Patent Application
20080155151
The present disclosure generally relates to the field of security in integrated circuits. In particular, the present disclosure is directed to a programmable locking mechanism for secure applications in an integrated circuit.
A locking mechanism, such as a security access code mechanism, may be used in an integrated circuit (IC) in order to prevent an unauthorized entity from, for example, determining the state of sensitive logic on an IC chip when the IC chip is in use. In particular, for end users, such as card manufacturers, a security concern arises from having the chip manufacturers program the locking mechanism at wafer or module final test. Consequently, end users are continuously seeking increased capability to secure an IC chip at higher levels of assembly, such as at card or system level assembly.
A need exists for a programmable locking mechanism for secure applications in an integrated circuit, in order to prevent unauthorized access to a security code with which the locking mechanism may be unlocked.
In one embodiment, a programmable locking mechanism for an integrated circuit is provided. The locking mechanism includes an access code storage circuit for storing an access code, said access code storage circuit having a programming input for programming the access code into said access code storage circuit; a code input register for receiving an input code; a comparator circuit in communication with said access code storage circuit and said code input register, said comparator circuit having a output, said comparator circuit comparing the access code to the input code and generating an unlock signal to said output when the input code matches the access code and generating a lock signal to said output when the input code does not match the access code; and a blocking circuit having a first input in communication with said output, said blocking circuit being configured to block access to reading or modifying the access code via said programming input when said output includes a lock signal.
In another embodiment, a programmable locking mechanism for an integrated circuit is provided. The locking mechanism includes an access code storage circuit for storing an access code, said access code storage circuit including: one or more e-fuses, each of said one or more e-fuses configured to include an access code bit of said access code; a fuse blow enable input to said one or more e-fuses for controlling access to programming said one or more e-fuses; and an fsource input for programming said one or more e-fuses; a code input register for receiving a input code; a comparator circuit in communication with said access code storage circuit and said code input register, said comparator circuit having a output, said comparator circuit comparing the access code to the input code and generating an unlock signal to said output when the input code matches the access code and generating a lock signal to said output when the input code does not match the access code; and a blocking circuit having a first input in communication with said output, said blocking circuit being configured to block access to reading or modifying the access code via said programming input when said output includes a lock signal.
In yet another embodiment, a programmable locking mechanism for an integrated circuit. The locking mechanism includes an access code storage circuit for storing an access code, said access code storage circuit including: one or more e-fuses, each of said one or more e-fuses configured to include an access code bit of said access code; a fuse blow enable input to said one or more e-fuses for controlling access to programming said one or more e-fuses; and an fsource input for programming said one or more e-fuses; a code input register for receiving an input code; a comparator circuit in communication with said access code storage circuit and said code input register, said comparator circuit having a output, said comparator circuit comparing the access code to the input code and generating an unlock signal to said output when the input code matches the access code and generating a lock signal to said output when the input code does not match the access code; and a blocking circuit having a first input in communication with said output, said blocking circuit being configured to block access to reading the access code via said programming input by blocking said fuse blow enable input when said output includes a lock signal.
For the purpose of illustrating the invention, the drawings show aspects of one or more embodiments of the invention. However, it should be understood that the present invention is not limited to the precise arrangements and instrumentalities shown in the drawings, wherein:
In one embodiment, the present disclosure includes a programmable locking mechanism for use in an integrated circuit. In particular, the programmable locking mechanism may include an access code storage circuit for storing a security access code and a code input register the outputs of each feeding a comparator circuit that generates a locking signal. The state of the locking signal depends on whether the contents of the access code storage circuit and the code input register match. In one example, where the contents of the access code storage circuit and the code input register match, the locking signal may have an inactive state (e.g., generating an unlock signal). In another example, where the contents of the access code storage circuit and the code input register do not match, the locking signal may have an active state (e.g., generating a lock signal). Additionally, a blocking circuit is provided that allows or denies access to the access code storage circuit depending on the state of the locking signal. Additionally, the locking signal is distributed to sensitive logic circuits within the integrated circuit for preventing and/or allowing (depending on state) access thereto. In one example, only when a user provides an input code to the code input register that matches the contents of the access code storage circuit is the contents of the access code storage circuit and/or the sensitive logic circuits allowed to be read and/or updated in the field.
