The present application claims priority to Japanese Priority Document JP 2001-250761, filed in the Japanese Patent Office on Aug. 21, 2001, the entire contents of which are incorporated herein by reference to the extent permitted by law.
1. Field of the Invention
The present invention relates to an integrated circuit, the circuit configuration of which is alterable (programmable) in accordance with a supplied configuration data, a method of circuit configuration and a program thereof, and, in particular, it relates to an integrated circuit having tamper resistance against falsification and/or unauthorized use of the configuration data thereof, to a method of its circuit configuration and a program thereof.
2. Description of the Related Art
The performance of programmable logic devices, whose circuit configuration can be freely modified and altered by the user, such as FPGAs (field programmable gate array), CPLDs (complex programmable logic device) and the like has shown steady improvements over the years, and is now approaching the level of gate arrays in terms of both cost and performance.
Further, because it is possible to dynamically modify the circuit configuration of these programmable devices during system operation, they are also referred to as reconfigurable devices. A reconfigurable device allows for various applications which are otherwise unrealizable with gate arrays having fixed circuit configurations.
For example, by changing the circuit configuration into an optimal configuration depending on the operating mode of a system, multiple functions may be realized with one reconfigurable device. As a result, the degree of integration of the circuits may in effect be increased.
Further, because configuration data specifying the circuit configuration of a reconfigurable device can be delivered via a network as is done with software, various countermeasures such as fixing deficiencies in or expanding hardware functionality, and the like after products have been shipped, which had conventionally been difficult, may be performed. For example, application to portable telephones whereby they are made compatible with arbitrary communications standards according to the distributed configuration data is much anticipated.
Because the configuration data of such programmable devices are prone to being falsified or used without authorization despite the fact that they are developed at and with enormous cost and effort, there is a need for some countermeasure to be taken in order to protect such proprietary information.
As an example of a method of protecting the confidentiality of a program executed by a CPU (central processing unit), there is disclosed in U.S. Pat. No. 4,465,901 (hereinafter referred to as reference 1) a method of configuring a CMP (crypto-microprocessor) having encryption/decryption functions and a secure memory built in a conventional CPU, and internally executing the program. Because this CMP has tamper-resistance, it is not possible to look into the execution process of a program internal to the CMP from the outside. Further, because the program is stored in the secure memory in an encrypted state, and is decrypted and executed inside the CMP, proprietary information thereof is protected to an extent dictated by the level of security of the encryption scheme.
However, because decryption keys and encryption schemes in CMPs are fixed from the production stage, they cannot be arbitrarily modified afterwards. Therefore, if the decryption key information internal to a CMP gets out or is leaked, there occurs a problem in that grave damage may be brought about.
Therefore, in reference 2 titled xe2x80x9cPrevention of illegal copying using a reconfigurable computerxe2x80x9d by Toru Ikuma et al., CSEC 2001, 2.21, there is described a method of improving tamper resistance by making it possible to alternate between hitherto proposed digital content protection schemes, such as the CMP mentioned above, using a reconfigurable device.
However, because the circuit for loading configuration data corresponding to each content protection scheme to the reconfigurable device is fixed as a dedicated circuit having a decryption key and a decryption function, there is great risk of suffering critical damage to the system should this portion be attacked, and the decryption key and decryption function be stolen.
On the other hand, in U.S. Pat. No. 5,349,249 (hereinafter referred to as reference 3), there is disclosed a method of disposing a plurality of security protection devices for restricting readback of the programmed contents in close proximity to a plurality of programmable configuration devices that constitute a programmable device.
These security protection devices are programmable just like the configuration devices are, and, after a program is written in the configuration devices, are programmed to assume a readback prohibiting state from a readback permitting state. Then, if any one of these security protection devices is programmed to be in the readback prohibiting state, the circuit is configured so as not to allow readback of the programmed contents of the configuration devices. As a result, leakage of programmed contents of the configuration devices is prevented.
For example, if the configuration devices and security protection devices mentioned above are configured on an EPROM (erasable and programmable read only memory), in which the program can be erased with ultraviolet rays, even if the security protection devices are located through reverse-engineering, because programs in the adjoining configuration devices are simultaneously erased when programs in these security protection devices are erased, obtaining useful information regarding the circuit configuration becomes difficult. According to reference 3, in a case where four security bits are included in a configuration device array of 9 bit rows by 48 bit columns, if these four security bits are erased, 32 to 80 of the 432 configuration bits are erased at the same time. With such a large amount of information constituting a logic circuit missing, reverse engineering becomes extremely difficult.
All of the related art disclosed in the respective references described above, however, are directed to the prevention of leakage of information already written in the devices, and do not disclose protection of the confidentiality of information prior to being written. In other words, if such information is always to be written in the device by the manufacturer prior to shipment of the product, the related art mentioned above for improving the tamper-resistance of the device itself is sufficient. However, for a reconfigurable device, whose configuration data is distributed via some route, such as the internet or a LAN for example, to which a reverse engineer can easily gain access and see the data contents, the related art described above cannot protect the confidentiality of the configuration data.
