GB2260431A - Data security for programmable logic devices - Google Patents

Data security for programmable logic devices Download PDF

Info

Publication number
GB2260431A
GB2260431A GB9220584A GB9220584A GB2260431A GB 2260431 A GB2260431 A GB 2260431A GB 9220584 A GB9220584 A GB 9220584A GB 9220584 A GB9220584 A GB 9220584A GB 2260431 A GB2260431 A GB 2260431A
Authority
GB
United Kingdom
Prior art keywords
data
input
security arrangement
shift register
data security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB9220584A
Other versions
GB2260431B (en
GB9220584D0 (en
Inventor
Kenneth Austin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Pilkington Micro-Electronics Ltd
Original Assignee
Pilkington Micro-Electronics Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to GB9121591A priority Critical patent/GB9121591D0/en
Application filed by Pilkington Micro-Electronics Ltd filed Critical Pilkington Micro-Electronics Ltd
Priority to GB9220584A priority patent/GB2260431B/en
Publication of GB9220584D0 publication Critical patent/GB9220584D0/en
Publication of GB2260431A publication Critical patent/GB2260431A/en
Application granted granted Critical
Publication of GB2260431B publication Critical patent/GB2260431B/en
Anticipated expiration legal-status Critical
Application status is Expired - Fee Related legal-status Critical

Links

Classifications

    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C16/00Erasable programmable read-only memories
    • G11C16/02Erasable programmable read-only memories electrically programmable
    • G11C16/06Auxiliary circuits, e.g. for writing into memory
    • G11C16/22Safety or protection circuits preventing unauthorised or accidental access to memory cells
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/75Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C7/00Arrangements for writing information into, or reading information out from, a digital store
    • G11C7/24Memory cell safety or protection circuits, e.g. arrangements for preventing inadvertent reading or writing; Status cells; Test cells

Abstract

A data security arrangement in semiconductor programmable logic devices (PLD) protects configuration data, which is vulnerable to illegal duplication. The configuration data is held in a read only memory in a coded format, and a data decoding means is provided in the PLD to decode the coded configuration data. The coding and decoding means each incorporate maximal length shift registers (12, 25) which generate a pseudo-random sequence of bits. A key value is input to the shift register (12) in the coding means forcing it to start at a particular point in the sequence. The decoding means in the PLD has a corresponding key value held in a non-volatile memory (28) in the PLD. <IMAGE>

Description

DATA SECURITY ARRANGEMENTS FOR SEMICONDUCTOR PROGRAMMABLE LOGIC DEVICES The present invention relates to data security arrangements for semiconductor programmable logic devices.

The invention finds particular utility in semiconductor programmable logic devices (PLDs) of the type including an associated storage means e.g. a static random access memory (SRAM) in which circuit configuration data, necessary for the device to operate, is retained.

It is well known that prior to a PLD being loaded with appropriate circuit configuration data, such data is normally held in an external storage medium e.g. an erasable programmable read only memory (EPROM). A disadvantage of the present circuit configuration data loading arrangements to the PLD is that a copy can be readily taken and as a consequence valuable and sensitive circuit information can be easily and illegally duplicated. It is extremely desirable, therefore, to protect circuit information from being copied.

An aim of this invention is to overcome this disadvantage by the provision of a data security arrangement for loading configuration data which prevents illegal duplication of such circuit information.

According to the present invention, there is provided a data security arrangement for a semiconductor programmable logic device comprising data coding means, first storage means, and incorporated within the programmable logic device, data decoding means together with associated second storage means, wherein the data coding means codes originating operating data, and the first storage means stores the coded originating operating data and wherein the data decoding means decodes the coded originating operating data read from the first storage means into the originating operating data form prior to loading to the associated second storage means.

Preferably the data coding means and the data decoding means each include a pseudo-random sequence generator constituted by a 31-bit maximal length shift register having a preload input and a DATA input, the shift register generating a pseudo-random sequence equivalent to 2,147,483,647 bits in overall length.

Preferably bit 28 and bit 31 outputs of the maximal length shift register are input to an EXCLUSIVE-OR logic function whose output is connected to the DATA input of the maximal length shift register.

The maximal length shift register is preferably forced to start the pseudo-random sequence at a particular point in the sequence by the application of a predetermined sequence start code constituted by a 31-bit "key value" to the preload input.

The application of the sequence start code to the maximal length shift register in the data coding means may be input from a keyboard or from a secure file, whereas the application of the sequence start code to the maximal shift register in the data decoding means is preferably input from a non-volatile memory within the programmable logic device.

The data employed to enable the programmable logic device to operate is preferably circuit configuration data and it is arranged in the data coding means for the circuit configuration data and the pseudo-random sequence to be input to an EXCLUSIVE-OR logic function to provide an output of coded circuit configuration data.

Preferably in the data decoding means the pseudo-random sequence and the coded circuit configuration data are input to an EXCLUSIVE-OR logic function to provide an output of decoded circuit configuration data.

The first storage means may be constituted by a read only memory, whereas the associated second storage means is constituted by static random access memories.

The invention will be more readily understood from the following description of an exemplary embodiment which should be read in conjunction with the accompanying drawing.

