A pay-per-use Intellectual Property (IP) licensing model that can protect IPs from multiple participants will benefit the FPGA IP market and Small to Medium Enterprises (SMEs). Existing protection solutions in modern FPGA devices rely on dedicated decryption engines that use cryptographic keys, which require programming them in a trusted environment. Since designs from multiple participants need protection in a typical licensing scenario, it requires a trusted third party for key programming and encryption tasks. These requirements led to the proposition of several licensing schemes; however, they do not address several security and flexibility challenges. Therefore, in this work, we propose a pay-per-device IP licensing scheme that is secure, less restrictive for the system developer and offers protection against malicious IP cores. The scheme relies on a Security Framework (SFW) that provides a Trusted Execution Environment (TEE), which handles key storage, cryptographic operations, and security monitoring. A device running the SFW can be considered a trusted platform that provides a direct secure path for the IP from its vendor to the device’s TEE, where it is decrypted, analyzed and, then configured on the programmable logic.

中文翻译：

---

在异构SoC中使用和扩展受信任的执行环境，以实现按设备付费IP许可方案

可以保护IP免受多个参与者侵害的按使用付费的IP（IP）许可模型将使FPGA IP市场和中小型企业（SME）受益。现代FPGA设备中的现有保护解决方案依赖于使用加密密钥的专用解密引擎，这需要在受信任的环境中对其进行编程。由于来自多个参与者的设计在典型的许可场景中需要保护，因此需要受信任的第三方来执行密钥编程和加密任务。这些要求导致提出了几种许可计划。但是，它们没有解决几个安全性和灵活性方面的挑战。因此，在这项工作中，我们提出了一种按设备付费的IP许可方案，该方案安全，对系统开发人员的限制较少，并提供针对恶意IP内核的保护。该方案依赖于提供可信任执行环境（TEE）的安全框架（SFW），该环境可处理密钥存储，加密操作和安全监视。可以将运行SFW的设备视为可信任的平台，该平台可为IP提供从其供应商到设备的TEE的直接安全路径，在该路径上解密，分析然后在可编程逻辑上对其进行配置。