit that includes a second instance of the PUF circuit and an unwrapper circuit; generating a second instance of the PUF value by the second instance of the PUF circuit; inputting the black key from the external memory circuit to the unwrapper circuit; generating a second instance of the red key by the unwrapper circuit as a function of the black key and the second instance of the PUF value; inputting a ciphertext circuit design to the programmable IC; decrypting the ciphertext circuit design into a plaintext circuit design by a decryption circuit of the programmable IC using the second instance of the red key; erasing the second instance of the red key from the programmable IC; and reconfiguring the programmable logic resources and programmable interconnect resources of the programmable IC with the plaintext circuit design. 6. The method of claim 5 , wherein: the generating of the black key includes: encrypting the first instance of the red key using the first instance of the PUF value as an encryption key; and the generating of the second instance of the red key includes: decrypting the black key using the second instance of the PUF value as a decryption key. 7. The method of claim 5 , wherein: the generating of the black key includes: XORing the first instance of the red key with the first instance of the PUF value; and the generating of the second instance of the red key includes: XORing the black key with the second instance of the PUF value. 8. The method of claim 5 , wherein the reconfiguring the programmable IC to implement the second instance of the PUF circuit and the unwrapper circuit includes: inputting a pre-configuration bitstream to the programmable IC; authenticating the pre-configuration bitstream; and halting the reconfiguring of the programmable logic resources and programmable interconnect resources of the programmable IC to implement the second instance of the PUF circuit and the unwrapper circuit in response to the pre-configuration bitstream failing the authenticating. 9. The method of claim 8 , further comprising: authenticating the ciphertext circuit design; and halting the reconfiguring of the programmable logic resources and programmable interconnect resources of the programmable IC with the plaintext circuit design in response to the ciphertext circuit design failing the authenticating. 10. The method of claim 5 , wherein the generating the second instance of the red key includes: authenticating the black key; and halting the generating of the second instance of the red key, the decrypting, the erasing and the reconfiguring in response to the black key failing the authenticating. 11. An electronic system, comprising: a computer system: a programmable integrated circuit (IC) coupled to the computer system and including programmable logic resources, programmable interconnect resources circuitry and a key memory; a memory circuit coupled to the programmable IC and external to the programmable IC; wherein the computer system is configured to provide a registration bitstream to the programmable IC for configuring the programmable logic resources and programmable interconnect resources to implement a wrapper circuit and a first instance of a Physically Unclonable Function (PUF) circuit; wherein the first instance of the PUF circuit is configured to generate a first instance of a PUF value, and the wrapper circuit is configured to generate a black key from an input first instance of a red key and the first instance of the PUF value and store the black key resulting from generation of the black key in the memory circuit; wherein the memory circuit is configured with a pre-configuration bitstream; wherein the programmable IC is configured to input the pre-configuration bitstream and configure the programmable logic resources and programmable interconnect resources to implement a pre-configuration circuit, and the pre-configuration circuit includes a second instance of the PUF circuit and an unwrapper circuit; wherein the unwrapper circuit is configured to input the black key and generate a second instance of the red key as a function of the black key using a second instance of the PUF value from the second instance of the PUF circ
Assignees
Inventors
Classifications
using a plurality of keys or algorithms · CPC title
Key scheduling, i.e. generating round keys or sub-keys for block encryption · CPC title
Details relating to cryptographic hardware or logic circuitry · CPC title
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
involving digital signatures · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10044514B1 cover?
- The disclosure describes approaches for protecting a circuit design for a programmable integrated circuit (IC). A black key is generated from an input red key by a registration circuit implemented on the programmable IC, and the black key is stored in a memory circuit external to the programmable IC. The programmable IC is configured to implement a pre-configuration circuit, which inputs the bl…
- Who is the assignee on this patent?
- Xilinx Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3278. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 07 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).