WO2014182154A1 - A method for protecting a programmable gate array design - Google Patents

A method for protecting a programmable gate array design Download PDF

Info

Publication number
WO2014182154A1
WO2014182154A1 PCT/MY2014/000081 MY2014000081W WO2014182154A1 WO 2014182154 A1 WO2014182154 A1 WO 2014182154A1 MY 2014000081 W MY2014000081 W MY 2014000081W WO 2014182154 A1 WO2014182154 A1 WO 2014182154A1
Authority
WO
WIPO (PCT)
Prior art keywords
design
secure key
programmable gate
gate array
uid
Prior art date
Application number
PCT/MY2014/000081
Other languages
French (fr)
Inventor
Ahmad Hafez BIN NAWI
Smruti Santosh PALAI
Devi PRASAD
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2014182154A1 publication Critical patent/WO2014182154A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/123Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices

Definitions

  • the present invention relates to a method for protecting a programmable gate array design.
  • IP Intellectual Property
  • the present invention relates to a method for protecting a programmable gate array design.
  • the method is characterized by the steps of disabling design in programmable gate array; generating a first secure key by the programmable gate array, wherein the first secure key includes a first design unique identification (UID); sending the first secure key from the programmable gate array to the computer (110); generating a second secure key by the application software (111), wherein it includes the first design UID and a second design UID; sending the second secure key to the remote server (120); decrypting the second secure key by the remote server (120) to extract the first design UID and the second design UID; identifying and authenticating the application software (111) by comparing the UIDs with the pre-stored customer database (122); generating and sending an encrypted third secure key to the application software (111) at the computer (110) if the authentication is successful; decrypting the encrypted third secure key by the application software (111) to get the third secure key; decrypting the third secure key using a third poly
  • the first secure key is generated by the steps of identifying the first design UID and encrypting the first design UID using current date and time based on a first polynomial.
  • the second secure key is generated by the steps of encrypting the first secure key with the second design UID based on a second polynomial and encrypting the second secure key using AES-256.
  • the encrypted third secure key is generated by the steps of extracting the respective stored coefficients of the third polynomial based on the first design UID and second design UID and encrypting them with AES-256.
  • the method for protecting the programmable gate array design includes the steps of sending a KILL Key to the computer (110); disabling the application software (111) completely; forwarding the KILL Key to the programmable gate array and deactivating the design inside the programmable gate array completely.
  • FIG. 1 illustrates a system (100) for protecting a programmable gate array design.
  • FIG. 2 illustrates a flow chart of a method for protecting a programmable gate array design according to an embodiment of the present invention.
  • FIG. 1 illustrates a system (100) for protecting a programmable gate array design.
  • the programmable gate array can either be Field Programmable Gate Array (FPGA), Programmable Logic Device (PLD) etc.
  • the system (100) comprises of a computer (110) connected to a remote server (120).
  • the computer (110) comprises of an application software (111) having a software authentication module (112) and a hardware accelerator (114) having a hardware authentication module (113).
  • the function of the application software (111) is to transact data with the hardware accelerator (114). It receives data from the network and copies it to the hardware accelerator (114).
  • the software authentication module (112) performs software authentication process.
  • the hardware accelerator (114) is used to perform accelerator function in the programmable gate array based on the data from the application software (111).
  • the hardware authentication module (113) is used to perform hardware authentication process.
  • the remote server (120) comprises of a customer key generator (121) and a customer database (122).
  • the customer database (122) has a list of all the customers along with polynomial coefficients which are used to encrypt UIDs embedded in the programmable gate array and application software (111).
  • the key generator (121) is used to form secure keys.
  • FIG. 2 shows a method of protecting the programmable gate array design according to an embodiment of the present invention.
  • the method uses secure keys, UIDs, encrypted bit stream, as well as license server and software IDs for better protection of the design (hardware and software) in the programmable gate array against unauthorized utilization.
  • a computer (110) and programmable gate array are powered up.
  • the programmable gate array receives the current date and time from the computer (110) to authenticate the programmable gate array design.
  • the design in the programmable gate array is then disabled and a first secure key is generated from a first design UID which is a unique serial number embedded in the programmable gate array.
  • the programmable gate array reads the first design UID and encrypts/encapsulates it using current date and time based on a first polynomial and transmits it as a first secure key to the computer (110).
  • the application software (111) at the computer (100) encrypts the first secure key with a second design UID based on a second polynomial to generate a second secure key.
  • the application software (111) further encrypts the second secure key using Advanced Encryption Standard 256 (AES-256) before sending it to the remote server (120).
  • AES-256 Advanced Encryption Standard 256
  • the remote server (120) receives the encrypted second secure key from the computer (110), and decrypts it using AES- 256 before identifying and authenticating the application software (111) by comparing the UIDs with the pre-stored customer database (122).
  • the customer database (122) at the remote server (120) also has a third polynomial for the generation of a third secure key. If the validation fails, the coefficient of the third polynomial is a KILL Key which is a unique pre-stored 256 bit number.
  • the KILL Key is sent to the computer (110) as shown in decision 203 and step 204.
  • the application software (111) completely ceases to operate and the design is disabled as depicted in step 205.
  • step 206 the KILL Key is forwarded to the programmable gate array and the design inside it also gets completely deactivated.
  • the customer database (122) at the remote server (120) picks up the respective stored coefficients of the third polynomial and encrypts them with AES-256 to generate an encrypted third secure key. It then sends the encrypted third secure key to the application software (111) at the computer (110) as shown in decision 203 and step 207.
  • the application software (111) receives the encrypted third secure key, it decrypts it to get the third secure key.
  • Application software (111) further decrypts the third secure key using the third polynomial to get the activation code which carries a second design UID.
  • the software authentication module (112) picks the second design UID from the activation code to match with the second design UID of the application software (111) along with the current date and time.
  • the third secure key is forwarded to the programmable gate array by the application software (111).
  • the programmable gate array then decrypts the third secure key using the third polynomial to get the activation code which carries a first design UID.
  • the hardware authentication module (113) picks the first design UID from the activation code to match with the first design UID of the programmable gate array along with the current date and time. After the activation codes are properly extracted, only then the application software (111) and programmable gate array activate their respective designs. With this, the authentication process has completed successfully.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Remote Sensing (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a method for protecting a programmable gate array design. The method uses secure keys, unique identifications (UIDs), encrypted bit stream, as well as license server and software IDs for better protection of a programmable gate array design.

