WO2014182154A1 - A method for protecting a programmable gate array design - Google Patents
A method for protecting a programmable gate array design Download PDFInfo
- Publication number
- WO2014182154A1 WO2014182154A1 PCT/MY2014/000081 MY2014000081W WO2014182154A1 WO 2014182154 A1 WO2014182154 A1 WO 2014182154A1 MY 2014000081 W MY2014000081 W MY 2014000081W WO 2014182154 A1 WO2014182154 A1 WO 2014182154A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- design
- secure key
- programmable gate
- gate array
- uid
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 230000004913 activation Effects 0.000 claims description 15
- 230000003213 activating effect Effects 0.000 claims description 2
- 238000010200 validation analysis Methods 0.000 description 2
- RWSOTUBLDIXVET-UHFFFAOYSA-N Dihydrogen sulfide Chemical compound S RWSOTUBLDIXVET-UHFFFAOYSA-N 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
Definitions
- the present invention relates to a method for protecting a programmable gate array design.
- IP Intellectual Property
- the present invention relates to a method for protecting a programmable gate array design.
- the method is characterized by the steps of disabling design in programmable gate array; generating a first secure key by the programmable gate array, wherein the first secure key includes a first design unique identification (UID); sending the first secure key from the programmable gate array to the computer (110); generating a second secure key by the application software (111), wherein it includes the first design UID and a second design UID; sending the second secure key to the remote server (120); decrypting the second secure key by the remote server (120) to extract the first design UID and the second design UID; identifying and authenticating the application software (111) by comparing the UIDs with the pre-stored customer database (122); generating and sending an encrypted third secure key to the application software (111) at the computer (110) if the authentication is successful; decrypting the encrypted third secure key by the application software (111) to get the third secure key; decrypting the third secure key using a third poly
- the first secure key is generated by the steps of identifying the first design UID and encrypting the first design UID using current date and time based on a first polynomial.
- the second secure key is generated by the steps of encrypting the first secure key with the second design UID based on a second polynomial and encrypting the second secure key using AES-256.
- the encrypted third secure key is generated by the steps of extracting the respective stored coefficients of the third polynomial based on the first design UID and second design UID and encrypting them with AES-256.
- the method for protecting the programmable gate array design includes the steps of sending a KILL Key to the computer (110); disabling the application software (111) completely; forwarding the KILL Key to the programmable gate array and deactivating the design inside the programmable gate array completely.
- FIG. 1 illustrates a system (100) for protecting a programmable gate array design.
- FIG. 2 illustrates a flow chart of a method for protecting a programmable gate array design according to an embodiment of the present invention.
- FIG. 1 illustrates a system (100) for protecting a programmable gate array design.
- the programmable gate array can either be Field Programmable Gate Array (FPGA), Programmable Logic Device (PLD) etc.
- the system (100) comprises of a computer (110) connected to a remote server (120).
- the computer (110) comprises of an application software (111) having a software authentication module (112) and a hardware accelerator (114) having a hardware authentication module (113).
- the function of the application software (111) is to transact data with the hardware accelerator (114). It receives data from the network and copies it to the hardware accelerator (114).
- the software authentication module (112) performs software authentication process.
- the hardware accelerator (114) is used to perform accelerator function in the programmable gate array based on the data from the application software (111).
- the hardware authentication module (113) is used to perform hardware authentication process.
- the remote server (120) comprises of a customer key generator (121) and a customer database (122).
- the customer database (122) has a list of all the customers along with polynomial coefficients which are used to encrypt UIDs embedded in the programmable gate array and application software (111).
- the key generator (121) is used to form secure keys.
- FIG. 2 shows a method of protecting the programmable gate array design according to an embodiment of the present invention.
- the method uses secure keys, UIDs, encrypted bit stream, as well as license server and software IDs for better protection of the design (hardware and software) in the programmable gate array against unauthorized utilization.
- a computer (110) and programmable gate array are powered up.
- the programmable gate array receives the current date and time from the computer (110) to authenticate the programmable gate array design.
