JP4586755B2 - General-purpose logic circuit - Google Patents

Description

  The present invention relates to a programmable general-purpose logic circuit such as an FPGA (Field Programmable Gate Array) and a CPLD (Complex Programmable Logic Device), and more particularly to a technique for protecting circuit information read into a volatile general-purpose logic circuit.

  In general, as a programmable general-purpose logic circuit, when the circuit scale is large, a volatile FPGA, CPLD, or the like is used exclusively. Since the volatile FPGA or the like loads and uses circuit information from the outside when the power is turned on, the circuit information may be duplicated and stolen. For this reason, various techniques for protecting circuit information have been provided.

  As this type of conventional technique, for example, there is a technique described in Patent Document 1. To describe this technique with reference to the reference numerals in FIG. 1 in the document, the ROM 7 includes a decryption circuit configuration information storage unit 9 and a circuit information encrypted data storage unit 10. The decryption circuit configuration information storage unit 9 stores decryption circuit configuration data for constructing a decryption circuit for decrypting encrypted data. The circuit information encrypted data storage unit 10 stores circuit information encrypted data obtained by encrypting the circuit information of the FPGA 8. On the other hand, the FPGA 8 includes a control unit 11, a key data storage unit 12, and circuit information storage SRAM (Static Random Access Memory) 13. The control unit 11 performs data input / output operations with respect to the outside and controls each unit in the circuit. The key data storage unit 12 stores key data necessary for decrypting the encrypted data. The circuit information storage SRAM 13 provides a memory area for storing the decoded circuit information.

  When the power is turned on, the control unit 11 first reads the decoding circuit configuration data from the ROM 7, and uses this data to construct a decoding circuit inside the FPGA. Further, the control unit 11 inputs the key data to the decryption circuit, reads the circuit information encrypted data from the ROM 7, decrypts the read data by the decryption circuit, and stores it in the circuit information storage SRAM 13. The control unit 11 constructs (programs) a logic circuit on the FPGA 7 according to the circuit information acquired in this way, and then functions as a predetermined large-scale logic circuit.

  Further, as this type of conventional technology, there is one described in Patent Document 2. Referring to the reference numeral of FIG. 1 in this document, this technique will be described. The FPGA 12 performs data transmission / reception continuously with the CPLD 14 using a predetermined protocol and operates while checking validity.

  That is, the FPGA 12 includes a call sequence generator 16, a response sequence comparison element 18, a response sequence generator 20, and a decoding element 22. The CPLD 14 includes a response sequence generator 24, a random bit generator 26, and an encryption element 28.

  The random bit generator 26 operates by sampling the output of the high frequency oscillator using the low frequency clock, and generates and accumulates irregular bits to generate the initial state x of the response sequence generator 24. This initial state x is given to the response sequence generator 24 and also outputted to the encryption element 28. The encryption element 28 encrypts the initial state x and outputs it to the FPGA 12. In the FPGA 12, the initial state x is decoded by the decoding element 22 and is supplied to the response sequence generator 20.

On the other hand, the interrogation sequence generator 16 generates a response sequence at a predetermined timing, and in response to the interrogation sequence, the response sequence generators 20 and 24 generate and output response sequences, respectively. The response sequence comparison element 18 compares these response sequences, confirms a match between the two, and allows the FPGA 12 to operate. If a mismatch between the two is found, the FPGA 12 instructs the CPLD 14 to end the operation, and the FPGA 12 itself also ends the operation.
JP 2001-325153 A JP 2003-84853 A

  However, in the technique described in Patent Document 1, circuit information is protected by encrypting the circuit information and reading it from the ROM at the stage of reading the circuit information inside the FPGA when the power is turned on. There is a problem that unauthorized access during operation cannot be eliminated. Furthermore, if the encrypted circuit information itself is copied, the circuit may be duplicated.

  On the other hand, in the technique described in Patent Document 2, it is possible to continuously check at the time of FPGA operation by matching the response sequences generated by the FPGA and CPLD, If the generation pattern of random bits generated by the generator is grasped, the initial state of the response sequence generator, which is the basis for generating the response sequence, is grasped. For this reason, there is a possibility that unauthorized access to the FPGA may be permitted by mimicking the output of the response sequence and bypassing the response sequence check.

  In view of such circumstances, the present invention provides a technique for improving security by increasing the difficulty of imitating legitimate access in a technique for continuously monitoring legitimacy of access to a programmable general-purpose logic circuit. Is an issue.

In order to solve the above-described problems, the present invention provides a general-purpose logic circuit that includes a volatile programmable general-purpose logic circuit section that reads circuit information and builds a logic circuit therein, and a nonvolatile auxiliary circuit section. However, it offers the following requirements.
The auxiliary circuit unit includes a synchronous clock generating unit that generates a synchronous clock, and a first random number generating unit that determines a timing based on the synchronous clock and operates to generate a first random number.
The programmable general-purpose logic circuit unit operates by determining timing based on the synchronous clock, and generates a second random number with an algorithm equivalent to the first random number generating unit; Comparing means for determining whether the first and second random numbers match and outputting an abnormality detection when they do not match, and operating upon receiving the abnormality detection, forcibly stops the operation of the programmable general-purpose logic circuit unit Stop means.

According to the present invention, in the general-purpose logic circuits described above, as the synchronizing signal generating means, said having therein an element defining a frequency different from the frequency of the operation clock of the auxiliary circuit, the synchronizing clock of the operation clock The thing using what makes a frequency lower than a frequency is provided.

According to the present invention, in the above general-purpose logic circuit, as the synchronous clock generating means, a delay element that delays a signal with a fixed delay time, and an output signal of the delay element is inverted and transmitted as an input signal of the delay element. The thing using what has a loop is provided.

The present invention also provides a general-purpose logic circuit using the above-mentioned general-purpose logic circuit configured by superimposing a plurality of stages of the delay elements and loops.

According to the present invention, in the general-purpose logic circuits described above, wherein said detecting the frequency of the synchronizing clock abnormality detecting a frequency detecting means for outputting to said stop means can the programmable general-purpose logic circuit when the frequency is out of the predetermined range Provide the provisions for the department.

According to the present invention, in the above general-purpose logic circuit, initialization that operates at least in an initial state, generates initialization information of the first and second random number generation means, and outputs the initialization information to the first and second random number generation means Provided is one in which the information generation means is provided in either the programmable general-purpose logic circuit section or the auxiliary circuit section.

According to the present invention, in the general-purpose logic circuits described above, as the initialization information generation unit, to provide what was used to operate periodically after the operation in the initial state.

  According to the present invention, random numbers are generated synchronously with an equivalent algorithm on the programmable general-purpose logic circuit side and the auxiliary circuit side, and the operation of the general-purpose logic circuit is allowed to continue only when the random numbers match. To do. By adopting such a configuration, it is possible to adopt an existing method that generates random numbers with a long cycle, and it is also possible to slow down the synchronous clock, so sufficient time is required for the random numbers to go around once. it can. For this reason, there is an advantage that it is possible to deal with the difficulty that it takes a lot of time to take up random numbers.

  In addition, when generating the synchronous clock, by using an element that defines a frequency different from the frequency of the operation clock of the auxiliary circuit unit, even if the auxiliary circuit unit is clocked up, the generation of random numbers is not accelerated. There is an advantage that can maintain the difficulty. Furthermore, there is an advantage that it is difficult to analyze and copy the random number generation algorithm by reducing the clock used for the random number generation circuit.

  In addition, the programmable general-purpose logic circuit section side is provided with a frequency detection means, and when an abnormality in the frequency of the synchronous clock is detected, the operation of the general-purpose logic circuit is forcibly stopped to increase the random number generation timing on the general-purpose logic circuit side. There is an advantage that can be dealt with.

  In addition, by periodically initializing the random number generation means on the programmable general-purpose logic circuit side and auxiliary circuit side, it is possible to invalidate such random numbers even if the random numbers have been sucked up to that point. is there.

Embodiments of the present invention will be described below with reference to the drawings.
FIG. 1 is a block diagram showing an outline of a main part of an FPGA according to an embodiment of the present invention. As shown in the figure, this circuit includes an FPGA program (Configuration) circuit 2 and a security circuit 3 as external circuits of the volatile FPGA 1. The clock module 4 generates a high-speed clock and outputs it to the security circuit 3.