Programmable locking mechanism 100 may further include a code input register 116, which may be any register device that is capable of latching an input code 118 (e.g., an input code of at least the same number of bits as stored in access code storage circuit 112). In one example, when access code storage circuit is a 128-bit storage device, code input register 116 may be a 128-bit register for storing an 128-bit input code 118, which may be, for example, a serial or parallel input.
An output of access code storage circuit 112 feeds a first input of a comparator circuit 120 and an output of code input register 116 feeds a second input of comparator circuit 120. In one example, the outputs of access code storage circuit 112 and code input register 116 may each provide a serial or parallel input to comparator circuit 120. Comparator circuit 120 may be any digital comparator circuit for comparing at least two input values, such as two binary sets of n-bits. Comparator circuit 120 includes an output 121 for outputting a generated locking signal 122. In one example, when access code storage circuit 112 and code input register 116 are 128-bit devices, comparator circuit 120 may be a 128-bit comparator for comparing the two 128-bit words. Comparator circuit 120 generates an output locking signal 122 that may be a lock signal when the contents of access code storage circuit 112 and code input register 116 are not an exact match. By contrast, when the contents of access code storage circuit 112 and code input register 116 are an exact match, locking signal 122 may be an unlock signal state. In one example, when locking signal 122=a logical 1 value it may be a lock signal and when locking signal 122=a logical 0 value it may be an unlock signal. In another example, when locking signal 122=a logical 0 value it may be a lock signal and when locking signal 122=a logical 1 value it may be an unlock signal.
Locking signal 122 is distributed via output 121 of comparator circuit 120 to IC circuitry 124, which may be sensitive logic within integrated circuit 110 for which it is desired to control access. Locking signal 122 may be utilized to switch access restriction circuitry depending on the state of locking signal 122. Access restriction circuitry for blocking access to IC circuitry 124 is known to those of ordinary skill. Additionally, output 121 of comparator circuit 120 is physically and electrically connected to an input of a blocking circuit 126 that is configured to block access to reading an access code stored in access code storage circuit 112 by blocking the ability to read the access code via programming input 114. In one example, blocking circuit 126 is configured to physically block electrical transmission over programming input 114. In another example (discussed further below with respect to
In operation, in one example, integrated circuit 110 upon which is installed a programmable locking mechanism, such as programmable locking mechanism 100, is provided to the user with a security code that is preprogrammed, for example, at time of manufacturing test, within access code storage circuit 112. Subsequently, the user may install integrated circuit 110 within a card or system assembly. A user then provides input code 118 that is then stored within code input register 116. The contents of code input register 116 is compared to the contents of access code storage circuit 112 by use of comparator circuit 120. If the contents match exactly, locking signal 122 becomes an unlock signal and access to sensitive circuitry, such as IC circuitry 124, and to the security code storage device itself, such as to access code storage circuit 112, is authorized. By contrast, if the contents do not match exactly, locking signal 122 remains a lock signal and access to sensitive circuitry, such as IC circuitry 124, and to the security code storage device itself, such as to access code storage circuit 112, is blocked via blocking circuit 126.