Therefore, the present invention provides an integrated circuit, the circuit configuration of which is reconfigurable in accordance with a configuration data to be supplied, for protecting the confidentiality of the configuration data to be supplied. The present invention also provides a method of circuit configuration thereof. Further, the present invention provides a program for a data processing apparatus for generating the configuration data for the integrated circuit.
An integrated circuit according to a first aspect of the present invention comprises a plurality of circuit blocks whose circuit configuration can be reconfigured in accordance with configuration data to be supplied, wherein the plurality of circuit blocks mentioned above include several types of circuit blocks each of which configures its circuit in accordance with the supplied configuration data based on a predetermined rule which differs for each of the circuit blocks.
Further, the several types of circuit blocks described above may include a first type of circuit block which alters its circuit configuration in accordance with the supplied configuration data, and a second type of circuit block which has a fixed and predetermined circuit configuration and about which the alteration of the circuit configuration in accordance with the configuration data mentioned above is not possible.
According to the integrated circuit of the first aspect of the present invention, the plurality of circuit blocks mentioned above include the several types of circuit blocks, in which circuits corresponding to the configuration data mentioned above are configured based on predetermined rules which differ for each of the several types of circuit blocks. For example, there are included the first type of circuit block which alters its circuit configuration in accordance with the supplied configuration data mentioned above, and the second type of circuit block having a fixed and predetermined circuit configuration, about which the alteration of the circuit configuration in accordance with the configuration data mentioned above is impossible. In each of the circuit blocks mentioned above, a circuit corresponding to the supplied configuration data is configured based on a circuit configuration rule corresponding to the circuit block type thereof.
Further, there may be provided a configuration alteration (reconfiguration) prohibiting circuit for determining whether or not a bit data of a predetermined value is inserted in a predetermined bit in the supplied configuration data mentioned above, and prohibiting alteration of the circuit configuration of the circuit block mentioned above in accordance with the determination thereof.
A method of circuit configuration according to a second aspect of the present invention is a method of circuit configuration for an integrated circuit having a plurality of circuit blocks whose circuit configuration is alterable in accordance with configuration data to be supplied, the method comprising the steps of: generating the configuration data mentioned above in accordance with information regarding a circuit to be configured in the integrated circuit mentioned above; converting the generated configuration data above in accordance with information on a circuit configuration rule which differs for each of several types of circuit blocks included in the plurality of circuit blocks mentioned above; supplying the converted configuration data above to the integrated circuit mentioned above; and configuring circuits corresponding to the supplied configuration data above in the circuit blocks mentioned above based on the circuit configuration rules corresponding to the respective circuit block types.
In the method of circuit configuration according to the second aspect of the present invention, the configuration data mentioned above is generated in accordance with information regarding the circuit above to be configured in the integrated circuit. The configuration data thus generated is converted in accordance with information regarding the circuit configuration rule which differs for each of the several types of circuit blocks included in the plurality of circuit blocks mentioned above. The configuration data thus converted is supplied to the integrated circuit mentioned above, upon which a circuit corresponding to the supplied configuration data is configured in the circuit blocks based on the circuit configuration rules mentioned above corresponding to the respective circuit block types.
Further, in generating the configuration data as mentioned above, a configuration data specifying the circuit configuration of a first type of circuit block whose circuit configuration is alterable and the connection between the first type of circuit block mentioned above and a second type of circuit block having a fixed circuit configuration may be generated. In configuring the circuit as mentioned above, depending on the configuration data mentioned above, the first type of circuit block may be configured while at the same time, the first type of circuit block may be connected with the second type of circuit block.
Still further, in converting the configuration data as mentioned above, a bit data of a predetermined value may be inserted in a predetermined bit in the configuration data generated above corresponding to predetermined information for lifting a circuit configuration alteration (reconfiguration) prohibition of the circuit blocks. In configuring the circuit as mentioned above, it may be determined whether or not the bit data of the predetermined value is inserted in the predetermined bit in the configuration data, and alteration of the circuit configuration of the circuit blocks mentioned above may be prohibited depending on the resulting determination.
A program according to a third aspect of the present invention is a program for a data processing apparatus for generating a configuration data for an integrated circuit having a plurality of circuit blocks whose circuit configuration is alterable in accordance with the supplied configuration data, wherein the program comprises the steps of: generating the configuration data in accordance with the information on the circuit to be configured in the integrated circuit; and converting the configuration data generated above in accordance with information regarding a circuit configuration rule which differs for each of the several types of circuit blocks included in the plurality of circuit blocks mentioned above.
Further, in generating the configuration data described above, the configuration data may be generated in accordance with the circuit information as well as the configuration rule information, and may specify the circuit configuration of the first type of circuit block whose circuit configuration is alterable, and the connection between the first type of circuit block and the second type of circuit block having a fixed circuit configuration.
Still further, in converting the configuration data mentioned above, a bit data of a predetermined value may be inserted in a predetermined bit of the configuration data in accordance with predetermined information prohibiting alteration of the circuit configuration of the circuit block.