The drawing illustrates a block schematic circuit diagram of the data security arrangements in accordance with this invention.

Referring to the drawing, a programmable logic device 11 is represented by the block designated PLD. To facilitate security of data loaded to the PLD, a data coding means is provided to code circuit configuration data, termed originating operating data, which is to be loaded to the PLD, and similarly a corresponding data decoding means is provided in the PLD to decode the coded circuit configuration data in the PLD.

Referring to the data coding means in more detail, a particular form of shift register 12 is provided which generates a maximal length pseudo-random output string. This type of shift register is known as a "maximal length shift register" and in the present application the overall length of the pseudo-random sequence is arranged to be equivalent to 2,147,483,647 bits (see CMOS COOK BOOK by Don Lancaster pages 318-323, published by Howard W Sams Corp 1980).

This is achieved by feeding back to a DATA input 13 of the register, particular outputs 14 and 15 of the register in a particular manner. In this instance both outputs 14, 15 which provide bits B28 and B31 are input to an EXCLUSIVE-OR gate 16 and the output of this gate is input to the DATA input 13. Providing the register 12 is continuously driven by a clock input signal 17, the generated pseudo-random sequence is continuously repeated.

In the data coding means the register 12 is preloaded (in parallel form) with a predetermined one of different "key values", each of 31 bits, typically input to a preload input 18 by way of a keyboard 19 or alternatively from a secure file. The "key value" which may be termed a sequence start code, forces the shift register 12 to start the pseudo-random sequence at a particular point in the sequence and thereby recreate an identical sequence at any time as required.

The pseudo-random sequence output from the EXCLUSIVE-OR gate 16 is input at 21 to a further EXCLUSIVE-OR gate 20.

Circuit configuration data CDI (generated from circuit configuration layout software) which is to be coded is input at 22 to the gate 20. The output 23 from the EXCLUSIVE-OR gate 20 generates coded circuit configuration data CDOC.

The coded circuit configuration data CDOC is output from gate 20 to a first storage means 24, typically, a read only memory, where it is held until required by the programmable logic device 11. The circuit configuration data now stored in the first storage medium 24 is coded and secure, and if copied in this form would not yield any useful circuit information to the data copier.

To make use of the circuit configuration data in the programmable logic device 11 when it is read from the first storage medium 24, the data needs to be reproduced in its original form and this is achieved by data decoding means.

The data decoding means is required to regenerate the same pseudo-random sequence of bits as was employed in the data coding means. Accordingly, the programmable logic device 11 incorporates a 31-bit maximal length shift register 25 of the same form as the register 12 employed in the data coding means.

For decoding to be accurate and effective the shift register 25 must commence its pseudo-random sequence at the corresponding point at which the shift register 12 commenced its sequence. Accordingly the identical predetermined 31-bit "key-value" or sequence start code which was used to start register 12 must be applied, in parallel form, to a preload input 26 of the register 25 to force it to start its sequence at the same point in the sequence as register 12, and thereby genrate an identical paseudo-random sequence.

The required 31-bit "key value" is input at 27 and stored in a form of non-volatile memory on the PLD 11, for example, an EPROM 28 or fusible links.

The shift register 25 operates in a manner similar to shift register 12, the output bits B28 and B31 being input to an EXCLUSIVE-OR gate 29 whose output is fed to the DATA input 30 of the register. The register 25 is driven by the clock signal CLK input at 32.

The pseudo-random sequence output from EXCLUSIVE-OR gate 29 forms an input 33 to a further EXCLUSIVE-OR gate 34 and coded circuit configuration data CDIC which is output from the first storage means 24 on line 35 forms a second input 36 to the gate 34.

The EXCLUSIVE-OR function of the gate 34 upon its two signal-inputs produces an output 37, in serial form, of the originating operating data (the circuit configuration data).

This originating operating data is now available for use within the programmable logic device PLD, for instance, loading into associated second storage means in the form of static random access memories SRAM 38.

Claims (13)