An exemplary aspect of programmable locking mechanism 100 may provide improved security capability by use of the combination of access code storage circuit 112, code input register 116, and comparator circuit 120 in order to generate a locking mechanism, such as the signal LOCK, for controlling access to the sensitive circuitry within an integrated circuit, such as IC circuitry 124 of integrated circuit 110, as well as for controlling access to the security code storage device itself, such as to access code storage circuit 112 via blocking circuit 126. More details of example embodiments of programmable locking mechanisms may be found with reference to
EFuse access code storage circuit 212 may include any of a variety of access code storage circuit configuration including eFuses that are known in the art. In one example, access code storage circuit 212 may include a set of eFuses in electrical communication with a set of latches, with each eFuse having at least a corresponding respective one of the set of latches. The values of the bits stored in the eFuses may be sensed from the eFuses to the latches via sense circuitry, as is known in the art. The latches of the access code storage circuit 212 may then be compared with bits representing an input code as discussed above with respect to comparator circuit 220 of
Efuse access code storage circuit 212 may include a fuse blow enable input 214 for enabling one or more of the eFuses in access code storage circuit 212 to be electronically programmed selectively to include an appropriate bit of an access code to be stored therein. Fuse blow enable input 214 may be connected to, and/or include, circuitry (e.g., a programming NFET per eFuse) that is known in the art for providing the selectivity of programming the eFuses. Efuse access code storage circuit 212 may also include a programming input 215 (e.g., Fsource) for providing a programming voltage to one or more selected eFuses in access code storage circuit 212. The selectivity circuitry associated with fuse blow enable input 214 (depending on the state of a signal carried on fuse blow enable input 214 and as is known in the art) prevents the programming voltage of programming input 215 from programming (i.e., “blowing”) particular eFuses.
In one example, an output of eFuse storage circuit 212 may feed a first input of a comparator circuit 220 and an output of code input register 216 feeds a second input of comparator circuit 220. In another example, the outputs of eFuse storage circuit 212 and code input register 216 may each provide a serial or parallel input to comparator circuit 220. In still yet another example, the outputs of each of a set of latches in access code storage circuit 212 may be compared with the outputs of each of a set of latches in code input register 216 via comparator circuit 220. Comparator circuit 220 may be substantially identical to comparator circuit 120 of
The locking signal 222 is distributed via output 221 of comparator circuit 220 to IC circuitry 224, which may be sensitive logic within integrated circuit 210 for which it is desired to control access. Locking signal 222 may be utilized to switch access restriction circuitry depending on the state of locking signal 222. Access restriction circuitry for blocking access to IC circuitry 224 is known to those of ordinary skill. Additionally, output 221 of comparator circuit 220 is physically and electrically connected to a first input of a blocking circuit 226 (e.g., one or more logic gates, such as an AND gate, which may be a 2-input AND gate), that is configured to block access to reading an access code stored in eFuse storage circuit 212 by blocking the ability to read the access code via programming input 215, the Fsource. In particular, where blocking circuit 226 is an AND gate, fuse blow enable input 214 is electrically connected to a second input of AND gate 226 and provides a logical high output to selectivity circuitry of the eFuses of access code storage circuit 212 when the logical values of the two inputs to the AND gate are high. Thus, when fuse blow enable input 214 carries a logical high (e.g., a logical “1”) signal to enable fuse blow within access code storage circuit 212, locking signal 222 must include a logical high value to allow the fuse blow enable signal to reach the selectivity circuitry of the eFuses of access code storage circuit 212. In this example, comparator circuit 220 generates an unlock signal that includes a logical high value. Those of ordinary skill will recognize multiple variations of a blocking circuit 226 including one or more circuit elements, such as one or more logic gates, for allowing an unlock signal to include a logical low value (i.e., a logical “0”). If comparator circuit 220 generates a lock signal having a logical low value, then the output of AND gate 226 will be a logical low, which will not enable the selectivity circuits to allow a programming voltage from programming input 215 to pass to the eFuses of access code storage circuit 212. This will also block access via programming input 215 to reading any values stored in the eFuses of access code storage circuit 212 by disabling selectivity circuitry (e.g., a programming NFET per eFuse) such that there is no electrical connectivity between the eFuse bit value and the programming input 215.
