Methods and apparatus for securely enabling features in highly integrated electronic circuits

US 5,247,577 A
Filed: 05/13/1992
Issued: 09/21/1993
Est. Priority Date: 05/13/1992
Status: Expired due to Term

First Claim

Patent Images

1. A computer security system to prevent unauthorized use of high level integrated optional features in an integrated circuit arrangement having a control unit, said security system comprising:

a first level of security for securely determining whether said optional features are to be enabled, comprising;

means for generating a multiplicity of unencrypted question values and encrypted answer values;

key means coupled to receive said unencrypted question values for generating a multiplicity of encrypted key values;

comparison means coupled to receive, respectively, said encrypted answer and encrypted key values;

and if said encrypted key values match said encrypted answer values, said comparison means signaling said control unit that said key means is authentic and that said high level integrated optional features are to be enabled, and;

a second level of security comprising means for securing said first level of security.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for securely providing an encryption scheme for a highly integrated circuit arrangement using external function-enabling keys. Unencrypted question and encrypted expected answer values are stored in question and answer registers respectively. The encrypted expected answer value is derived from a suitably secure encryption scheme. An external key chip incorporating a coding block implementing the identical encryption scheme is provided for each optional feature to be enabled. The unencrypted question value is routed to the input of the coding block. The coding block returns an encrypted key answer value to a comparator in the circuit arrangement. The encrypted key answer value is compared to the encrypted expected answer value stored in the answer register and, if equivalent, the comparator signals the circuit arrangement that a match has been found and that the optional function is to be enabled. The unencrypted questions values together with the associated expected answer values may be randomized according to any suitable randomization scheme. Determination of the expected answer values to circumvent the security feature in commercially viable quantities is greatly reduced.

Citations

46 Claims

1. A computer security system to prevent unauthorized use of high level integrated optional features in an integrated circuit arrangement having a control unit, said security system comprising:
- a first level of security for securely determining whether said optional features are to be enabled, comprising;
  
  means for generating a multiplicity of unencrypted question values and encrypted answer values;
  
  key means coupled to receive said unencrypted question values for generating a multiplicity of encrypted key values;
  
  comparison means coupled to receive, respectively, said encrypted answer and encrypted key values;
  
  and if said encrypted key values match said encrypted answer values, said comparison means signaling said control unit that said key means is authentic and that said high level integrated optional features are to be enabled, and;
  
  a second level of security comprising means for securing said first level of security.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer security system according to claim 1, wherein said means for securing said first level of security comprises time delay means for slowing key means response time.
  - 3. The computer security system according to claim 2, wherein said means for securing said first level of security comprises a key number upon which said first level of security depends, and wherein said key means indeterminably destroys said key number if said key means is invasively examined.
  - 4. The computer security system according to claim 2, wherein said means for securing said first level of security comprises means for destroying said key means after a fixed number of enablement cycles.
  - 5. The computer security system according to claim 1, wherein said means for securing said first level of security further comprises means for passing said unencrypted question values to said key means only when said integrated circuit arrangement is powered up.

6. In a computer security system comprising high level integrated optional features in an integrated circuit arrangement having a control unit, a method to prevent unauthorized use of high level integrated optional features comprising the steps of;
- providing a first level of security for securely determining whether said optional features are to be enabled comprising the steps of;
  
  generating a multiplicity of unencrypted question values and encrypted answer values;
  
  providing key means coupled to receive said unencrypted question values for generating a multiplicity of encrypted key values;
  
  providing comparison means coupled to receive, respectively, said encrypted answer and encrypted key values;
  
  and if said encrypted key values match said encrypted answer values, signaling said control unit that said key means is authentic and that said high level integrated optional features are to be enabled, and;
  
  providing a second level of security for securing said first level of security.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method according to claim 6, wherein securing said first level of security comprises slowing key means response time.
  - 8. The method according to claim 6, wherein securing said first level of security further comprises passing said unencrypted question values to said key means only when said integrated circuit arrangement is powered up.
  - 9. The method according to claim 6, wherein securing said first level of security comprises providing a key number upon which said first level of security depends, and indeterminably destroying said key number if said key means is invasively examined.
  - 10. The method according to claim 6, wherein securing said first level of security comprises destroying said key means after a fixed number of enablement cycles.