- the design in the programmable gate array is then disabled and a first secure key is generated from a first design UID which is a unique serial number embedded in the programmable gate array.
- the programmable gate array reads the first design UID and encrypts/encapsulates it using current date and time based on a first polynomial and transmits it as a first secure key to the computer (110).
- the application software (111) at the computer (100) encrypts the first secure key with a second design UID based on a second polynomial to generate a second secure key.
- the application software (111) further encrypts the second secure key using Advanced Encryption Standard 256 (AES-256) before sending it to the remote server (120).
- AES-256 Advanced Encryption Standard 256
- the remote server (120) receives the encrypted second secure key from the computer (110), and decrypts it using AES- 256 before identifying and authenticating the application software (111) by comparing the UIDs with the pre-stored customer database (122).
- the customer database (122) at the remote server (120) also has a third polynomial for the generation of a third secure key. If the validation fails, the coefficient of the third polynomial is a KILL Key which is a unique pre-stored 256 bit number.
- the KILL Key is sent to the computer (110) as shown in decision 203 and step 204.
- the application software (111) completely ceases to operate and the design is disabled as depicted in step 205.
- step 206 the KILL Key is forwarded to the programmable gate array and the design inside it also gets completely deactivated.
- the customer database (122) at the remote server (120) picks up the respective stored coefficients of the third polynomial and encrypts them with AES-256 to generate an encrypted third secure key. It then sends the encrypted third secure key to the application software (111) at the computer (110) as shown in decision 203 and step 207.
- the application software (111) receives the encrypted third secure key, it decrypts it to get the third secure key.
- Application software (111) further decrypts the third secure key using the third polynomial to get the activation code which carries a second design UID.
- the software authentication module (112) picks the second design UID from the activation code to match with the second design UID of the application software (111) along with the current date and time.
- the third secure key is forwarded to the programmable gate array by the application software (111).
- the programmable gate array then decrypts the third secure key using the third polynomial to get the activation code which carries a first design UID.
- the hardware authentication module (113) picks the first design UID from the activation code to match with the first design UID of the programmable gate array along with the current date and time. After the activation codes are properly extracted, only then the application software (111) and programmable gate array activate their respective designs. With this, the authentication process has completed successfully.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Remote Sensing (AREA)
- Radar, Positioning & Navigation (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a method for protecting a programmable gate array design. The method uses secure keys, unique identifications (UIDs), encrypted bit stream, as well as license server and software IDs for better protection of a programmable gate array design.
Description
A METHOD FOR PROTECTING A PROGRAMMABLE GATE ARRAY DESIGN
FIELD OF INVENTION
The present invention relates to a method for protecting a programmable gate array design.
BACKGROUND OF THE INVENTION
Programmable gate array design needs to have a protection as it takes months to be developed but can easily be stolen by others. Traditionally, at user side, a secret encryption key is used to encrypt the configuration bit stream that implements the design. In recent years the technology for design protection of programmable gate arrays has been implemented with much effort, but people can still steal the design and get away without being prosecuted. Previously, US patent no. 7788502 B1 has disclosed a method to overcome these problems. It involves a secure exchange of Intellectual Property (IP) cores, whereby an authenticated design is loaded in a programmable gate array using a trusted loader. As the authentication information is known by the trusted framework agent, it is possible that the exposed keys may be leaked out during this stage.
In another US patent no. 2003/0190043 has disclosed a protection of software against use without permit. It introduces a second key stored in external unit to decrypt the encrypted part of software in order to prevent unauthorized utilization. However, in this approach, the external unit could be stolen or easily hacked by attackers to get the secret keys.