  The FPGA 1 is a volatile circuit composed of SRAM or the like, and reads circuit information from the FPGA program circuit 2 to construct an arbitrary logic circuit therein when the power is turned on. The security circuit 3 is a circuit composed of a nonvolatile FPGA, LSI, or the like. As the nonvolatile FPGA, an EEPROM (Electrically Erasable Programmable Read Only Memory) type, an antifuse type, a flash ROM, or the like can be adopted. In this embodiment, “FPGA” is used to mean a general programmable logic circuit including a CPLD.

  In the FPGA 1 and the security circuit 3, a circuit for realizing the security function according to this embodiment is constructed. In the security circuit 3, a clock divider 31 and a random number generation circuit 32 are constructed. The clock divider 31 divides the high-speed clock to generate a low-speed clock, and a specific example will be described in detail later. The frequency of the low-speed clock is constant even if the frequency of the high-speed clock increases. It is comprised so that it may become a range.

  The random number generation circuit 32 is a circuit that operates with the low-speed clock and generates a random number having a long cycle by a predetermined method. Here, an example in which a technique for generating a random number based on an M sequence is employed, and the random number generation circuit 32 includes a register 33 that stores an M sequence random number generation coefficient. This coefficient is given from the FPGA 1 as will be described later. The low-speed clock generated by the clock divider 31 and the random number generated by the random number generation circuit 32 are output to the FPGA 1.

  In the FPGA 1, a frequency detection circuit 11, a random number generation circuit 12, a comparator 13, and a stop circuit 14 are constructed. The frequency detection circuit 11 outputs an abnormality detection when the frequency of the low-speed clock is detected to deviate from a predetermined frequency range, particularly when the frequency becomes higher than the normal range. The random number generation circuit 12 is a circuit that generates a random number using an algorithm equivalent to the random number generation circuit 32, and further has a function of generating an M-sequence random number generation coefficient using a random number generation function. The generated random number generation coefficient is stored in the register 15 of the random number generation circuit 12 itself, is transmitted to the security circuit 3, and is also stored in the register 33 of the random number generation circuit 32.

  The comparator 13 compares the random numbers generated by the random number generation circuits 12 and 32 to determine whether or not they match, and outputs an abnormality detection if they do not match. The stop circuit 14 operates upon receiving an abnormality detection from the frequency detection circuit 11 or the comparator 13, and forcibly stops the operations of the FPGA 1 and the security circuit 3.

  Next, the operation of this circuit will be described. FIG. 2 is a flowchart showing an outline of the operation of the circuit of FIG. 1 and 2, when the power is turned on, the FPGA 1, the security circuit 3 and other circuits are started up (S11, S31), and circuit information is read into the FPGA 1 and configuration (programming) is performed (S12). . When the configuration is completed and a predetermined circuit configuration based on the circuit information is constructed, an arithmetic operation based on the circuit configuration is started in the same manner as a normal FPGA.

  At this time, the FPGA 1 according to this embodiment also executes an operation for determining the validity of access to the FPGA 1 in addition to the above-described operation, and stops the operation if the access is not valid. Since the security circuit 3 is composed of a non-volatile FPGA or the like as described above, it is difficult to copy circuit information. The circuit information of the FPGA 1 is difficult to copy by preventing unauthorized access to the FPGA 1 in this way.

  First, the validity of access is determined by the fact that the random number on the FPGA 1 side matches the random number on the security circuit 3 side. That is, in the initial state, the random number generation circuit 12 generates an M-sequence random number generation coefficient, stores (initializes) it in its own register 15, and transmits it to the security circuit 3 (S13). In the security circuit 3, the received random number generation coefficient is stored (initialized) in the register 33 of the random number generation circuit 32. Thereafter, the random number generation circuits 12 and 32 start a random number generation operation synchronously based on the low-speed clock, and generate random numbers using the same random number generation coefficient (S14, S33). Note that the calculation itself for generating a random number operates based on a high-speed clock. The high-speed clock is set to a frequency as high as possible without exceeding the maximum operating frequency of the security circuit 3.

