`
`
`
`
`
`
`
`United States Patent
`(12)
`US 7,558,967 B2
`(10) Patent No.:
`
`
`
`
`
`
`
`(45) Date of Patent:
`Jul. 7, 2009
`Wong
`
`
`
`
`
`USOO7558967B2
`
`
`
`(54) ENCRYPTION FOR A STREAM FILE IN AN
`
`
`
`
`
`FPGA INTEGRATED CIRCUIT
`
`
`
`(75)
`
`
`
`
`
`
`
`
`
`Inventor: Wayne Wong, Sunnyvale, CA (US)
`.
`~
`.
`.
`~
`
`
`
`
`
`
`
`
`(73) ASSlgnee‘ 01$] corporatlon’ Mountam Vlew’ CA
`
`.
`.
`.
`.
`.
`
`31113130110 any dISCIalmers theterm 0mm
`(*) N01109:
`
`
`
`
`
`
`
`
`
`
`
`patent is extended or adjusted under 35
`
`
`
`
`U.S.C. 154(b) by 583 days.
`
`
`
`(21) App1.No.: 09/953,580
`.
`F11ed:
`
`
`
`
`
`
`
`
`
`(22)
`
`
`
`
`
`Sep. 13, 2001
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Prior Publication Data
`
`
`
`
`US 2003/0163715 A1
`Aug. 28’ 2003
`
`
`Int. Cl.
`H04L 9/18
`(2006.01)
`
`
`
`(52) US. Cl.
`........................... 713/189; 716/16; 716/17;
`
`
`
`
`
`
`
`326/8; 326/38; 326/39; 713/191, 713/193
`
`
`
`
`
`
`(58) Field of Classification Search ............. 716/16717;
`326/8, 37741, 4, 44, 380/44, 42, 37, 708/232,
`
`
`
`
`
`.708/626; 712/206; 713/191, 188, 189, 193
`
`
`
`
`
`
`
`See app11cat1on file for complete search h1story.
`
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`
`
`
`
`
`
`
`3/1990 E1 05mm et al' """""" 307/465
`
`
`
`
`
`2/1995 Austin ........................... 380/4
`
`
`
`
`
`4/1995 Thompson et al.
`.......... 380/237
`
`
`
`
`
`6/1995 Trimberger
`.....
`326/39
`
`9/1995 E1 Avat et a1.
`326/39
`
`
`
`
`
`
`
`
`
`
`
`
`
`5/ 1996 Katta et al.
`................. 380/217
`8/1996 Yorke-Smith ............... 713/193
`
`
`
`
`
`10/1997 O’Brien, Jr. et al.
`........ 367/135
`
`
`
`
`
`
`(65)
`
`
`
`(51)
`
`
`
`(56)
`
`
`
`
`4’910’417 A
`
`5,388,157 A
`
`5,406,627 A
`
`5,426,379 A
`5 451 887 A
`
`
`5,515,437 A *
`5,548,648 A *
`
`5,675,553 A
`
`
`5,768,372 A
`
`5,946,478 A *
`
`5,970,142 A
`
`
`6,028,445 A *
`6,118,869 A *
`
`6,205,574 B1*
`
`
`
`
`6,351,142 B1*
`6,357,037 B1*
`
`
`6,446,242 B1*
`
`
`6 507 943 B1*
`
`
`a
`’
`
`6/ 1998 Sung et al.
`
`
`
`8/1999 Lawman ...................... 716/17
`
`
`
`
`
`10/1999 Erickson .....
`380/21
`
`
`
`
`
`
`
`
`
`
`
`2/2000 Lawman ........
`326/38
`9/2000 Kelem et al. ........... 380/44
`
`
`
`
`
`
`
`3/2001 Dellinger et al.
`..... 716/16
`..
`
`
`
`
`
`
`
`
`
`
`.............
`2/2002 Abbott
`326/39
`
`3/2002 Burnham et al.
`..... 716/17
`..
`
`
`
`
`
`
`9/2002 L'
`tal.
`
`...... 716/6
`
`
`
`
`
`1/2003 £12; ......................... 716/16
`
`
`(Continued)
`
`
`
`
`FOREIGN PATENT DOCUMENTS
`1093056
`4/2001
`*
`
`
`
`
`
`
`
`EP
`
`
`
`(Continued)
`
`
`
`
`OTHER PUBLICATIONS
`
`
`
`
`
`
`
`Microsoft Press Computer Dictionary, 3rd edition, Copyright 1997,
`p. 421*
`
`
`
`
`
`
`
`
`d R
`
`
`LLP
`oca
`
`
`
`(Continued)
`
`.
`.
`.
`
`
`
`
`ZZZ/ii;,?f$;7,f§;§ififléfi$1813”
`
`
`
`
`
`
`
`
`
`I
`F' 7L -
`74 All
`A
`”me” gen’ or ”m
`ems an
`(
`)
`
`
`ABSTRACT
`(57)
`
`
`
`
`
`
`
`
`
`A system for encryptmg and decryptmg data 1n a data stream
`
`
`
`
`
`
`
`for programming a Field Programmable Gate Array (FPGA).