Description

A METHOD FOR PROTECTING A PROGRAMMABLE GATE ARRAY DESIGN
FIELD OF INVENTION
The present invention relates to a method for protecting a programmable gate array design.
BACKGROUND OF THE INVENTION
Programmable gate array design needs to have a protection as it takes months to be developed but can easily be stolen by others. Traditionally, at user side, a secret encryption key is used to encrypt the configuration bit stream that implements the design. In recent years the technology for design protection of programmable gate arrays has been implemented with much effort, but people can still steal the design and get away without being prosecuted. Previously, US patent no. 7788502 B1 has disclosed a method to overcome these problems. It involves a secure exchange of Intellectual Property (IP) cores, whereby an authenticated design is loaded in a programmable gate array using a trusted loader. As the authentication information is known by the trusted framework agent, it is possible that the exposed keys may be leaked out during this stage.
In another US patent no. 2003/0190043 has disclosed a protection of software against use without permit. It introduces a second key stored in external unit to decrypt the encrypted part of software in order to prevent unauthorized utilization. However, in this approach, the external unit could be stolen or easily hacked by attackers to get the secret keys.
Therefore, there is a need to provide a method for protecting a programmable gate array design that addresses the above mentioned problems. SUMMARY OF INVENTION
The present invention relates to a method for protecting a programmable gate array design. The method is characterized by the steps of disabling design in programmable gate array; generating a first secure key by the programmable gate array, wherein the first secure key includes a first design unique identification (UID); sending the first secure key from the programmable gate array to the computer (110); generating a second secure key by the application software (111), wherein it includes the first design UID and a second design UID; sending the second secure key to the remote server (120); decrypting the second secure key by the remote server (120) to extract the first design UID and the second design UID; identifying and authenticating the application software (111) by comparing the UIDs with the pre-stored customer database (122); generating and sending an encrypted third secure key to the application software (111) at the computer (110) if the authentication is successful; decrypting the encrypted third secure key by the application software (111) to get the third secure key; decrypting the third secure key using a third polynomial to get the activation code; matching the activation code with the second design UID of the application software (111) along with the current date and time; forwarding the third secure key from the application software (111) to the programmable gate array; decrypting the third secure key by the programmable gate array using the third polynomial to get the activation code; matching the activation code with the first design UID of the programmable gate array along with the date and time; and activating the respective designs of both application software (111) and programmable gate array after activation codes are extracted.
Preferably, the first secure key is generated by the steps of identifying the first design UID and encrypting the first design UID using current date and time based on a first polynomial.
Preferably, the second secure key is generated by the steps of encrypting the first secure key with the second design UID based on a second polynomial and encrypting the second secure key using AES-256.
Preferably, the encrypted third secure key is generated by the steps of extracting the respective stored coefficients of the third polynomial based on the first design UID and second design UID and encrypting them with AES-256.
Preferably, if the authentication is unsuccessful, the method for protecting the programmable gate array design includes the steps of sending a KILL Key to the computer (110); disabling the application software (111) completely; forwarding the KILL Key to the programmable gate array and deactivating the design inside the programmable gate array completely. BRIEF DESCRIPTION OF THE DRAWINGS
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention.
FIG. 1 illustrates a system (100) for protecting a programmable gate array design.
FIG. 2 illustrates a flow chart of a method for protecting a programmable gate array design according to an embodiment of the present invention.
DESCRIPTION OF THE PREFFERED EMBODIMENT
A preferred embodiment of the present invention will be described herein below with reference to the accompanying drawings. In the following description, well known functions or constructions are not described in detail since they would obscure the description with unnecessary detail.
Reference is made initially to FIG. 1 , which illustrates a system (100) for protecting a programmable gate array design. The programmable gate array can either be Field Programmable Gate Array (FPGA), Programmable Logic Device (PLD) etc. The system (100) comprises of a computer (110) connected to a remote server (120).