For example, during an eFuse blow operation, fsource voltage input 215 that is set to a certain voltage level may be steered to a certain programming NFET of a certain eFuse by the selectivity circuitry that is controlled by fuse blow enable input 214. When the programming NFET associated with the eFuse is turned on for a certain duration of time electromigration occurs, in effect programming the eFuse (i.e., “blowing” the eFuse). Fuse blow enable input 214 is connected to a second input of AND gate 226 and is, therefore, gated by locking signal 222, which in this example may be a logical 0 value when locking signal 222 is a lock signal. Consequently, when locking signal 222 is a lock signal the ANDing function of AND gate 226 is not satisfied and, thus, any manipulation of fuse blow enable programming signal 214 and fsource voltage input 215 is ignored because the programming NFETS are controlled to the off states. In this way, the contents of eFuse storage circuit 212 is blocked from being sensed or modified. In an alternative example, the polarity of locking signal 222 and fuse blow enable programming signal 214 may be inverted and AND gate 226 may be a negative AND gate.
In operational example, integrated circuit 210 upon which is installed a programmable locking mechanism, such as programmable locking mechanism 200, is provided to the user with a security code that is preprogrammed, for example, at time of manufacturing test, within eFuse storage circuit 212. Subsequently, the user may install integrated circuit 210 within a card or system assembly. A user then provides an input code via input 218 that is then within code input register 216. The contents of code input register 216 are compared to the contents of eFuse storage circuit 212 by use of comparator circuit 220. If the contents match exactly, locking signal 222 is an unlock signal and access to sensitive circuitry, such as IC circuitry 224, and to the security code storage device itself, such as to eFuse storage circuit 212, is authorized. By contrast, if the contents do not match exactly, locking signal 222 is a lock signal and access to sensitive circuitry, such as IC circuitry 224, and to the security code storage device itself, such as to eFuse storage circuit 212, is blocked via AND gate 226.
Comparator circuit 320 includes an output 321 for outputting a generated locking signal 322. Additionally, generated locking signal 322 from comparator circuit 320 is physically and electrically connected to a blocking circuit 326, which in this example is a transistor (e.g., a wide low-resistance NFET device), that is connected in the path of a programming input 315 (e.g., an Fsource to a set of eFuses of access code storage circuit 312). Transistor 326 is configured to block access to reading an access code stored in eFuse storage circuit 312 by blocking the ability to read the access code via programming input 315. When locking signal 322 is a lock signal (e.g., when comparator circuit 320 generates a lock signal) any manipulation of fuse blow enable programming signal 314 and programming input 315 is ignored because transistor 326 is inactivated to block the electrical path of programming input 315. When programming input 315 is blocked by transistor 326, the contents of eFuse storage circuit 312 may not be accessed via programming input 315. In particular, locking signal 322 is connected to the gate of pass transistor 326 and, therefore, when locking signal 322 is an unlock signal (e.g., a logical 1 value), transistor 326 is turned on and Fsource voltage input 315 is allowed to connect to eFuse storage circuit 312 and programming of eFuse storage circuit 312 may be allowed. Also, reading the contents of eFuses within access code circuit 312 may occur via Fsource voltage input 315. By contrast, when locking signal 322 is a lock signal (e.g., a logical 0 value), transistor 326 is turned off and Fsource voltage input 315 is blocked from connecting to eFuse storage circuit 312 and, thus, any manipulation of fuse blow enable input 314 and fsource voltage input 315 is ignored, thereby blocking the contents of eFuse storage circuit 312 from being read or modified via programming input 315. In an alternative embodiment, the polarity of locking signal 322 may be inverted and transistor 326 may be a PFET device.
In other embodiments, the concepts of blocking circuits 126, 226, and/or 326 may be applied to other access code storage circuits, such as, but not limited to, an antifuse storage circuit or a flash memory storage circuit. In one example, the programming inputs of an antifuse storage circuit may be blocked by a locking signal. An antifuse may be a two-terminal device that is a highly resistive element in its unprogrammed state and is programmed to a low impedance. In another example, the programming inputs, such as the write/read control signals, of a flash memory storage circuit may be blocked by a locking signal.
Exemplary embodiments have been disclosed above and illustrated in the accompanying drawings. It will be understood by those skilled in the art that various changes, omissions and additions may be made to that which is specifically disclosed herein without departing from the spirit and scope of the present invention.