`The system allows for an enable bit to be set for a gap in the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`data stream and the data is then encrypted from the beginning
`
`
`
`
`
`
`
`
`
`
`ofthe gap.A gap being bits in said data stream that correspond
`
`
`
`
`
`
`
`
`to un 1‘0
`a
`ed addresses Of a memo
`in the field 1‘0-
`
`
`
`ry
`p gr mm
`.
`p
`
`
`
`
`
`
`
`
`grammable gate may “1393131 {S the“ decrypted by???“
`FPGA when the b1t stream 15 rece1ved and an enable b1t 15
`
`
`
`
`
`
`
`
`
`
`
`
`detected in a gap 0fthe data Stream
`
`30 Claims, 4 Drawing Sheets
`
`
`
`
`
`
`
`——/— 2w
`PRODUCE DATA STREAM 210
`
`
`
`
`SELECT ENCRYPTION OF DATA STREAM _ 220
`
`
`
`ENCRYPT DATA STREAM
`
`
`230
`
`
`
`
`
`STORE ON EXTERNAL SOURCE \ 240
`
`
`
`
`
`SEND ENCRYPTED DATA STREAM T0 FPGA \ 250
`
`
`
`
`
`
`
`
`
`
`DE-ENCRYPT DATA STREAM
`
`
`
`
`CONFIGURE RAM/PROM
`WITH DE—ENCRYPTED
`
`
`
`DATA STREAM
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 1 of 10
`
`FLEX LOGIX EXHIBIT 1044
`
`FLEX LOGIX EXHIBIT 1044
`
`Page 1 of 10
`
`
`
`
`
`US 7,558,967 B2
`
`
`Page 2
`
`U.S. PATENT DOCUMENTS
`
`
`
`6,526,557 B1 *
`2/2003 Young et al.
`.................. 716/16
`
`
`
`
`
`
`
`6,654,889 B1 * 11/2003 Trimberger
`. 713/191
`.
`
`
`
`
`
`
`
`6,735,291 B1 *
`5/2004 Schmid et al.
`. 379/189
`.
`
`
`
`
`
`
`716/17
`6,738,962 B1 *
`5/2004 Flaherty et a1.
`
`
`
`
`
`
`
`*
`_
`
`
`
`
`
`
`
`
`
`6’756’811 B2
`6/2004 Or Bach """
`" 326/41
`6,904,527 B1*
`6/2005 Parlour et al.
`. 713/189
`
`
`
`
`
`
`
`
`6,931,543 B1*
`8/2005 Pang et al.
`.....
`713/193
`
`
`
`
`
`
`
`
`.
`
`
`
`
`
`
`
`
`
`2001/0032318 A1* 10/2001 Y1p et al.
`713/190
`
`
`
`
`
`
`2001/0056546 A1* 12/2001 OgilVie ....................... 713/200
`
`
`
`FOREIGN PATENT DOCUMENTS
`
`
`05056267 A
`3/1993
`
`
`
`
`
`
`
`JP
`
`
`
`JP
`JP
`Jp
`Jp
`
`
`
`
`
`
`7-281596 A
`
`2000-76075 A
`
`2000-78023 A
`
`2005-518691 A
`
`
`10/1996
`
`3/2000
`
`3/2000
`
`6/2005
`
`
`
`
`
`
`
`OTHER PUBLICATIONS
`
`
`
`
`
`
`
`
`
`
`
`Glenn, R. and Kent, 8., “The NULL Encryption Algorithm and Its
`,,
`.
`.
`
`Use With IPsec, RFC 2410,Netw0rkW0rk1ng Group,NOV. 1998, UR
`
`
`
`
`
`
`
`
`
`http://WWW.faqs.0rg/ftp/rfc/pdf/rfc2410.b<t.pdf, 6 pages.
`
`
`
`
`
`
`
`
`t A 1.
`N 2003 527602 (P bl'
`t..
`N
`t'
`J
`Pt
`
`
`
`
`
`
`0'
`‘1 en
`u ”a “on
`apanese
`0'
`PP 1” 1°“
`'
`2005-518691) Notice ofAllowance and English translation of Infor-
`
`
`
`
`
`
`
`mation Sheet for prior art listed in Notice ofAllowance dated Sep. 30,
`
`
`
`
`
`
`
`
`
`2008, 4 pages.