The computer (110) comprises of an application software (111) having a software authentication module (112) and a hardware accelerator (114) having a hardware authentication module (113). The function of the application software (111) is to transact data with the hardware accelerator (114). It receives data from the network and copies it to the hardware accelerator (114). The software authentication module (112) performs software authentication process. The hardware accelerator (114) is used to perform accelerator function in the programmable gate array based on the data from the application software (111). The hardware authentication module (113) is used to perform hardware authentication process.
The remote server (120) comprises of a customer key generator (121) and a customer database (122). The customer database (122) has a list of all the customers along with polynomial coefficients which are used to encrypt UIDs embedded in the programmable gate array and application software (111). The key generator (121) is used to form secure keys.
Referring now to FIG. 2, it shows a method of protecting the programmable gate array design according to an embodiment of the present invention. The method uses secure keys, UIDs, encrypted bit stream, as well as license server and software IDs for better protection of the design (hardware and software) in the programmable gate array against unauthorized utilization. Initially, as in step 200, a computer (110) and programmable gate array are powered up. Upon startup, the programmable gate array receives the current date and time from the computer (110) to authenticate the programmable gate array design. In step 201, the design in the programmable gate array is then disabled and a first secure key is generated from a first design UID which is a unique serial number embedded in the programmable gate array. At this stage, the programmable gate array reads the first design UID and encrypts/encapsulates it using current date and time based on a first polynomial and transmits it as a first secure key to the computer (110). In step 202, the application software (111) at the computer (100) encrypts the first secure key with a second design UID based on a second polynomial to generate a second secure key. Also in step 202, the application software (111) further encrypts the second secure key using Advanced Encryption Standard 256 (AES-256) before sending it to the remote server (120). Next, the remote server (120) receives the encrypted second secure key from the computer (110), and decrypts it using AES- 256 before identifying and authenticating the application software (111) by comparing the UIDs with the pre-stored customer database (122).
The customer database (122) at the remote server (120) also has a third polynomial for the generation of a third secure key. If the validation fails, the coefficient of the third polynomial is a KILL Key which is a unique pre-stored 256 bit number. The KILL Key is sent to the computer (110) as shown in decision 203 and step 204. Upon receiving the KILL Key, the application software (111) completely ceases to operate and the design is disabled as depicted in step 205. Finally, in step 206, the KILL Key is forwarded to the programmable gate array and the design inside it also gets completely deactivated.
However, if the validation is successful, the customer database (122) at the remote server (120) picks up the respective stored coefficients of the third polynomial and encrypts them with AES-256 to generate an encrypted third secure key. It then sends the encrypted third secure key to the application software (111) at the computer (110) as shown in decision 203 and step 207. Once the application software (111) receives the encrypted third secure key, it decrypts it to get the third secure key. Application software (111) further decrypts the third secure key using the third polynomial to get the activation code which carries a second design UID. The software authentication module (112) picks the second design UID from the activation code to match with the second design UID of the application software (111) along with the current date and time.
Finally, in step 208 and 209, the third secure key is forwarded to the programmable gate array by the application software (111). The programmable gate array then decrypts the third secure key using the third polynomial to get the activation code which carries a first design UID. The hardware authentication module (113) picks the first design UID from the activation code to match with the first design UID of the programmable gate array along with the current date and time. After the activation codes are properly extracted, only then the application software (111) and programmable gate array activate their respective designs. With this, the authentication process has completed successfully.
While embodiments of the invention have been illustrated and described, it is not intended that these embodiments illustrate and describe all possible forms of the invention. Rather, the words used in the specifications are words of description rather than limitation and various changes may be made without departing from the scope of the invention.