Therefore, there is a need to provide a method for protecting a programmable gate array design that addresses the above mentioned problems. SUMMARY OF INVENTION
The present invention relates to a method for protecting a programmable gate array design. The method is characterized by the steps of disabling design in programmable gate array; generating a first secure key by the programmable gate array, wherein the first secure key includes a first design unique identification (UID); sending the first secure key from the programmable gate array to the computer (110);
generating a second secure key by the application software (111), wherein it includes the first design UID and a second design UID; sending the second secure key to the remote server (120); decrypting the second secure key by the remote server (120) to extract the first design UID and the second design UID; identifying and authenticating the application software (111) by comparing the UIDs with the pre-stored customer database (122); generating and sending an encrypted third secure key to the application software (111) at the computer (110) if the authentication is successful; decrypting the encrypted third secure key by the application software (111) to get the third secure key; decrypting the third secure key using a third polynomial to get the activation code; matching the activation code with the second design UID of the application software (111) along with the current date and time; forwarding the third secure key from the application software (111) to the programmable gate array; decrypting the third secure key by the programmable gate array using the third polynomial to get the activation code; matching the activation code with the first design UID of the programmable gate array along with the date and time; and activating the respective designs of both application software (111) and programmable gate array after activation codes are extracted.
Preferably, the first secure key is generated by the steps of identifying the first design UID and encrypting the first design UID using current date and time based on a first polynomial.
Preferably, the second secure key is generated by the steps of encrypting the first secure key with the second design UID based on a second polynomial and encrypting the second secure key using AES-256.
Preferably, the encrypted third secure key is generated by the steps of extracting the respective stored coefficients of the third polynomial based on the first design UID and second design UID and encrypting them with AES-256.
Preferably, if the authentication is unsuccessful, the method for protecting the programmable gate array design includes the steps of sending a KILL Key to the computer (110); disabling the application software (111) completely; forwarding the KILL Key to the programmable gate array and deactivating the design inside the programmable gate array completely.
BRIEF DESCRIPTION OF THE DRAWINGS
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention.
FIG. 1 illustrates a system (100) for protecting a programmable gate array design.
FIG. 2 illustrates a flow chart of a method for protecting a programmable gate array design according to an embodiment of the present invention.
DESCRIPTION OF THE PREFFERED EMBODIMENT
A preferred embodiment of the present invention will be described herein below with reference to the accompanying drawings. In the following description, well known functions or constructions are not described in detail since they would obscure the description with unnecessary detail.
Reference is made initially to FIG. 1 , which illustrates a system (100) for protecting a programmable gate array design. The programmable gate array can either be Field Programmable Gate Array (FPGA), Programmable Logic Device (PLD) etc. The system (100) comprises of a computer (110) connected to a remote server (120).
The computer (110) comprises of an application software (111) having a software authentication module (112) and a hardware accelerator (114) having a hardware authentication module (113). The function of the application software (111) is to transact data with the hardware accelerator (114). It receives data from the network and copies it to the hardware accelerator (114). The software authentication module (112) performs software authentication process. The hardware accelerator (114) is used to perform accelerator function in the programmable gate array based on the data from the application software (111). The hardware authentication module (113) is used to perform hardware authentication process.
The remote server (120) comprises of a customer key generator (121) and a customer database (122). The customer database (122) has a list of all the customers along with polynomial coefficients which are used to encrypt UIDs
embedded in the programmable gate array and application software (111). The key generator (121) is used to form secure keys.
Referring now to FIG. 2, it shows a method of protecting the programmable gate array design according to an embodiment of the present invention. The method uses secure keys, UIDs, encrypted bit stream, as well as license server and software IDs for better protection of the design (hardware and software) in the programmable gate array against unauthorized utilization. Initially, as in step 200, a computer (110) and programmable gate array are powered up. Upon startup, the programmable gate array receives the current date and time from the computer (110) to authenticate the programmable gate array design. In step 201, the design in the programmable gate array is then disabled and a first secure key is generated from a first design UID which is a unique serial number embedded in the programmable gate array. At this stage, the programmable gate array reads the first design UID and encrypts/encapsulates it using current date and time based on a first polynomial and transmits it as a first secure key to the computer (110). In step 202, the application software (111) at the computer (100) encrypts the first secure key with a second design UID based on a second polynomial to generate a second secure key. Also in step 202, the application software (111) further encrypts the second secure key using Advanced Encryption Standard 256 (AES-256) before sending it to the remote server (120). Next, the remote server (120) receives the encrypted second secure key from the computer (110), and decrypts it using AES- 256 before identifying and authenticating the application software (111) by comparing the UIDs with the pre-stored customer database (122).