`
`
`
`
`* cited by examiner
`
`
`
`Page 2 of 10
`
`Page 2 of 10
`
`
`
`
`US. Patent
`
`
`
`
`Jul. 7, 2009
`
`
`
`
`Sheet 1 of4
`
`
`
`US 7,558,967 B2
`
`
`
`
`
`
`
`
`SEND DATA STREAM TO FPGA
`
`
`
`
`
` 130
`
`
`
`
`
`
` CONFIGURE RAM/PROM WITH DATA STREAM \ 140
`
`
`
`
`
`
`
`
`
`
`
`
`PRIOR ART
`
`
`
`
`FIG. 1
`
`Page 3 of 10
`
`Page 3 of 10
`
`
`
`
`US. Patent
`
`
`
`
`Jul. 7, 2009
`
`
`
`
`Sheet 2 of4
`
`
`
`US 7,558,967 B2
`
`
`
`PROGRAM FPGA f 200
`
`
`
`
`
`PRODUCE DATA STREAM x 210
`
`
`
`
`
`SELECT ENCRYPTION OF DATA STREAM % 220
`
`
`
`
`
`ENCRYPT DATA STREAM __/—— 230
`
`
`
`
`
`
`STORE ON EXTERNAL SOURCE x 240
`
`
`
`
`
`
`SEND ENCRYPTED DATA STREAM TO FPGA \ 250
`
`
`
`
`
`
`
`DE—ENCRYPT DATA STREAM “\- 260
`
`
`
`
`
`CONFIGURE RAM/PROM
`
`
`WITH DE-ENCRYPTED
`
`DATA STREAM —/
`
`
`
`
`
`270
`
`
`
`
`
`
`FIG. 2
`
`Page 4 of 10
`
`Page 4 of 10
`
`
`
`
`US. Patent
`
`
`
`
`Jul. 7, 2009
`
`
`
`
`Sheet 3 of4
`
`
`
`US 7,558,967 B2
`
`
`
`
`
`OF GAP?
`
`
`
`
`
`ENABLED?
`
`330
`
`
`
`
`
`
`COMPLEMENT EVERY
`
`
`
`8th BIT UNTIL
`
`BEGINNING OF
`
`
`NEXT GAP
`
`f 340
`
`
`
`
`
`
`
`
`
`
`
` IS
`
`
`
`ENCRYPTION
`
`
`
`
`
`
`
`350
`
`
`
`
`
`
`END OF
`
`
`DATA STREAM?
`
`
`
`Page 5 of 10
`
`Page 5 of 10
`
`
`
`
`US. Patent
`
`
`
`
`Jul. 7, 2009
`
`
`
`
`Sheet 4 of4
`
`
`
`US 7,558,967 B2
`
`
`
`
`
`
`
`
`
`
`
`
`
`OF GAP?
`
`
`
`
`
`
`
`
`
`
` FPGA RECEIVES ENCRYPTED ____/-——— 410
`DATA STREAM
`
`ENAB LED ?
`
`
`
`
`
` IS
`
`
`
`
`ENCRYPTION
`
`
`
` CONFIGURE RAM/PROM
`
`
`
`
`
`
` COMPLEMENT EVERY
`
`
`
`8th BIT UNTIL
`
`
`
`
`BEGINNING OF
`
`
`
`NEXT GAP
`
`
`
`
`
`
`
`
`
`
`
`m 440
`
`
`
`
`
`
`
`
` 450
`END OF
`
`DATA STREAM?
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`WITH DE-ENCRYPTED
`
`DATA STREAM
`
`
`
`
`
`
`
`
`
`FIG. 4
`
`Page 6 of 10
`
`Page 6 of 10
`
`
`
`US 7,558,967 B2
`
`1
`ENCRYPTION FOR A STREAM FILE IN AN
`FPGA INTEGRATED CIRCUIT
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`
`The present invention relates to field programmable gate
`array (FPGA) integrated circuits. More particularly,
`the
`present invention relates to a method and apparatus for
`encrypting a data stream used to program an FPGA device.
`2. Background of the Invention
`A field-programmable gate array (FPGA) is an integrated
`circuit (IC) that includes a two-dimensional array of general
`purpose logic circuits, called cells or blocks, whose functions
`are programmable. The cells are linked to one another by
`programmable buses. The cell types may be small multifunc-
`tion circuits (or configurable functional blocks or groups)
`capable of realizing all Boolean functions of a few variables.
`The cell types are not restricted to gates. For example, con-
`figurable functional groups typically include memory cells
`and connection transistors that may be used to configure logic
`functions such as addition, subtraction, etc., inside of the
`FPGA. A cell may also contain sequential elements such as
`flip-flops. Two types of logic cells found in FPGAs are those
`based on multiplexers and those based on programmable read
`only memory (PROM) table-lookup memories. Erasable
`FPGAs can be reprogrammed many times. This technology is
`especially convenient when developing and debugging a pro-
`totype design for a new product and for manufacture.
`FPGAs may typically include a physical template that
`includes an array of circuits, sets of uncommitted routing
`interconnects, and sets of user programmable switches asso-
`ciated with both the circuits and the routing interconnects.
`When these switches are properly programmed (set to on or
`off states), the template or the underlying circuit and inter-
`connect of the FPGA is customized or configured to perform
`specific customized functions. By reprogramming the on-off
`states ofthese switches, an FPGA can perform many different
`functions. Once a specific configuration of an FPGA has been
`decided upon, it can be configured to perform that one spe-
`cific function.