Claims

A method for protecting programmable gate array designs is characterized by the steps of:
a) disabling design in programmable gate array;
b) generating a first secure key by the programmable gate array, wherein the first secure key includes a first design unique identification (UID);
c) sending the first secure key from the programmable gate array to the computer (110);
d) generating a second secure key by the application software (111), wherein the second secure key includes the first design UID and the second design UID;
e) sending the second secure key to remote server (120);
f) decrypting the second secure key by the remote server (120) to extract the first design UID and the second design UID;
g) identifying and authenticating the application software (111) by comparing the UIDs with the pre-stored customer database (122);
h) if the authentication is successful, generating and sending an encrypted third secure key to the application software (111) at the computer (110);
i) decrypting the encrypted third secure key by the application software (111) to get the third secure key;
j) decrypting the third secure key using a third polynomial to get the activation code;
k) matching the activation code with the second design UID of the application software (111) along with the current date and time;
I) forwarding the third secure key from the application software (111) to the programmable gate array;
m) decrypting the third secure key by the programmable gate array using the third polynomial to get the activation code;
n) matching the activation code with the first design UID of the programmable gate array along with the date and time; and
o) activating the respective designs of both application software (111) and programmable gate array after activation codes are extracted.
2) The method as claimed in claim 1 , wherein the first secure key is generated by the steps of: a) identifying the first design UIO; and
b) encrypting the first design UID using current date and time based on a first polynomial. 3) The method as claimed in claim 1 , wherein the second secure key is generated by the steps of:
a) encrypting the first secure key with the second design UID based on a second polynomial; and
b) encrypting the second secure key using AES-256.
4) The method as claimed in claim 1 , wherein the encrypted third secure key is generated by the steps of:
a) extracting the respective stored coefficients of the third polynomial based on the first design UID and second design UID; and
b) encrypting them with AES-256.
5) The method as claimed in claim 1 , wherein if the authentication is unsuccessful, the method includes the steps of:
a) sending a KILL Key to the computer (110);
b) disabling the application software (111) completely;
c) forwarding the KILL Key to the programmable gate array; and
d) deactivating the design inside the programmable gate array com
PCT/MY2014/000081 2013-05-08 2014-04-28 A method for protecting a programmable gate array design WO2014182154A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2013700744 2013-05-08
MYPI2013700744A MY182400A (en) 2013-05-08 2013-05-08 A method for protecting a programmable gate array design