The customer database (122) at the remote server (120) also has a third polynomial for the generation of a third secure key. If the validation fails, the coefficient of the third polynomial is a KILL Key which is a unique pre-stored 256 bit number. The KILL Key is sent to the computer (110) as shown in decision 203 and step 204. Upon receiving the KILL Key, the application software (111) completely ceases to operate and the design is disabled as depicted in step 205. Finally, in step
206, the KILL Key is forwarded to the programmable gate array and the design inside it also gets completely deactivated.
However, if the validation is successful, the customer database (122) at the remote server (120) picks up the respective stored coefficients of the third polynomial and encrypts them with AES-256 to generate an encrypted third secure key. It then sends the encrypted third secure key to the application software (111) at the computer (110) as shown in decision 203 and step 207. Once the application software (111) receives the encrypted third secure key, it decrypts it to get the third secure key. Application software (111) further decrypts the third secure key using the third polynomial to get the activation code which carries a second design UID. The software authentication module (112) picks the second design UID from the activation code to match with the second design UID of the application software (111) along with the current date and time.
Finally, in step 208 and 209, the third secure key is forwarded to the programmable gate array by the application software (111). The programmable gate array then decrypts the third secure key using the third polynomial to get the activation code which carries a first design UID. The hardware authentication module (113) picks the first design UID from the activation code to match with the first design UID of the programmable gate array along with the current date and time. After the activation codes are properly extracted, only then the application software (111) and programmable gate array activate their respective designs. With this, the authentication process has completed successfully.
While embodiments of the invention have been illustrated and described, it is not intended that these embodiments illustrate and describe all possible forms of the invention. Rather, the words used in the specifications are words of description rather than limitation and various changes may be made without departing from the scope of the invention.
Claims
A method for protecting programmable gate array designs is characterized by the steps of:
a) disabling design in programmable gate array;
b) generating a first secure key by the programmable gate array, wherein the first secure key includes a first design unique identification (UID);
c) sending the first secure key from the programmable gate array to the computer (110);
d) generating a second secure key by the application software (111), wherein the second secure key includes the first design UID and the second design UID;
e) sending the second secure key to remote server (120);
f) decrypting the second secure key by the remote server (120) to extract the first design UID and the second design UID;
g) identifying and authenticating the application software (111) by comparing the UIDs with the pre-stored customer database (122);
h) if the authentication is successful, generating and sending an encrypted third secure key to the application software (111) at the computer (110);
i) decrypting the encrypted third secure key by the application software (111) to get the third secure key;
j) decrypting the third secure key using a third polynomial to get the activation code;
k) matching the activation code with the second design UID of the application software (111) along with the current date and time;
I) forwarding the third secure key from the application software (111) to the programmable gate array;
m) decrypting the third secure key by the programmable gate array using the third polynomial to get the activation code;
n) matching the activation code with the first design UID of the programmable gate array along with the date and time; and
o) activating the respective designs of both application software (111) and programmable gate array after activation codes are extracted.
2) The method as claimed in claim 1 , wherein the first secure key is generated by the steps of:
a) identifying the first design UIO; and
b) encrypting the first design UID using current date and time based on a first polynomial. 3) The method as claimed in claim 1 , wherein the second secure key is generated by the steps of:
a) encrypting the first secure key with the second design UID based on a second polynomial; and
b) encrypting the second secure key using AES-256.
4) The method as claimed in claim 1 , wherein the encrypted third secure key is generated by the steps of:
a) extracting the respective stored coefficients of the third polynomial based on the first design UID and second design UID; and
b) encrypting them with AES-256.
