Protecting hardware circuit design by secret sharing
First Claim
1. A method for locking a bus in a digital bus-based device, the method comprising:
- the digital bus-based device generating a first unique identification data (ID) for the device such that the first unique ID is different than IDs for a plurality of other digital bus-based devices fabricated along with the digital bus-based device;
an authenticator external to the digital bus-based device generating a second unique ID for the digital bus-based device, where both the authenticator and the digital bus-based device apply a first transformation rule on their respective first and second unique IDs;
communicating the first unique ID, applied to the transformation rule, from the digital bus-based device to the authenticator and in response the authenticator determining a first secret authentication key derived from the received first unique ID applied to the transformation rule;
communicating the second unique ID, applied to the transformation rule, from the authenticator to the digital bus-based device and in response encrypting the bus in the semiconductor bus-based device with a second secret authentication key derived from the received second unique ID applied to the transformation rule; and
communicating the first secret authentication key to the digital bus-based device, wherein the digital bus-based device determines if the first secret authentication key is the same as the second secret authentication key in which case the bus in the digital bus-based device is decrypted, wherein if the first secret authentication key is not the same as the second secret authentication key, the bus in the digital bus-based device remains encrypted.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques are able to lock and unlock and integrated circuit (IC) based device by encrypting/decrypting a bus on the device. The bus may be a system bus for the IC, a bus within the IC, or an external input/output bus. A shared secret protocol is used between an IC designer and a fabrication facility building the IC. The IC at the fabrication facility scrambles the bus on the IC using an encryption key generated from unique identification data received from the IC designer. With the IC bus locked by the encryption key, only the IC designer may be able to determine and communicate the appropriate activation key required to unlock (e.g., unscramble) the bus and thus make the integrated circuit usable.
-
Citations
24 Claims
-
1. A method for locking a bus in a digital bus-based device, the method comprising:
-
the digital bus-based device generating a first unique identification data (ID) for the device such that the first unique ID is different than IDs for a plurality of other digital bus-based devices fabricated along with the digital bus-based device; an authenticator external to the digital bus-based device generating a second unique ID for the digital bus-based device, where both the authenticator and the digital bus-based device apply a first transformation rule on their respective first and second unique IDs; communicating the first unique ID, applied to the transformation rule, from the digital bus-based device to the authenticator and in response the authenticator determining a first secret authentication key derived from the received first unique ID applied to the transformation rule; communicating the second unique ID, applied to the transformation rule, from the authenticator to the digital bus-based device and in response encrypting the bus in the semiconductor bus-based device with a second secret authentication key derived from the received second unique ID applied to the transformation rule; and communicating the first secret authentication key to the digital bus-based device, wherein the digital bus-based device determines if the first secret authentication key is the same as the second secret authentication key in which case the bus in the digital bus-based device is decrypted, wherein if the first secret authentication key is not the same as the second secret authentication key, the bus in the digital bus-based device remains encrypted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for controlling activation of an integrated circuit (IC) having a unique IC identification data, the method comprising:
-
an authenticator external to the integrated circuit generating a unique authenticator identification data corresponding to the IC, the authenticator being coupled to the IC through a bus; applying a transformation rule to the unique IC identification data and to the unique authenticator identification data to form a transformed IC identification data and a transformed authenticator identification data, respectively; sharing the transformed IC identification data and the transformed authenticator identification data; deriving a first secret authentication key from the transformed IC identification data and deriving a second secret authentication key from the authenticator identification data; and encrypting a bus in the IC using the second secret authentication key, wherein the bus in the IC remains encrypted unless the IC receives the first secret authentication key and determines that a comparison of the received first secret authentication key and the second secret authentication key is valid. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification