FIELD OF INVENTION

The present invention relates to a method for protecting a programmable gate array design.

BACKGROUND OF THE INVENTION

Programmable gate array design needs to have a protection as it takes months to be developed but can easily be stolen by others. Traditionally, at user side, a secret encryption key is used to encrypt the configuration bit stream that implements the design. In recent years the technology for design protection of programmable gate arrays has been implemented with much effort, but people can still steal the design and get away without being prosecuted. Previously, US patent no. 7788502 B1 has disclosed a method to overcome these problems. It involves a secure exchange of Intellectual Property (IP) cores, whereby an authenticated design is loaded in a programmable gate array using a trusted loader. As the authentication information is known by the trusted framework agent, it is possible that the exposed keys may be leaked out during this stage.

In another US patent no. 2003/0190043 has disclosed a protection of software against use without permit. It introduces a second key stored in external unit to decrypt the encrypted part of software in order to prevent unauthorized utilization. However, in this approach, the external unit could be stolen or easily hacked by attackers to get the secret keys.

Therefore, there is a need to provide a method for protecting a programmable gate array design that addresses the above mentioned problems. SUMMARY OF INVENTION

The present invention relates to a method for protecting a programmable gate array design. The method is characterized by the steps of disabling design in programmable gate array; generating a first secure key by the programmable gate array, wherein the first secure key includes a first design unique identification (UID); sending the first secure key from the programmable gate array to the computer (110); generating a second secure key by the application software (111), wherein it includes the first design UID and a second design UID; sending the second secure key to the remote server (120); decrypting the second secure key by the remote server (120) to extract the first design UID and the second design UID; identifying and authenticating the application software (111) by comparing the UIDs with the pre-stored customer database (122); generating and sending an encrypted third secure key to the application software (111) at the computer (110) if the authentication is successful; decrypting the encrypted third secure key by the application software (111) to get the third secure key; decrypting the third secure key using a third polynomial to get the activation code; matching the activation code with the second design UID of the application software (111) along with the current date and time; forwarding the third secure key from the application software (111) to the programmable gate array; decrypting the third secure key by the programmable gate array using the third polynomial to get the activation code; matching the activation code with the first design UID of the programmable gate array along with the date and time; and activating the respective designs of both application software (111) and programmable gate array after activation codes are extracted.

Preferably, the first secure key is generated by the steps of identifying the first design UID and encrypting the first design UID using current date and time based on a first polynomial.

Preferably, the second secure key is generated by the steps of encrypting the first secure key with the second design UID based on a second polynomial and encrypting the second secure key using AES-256.

Preferably, the encrypted third secure key is generated by the steps of extracting the respective stored coefficients of the third polynomial based on the first design UID and second design UID and encrypting them with AES-256.

Preferably, if the authentication is unsuccessful, the method for protecting the programmable gate array design includes the steps of sending a KILL Key to the computer (110); disabling the application software (111) completely; forwarding the KILL Key to the programmable gate array and deactivating the design inside the programmable gate array completely. BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention.

FIG. 1 illustrates a system (100) for protecting a programmable gate array design.

FIG. 2 illustrates a flow chart of a method for protecting a programmable gate array design according to an embodiment of the present invention.

DESCRIPTION OF THE PREFFERED EMBODIMENT

A preferred embodiment of the present invention will be described herein below with reference to the accompanying drawings. In the following description, well known functions or constructions are not described in detail since they would obscure the description with unnecessary detail.

Reference is made initially to FIG. 1 , which illustrates a system (100) for protecting a programmable gate array design. The programmable gate array can either be Field Programmable Gate Array (FPGA), Programmable Logic Device (PLD) etc. The system (100) comprises of a computer (110) connected to a remote server (120).

The computer (110) comprises of an application software (111) having a software authentication module (112) and a hardware accelerator (114) having a hardware authentication module (113). The function of the application software (111) is to transact data with the hardware accelerator (114). It receives data from the network and copies it to the hardware accelerator (114). The software authentication module (112) performs software authentication process. The hardware accelerator (114) is used to perform accelerator function in the programmable gate array based on the data from the application software (111). The hardware authentication module (113) is used to perform hardware authentication process.

The remote server (120) comprises of a customer key generator (121) and a customer database (122). The customer database (122) has a list of all the customers along with polynomial coefficients which are used to encrypt UIDs embedded in the programmable gate array and application software (111). The key generator (121) is used to form secure keys.

Referring now to FIG. 2, it shows a method of protecting the programmable gate array design according to an embodiment of the present invention. The method uses secure keys, UIDs, encrypted bit stream, as well as license server and software IDs for better protection of the design (hardware and software) in the programmable gate array against unauthorized utilization. Initially, as in step 200, a computer (110) and programmable gate array are powered up. Upon startup, the programmable gate array receives the current date and time from the computer (110) to authenticate the programmable gate array design. In step 201, the design in the programmable gate array is then disabled and a first secure key is generated from a first design UID which is a unique serial number embedded in the programmable gate array. At this stage, the programmable gate array reads the first design UID and encrypts/encapsulates it using current date and time based on a first polynomial and transmits it as a first secure key to the computer (110). In step 202, the application software (111) at the computer (100) encrypts the first secure key with a second design UID based on a second polynomial to generate a second secure key. Also in step 202, the application software (111) further encrypts the second secure key using Advanced Encryption Standard 256 (AES-256) before sending it to the remote server (120). Next, the remote server (120) receives the encrypted second secure key from the computer (110), and decrypts it using AES- 256 before identifying and authenticating the application software (111) by comparing the UIDs with the pre-stored customer database (122).

The customer database (122) at the remote server (120) also has a third polynomial for the generation of a third secure key. If the validation fails, the coefficient of the third polynomial is a KILL Key which is a unique pre-stored 256 bit number. The KILL Key is sent to the computer (110) as shown in decision 203 and step 204. Upon receiving the KILL Key, the application software (111) completely ceases to operate and the design is disabled as depicted in step 205. Finally, in step 206, the KILL Key is forwarded to the programmable gate array and the design inside it also gets completely deactivated.

However, if the validation is successful, the customer database (122) at the remote server (120) picks up the respective stored coefficients of the third polynomial and encrypts them with AES-256 to generate an encrypted third secure key. It then sends the encrypted third secure key to the application software (111) at the computer (110) as shown in decision 203 and step 207. Once the application software (111) receives the encrypted third secure key, it decrypts it to get the third secure key. Application software (111) further decrypts the third secure key using the third polynomial to get the activation code which carries a second design UID. The software authentication module (112) picks the second design UID from the activation code to match with the second design UID of the application software (111) along with the current date and time.

Finally, in step 208 and 209, the third secure key is forwarded to the programmable gate array by the application software (111). The programmable gate array then decrypts the third secure key using the third polynomial to get the activation code which carries a first design UID. The hardware authentication module (113) picks the first design UID from the activation code to match with the first design UID of the programmable gate array along with the current date and time. After the activation codes are properly extracted, only then the application software (111) and programmable gate array activate their respective designs. With this, the authentication process has completed successfully.

While embodiments of the invention have been illustrated and described, it is not intended that these embodiments illustrate and describe all possible forms of the invention. Rather, the words used in the specifications are words of description rather than limitation and various changes may be made without departing from the scope of the invention.