CHIP AUTHENTICATION USING MULTI-DOMAIN INTRINSIC IDENTIFIERS

US 20140100807A1
Filed: 10/10/2012
Published: 04/10/2014
Est. Priority Date: 10/10/2012
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating an integrated circuit chip, comprising:

establishing multiple domains for the chip;

recording at least one identification string from each of a first subset of domains from the multiple domains of the chip during manufacture of the chip, wherein the first subset comprises at least two domains;

receiving a second subset of identification strings from at least two domains of the chip during an authentication attempt, wherein the second subset of the identification strings is a subset of the first subset of identification strings;

comparing the second subset of the received identification strings with the recorded identification strings; and

designating the chip as authentic in response to a third subset of the received identification strings matching recorded identification strings, wherein the third subset of the identification strings is a subset of the second subset of identification strings.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide a chip authentication system using multi-domain intrinsic identifiers. Multiple intrinsic identifiers taken from multiple domains (areas or sections of the chip) are compared against the intrinsic identifiers collected during the manufacture of the chip. If at least one intrinsic identifier matches those collected during manufacture, the chip may be designated as authentic.

Citations

20 Claims

1. A method for authenticating an integrated circuit chip, comprising:
- establishing multiple domains for the chip;
  
  recording at least one identification string from each of a first subset of domains from the multiple domains of the chip during manufacture of the chip, wherein the first subset comprises at least two domains;
  
  receiving a second subset of identification strings from at least two domains of the chip during an authentication attempt, wherein the second subset of the identification strings is a subset of the first subset of identification strings;
  
  comparing the second subset of the received identification strings with the recorded identification strings; and
  
  designating the chip as authentic in response to a third subset of the received identification strings matching recorded identification strings, wherein the third subset of the identification strings is a subset of the second subset of identification strings.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein recording at least one identification string from each domain of the chip during manufacture of the chip comprises recording identification strings derived from an intrinsic physical property of the chip.
  - 3. The method of claim 2, wherein recording identification strings derived from an intrinsic physical property of the chip comprises recording identification strings derived from a retention bitmap.
  - 4. The method of claim 3, wherein recording identification strings derived from a retention bitmap comprises inverting logical values of the retention bitmap.
  - 5. The method of claim 3 wherein recording identification strings derived from a retention bitmap comprises recording a lower bound retention bitmap and an upper bound retention bitmap for each domain.
  - 6. The method of claim 3, wherein recording identification strings derived from a retention bitmap comprises recording an encrypted identification string.
  - 7. The method of claim 1, wherein establishing multiple domains for the chip comprises establishing multiple domains of at least two different sizes.
  - 8. The method of claim 3, wherein recording identification strings derived from a retention bitmap comprises:
    - processing each of the identification strings with a one-way hash function to derive a hash value for each of the identification strings; and
      
      recording each hash value.
  - 9. The method of claim 1, wherein designating the chip as authentic comprises matching exactly one received identification string with a recorded identification string.
  - 10. The method of claim 1, wherein designating the chip as authentic comprises matching two to ten received identification strings with recorded identification strings.
  - 11. The method of claim 1, further comprising designating the chip as inauthentic in response to receiving the same set of identification strings in two consecutive authentication attempts.

12. A method for generating authentication information for a chip, comprising:
- generating at least one retention bitmap for a plurality of domains of the chip; and
  
  creating an identification string for each generated retention bitmap.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, further comprising:
    - generating a lower bound retention bitmap and an upper bound retention bitmap for each domain.
  - 14. The method of claim 12, wherein establishing multiple domains for the chip comprises storing a location designator for each domain.
  - 15. The method of claim 12, wherein creating an identification string for each generated retention bitmap comprises inverting logical values of the generated retention bitmap.
  - 16. The method of claim 12, further comprising transmitting at least one identification string for at least two domains, wherein the at least two domains are selected randomly.
  - 17. The method of claim 12, further comprising:
    - sending an authentication request to a manufacturing authenticating system;
      
      receiving a challenge response from the manufacturing authenticating system, wherein the challenge response contains an error count range;
      
      selecting domains that correspond to retention bitmaps having error counts within the error count range; and
      
      transmitting identification strings corresponding to the retention bitmaps of the selected domains.

18. A chip authentication system, comprising:
- a chip, the chip comprising a testing interface;
  
  a chip tester, the chip tester configured and disposed to communicate with the chip via the testing interface, wherein the chip tester further comprises a network interface;
  
  a manufacturing authenticating system, wherein the manufacturing authenticating system comprises a network interface; and
  
  a database comprising at least two identification strings for the chip.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the testing interface comprises a JTAG interface.
  - 20. The system of claim 18, wherein the chip tester and the manufacturing authenticating system are configured and disposed to communicate with each other via the Internet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Marvell Asia Pte Limited (Marvell Technology Group Limited)
Original Assignee
International Business Machines Corporation
Inventors
Rosenblatt, Sami, Fainstein, Daniel Jacob, Kirihata, Toshiaki

Granted Patent

US 9,202,040 B2
Time in Patent Office

Days
Field of Search
US Class Current

702/82
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/73   by creating or determining ...

H04L 2209/12   Details relating to cryptog...

H04L 9/0866   involving user or device id...

H04L 9/3278   using physically unclonable...

CHIP AUTHENTICATION USING MULTI-DOMAIN INTRINSIC IDENTIFIERS

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CHIP AUTHENTICATION USING MULTI-DOMAIN INTRINSIC IDENTIFIERS

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links