Specific details of several embodiments of the disclosure are described below with reference to processes and apparatus for establishing a secured connection with a JTAG port. Several other embodiments of the invention may have different configurations, components, or procedures than those described in this section. A person of ordinary skill in the art, therefore, will accordingly understand that the invention may have other embodiments with additional elements, or the invention may have other embodiments without several of the elements shown and described below.
One aspect of the present disclosure is related to providing authentication processes and apparatus for authenticating access to a JTAG port in a chip. Embodiments of the processes can automatically identify permitted access to the JTAG ports and enable/disable the JTAG functions accordingly to prevent illegal access to the internal logic of the chip.
Another aspect of the present disclosure is related to a JTAG connection authentication system (the “system”). In certain embodiments, the system can be positioned between the test equipment and the chip to be tested. The system includes an access module having an interactive interface and authentication module. In certain embodiments, the authentication module is disposed in the chip and is connected with the TAP ports of the chip. The access module is connected with the TAP ports at the test equipment as well as the TAP ports of the chip. The access module and the authentication module include local private keys K and K′ for authentication.
Another aspect of the present disclosure is an authentication process for establishing a secured connection with JTAG ports. In certain embodiments, the authentication process can include the following operations:
A. One of the access module and the authentication module originates a authentication request, while the other generates a random number RN;
B. The access module calculates an authentication code X′ for RN using the local private key K′, and sends X′ to the authentication module;
C. The authentication module calculates an authentication code X for RN using the local private key K;
D. The authentication module compares X and X′, and decides whether to open the TAP port of the chip;
E. The authentication module returns the authentication result to the access module.
The above-mentioned operation A can further include the following operations:
A1. The access module originates the authentication request to the authentication module;
A2. The authentication module generates the RN and sends the generated RN to the access module after receiving the authentication request;
The above-mentioned operation A can further include the following operations:
A1′. The authentication module originates the authentication request to the access module;
A2′. The access module generates the RN after receiving the authentication request.
In operation B described above, the local private key K′ is used to calculate the authentication code X′ for RN, and the access module sends RN as well as X′ to the authentication module. In operation C described above, the authentication module, after receiving RN and X′, calculates the authentication code X using the local private key K.
Unlike the security fuse technique, the technique disclosed in the present application can be reversible and reusable. Further, compared with the technique using a security logic module, the disclosed technique is simple, and there is no need for passwords to enable/disable the JTAG ports. Furthermore, the disclosed technique reduces the risk of stolen of passwords.
Operation 1: the access module originates an authentication request to the authentication module;
Operation 2: The authentication module, after receiving the authentication request, generates a RN, and sends the generated RN to the access module;
Operation 3, the access module calculates an authentication code X′ based on the RN generated in Operation 2 using the local private key K′, and returns the calculated authentication code X′ to the authentication module while the authentication module calculates another authentication code X based on the RN generated using the local private K;
Operation 4: the authentication module compares the two authentication codes to determine whether they are the same: X=X′ or X≠X′, and decide whether to enable the TAP port on the chip;
Operation 5: the authentication module returns the result to the access module.
Operation 1: the authentication module generates an authentication request to the access module;
Operation 2: the access module generates a random number RN after receiving the authentication request, calculates the authentication code X′, and sends RN and X′ to the authentication module;
Operation 3: the authentication module, after receiving RN and X′, calculates the authentication code X based on RN using the local private key K;
Operation 4: the authentication module compares the two authentication codes to see whether they are the same: X=X′, or X≠X′, and to decide whether to enable the TAP port on the chip.
Operation 5: the authentication module returns the authentication result to the access module.
From the foregoing, it will be appreciated that specific embodiments of the invention have been described herein for purposes of illustration, but that various modifications may be made without deviating from the invention. Many of the elements of one embodiment may be combined with other embodiments in addition to or in lieu of the elements of the other embodiments. Accordingly, the invention is not limited except as by the appended claims.
Number | Date | Country | Kind |
---|---|---|---|
200610117452.3 | Oct 2006 | CN | national |