  The random number generated by the random number generation circuit 32 is transmitted to the FPGA 1. Thereafter, in the FPGA 1, the comparator 13 compares the random number generated by the random number generation circuit 12 with the random number received from the security circuit 3 and confirms that they match (S15). If the random number received from the security circuit 3 does not match the random number generated inside the FPGA 1, the stop circuit 14 is activated as an abnormality detection, and the operations of the FPGA 1 and the security circuit 3 are forcibly stopped (S16).

  The random number generation operation described above is executed at a very low frequency based on the low speed clock divided by the clock divider 31. By setting the number of random numbers in one cycle of M-sequence random number generation to be sufficiently large and setting the start cycle of random number generation operation to be sufficiently long, the period required for the random number to go around 1 is, for example, several months to one year. It is also possible to take a form of setting such that a span is taken. As a result, even if the random number output from the security circuit 3 is sucked up, there is a difficulty that it takes a long time to suck up one cycle of random numbers.

  In addition, the random number generated can be invalidated by periodically performing initialization processing of the random number generation coefficient to update the random number generation coefficient. The execution period of the coefficient initialization process may be set as appropriate in consideration of the circuit operation time during which the random number is rotated once.

  Even if an attempt is made to shorten the random number generation cycle by increasing the frequency of the high-speed clock input to the security circuit 3, the high-speed clock itself is close to the maximum operating frequency of the security circuit 3. There is not much margin for speeding up the operation of the circuit 3, and if the upper limit of the operating frequency is set in the clock divider 31, the output low-speed clock does not increase even if the high-speed clock is clocked up. Attempts to speed up the random number generation cycle end in failure. Even if the low-speed clock input to the FPGA 1 is clocked up, the frequency detection circuit 11 detects this and outputs an abnormality detection. Upon receiving this abnormality detection, the stop circuit 14 is activated and the FPGA 1 or the security circuit 3 is activated. Operation stops.

  Here, a specific example of the clock divider will be described. FIG. 3 is a block diagram showing the basic configuration of the clock divider. As shown in the figure, the clock divider 31 includes a flip-flop circuit 5, a delay element 6, and an addition element 7. The flip-flop circuit 5 is a circuit constituting n flip-flops. The delay element 6 delays the flip-flop outputs Q1 to Qn, and the delay time is set to be constant without depending on the high-speed clock. The adding element 7 inputs the outputs A1 to An of the delay element 6 and adds 1 to output as S1 to Sn, and constitutes an n-bit counter. With this configuration, it is possible to obtain a frequency-divided output based on a frequency-dividing ratio of 2 n.

  Here, for convenience of explanation, the configuration of the clock divider when n = 2 is described. FIG. 4 is a block diagram showing the configuration of the clock divider. As shown in the figure, the flip-flop circuit 51 is a circuit constituting two flip-flops. The delay circuits 61 and 62 are circuits for delaying the outputs Q1 and Q2 of the flip-flop circuit 51, respectively. The adder circuit 71 adds the inputs B1 and A1 to the output S1, adds the carry when adding B1 and A1 and A2 to the output S2, and the input B1 is fixed to “1”. Outputs of delay circuits 61 and 62 are applied to inputs A1 and A2, and outputs S1 and S2 are applied to flip-flop circuit 51 as inputs D1 and D2. Note that the logic of the signal will be explained by unifying “1” = “H” (high level) and “0” = “L” (low level).

  Table 1 is a truth table showing the calculation contents of the adder circuit 71.

  As can be seen from the calculation contents of the adder circuit 71, the output S1 is obtained by negating the input A1 as shown in Table 1, and the output S2 is the EOR (exclusive OR) of the inputs A1 and A2. It has been taken. Accordingly, a combinational circuit having such logic may be configured and replaced with the adder circuit 71.

  Next, the operation of this clock divider will be described. FIG. 5 is a time chart showing signals at various parts of the clock divider shown in FIG. In the figure, an arrow indicates a signal delay by a delay circuit (here, a delay time slightly shorter than the clock cycle is illustrated).

  As shown in FIG. 5, in the flip-flop in the first stage, a signal obtained by inverting the signal A1 obtained by delaying the output Q1 is fed back as an input D1, thereby generating a pulse obtained by dividing the clock by 1/2. To do. In the second stage flip-flop, a signal obtained by delaying the output Q2 is fed back to the input A2, and the feedback signal is added to the input A1 (1/2 frequency-divided pulse) and the carry obtained by adding B. Further, a pulse divided by ½ is generated. A 1/4 frequency-divided clock can be output by using the output Q2 as a frequency-divided output.