`
`The user programmable switches in an FPGA can be
`implemented in various technologies, such as Oxide Nitrogen
`Oxide (ONO) antifuse, Metal- Metal (M-M) antifuse, Static
`Random Access Memory (SRAM) memory cell, Flash Eras-
`able Programmable Read Only Memory (EPROM) memory
`cell, and electronically Erasable Progammable Read Only
`Memory (EEPROM) memory cell. FPGAs that employ fuses
`or antifuses as switches can be programmed only once. A
`memory cell controlled switch implementation of an FPGA
`can be reprogrammed repeatedly. In this scenario, a NMOS
`transistor may be used as the switch to either connect or leave
`unconnected two selected points (A,B) in the circuit. The
`source and drain nodes of the transistor may be connected to
`points A, B respectively, and its gate node may be directly or
`indirectly connected to the memory cell. By setting the state
`ofthe memory cell to either logical “1” or “0”, the switch can
`be turned on or off and thus pointA and B are either connected
`or remain unconnected. Thus, the ability to program these
`switches provides for a very flexible device.
`FPGAs may store the program that determines the circuit
`to be implemented in a RAM or PROM on the FPGA chip.
`The pattern of the data in this configuration memory (CM)
`determines the cell’s functions and their interconnection wir-
`
`ing. Each bit of CM controls a transistor switch in the target
`circuit that can select some cell function or make (or break)
`some connection. By replacing the contents of CM, designers
`
`2
`
`can make design changes or correct design errors. The CM
`can be downloaded from an external source or stored on-chip.
`This type of FPGA can be reprogrammed repeatedly, which
`significantly reduces development and manufacturing costs.
`Design software may be used to program the FPGA. The
`design software may compile a specific configuration of the
`programmable switches desired by the end-user, into FPGA
`configuration data. The design software assembles the con-
`figuration data into a bit stream, i.e., a stream of ones and
`zeros, that is fed into the FPGA and used to program the
`configuration memories for the programmable switches. The
`bitstream is the data-pattem to be loaded into the CM that
`determines whether each memory cell stores a “1” or “0”. The
`stored bit in each CM controls whether its associated transis-
`
`tor switch is tumed on or off. End users typically use software
`to create the bitstream after they have simulated and, tested
`the design for the FPGA.
`Referring to the flow chart of FIG. 1, a designer or end user
`programs an FPGA 100. The design software assembles the
`configuration data into a data stream 110. This act may also be
`performed by software personnel. The data stream may be
`stored on a source external to the FPGA 120. On start up, the
`external source sends the data stream to the FPGA 130. Once
`
`10
`
`15
`
`20
`
`25
`
`in the FPGA, the data stream configures the RAM or PROM
`within the FPGA.
`In a FPGA that uses a data stream that is downloaded from
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`an external source, a person may be able to intercept the data
`stream as it is being loaded onto the FPGA, between acts 120
`and 130 of FIG. 1. This may allow such a person to reverse
`engineer the IC if he or she is able to read the data stream.
`
`BRIEF DESCRIPTION OF THE INVENTION
`
`The present invention is directed towards a method and
`apparatus for encrypting a data stream used to program an
`FPGA device comprising: determining if there is at least one
`gap in the data stream; determining whether encryption is
`enabled for the at least one gap in the data stream; and
`encrypting the data stream, if encryption is enabled for the at
`least one gap.
`The present invention is also directed towards a method
`and apparatus for de-encrypting an encrypted data stream
`used to program an FPGA device comprising: determining if
`there is at least one gap in the data stream; determining
`whether encryption was enabled for the at least one gap in the
`data stream; and de-encrypting the data stream, if encryption
`was enabled for the at least one gap.
`
`BRIEF DESCRIPTION OF THE DRAWING
`FIGURES
`
`FIG. 1 is a flow chart showing the prior art.
`FIG. 2 is a flow chart showing one embodiment of the
`disclosed system.
`FIG. 3 is a flow chart showing one embodiment of the
`disclosed system.
`FIG. 4 is a flow chart showing one embodiment of the
`disclosed system.
`
`DETAILED DESCRIPTION OF THE INVENTION
`
`Those of ordinary skill in the art will realize that the fol-
`lowing description ofthe present invention is illustrative only
`and not in any way limiting. Other embodiments ofthe inven-
`tion will readily suggest themselves to such skilled persons.