Publications (1)

Publication Number Publication Date
WO2014182154A1 true WO2014182154A1 (en) 2014-11-13

Family

ID=51261194

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2014/000081 WO2014182154A1 (en) 2013-05-08 2014-04-28 A method for protecting a programmable gate array design

Country Status (2)

Country Link
MY (1) MY182400A (en)
WO (1) WO2014182154A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108848153A (en) * 2018-06-08 2018-11-20 山东超越数控电子股份有限公司 A kind of high-availability cluster software License registration, Activiation method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020199110A1 (en) * 2001-06-13 2002-12-26 Algotronix Ltd. Method of protecting intellectual property cores on field programmable gate array
US8417965B1 (en) * 2010-04-07 2013-04-09 Xilinx, Inc. Method and circuit for secure definition and integration of cores

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020199110A1 (en) * 2001-06-13 2002-12-26 Algotronix Ltd. Method of protecting intellectual property cores on field programmable gate array
US8417965B1 (en) * 2010-04-07 2013-04-09 Xilinx, Inc. Method and circuit for secure definition and integration of cores

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108848153A (en) * 2018-06-08 2018-11-20 山东超越数控电子股份有限公司 A kind of high-availability cluster software License registration, Activiation method and system

Also Published As

Publication number Publication date
MY182400A (en) 2021-01-25

Similar Documents

Publication Publication Date Title
US8051297B2 (en) Method for binding a security element to a mobile device
JP4615601B2 (en) Computer security system and computer security method
CN102084313B (en) Systems and method for data security
CN111512608B (en) Trusted execution environment based authentication protocol
US8281115B2 (en) Security method using self-generated encryption key, and security apparatus using the same
CN113545006A (en) Remote authorized access locked data storage device
JP6927981B2 (en) Methods, systems, and devices that use forward secure cryptography for passcode verification.
CN107453880B (en) Cloud data secure storage method and system
CN109388961B (en) Security control method of storage device and storage device
CN103221957A (en) Secure software licensing and provisioning using hardware based security engine
CN102271037A (en) Key protectors based on online keys
JP2007013433A (en) Method for transmitting/receiving encrypted data and information processing system
JP2006295872A (en) Formation method of device-dependent key, confidential information lsi equipped with secret information function using the method, host equipment using the lsi, record medium with authentication function used for the host equipment, and mobile terminal with recording medium equipped with authentication function
US20100031045A1 (en) Methods and system and computer medium for loading a set of keys
CN104868998A (en) System, Device, And Method Of Provisioning Cryptographic Data To Electronic Devices
EP3292654B1 (en) A security approach for storing credentials for offline use and copy-protected vault content in devices
WO2005052768A1 (en) Secret information processing system and lsi
CN114175574A (en) Wireless security protocol
CN114091123A (en) Secure integrated circuit chip and protection method thereof
WO2018033017A1 (en) Terminal state conversion method and system for credit granting
CN113383510A (en) Multi-role unlocking of data storage devices
CA2553081C (en) A method for binding a security element to a mobile device
CN113316915A (en) Unlocking a data storage device
WO2014182154A1 (en) A method for protecting a programmable gate array design
JP2005303370A (en) Semiconductor chip, start program, semiconductor chip program, storage medium, terminal, and information processing method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14745241

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14745241

Country of ref document: EP

Kind code of ref document: A1