11. In an integrated computer processor system including a control unit, memory, and at least one high level integrated optional feature, a security system comprising:
- question value means for generating a multiplicity of question values;
  
  a key device coupled to receive said question values from said question value means, said key device transforming said question values to a multiplicity of key answer values;
  
  answer value means for generating a multiplicity of expected answer values; and
  
  ,comparison means coupled to said key device and said answer value means for receiving, respectively, said key answer values and said expected answer values;
  
  if said key answer values match said expected answer values, said comparison means signalling said CPU that said key device is authentic and that said high level integrated optional features are to be enabled.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 23, 24, 25)
- - 12. The security system as set forth in claim 11, wherein said question value means comprises question value storage means for storing said question values.
  - 13. The security system as set forth in claim 12, wherein said question value means further comprises:
    - random number means for providing a multiplicity of random question values; and
      
      ,first programming means for storing said random question values in said question value storage means, said first programming means coupled to receive said random question values from said random number means and thereafter programming said random question values into said question value storage means.
  - 14. The security system as set forth in claim 13, wherein said key device comprises a key chip, said key chip further comprising:
    - question value receiving means coupled to said first storage means for receiving said question values;
      
      a coding block coupled to said answer question receiving means for transforming said question values into said key answer values; and
      
      ,key answer value transmitting means coupled to said comparator means for transmitting said key answer values from said key chip to said comparator means, said control unit thereafter determining whether said key chip is authentic.
  - 15. The security system as set forth in claim 13, wherein said question value storage means comprises a first register.
  - 16. The security system as set forth in claim 15, wherein said first register comprises a 64 bit register.
  - 17. The security system as set forth in claim 16, wherein said question values comprise unencrypted question values.
  - 18. The security system as set forth in claim 17, wherein said answer value means comprise answer value storage means for storing a plurality of answer values.
  - 19. The security system as set forth in claim 18, wherein said answer value means further comprises:
    - expected answer generation means coupled to said random number means for generating said expected answer values according to an encryption scheme, said expected answer generation means receiving and transforming said random question values into said expected answer values; and
      
      ,second programming means for storing said expected answer values in said expected answer storage means, said second programming means coupled to receive said expected answer values from said expected answer generation means and programming said encrypted expected answer values into said answer value storage means.
  - 20. The security system as set forth in claim 19, wherein said answer value storage means comprises a second register.
  - 23. The security system as set forth in claim 19 further comprisingan automated test equipment (ATE) system, wherein said ATE system comprises said random number means, said answer value generation means, and said first and second programming means;
    - said random number means, said unexpected answer value generation means, and said first and second programming means, while said ATE system tests said integrated computer processor system after fabrication, cooperatively generating and storing said question values and said expected answer values in said question value and expected answer value storage means, respectively.
  - 24. The security system as set forth in claim 23, wherein said key device comprises a key chip, said key chip further comprising:
    - question value receiving means coupled to said question value means for receiving said question values;
      
      a coding block coupled to said answer value receiving means for transforming said question values into said key answer values; and
      
      ,key answer value transmitting means coupled to said comparison means for transmitting said key answer values from said key chip to said comparison means, said CPU thereafter determining whether said key chip is authentic.
  - 25. The security system as set forth in claim 24, wherein said comparison means comprises a comparator coupled to receive said key answer values and said expected answer values, and if said key answer values match said expected answer values, said comparator signalling said CPU that said key chip is authentic, said CPU thereafter enabling said high level optional integrated features.

26. In an integrated computer processor system including a central processing unit (CPU), memory, and at least one high level integrated optional feature, a security system comprising:
- a first storage means for storing an encoded question value;
  
  a key device coupled to receive said encoded question value from said first storage means, said key device transforming said encoded question value to a key answer value;
  
  a second storage means for storing an expected answer value; and
  
  ,a comparator coupled to receive said key answer value and said expected answer value, and if said key answer values match said expected answer values, said comparator signalling said CPU that said key chip is authentic, said CPU thereafter enabling said high level optional integrated feature.
- View Dependent Claims (21, 22, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 21. The security system as set forth in claim 26, wherein said second register comprises a 64 bit register.
  - 22. The security system as set forth in claim 21, wherein said answer values comprise encrypted expected answer values.
  - 27. The security system as set forth in claim 26, further comprising:
    - random number means for providing a multiplicity of random question values; and
      