`FIG. 2 refers to a flow chart describing one embodiment of
`the disclosed method. In the first act 200 a designer or user
`
`Page 7 of 10
`
`Page 7 of 10
`
`
`
`
`3
`
`
`
`
`
`
`
`
`programs an FPGA 200. The design software assembles the
`
`
`
`
`
`
`
`
`
`configuration data into a data stream 210. The design soft-
`
`
`
`
`
`
`
`
`ware may inquire as to whether the designer or the user
`
`
`
`
`
`
`
`
`wishes to have the data stream encrypted. If the designer or
`
`
`
`
`
`
`
`
`
`user wants the data stream to be encrypted, then he or she may
`
`
`
`
`
`
`
`
`
`
`select the option for encryption at act 220. The data stream is
`
`
`
`
`
`
`
`
`
`encrypted at act 230. This act 230 may also be performed by
`
`
`
`
`
`
`
`
`software personnel. The data stream may be stored on a
`source external to the FPGA 240. The external data source
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`may be a PROM, CPU or any other memory device. On
`
`
`
`
`
`
`
`
`
`start-up, the external source sends the data stream to the
`
`
`
`
`
`
`
`
`
`
`FPGA 250. The FPGA may de-encrypt the data stream prior
`
`
`
`
`
`
`
`to configuring the RAM or PROM 260. Once de-encrypted,
`
`
`
`
`
`
`
`
`
`the data stream configures the RAM or PROM within the
`15
`
`
`
`
`
`
`
`
`FPGA 270. The RAM associated with each programmable
`transistor on the FPGA may also be referred to as RAM
`
`
`
`
`
`
`
`
`
`
`CELLS.
`
`
`
`
`
`
`
`
`
`
`In many systems, the data stream is loaded into CM which
`
`
`
`
`
`
`is addressed by X and Y address lines running horizontally
`
`
`
`
`
`
`
`
`
`and vertically. During the configuration, the data stream bits
`
`
`
`
`
`
`
`
`are loaded sequentially column (Y) by column (Y). Within
`one column, it is loaded bit by bit from the top to the bottom
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`(stepping through all the rows or X’s). Some intersections of
`
`
`
`
`
`
`X and Y lines or addresses may have no physical CM bits
`
`
`
`
`
`
`
`
`since those locations may be used by logic modules or other
`
`
`
`
`
`
`
`components. Although there may be locations with no data
`stream bits on the FPGA device, the data stream still contains
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`data in the form of 1’s or 0’s corresponding to those empty
`locations.
`
`
`
`
`
`
`
`
`Consecutive empty locations in the addressing space may
`be referred to as a “GAP”. The stream data inside the gap is
`
`
`
`
`
`
`
`
`
`not written to the CM and therefore has no effect on the
`
`
`
`
`
`
`
`
`
`
`
`
`
`functionality of the configured FPGA. An address decoder
`
`
`
`
`
`
`
`
`
`
`may signal the beginning and also the end of such a gap. At the
`
`
`
`
`
`
`
`end of the gap, the integrity of the configuration data loaded
`
`
`
`
`
`
`
`
`up to this point may be checked by an on-chip 16-bit Cyclic
`Redundancy Check (CRC) circuit. In another embodiment of
`
`
`
`
`
`
`the disclosed system that uses a 16-bit CRC, the minimum
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`gap size may be 17 bits. The first bit inside the gap may be the
`
`
`
`
`
`
`
`
`“Encryption Enable” bit. If the Encryption Enable bit is set,
`then the subsequent section of the data stream will be
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`encrypted. The section may be defined as all the bits after the
`
`
`
`
`
`
`
`Encryption Enable Bit up to the beginning of the next gap.
`the sections may be defined in other ways. If
`However,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`encryption is enabled, every eighth (8th) bit may be comple-
`mented (changed from a “1” to a “0” and from a “0” to a “1”).
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`It is not necessary that only the 8‘17 bit be complemented, other
`
`
`
`
`
`
`bits may be complemented, random patterns or un-random
`
`
`
`
`
`
`
`
`
`patterns of data may be inserted in the data stream gaps. If the
`encrypted data stream is loaded into the CM ofthe FPGA, the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`FPGA may not function correctly. Thus the data stream may
`
`
`
`
`
`
`
`be de-encrypted prior to entering the CM but after entering
`
`
`
`
`
`
`
`
`the FPGA device. The encryption can be optionally set to
`
`
`
`
`
`
`
`
`
`“on” or “off” for each section, thus for a particular design,
`with a different on/off setting the data stream file can appear
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`very different, thereby making reverse engineering more dif-
`ficult.
`
`Referring to FIG. 3, an illustration of one embodiment of
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the system is shown. The system receives the data stream at
`act 310. The system determines whether it has received the
`
`
`
`
`
`
`
`
`
`start of a gap at query 320. In one embodiment of the dis-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`closed system a gap may be as small as 2 bits. In another
`
`
`
`
`
`
`embodiment of the disclosed system, a gap may be at least 17
`
`
`
`
`
`
`
`
`bits in length upwards to at least 64 bits in length. The mini-
`mum of 17 bits may be due to the use ofa 16-bit CRC. The
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`system then determines whether encryption has been enabled
`
`
`
`
`
`
`
`
`
`
`for that gap at query 330. If encryption has been enabled, the
`
`10
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`Page 8 of 10
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`US 7,558,967 B2
`
`5
`
`
`
`
`
`
`
`
`
`
`
`system then complements every 8‘11 bit until the beginning of
`
`
`
`
`
`
`
`
`
`
`the next gap at act 340. The system performs this method until
`it determines that it has reached the end of the data stream at
`
`
`
`
`
`
`
`
`
`
`
`query 350.
