Hardware key control of debug interface

US 7,509,250 B2
Filed: 11/04/2005
Issued: 03/24/2009
Est. Priority Date: 04/20/2005
Status: Active Grant

First Claim

Patent Images

1. An apparatus having at least three modes comprising an enclosure that houses:

debug functionality;

a debug interface communicatively coupled to the debug functionality;

a main system power supply, comprising a battery and external power source interface;

a hardware key interface; and

an authorized hardware key, wherein the authorized hardware key indicates a mode of the at least three modes to the apparatus, and wherein the at least three modes comprise;

(i) a test mode that permits the opening of the enclosure and enables communications over the debug interface, (ii) a stored mode that disables communications over the debug interface, enables protection mechanisms, and enables the battery to power the apparatus, and (iii) an in-service mode that disables communications over the debug interface, enables protection mechanisms, and enables the external power source interface to power the apparatus.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a system comprises debug functionality, a debug interface communicatively coupled to the debug functionality, and a hardware key interface. Communication with the debug functionality over the debug interface is not permitted if an authorized hardware key is not communicatively coupled to the hardware key interface.

Citations

28 Claims

1. An apparatus having at least three modes comprising an enclosure that houses:
- debug functionality;
  
  a debug interface communicatively coupled to the debug functionality;
  
  a main system power supply, comprising a battery and external power source interface;
  
  a hardware key interface; and
  
  an authorized hardware key, wherein the authorized hardware key indicates a mode of the at least three modes to the apparatus, and wherein the at least three modes comprise;
  
  (i) a test mode that permits the opening of the enclosure and enables communications over the debug interface, (ii) a stored mode that disables communications over the debug interface, enables protection mechanisms, and enables the battery to power the apparatus, and (iii) an in-service mode that disables communications over the debug interface, enables protection mechanisms, and enables the external power source interface to power the apparatus.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1, further comprising a hardware key monitor, wherein the hardware key monitor determines when a hardware key is communicatively coupled to the hardware key interface and whether the hardware key is an authorized hardware key.
  - 3. The apparatus of claim 1, comprising an anti-tamper functionality to prevent physical access to components to components housed within the enclosure comprising an anti-tamper response mechanism for performing at least one anti-tamper related action.
  - 4. The apparatus of claim 3, wherein the application-specific functionality comprises the debug functionality.
  - 5. The apparatus of claim 1, wherein the hardware key interface comprises at least one of:
    - a connector for physically coupling the hardware key to the hardware key interface and a wireless interface for wirelessly communicatively coupling the authorized key to the hardware key interface.
  - 6. The apparatus of claim 1, wherein the debug interface comprises a JTAG interface.
  - 7. The apparatus of claim 1, wherein the hardware key interface comprises at least one of a universal serial bus interface and a RS-232 serial interface.

8. An apparatus comprising:
- debug functionality;
  
  a debug interface communicatively coupled to the debug functionality; and
  
  a hardware key interface comprising a clock line on which a clock signal is output by a hardware key when the hardware key is communicatively coupled to the hardware key interface, wherein the clock signal is used to clock data communicated over the hardware key interface between the hardware key and the apparatus, wherein communication with the debug functionality over the debug interface is not permitted unless key information is received from a hardware key communicatively to the hardware key interface, wherein the key information comprises a key bit stream, andwherein the apparatus receives a polynomial from the hardware key via the hardware key interface and uses the polynomial to generate the key bit stream to determine if the received data comprises the key bit stream.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The apparatus of claim 8, wherein when data is received from the hardware key, the apparatus determines if the received data comprises the key information.
  - 10. The apparatus of claim 9, wherein the apparatus determines if the received data comprises the key bit stream.
  - 11. The apparatus of claim 8, further comprising anti-tamper functionality.
  - 12. The apparatus of claim 8, further comprising a clock, wherein when the hardware key is communicatively coupled to the hardware key interface, the clock is used to synchronize, to the clock signal received on the clock line of the hardware key interface, at least a portion of processing performed by the apparatus.
  - 13. The apparatus of claim 8, wherein the debug interface comprises a JTAG interface.
  - 14. The apparatus of claim 8, wherein the hardware key interface comprises a wireless interface for communicatively coupling the hardware key to the hardware key interface.
  - 15. The apparatus of claim 8, wherein the polynomial comprises a seed value and one or more attributes used to generate the key bit stream.
  - 16. The apparatus of claim 8, wherein the key bit stream is generated using a linear shift feedback register that outputs a stream cipher, wherein the polynomial comprises a seed value, a length of the linear shift feedback register, and one or more taps of the linear shift feedback register.

17. A method comprising:
- determining when a debug device external to a system is attempting to communicate over a debug interface of the system, wherein the system has at least three modes; and
  
  when the debug device external to the system is attempting to communicate over the debug interface;
  
  determining if an authorized hardware key is communicatively coupled to the system;
  
  using the authorized hardware key, determining if the system is in one of the at least three modes, comprising a test mode, stored mode, and an in-service mode, wherein the test mode comprises permitting the opening of the enclosure and enabling communications over the debug interface, wherein the stored mode comprises disabling communications over the debug interface, enabling protection mechanisms, and enabling a battery to power the apparatus, and wherein the in-service mode comprises disabling communications over the debug interface, enabling protection mechanisms, and enabling an external power source interface to power the apparatus; and
  
  preventing communications from occurring over the debug interface between the debug device and the system if an authorized hardware key is not communicatively coupled to the system and if the system is not in the test mode.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein when the debug device external to the system is attempting to communicate over the debug interface, permitting communications over the debug interface between the debug device and the system if an authorized hardware key is communicatively coupled to the system and if the system is determined to be in a test mode.
  - 19. The method of claim 17, wherein when the debug device external to the system is attempting to communicate over the debug interface, considering an intrusion attempt to have occurred if an authorized hardware key is not communicatively coupled to the system.
  - 20. The method of claim 17, wherein determining if an authorized hardware key is communicatively coupled to the system comprises at least one of determining if an authorized hardware key is physically coupled to a connector of the system and determining if an authorized key is wirelessly coupled to a wireless interface of the system.

