Lockstep mechanism to ensure security in hardware at power-up

US 20050289355A1
Filed: 06/29/2004
Published: 12/29/2005
Est. Priority Date: 06/29/2004
Status: Active Grant

First Claim

Patent Images

1. A method of securing an electronic device, the method comprising:

initializing the electronic device in a disabled state;

receiving an access key vector;

comparing the access key vector to a stored access key; and

setting the electronic device to an enabled state based in part on a result of comparing the access key vector to the stored access key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of ensuring hardware security of a device, such as an integrated circuit having secure data stored thereon. The integrated circuit or other hardware device can implement one or more configurable fuses that limit access to one or more secure locations within the device. The secure locations may contain secure data. The state of the configurable fuses can be ensured, thereby limiting access to secure locations, by forcing the occurrence of a logical state prior to allowing access to hardware locations configured by the fuses. A configurable non-secure access code can be used to force the occurrence of the logical state. Receipt of the non-secure access code by the hardware device forces the occurrence of the hardware state, thereby ensuring access only to those secure locations configured by the fuses.

Citations

24 Claims

1. A method of securing an electronic device, the method comprising:
- initializing the electronic device in a disabled state;
  
  receiving an access key vector;
  
  comparing the access key vector to a stored access key; and
  
  setting the electronic device to an enabled state based in part on a result of comparing the access key vector to the stored access key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein setting the electronic device to the enabled state comprises setting the electronic device to the enabled state if the access key vector and stored access key have a predetermined relationship.
  - 3. The method of claim 2, wherein the predetermined relationship comprises an equality.
  - 4. The method of claim 2, wherein the predetermined relationship comprises a predetermined offset.
  - 5. The method of claim 1, wherein setting the device to the enabled state comprises performing an initialization procedure.
  - 6. The method of claim 1, wherein setting the device to the enabled state comprises:
    - sensing at least one fuse state; and
      
      enabling communication access to a module within the electronic device based in part on the fuse state.
  - 7. The method of claim 1, wherein setting the device to the enabled state comprises:
    - sensing a plurality of fuse states; and
      
      enabling communication access to a module within the electronic device based in part on the plurality of fuse states.
  - 8. The method of claim 1, wherein initializing the electronic device in the disabled state comprises initializing the electronic device in a disabled test access state.
  - 9. The method of claim 8, wherein the test access state comprises a boundary scan test access state.
  - 10. The method of claim 1, wherein receiving the access key vector comprises receiving a non-secure access key vector via a test interface.

11. A method of securing an electronic device, the method comprising:
- initializing the electronic device in a boundary scan test disabled state;
  
  receiving a non-secure access key vector via a boundary scan test interface;
  
  comparing the non-secure access key vector to a stored access key;
  
  performing an initialization process if the non-secure access key vector and the stored access key have a predetermined relationship;
  
  sensing at least one fuse state following the initialization process; and
  
  setting the electronic device to a boundary scan enabled state based in part on the at least one fuse state.
- View Dependent Claims (12)
- - 12. The method of claim 11, wherein receiving the non-secure access key comprises receiving within a predetermined boundary scan module a multiple bit non-secure access key value.

13. A secure electronic device, the device comprising:
- means for receiving a non-secure access key vector via a boundary scan test interface;
  
  means for comparing the non-secure access key vector to a stored access key;
  
  means for performing an initialization process if the non-secure access key vector and the stored access key have a predetermined relationship;
  
  means for sensing at least one fuse state following the initialization process; and
  
  means for setting the electronic device to a boundary scan enabled state based in part on the at least one fuse state.

14. A secure electronic device, the device comprising:
- a boundary scan interface configured to selectively provide a boundary scan access to the device based in part on a test access state;
  
  an unlock chain module configured to receive an access key vector via the boundary scan interface;
  
  an access key module configured to store an access key value; and
  
  a comparator configured to compare the and initialize the test access state based in part on a relationship of the access key vector to the access key value.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The device of claim 14, further comprising:
    - a hardware key module configured to store a secure hardware key value, and configured to be accessible to the boundary scan interface based in part on the test access state.
  - 16. The device of claim 14, further comprising:
    - at least one fuse configured to provide the test access state.
  - 17. The device of claim 14, wherein the access key vector comprises a non-secure access key vector.
  - 18. The device of claim 14, wherein the access key vector comprises a 64-bit vector.
  - 19. The device of claim 14, further comprising a reset module configured to receive an active reset signal from the comparator and initialize at least one register in response to the active reset signal.
  - 20. The device of claim 14, further comprising at least one override register configured to provide an override test access state that overrides the test access state.
  - 21. The device of claim 20, wherein the at least one override register comprises at least one software configurable register.
  - 22. The device of claim 14, wherein the boundary scan interface comprises a JTAG test interface.
  - 23. The device of claim 14, wherein the device comprises an application specific integrated circuit (ASIC).

24. A secure test system, the system comprising:
- a tester configured to store at least one test vector pre-pended by an access key vector;
  
  an electronic device having a test interface coupled to the tester, the electronic device comprising;
  
  a test access module configured to selectively provide a test access to the device based in part on a test access state;
  
  an unlock chain module configured to receive an access key vector via the boundary scan interface;
  
  an access key module configured to store an access key value; and
  
  a comparator configured to compare the and initialize the test access state based in part on a relationship of the access key vector to the access key value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Kitariev, Dimitri, Varadarajan, Srinivas, Shippee, Geoffrey

Granted Patent

US 8,255,700 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G01R 31/31719 Security aspects, e.g. prev...

G01R 31/318536 Scan chain arrangements, e....

Lockstep mechanism to ensure security in hardware at power-up

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Lockstep mechanism to ensure security in hardware at power-up

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links