`
`
`
`
`
`Referring to FIG. 4, another embodiment of the disclosed
`
`
`
`
`
`
`
`
`method is shown. The FPGA receives the encrypted data
`
`
`
`
`
`
`
`
`
`
`stream from the external source at act 410. The system then
`
`
`
`
`
`
`
`
`determines that if it has received the start of a gap at query
`
`
`
`
`
`
`
`
`
`420. Ifthe system determines it has received the start of a gap,
`
`
`
`
`
`
`
`
`then the system determines whether the encryption was
`
`
`
`
`
`
`
`
`enabled at query 430. If the encryption was enabled, the
`
`
`
`
`
`
`system complements every 8‘11 bit (or other nth bit if a number
`
`
`
`
`
`
`
`
`
`other than 8 was used) until the beginning of the next gap at
`
`
`
`
`
`
`
`
`
`
`act 440. Act 440 in effect de-encrypts the data stream. The
`
`
`
`
`
`
`
`
`system then determines whether it has received the end ofthe
`
`
`
`
`
`
`
`
`
`data stream at query 450. If the system determines that it has
`
`
`
`
`
`
`
`
`
`received the end of the data stream, then the system config-
`ures the RAM and/or PROM of the FPGA with the de-en-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`crypted data stream at act 460.
`
`
`
`
`
`
`In another embodiment of the present invention, portions
`
`
`
`
`
`
`
`
`of the data stream may be compressed and other portions of
`
`
`
`
`
`
`
`
`
`the data stream may be encrypted, thereby further altering the
`
`
`
`
`
`
`
`
`
`data stream and thus hindering those who may attempt to
`
`
`
`
`
`reverse engineer the data stream.
`
`
`
`
`
`
`
`In another embodiment of the present invention, random
`
`
`
`
`
`
`
`
`
`bits may be inserted into the gaps of the data stream to further
`
`
`
`
`
`
`
`
`
`hinder those who may wish to reverse engineer the data
`stream.
`
`
`
`
`
`
`
`
`While embodiments and applications of this invention
`
`
`
`
`
`
`
`
`have been shown and described, it would be apparent to those
`skilled in the art that many more modifications than men-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`tioned above are possible without departing from the inven-
`tive concepts herein. The invention, therefore, is not to be
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`restricted except
`in the spirit of the appended claims.
`
`
`
`
`
`
`
`
`
`Although the claims refer to sending the data stream to RAM
`CELLS on the FPGA, those skilled in the art are aware that
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the disclosed system also applies to those devices with other
`
`
`
`
`
`
`
`
`memory devices located in the FPGA, including without limi-
`tation PROMs.
`
`
`What is claimed is:
`
`
`
`
`
`
`
`
`1. A method for encrypting a data stream used to program
`
`
`
`
`
`
`a field programmable gate array comprising:
`receiving said data stream wherein said data stream is a
`
`
`
`
`
`
`
`
`
`
`string of bits;
`
`
`
`
`
`
`
`
`detecting a first gap in said data stream wherein said first
`gap is bits in said stream for an unused address in said
`
`
`
`
`
`
`
`
`
`
`
`field programmable gate array;
`
`
`
`
`
`
`determining whether encryption is enabled for said first
`gap;
`
`
`
`
`
`
`
`
`inserting an encryption identifier into said first gap identi-
`
`
`
`
`
`
`fying whether encryption has been enabled;
`
`
`
`
`
`
`
`encrypting bits in said stream of bits from a beginning of
`
`
`
`
`
`
`
`
`said first gap a prespecified number of bits at a time
`
`
`
`
`
`
`utilizing a prespecified set of bits as a bit mask, wherein:
`
`
`
`
`the encrypting is a loop comprising:
`
`
`
`
`
`
`selecting a next prespecified number of bits from the
`stream of bits as a selected set of bits;
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`toggling the specified set of bits from the selected set of
`bits; and
`
`
`
`
`
`
`
`
`
`repeating the selecting and the toggling until a second
`gap in said stream for an unused address in said field
`
`
`
`
`
`
`
`
`
`
`
`programmable gate array is encountered;
`
`
`
`
`detecting the second gap;
`
`
`
`
`
`
`ending encryption of bits in said stream of bits at a begin-
`
`
`
`
`
`
`ning of said second gap in response to detecting said
`
`
`
`second gap; and
`
`4
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 8 of 10
`
`
`
`5
`
`
`
`
`
`
`wherein the encrypting further comprise:
`
`
`
`
`
`
`
`
`
`encrypting a first portion of bits in said first gap from said
`
`
`
`
`
`
`begining of said first gap responsive to a determination
`
`
`
`
`that encrypting is enabled; and
`
`
`
`
`
`
`
`
`compressing data in a second portion of said first gap
`
`
`
`
`
`responsive to a determination that encrypting is not
`enabled.