5) The method as claimed in claim 1 , wherein if the authentication is unsuccessful, the method includes the steps of:
a) sending a KILL Key to the computer (110);
b) disabling the application software (111) completely;
c) forwarding the KILL Key to the programmable gate array; and
d) deactivating the design inside the programmable gate array com
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
MYPI2013700744 | 2013-05-08 | ||
MYPI2013700744A MY182400A (en) | 2013-05-08 | 2013-05-08 | A method for protecting a programmable gate array design |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014182154A1 true WO2014182154A1 (en) | 2014-11-13 |
Family
ID=51261194
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/MY2014/000081 WO2014182154A1 (en) | 2013-05-08 | 2014-04-28 | A method for protecting a programmable gate array design |
Country Status (2)
Country | Link |
---|---|
MY (1) | MY182400A (en) |
WO (1) | WO2014182154A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108848153A (en) * | 2018-06-08 | 2018-11-20 | 山东超越数控电子股份有限公司 | A kind of high-availability cluster software License registration, Activiation method and system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020199110A1 (en) * | 2001-06-13 | 2002-12-26 | Algotronix Ltd. | Method of protecting intellectual property cores on field programmable gate array |
US8417965B1 (en) * | 2010-04-07 | 2013-04-09 | Xilinx, Inc. | Method and circuit for secure definition and integration of cores |
-
2013
- 2013-05-08 MY MYPI2013700744A patent/MY182400A/en unknown
-
2014
- 2014-04-28 WO PCT/MY2014/000081 patent/WO2014182154A1/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020199110A1 (en) * | 2001-06-13 | 2002-12-26 | Algotronix Ltd. | Method of protecting intellectual property cores on field programmable gate array |
US8417965B1 (en) * | 2010-04-07 | 2013-04-09 | Xilinx, Inc. | Method and circuit for secure definition and integration of cores |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108848153A (en) * | 2018-06-08 | 2018-11-20 | 山东超越数控电子股份有限公司 | A kind of high-availability cluster software License registration, Activiation method and system |
Also Published As
Publication number | Publication date |
---|---|
MY182400A (en) | 2021-01-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8051297B2 (en) | Method for binding a security element to a mobile device | |
JP4615601B2 (en) | Computer security system and computer security method | |
CN102084313B (en) | Systems and method for data security | |
CN111512608B (en) | Trusted execution environment based authentication protocol | |
US8281115B2 (en) | Security method using self-generated encryption key, and security apparatus using the same | |
CN113545006A (en) | Remote authorized access locked data storage device | |
JP6927981B2 (en) | Methods, systems, and devices that use forward secure cryptography for passcode verification. | |
CN107453880B (en) | Cloud data secure storage method and system | |
CN109388961B (en) | Security control method of storage device and storage device | |
CN103221957A (en) | Secure software licensing and provisioning using hardware based security engine | |
CN102271037A (en) | Key protectors based on online keys | |
JP2007013433A (en) | Method for transmitting/receiving encrypted data and information processing system | |
JP2006295872A (en) | Formation method of device-dependent key, confidential information lsi equipped with secret information function using the method, host equipment using the lsi, record medium with authentication function used for the host equipment, and mobile terminal with recording medium equipped with authentication function | |
US20100031045A1 (en) | Methods and system and computer medium for loading a set of keys | |
CN104868998A (en) | System, Device, And Method Of Provisioning Cryptographic Data To Electronic Devices | |
EP3292654B1 (en) | A security approach for storing credentials for offline use and copy-protected vault content in devices | |
WO2005052768A1 (en) | Secret information processing system and lsi | |
CN114175574A (en) | Wireless security protocol | |
CN114091123A (en) | Secure integrated circuit chip and protection method thereof | |
WO2018033017A1 (en) | Terminal state conversion method and system for credit granting | |
CN113383510A (en) | Multi-role unlocking of data storage devices | |
CA2553081C (en) | A method for binding a security element to a mobile device | |
CN113316915A (en) | Unlocking a data storage device | |
WO2014182154A1 (en) | A method for protecting a programmable gate array design | |
JP2005303370A (en) | Semiconductor chip, start program, semiconductor chip program, storage medium, terminal, and information processing method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14745241 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14745241 Country of ref document: EP Kind code of ref document: A1 |