Integration of security modules on an integrated circuit
First Claim
Patent Images
1. An integrated circuit comprising:
- secure logic that requires protection; and
, secure assurance logic that protects the secure logic, the secure assurance logic including;
a plurality of protection modules for monitoring occurrence of insecure conditions, wherein the plurality of protection modules are interrelated such that each protection module monitors a different type of insecure condition, each protection module asserts an alarm signal when an associated insecure condition is detected, and a successful attack on the plurality of protection modules must simultaneously defeat at least two of the plurality of protection modules to gain access to the secure logic, and storing means for receiving and storing the alarm signals asserted by the plurality of protection modules.
8 Assignments
0 Petitions
Accused Products
Abstract
An integrated circuit includes secure logic that requires protection. Secure assurance logic protects the secure logic. The secure assurance logic includes a plurality of protection modules that monitor the occurrence of insecure conditions. Each protection module monitors a different type of insecure condition. Each protection module asserts an alarm signal when an associated insecure condition is detected. The alarm signals asserted by the plurality of protection modules are stored.
51 Citations
20 Claims
-
1. An integrated circuit comprising:
-
secure logic that requires protection; and
,secure assurance logic that protects the secure logic, the secure assurance logic including;
a plurality of protection modules for monitoring occurrence of insecure conditions, wherein the plurality of protection modules are interrelated such that each protection module monitors a different type of insecure condition, each protection module asserts an alarm signal when an associated insecure condition is detected, and a successful attack on the plurality of protection modules must simultaneously defeat at least two of the plurality of protection modules to gain access to the secure logic, and storing means for receiving and storing the alarm signals asserted by the plurality of protection modules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
a first register for receiving the alarm signals;
a second register for masking the alarm signals, the second register being used to prevent selected alarm signals from being propagated; and
,a third register for storing alarm signals that have not been masked by the second register.
-
-
3. An integrated circuit as in claim 1, wherein the plurality of protection monitors includes a high frequency monitor that detects when a monitored clock exceeds a predetermined frequency.
-
4. An integrated circuit as in claim 1, wherein the plurality of protection monitors includes a low frequency monitor that detects when a monitored clock is less than a predetermined frequency.
-
5. An integrated circuit as in claim 1, wherein the plurality of protection monitors includes a single event detector monitor that monitors single event upsets within the integrated circuit.
-
6. An integrated circuit as in claim 1, wherein the plurality of protection monitors includes a reset monitor that monitors an amount of times the integrated circuit is reset.
-
7. An integrated circuit as in claim 1, wherein the plurality of protection monitors includes a voltage detector that monitors for invalid voltage levels.
-
8. An integrated circuit as in claim 1, wherein the secure assurance logic additionally comprises a power-on-reset circuit for resetting the integrated circuit to a known state upon power-up of the integrated circuit.
-
9. A method for protecting secure logic within an integrated circuit, the method comprising the following steps:
-
(a) monitoring, by a plurality of projection modules, occurrence of insecure conditions, the plurality of protection modules being interrelated such that each protection module monitors occurrence of a different type of insecure condition, and a successful attack on the plurality of protection modules must simultaneously defeat at least two of the plurality of protection modules to gain access to the secure logic, including the following substep;
(a.1) asserting an alarm signal by a protection module from the plurality of protection modules, upon the protection module detecting an associated insecure condition; and
,(b) receiving and storing alarm signals asserted by the plurality of protection modules. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
(b.1) receiving the alarm signals into a first register;
(b.2) masking the alarm signals in accordance with values in a second register; and
,(b.3) storing in a third register alarm signals that have not been masked in substep (b.3).
-
-
11. A method as in claim 10, additionally comprising the following step:
(c) resetting the integrated circuit when an alarm signal is stored in the third register.
-
12. A method as in claim 9, wherein step (a) includes detecting when a monitored clock exceeds a predetermined frequency.
-
13. A method as in claim 9, wherein step (a) includes detecting when a monitored clock is less than a predetermined frequency.
-
14. A method as in claim 9, wherein step (a) includes detecting when single event upsets within the integrated circuit.
-
15. A method as in claim 9, wherein step (a) includes monitoring an amount of times the integrated circuit is reset.
-
16. A method as in claim 9, wherein step (a) includes monitoring for invalid voltage levels.
-
17. A method as in claim 9, additionally comprising the following step:
(c) resetting the integrated circuit to a known state upon power-up of the integrated circuit.
-
18. Secure assurance logic within an integrated circuit, the secure assurance logic protecting secure logic, the secure assurance logic comprising:
-
a plurality of protection modules for monitoring occurrence of insecure conditions, wherein the plurality of protection modules are interrelated such that each protection module monitors a different type of insecure condition, each protection module asserts an alarm signal when an associated insecure condition is detected, and a successful attack on the plurality of protection modules must simultaneously defeat at least two of the plurality of protection modules to gain access to the secure logic, and storing means for receiving and storing the alarm signals asserted by the plurality of protection modules. - View Dependent Claims (19, 20)
a first register for receiving the alarm signals;
a second register for masking the alarm signals, the second register being used to prevent selected alarm signals from being propagated; and
,a third register for storing alarm signals that have not been masked by the second register.
-
-
20. Secure assurance logic as in claim 18, wherein the plurality of protection monitors includes at least one of the following:
-
a high frequency monitor that detects when a monitored clock exceeds a predetermined frequency;
a low frequency monitor that detects when a monitored clock is less than a predetermined frequency;
a single event detector monitor that monitors single event upsets within the integrated circuit;
a reset monitor that monitors an amount of times the integrated circuit is reset; and
,a voltage detector that monitors for invalid voltage levels.
-
Specification