`
`
`
`
`
`
`2. The method of claim 1 further comprising:
`
`
`
`
`
`
`detecting an end of said bits stream; and
`
`
`
`
`
`
`ending encryption at the end of said bit stream.
`
`
`
`
`
`
`3. The method of claim 1 further comprising:
`
`
`
`
`
`
`
`compressing data in said stream of bits in response to a
`
`
`
`
`
`determination that encryption is not enabled.
`
`
`
`
`
`
`
`4. The method of claim 1, wherein said step of encrypting
`
`
`further comprises:
`
`
`
`
`
`
`
`
`inserting random bits into said at least one gap.
`
`
`
`
`
`
`
`
`5. The method of claim 1, wherein said step of encrypting
`inserts non-random bits into said first gap.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`6. A memory readable by a processing unit that stores
`
`
`
`
`
`
`
`
`instructions for directing said processing unit for encrypting
`
`
`
`
`
`
`
`bits in a data stream for programming a field programmable
`
`
`
`
`
`
`
`gate array, said instructions comprising instructions to:
`
`
`
`
`
`
`
`
`
`receive said data stream wherein said data stream is a string
`of bits;
`
`
`
`
`
`
`
`
`
`
`
`
`detect a first gap in said data stream wherein said first gap
`is bits in said stream for an unused address in said field
`
`
`
`
`
`
`
`
`
`
`
`
`programmable gate array;
`
`
`
`
`
`
`
`
`determine whether encryption is enabled for said first gap;
`
`
`
`
`
`
`
`
`insert an encryption identifier into said first gap identifying
`
`
`
`
`
`whether encryption has been enabled;
`
`
`
`
`
`
`
`encrypt bits in said stream of bits prom a beginning of said
`
`
`
`
`
`
`first gap a prespecified number of bits at a time utilizing
`
`
`
`
`
`
`a prespecified set of bits as a bit mask, wherein:
`
`
`
`
`the encrypting is a loop comprising:
`
`
`
`
`
`
`selecting a next prespecified number of bits prom the
`stream of bits as a selected set of bits;
`
`
`
`
`
`
`
`
`
`
`
`
`
`toggling the specified set of bits prom the selected set of
`bits; and
`
`
`
`
`
`
`
`
`
`
`repeating the selecting and the toggling until a second
`gap is encountered;
`
`
`detect the second gap, and
`
`
`
`
`
`
`
`
`
`
`
`end encrypting of bits in said stream of bits at a beginning
`of said second
`
`
`
`
`
`
`
`
`
`
`gap in response to detecting said second gap; and
`
`
`
`
`
`
`wherein said instruction to encrypt further comprise:
`
`
`
`
`
`
`
`
`
`encrypt a first portion of bits in said first gap from said
`
`
`
`
`
`beginning of said first gap responsive to a determination
`
`
`
`
`that encrypting is enabled, and
`
`
`
`
`
`
`
`compress data in a second portion of said first gap respon-
`sive to a determination that encrypting is not enabled.
`
`
`
`
`
`
`7. The memory of claim 6 wherein said instructions further
`
`
`
`
`
`
`
`comprise:
`
`
`
`
`
`
`
`instructions for directing said processing unit to:
`detect an end of said bits stream, and
`
`
`
`
`
`
`
`
`
`
`
`
`
`end encryption at said end of said bit stream.
`8. The memory of claim 6 wherein said instructions to
`
`
`
`
`
`
`
`
`
`
`encrypt further comprise:
`
`
`
`
`
`
`
`instructions for directing said processing unit to:
`
`
`
`
`
`
`compress data in said stream of bits in response to a deter-
`
`
`
`
`
`mination that encryption is not enabled.
`9. The memory claim 6, wherein said instructions to
`
`
`
`
`
`
`
`
`
`
`encrypt further comprise:
`
`
`
`
`
`
`instructions for directing said processing unit to:
`insert random bits into said at least one gap.
`
`
`
`
`
`
`
`
`10. The memory claim 6, wherein said instruction to
`
`
`
`
`
`
`
`
`
`
`encrypt further comprise:
`
`
`
`
`
`instructions directing said processing unit to:
`insert non-random bits into said first gap.