CLAIMS:
1. A data security arrangement for a semiconductor programmable logic device characterised by the data security arrangement comprising data coding means, first storage means, and incorporated within the programmable logic device, data decoding means together with associated second storage means, wherein the data coding means codes originating operating data, and the first storage means stores the coded originating operating data and wherein the data decoding means decodes the coded originating operating data read from the first storage means into the originating operating data from prior to loading to the associated second storage means.
2. A data security arrangement as claimed in claim 1, wherein the data coding means and the data decoding means each include a pseudo-random sequence generator.
3. A data security arrangement as claimed in claim 2, wherein the pseudo-random sequence generator is constituted by a 31-bit maximal length shift register which generates a pseudo-random sequence equivalent to bits in overall length.
4. A data security arrangement as claimed in claim 3, wherein the maximal length shift register has a preload input and a DATA input.
5. A data security arrangement as claimed in claim 4, wherein bit and bit outputs of the maximal length shift register are input to an EXCLUSIVE-OR logic function whose output is connected to the DATA input of the maximal length shift register.
6. A data security arrangement as claimed in claim 4 or claim 5, wherein the maximal length shift register is forced to start the pseudo-random sequence at a particular point in the sequence by the application of a predetermined sequence start code constituted by a 31-bit "key-value" to the preload input.
7. A data security arrangement as claimed in claim 6, wherein the application of the sequence start code to the maximal length shift register in the data coding means is input from a keyboard or from a secure file.
8. A data security arrangement as claimed in claim 6 or claim 7, wherein the application of the sequence start code to the maximal shift register in the data decoding means is input from a non-volatile memory within the programmable logic device.
9. A data security arrangement as claimed in any one claim from claim 3 to claim 8, wherein the originating operating data is circuit configuration data and wherein in the data coding means the circuit configuration data and the pseudo-random sequence are input to an EXCLUSIVE-OR logic function which outputs coded circuit configuration data.
10. A data security arrangement as claimed in claim 9, wherein the pseudo-random sequence and the coded circuit configuration data are input to an EXCLUSIVE-OR logic function in the data decoding means to provide an output of decoded circuit configuration data.
11. A data security arrangement as claimed in any one preceding claim, wherein the first storage means is constituted by a read only memory.
12. A data security arrangement as claimed in claim 11, wherein the associated second storage means is constituted by static random access memories.
13. A data security arrangement substantially as described herein, with reference to, and as shown, in the accompanying drawing.
GB9220584A 1991-10-11 1992-09-30 Data security arrangements for semiconductor programmable logic devices Expired - Fee Related GB2260431B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB9121591A GB9121591D0 (en) 1991-10-11 1991-10-11 Data security arrangement for semiconductor programmable logic devices
GB9220584A GB2260431B (en) 1991-10-11 1992-09-30 Data security arrangements for semiconductor programmable logic devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB9220584A GB2260431B (en) 1991-10-11 1992-09-30 Data security arrangements for semiconductor programmable logic devices

Publications (3)

Publication Number Publication Date
GB9220584D0 GB9220584D0 (en) 1992-11-11
GB2260431A true GB2260431A (en) 1993-04-14
GB2260431B GB2260431B (en) 1995-06-14

Family

ID=26299678

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9220584A Expired - Fee Related GB2260431B (en) 1991-10-11 1992-09-30 Data security arrangements for semiconductor programmable logic devices

Country Status (1)

Country Link
GB (1) GB2260431B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8051303B2 (en) * 2002-06-10 2011-11-01 Hewlett-Packard Development Company, L.P. Secure read and write access to configuration registers in computer devices

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0114522A2 (en) * 1982-12-27 1984-08-01 Synertek Inc. ROM protection device
EP0162707A2 (en) * 1984-05-22 1985-11-27 American Microsystems, Incorporated ROM protection scheme
US5007082A (en) * 1988-08-03 1991-04-09 Kelly Services, Inc. Computer software encryption apparatus

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0114522A2 (en) * 1982-12-27 1984-08-01 Synertek Inc. ROM protection device
EP0162707A2 (en) * 1984-05-22 1985-11-27 American Microsystems, Incorporated ROM protection scheme
US5007082A (en) * 1988-08-03 1991-04-09 Kelly Services, Inc. Computer software encryption apparatus

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8051303B2 (en) * 2002-06-10 2011-11-01 Hewlett-Packard Development Company, L.P. Secure read and write access to configuration registers in computer devices

Also Published As

Publication number Publication date
GB2260431B (en) 1995-06-14
GB9220584D0 (en) 1992-11-11

Similar Documents

Publication Publication Date Title
Ramabadran et al. A tutorial on CRC computations
US3400371A (en) Data processing system
US4701745A (en) Data compression system
AU767265B2 (en) Robust random number generator
US5148534A (en) Hardware cartridge representing verifiable, use-once authorization
US8375225B1 (en) Memory protection
US5237616A (en) Secure computer system having privileged and unprivileged memories
US4668103A (en) Polygraphic encryption-decryption communications system
US6820203B1 (en) Security unit for use in memory card
KR940003199B1 (en) Method and apparatus for carry-over control in arithmetic entropy coding
US8335924B2 (en) Systems and methods for watermarking software and other media
ES2329819T3 (en) Block cipher apparatus using auxiliary information.
US6449718B1 (en) Methods and apparatus for partial encryption of tokenized documents
CA2174299C (en) Method and apparatus for securing executable programs against copying
US6453417B1 (en) Microcontroller with secure signature extraction
CN103136068B (en) Error correction for a non-volatile memory and method of operation of the copy page
US4905277A (en) Method for enciphering and deciphering instructions in a microcomputer, and a microcomputer used for effecting same
USRE45697E1 (en) System, method and memory device providing data scrambling compatible with on-chip copy operation
EP0449256A2 (en) Microcontroller having security means
RU2190260C2 (en) Reading circuit for flash storage with multilevel cells
US4296494A (en) Error correction and detection systems
US6453382B1 (en) Content addressable memory encoded outputs
US5467396A (en) Tamper-proof data storage
EP0467355B1 (en) Security circuit for protecting data stored in an internal memory of a microcomputer
US8594333B2 (en) Secure key access with one-time programmable memory and applications thereof

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20010930