      ,first programming means for storing said random question values in said first storage means, said programming means coupled to receive said random question values from said random number means and programming said random question values into said first storage means.
  - 28. The security system as set forth in claim 27, wherein said first storage means comprises a question value storage register for storing said question values.
  - 29. The security system as set forth in claim 28, wherein said question value storage register comprises a 64 bit register.
  - 30. The security system as set forth in claim 29, wherein said random question values comprise unencrypted question values.
  - 31. The security system as set forth in claim 30, wherein said answer value means further comprises:
    - expected answer value generation means coupled to said random number means for generating said question values according to an encryption scheme, said expected answer value generation means receiving said random values selected by said question value generation means and transforming said random question values into a multiplicity of encrypted expected answer values; and
      
      ,second programming means for storing said encrypted expected answer values in said second storage means, said programming means coupled to receive said encrypted expected answer values from said expected answer value generation means and programming said encrypted expected answer values into said second storage means.
  - 32. The security system as set forth in claim 31 further comprising an automated test equipment (ATE) system, wherein said ATE system comprises said random number means, said question value generation means, and said programming means;
    - said random number means, said expected answer value generation means, and said first and second programming means, while said ATE system tests said integrated computer processor system after fabrication, cooperatively generating and storing said question values and said expected answer values in said question value and expected answer value registers, respectively.
  - 33. The security system as set forth in claim 31, wherein said second storage means comprises an expected answer value storage register for storing said expected values.
  - 34. The security system as set forth in claim 33, wherein said expected answer value storage register comprises a 64 bit register.
  - 35. The security system as set forth in claim 34, wherein said expected answer values comprise encrypted answer values.

36. In an integrated computer processor system including a control unit, memory, and at least one high level integrated optional feature, a security method for preventing unauthorized use of said high level integrated optional features, said security method comprising the steps of:
- generating a multiplicity of question values;
  
  providing a key device to transform said question values into a plurality of key answer values;
  
  generating a plurality of expected answer values; and
  
  ,comparing said key answer values and said expected answer values in a comparison means;
  
  if said key answer values match said expected answer values;
  
  signalling said control unit that said key device is authentic and that said high level integrated optional features are to be enabled.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 37. The method as set forth in claim 36, wherein generating said multiplicity of question values comprises providing question value storage means for storing said question values.
  - 38. The method as set forth in claim 37, wherein generating said multiplicity of question values further comprises the steps of:
    - providing a multiplicity of random question values; and
      
      ,storing said random question values in said question value storage means.
  - 39. The method is set forth in claim 38, wherein said random question values are stored in a first register.
  - 40. The method as set forth in claim 39, wherein generating said question values comprises providing encrypted question values.
  - 41. The method according to claim 40, further comprising the steps of:
    - receiving a multiplicity of random question values transforming said random question values into a plurality of encrypted expected answer values according to an encryption scheme; and
      
      ,storing said encrypted expected answer values in an expected answer storage means.
  - 42. The method as set forth in claim 41, wherein storing said encrypted expected answer values in said expected answer storage means comprises storing said encrypted expected answer values in a second register.
  - 43. The method as set forth in claim 42, wherein said second register comprises a 64 bit register.
  - 44. The method as set forth in claim 41 further comprising the steps of:
    - providing an automated test equipment (ATE) system, wherein said ATE system comprises said random number means, said question value generation means, and said programming means;
      
      while said ATE system tests said integrated computer processor system after fabrication, cooperatively generating and storing said question values and said expected answer values in said question value and expected answer value storage means, respectively.
  - 45. The method as set forth in claim 44, wherein providing said key device comprises:
    - providing a key chip;
      
      receiving said question values in a coding block and transforming said question values into said key answer values; and
      
      ,transmitting said key answer values from said key chip to said comparison means, said control unit thereafter determining whether said key chip is authentic.
  - 46. The method as set forth in claim 45, wherein providing said comparison means comprises providing a comparator coupled to receive said key answer values and said expected answer values, and if said key answer values match said expected answer values, signalling said control unit that said key chip is authentic, said control unit thereafter enabling said high level optional integrated features.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Kardach, James, Bailey, Delbert D.
Primary Examiner(s)
Swann, Tod R.

Application Number

US07/882,285
Time in Patent Office

496 Days
Field of Search

380/3, 380/4, 380/23, 380/24, 380/25, 380/49, 380/50, 364/900
US Class Current

713/191
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 2209/08   Randomization, e.g. dummy o...

H04L 2209/12   Details relating to cryptog...

H04L 9/0625   with splitting of the data ...

H04L 9/0662   with particular pseudorando...

H04L 9/0897   involving additional device...

H04L 9/3271   using challenge-response

Methods and apparatus for securely enabling features in highly integrated electronic circuits

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for securely enabling features in highly integrated electronic circuits

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links