Nowadays, there are lot of applications where remote update is an essential service. Indeed, in high volume sale products or space-based systems it is too expensive to retrieve the device in order to update it. Field Programmable Gate Arrays (FPGAs) are able to perform that with success through a network. However, this feature may give rise to security flaw like spoofing and replay attacks. These attacks consist in tampering the update of the hardware configuration or in replaying an old bitstream to downgrade the system. Several security schemes providing encryption and integrity checking of the bitstream have been proposed in the literature. However, they do not detect the replay of old FPGA configurations. Considering FPGA with embedded non-volatile memory, we propose a new protocol ensuring bitstream confidentiality, integrity and preventing old bitstreams replay. This work is the improvement and the implementation of previous presented ideas in order to achieve more flexibility. That is why we insist on the way to manage bitstream versions. We also evaluate the area and performance overhead of the proposed architecture.