  As apparent from the above description, the division ratio of the clock divider basically depends on the delay time of the delay circuit. Here, for convenience of explanation, a delay time slightly shorter than the clock frequency is illustrated, but a mode in which the delay time is set as large as possible within a range in which frequency division is possible during normal operation is desirable.

  Here, the operation when a clock having about twice the frequency is input to the clock divider of FIG. 4 will be described. FIG. 6 is a time chart showing signals at various parts when a clock having a double frequency is input to the clock divider shown in FIG.

  As shown in FIG. 6, since the period of the pulse appearing at the outputs Q1 and Q2 of the flip-flop 51 is determined depending on the delay time of the delay circuit, the frequency of the divided output is almost the same even when the clock frequency is doubled. Not affected. It can be seen that the divided output Q2 has the same frequency as that in the example of FIG.

  The embodiment of the present invention has been described in detail above, but the specific configuration is not limited to this embodiment, and includes various designs and the like within the scope not departing from the gist of the present invention.

It is a block diagram which shows the principal part outline of FPGA which concerns on embodiment of this invention. 2 is a flowchart showing an outline of the operation of the circuit of FIG. 1. It is a block diagram which shows the basic composition of a clock divider. It is a block diagram which shows the structure of the specific example of a clock frequency divider. FIG. 5 is a time chart showing signals at various parts of the clock divider shown in FIG. 4. FIG. FIG. 5 is a time chart showing signals of respective units when a clock having a double frequency is input to the clock divider of FIG. 4. FIG.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... FPGA 2 ... FPGA program circuit 3 ... Security circuit 4 ... Clock module 31 ... Clock frequency divider 32 ... Random number generation circuit 33 ... Register 11 ... Frequency detection circuit 12 ... Random number generation circuit 13 ... Comparator 14 ... Stop circuit 15 ... Register 5 ... flip-flop circuit 6 ... delay element 7 ... addition element 51 ... flip-flop circuit 61, 62 ... delay circuit 71 ... addition circuit

Claims (6)

A general-purpose logic circuit configured by a volatile programmable general-purpose logic circuit section that reads circuit information and builds a logic circuit therein, and a nonvolatile auxiliary circuit section,
The auxiliary circuit unit includes a synchronous clock generating unit that generates a synchronous clock, and a first random number generating unit that determines a timing based on the synchronous clock and operates to generate a first random number,
The programmable general-purpose logic circuit unit operates by determining timing based on the synchronous clock, and generates a second random number with an algorithm equivalent to the first random number generating unit; Comparing means for determining whether the first and second random numbers match and outputting an abnormality detection when they do not match, and operating upon receiving the abnormality detection, forcibly stops the operation of the programmable general-purpose logic circuit unit A stopping means ,
The synchronous clock generating means includes an element that defines a frequency different from the frequency of the operation clock of the auxiliary circuit unit, and the synchronous clock is set to a frequency lower than the frequency of the operation clock. General-purpose logic circuit. The synchronous clock generation means includes a delay element that delays a signal with a fixed delay time, and a loop that inverts an output signal of the delay element and transmits the inverted signal as an input signal of the delay element. The general-purpose logic circuit according to claim 1 . 3. The general-purpose logic circuit according to claim 2, wherein the synchronous clock generating means is configured by superposing a plurality of stages of the delay elements and loops. 2. The programmable general-purpose logic circuit section according to claim 1, further comprising: a frequency detecting unit that detects a frequency of the synchronous clock and outputs an abnormality detection to the stopping unit when the frequency is out of a predetermined range. 4. The general-purpose logic circuit according to any one of items 1 to 3 . Programmable general-purpose logic circuit section including initialization information generating means that operates at least in an initial state and generates initialization information of the first and second random number generating means and outputs the initialization information to the first and second random number generating means and general purpose logic circuit according to claim 1, any one of 4, characterized in that provided in one of the assistant circuit unit. 6. The general-purpose logic circuit according to claim 5, wherein the initialization information generating means operates periodically after the operation in the initial state.

Images