21. An apparatus comprising:
- an enclosure, housing;
  
  application-specific functionality comprising debug functionality; and
  
  a debug interface to communicatively couple a debug device to the apparatus, wherein the debug interface is physically accessible outside of the enclosure in order to communicate with the debug functionality, wherein the debug device is not permitted to communicate with the debug functionality unless an authorized hardware key is communicatively coupled to the apparatus, wherein the authorized hardware key indicates a mode out of at least three modes to the apparatus, wherein the at least three modes comprise a first mode permitting both communication with the debug functionality over the debug interface and the opening of the enclosure, a second mode not permitting communication with the debug functionality over the debug interface and enabling protection mechanisms, and enabling the battery to power the apparatus, while not inhibiting the physical coupling between the debug device and the apparatus, and a third mode not permitting communication with the debug functionality over the debug interface, enabling protection mechanisms, and enabling an external power source to power the apparatus.
- View Dependent Claims (22, 23)
- - 22. The apparatus of claim 21, further comprising a hardware key monitor to determine when the authorized hardware key is communicatively coupled to the apparatus.
  - 23. The apparatus of claim 21, further comprising a hardware key interface to communicatively couple the authorized hardware key to the apparatus.

24. An apparatus comprising:
- a hardware key interface to communicatively couple a hardware key to the apparatus, wherein the apparatus comprises at least three modes;
  
  a hardware key monitor to determine when the hardware key is communicatively coupled to the apparatus and to determine if the hardware key is authorized and to change one of the at least three modes, wherein the at least three modes comprise a test mode, a stored mode, and an in-service mode, and wherein the test mode permits the opening of the enclosure and enables communications over the debug interface,the stored mode disables communications over the debug interface, enables protection mechanisms, and enables a battery to power the apparatus, andthe in-service mode disables communications over the debug interface, enables protection mechanisms, and enables a external power source interface to power the apparatus; and
  
  an output that indicates that when communications should not be permitted over a debug interface, wherein the output indicates that communication should not be permitted over the debug interface if;
  
  (i) a hardware key is not communicatively coupled to the hardware key interface, (ii) if a hardware key is communicatively coupled to the hardware key interface and the hardware key is not authorized, or (iii) if the operation mode of the apparatus is not the test mode.
- View Dependent Claims (25)
- - 25. The apparatus of claim 24, wherein the output indicates that communications should be permitted over the debug interface if a hardware key is communicatively coupled to the hardware key interface and the hardware key is authorized.

26. A system comprising:
- means for determining when a debug device external to the system is attempting to communicate over a debug interface of the system;
  
  means for, when the debug device external to the system is attempting to communicate over the debug interface, determining if an authorized hardware key is communicatively coupled to the system and preventing communications from occurring over the debug interface between the debug device and the system if an authorized hardware key is not communicatively coupled to the system, and allowing communication of a mode of the system if the authorized hardware key is authorized;
  
  means for powering the system, wherein the means for powering comprise battery means and main system power means;
  
  means for protecting the system from tampering; and
  
  means for determining the mode from at least three modes of the system, wherein the at least three modes comprises;
  
  a test mode comprising disabling of the means for protecting the system from tampering and disabling the means of preventing communications from occurring over the debug interface,a stored mode comprising enabling the means for protecting the system from tampering, enabling the means of preventing communications from occurring over the debug interface, and enabling the battery means for powering the system, andand an in-service mode comprising enabling the means for protecting the system from tampering, enabling the means of preventing communications from occurring over the debug interface, and enabling the main system power means for powering the system.
- View Dependent Claims (27, 28)
- - 27. The system of claim 26, further comprising means for, when the debug device external to the system is attempting to communicate over the debug interface, permitting communications over the debug interface between the debug device and the system if an authorized hardware key is communicatively coupled to the system and if the mode of the system is the test mode.
  - 28. The system of claim 26, further comprising means for, when the debug device external to the system is attempting to communicate over the debug interface, considering an intrusion attempt to have occurred if an authorized hardware key is not communicatively coupled to the system or if the mode of the system is either the stored mode or in the in-service mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Bernier, Brian R., Cruzado, Edwin D., Dalzell, William J.
Primary Examiner(s)
Shah; Kamini S
Assistant Examiner(s)
Luu; Cuong V

Application Number

US11/266,889
Publication Number

US 20070044158A1
Time in Patent Office

1,236 Days
Field of Search

713/193, 713/192, 713/189, 713/168, 380/28, 380/263, 380/30, 717/120, 705/54, 726/23, 726/27, 707/3
US Class Current

703/28
CPC Class Codes

G01R 31/318555 Control logic

H04L 9/065 Encryption by serially and ...

Hardware key control of debug interface

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Hardware key control of debug interface

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links