`
`
`
`
`
`
`
`
`
`
`US 7,558,967 B2
`
`
`6
`
`
`
`
`
`
`
`
`11. An apparatus for encrypting a data stream used to
`
`
`
`
`
`
`program a field programmable gate array comprising:
`
`
`
`
`
`
`
`
`means for receiving said data stream wherein said data
`
`
`
`stream is a string of bits;
`
`
`
`
`
`
`
`means for detecting a first gap in said data stream wherein
`said first gap is bits in said stream for an unused address
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`in said field programmable gate array;
`
`
`
`
`
`means for determining whether encryption is enabled for
`
`
`
`said first gap;
`
`
`
`
`
`
`means for inserting an encryption identifier into said first
`
`
`
`
`
`
`
`gap identifying whether encryption has been enabled;
`
`
`
`
`
`
`
`
`
`means for encrypting bits in said stream of bits from a
`
`
`
`
`
`
`
`beginning of said first gap a prespecified number of bits
`
`
`
`
`
`
`
`at a time utilizing a prespecified set of bits as a bit mask,
`
`
`
`
`
`wherein: the encrypting is a loop comprising:
`
`
`
`
`
`
`selecting a next prespecified number of bits from the
`stream of bits as a selected set of bits;
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`toggling the specified set of bits from the selected set of
`bits and
`
`
`
`
`
`
`
`
`
`repeating the selecting and the toggling until a second
`
`
`gap is encountered;
`
`
`
`
`
`
`means for detecting the second gap; and
`
`
`
`
`
`
`
`means for ending encryption ofbits in said stream ofbits at
`
`
`
`
`
`
`
`a beginning of said second gap in response to detecting
`
`
`
`
`said second gap; and
`
`
`
`
`
`
`wherein said means for encrypting further comprises:
`
`
`
`
`
`
`
`
`
`
`means for encrypting a first portion bits in said first gap
`
`
`
`
`
`
`
`from said beginning of said first gap responsive to a
`
`
`
`
`
`determination that encrypting is enabled; and
`
`
`
`
`
`
`means for compressing data in a second portion of said first
`
`
`
`
`
`gap responsive to a determination that encrypting is not
`enabled.
`
`
`
`
`
`
`
`12. The apparatus of claim 11 further comprising:
`means for detecting an end of said bits stream; and
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`means for ending encryption at the end of said bit stream.
`
`
`
`
`
`
`13. The apparatus of claim 11 further comprising:
`means for compressing data in said to a determination that
`
`
`
`
`
`
`
`
`encryption is not enabled.
`14. The apparatus of claim 11, wherein said means for
`
`
`
`
`
`
`
`
`
`
`
`encrypting further comprises:
`
`
`
`
`
`
`
`
`means for inserting random bits into at least one gap.
`15. The apparatus of claim 11, wherein said means for
`
`
`
`
`
`
`
`
`
`
`
`encrypting further comprises:
`
`
`
`
`
`
`
`
`means for inserting non-random bits into said first gap.
`
`
`
`
`
`
`16. A method for decrypting a data stream used to program
`
`
`
`
`
`
`a field programmable gate array comprising:
`receiving said data stream wherein said data stream is a
`
`
`
`
`
`
`
`
`
`
`string of bits;
`
`
`
`
`
`
`
`
`detecting a first gap in said data stream wherein said first
`gap is bits in said stream for an unused address in said
`
`
`
`
`
`
`
`
`
`
`
`field programmable gate array;
`
`
`
`
`
`
`reading an encryption identifier in said first gap;
`
`
`
`
`
`determining whether encryption is enabled from said
`
`
`encryption identifier;
`
`
`
`
`
`
`
`decrypting bits in said stream of bits from a beginning of
`
`
`
`
`
`
`
`said first gap responsive to a determination that encryp-
`tion is enabled, wherein:
`
`
`
`
`
`
`
`the decrypting is a loop comprising:
`
`
`
`
`
`
`selecting a next prespecified number of bits from the
`stream of bits as a selected set of bits;
`
`
`
`
`
`
`
`
`
`
`
`
`
`toggling a prespecified set ofbits from the selected set of
`bits; and
`
`
`
`
`
`
`
`
`
`repeating the selecting and the toggling until a second
`gap is encountered;
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`10
`
`
`
`15
`
`
`
`20
`
`25
`
`
`
`30
`
`
`
`35
`
`
`
`40
`
`
`
`45
`
`
`
`50
`
`
`
`55
`
`
`
`60
`
`
`
`65
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 9 of 10
`
`Page 9 of 10
`
`
`
`
`
`US 7,558,967 B2
`
`
`8
`
`
`
`
`
`
`
`23. The memory of claim 21 wherein said instructions to
`
`
`
`decrypt further comprise:
`
`
`
`
`
`
`
`instructions for directing said processing unit to:
`
`
`
`
`
`decompress data in said stream of bits to a determination
`
`
`
`
`that encryption is not enabled.
`
`
`
`
`
`
`
`
`24. The memory claim 21, wherein said instructions to
`
`
`
`decrypt further comprise:
`
`
`
`
`
`
`
`instructions for directing said processing unit to:
`remove random bits inserted into at least one gap.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`25. The memory claim 21, wherein said instructions to
`
`
`
`decrypt further comprise:
`
`
`
`
`
`
`instructions directing said processing unit to:
`remove non-random bits inserted into said first gap.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`26. An apparatus for decrypting a data stream used to
`
`
`
`
`
`
`program a field programmable gate array comprising:
`
`
`
`
`
`
`
`
`means for receiving said data stream wherein said data
`
`
`
`stream is a string of bits;
`
`
`
`
`
`
`
`means for detecting a first gap in said data stream wherein
`said first gap is bits in said stream for an unused