CN108958650A - Electronic system and its operating method - Google Patents
Electronic system and its operating method Download PDFInfo
- Publication number
- CN108958650A CN108958650A CN201810497723.5A CN201810497723A CN108958650A CN 108958650 A CN108958650 A CN 108958650A CN 201810497723 A CN201810497723 A CN 201810497723A CN 108958650 A CN108958650 A CN 108958650A
- Authority
- CN
- China
- Prior art keywords
- physics
- key
- copy function
- host
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0622—Securing storage systems in relation to access
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0655—Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
- G06F3/0659—Command handling arrangements, e.g. command buffers, queues, command scheduling
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0683—Plurality of storage devices
- G06F3/0688—Non-volatile semiconductor memory arrays
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C16/00—Erasable programmable read-only memories
- G11C16/02—Erasable programmable read-only memories electrically programmable
- G11C16/06—Auxiliary circuits, e.g. for writing into memory
- G11C16/10—Programming or data input circuits
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C16/00—Erasable programmable read-only memories
- G11C16/02—Erasable programmable read-only memories electrically programmable
- G11C16/06—Auxiliary circuits, e.g. for writing into memory
- G11C16/22—Safety or protection circuits preventing unauthorised or accidental access to memory cells
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C16/00—Erasable programmable read-only memories
- G11C16/02—Erasable programmable read-only memories electrically programmable
- G11C16/06—Auxiliary circuits, e.g. for writing into memory
- G11C16/26—Sensing or reading circuits; Data output circuits
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C7/00—Arrangements for writing information into, or reading information out from, a digital store
- G11C7/24—Memory cell safety or protection circuits, e.g. arrangements for preventing inadvertent reading or writing; Status cells; Test cells
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C8/00—Arrangements for selecting an address in a digital store
- G11C8/20—Address safety or protection circuits, i.e. arrangements for preventing unauthorized or accidental access
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0673—Single storage device
- G06F3/0679—Non-volatile semiconductor memory device, e.g. flash memory, one time programmable memory [OTP]
Abstract
A kind of electronic system includes host and client terminal device, wherein client terminal device can by really as one single chip packaged integrated circuit or multi-chip circuit, and have logic with use physics can not copy function to generate security key.Described device may include logic in the client in a manner of by safety by physics can not copy function key be provided to host.Physics can not copy function can be used by entropy that Nonvolatile memery unit obtains to generate initial key.The logic to deactivate to physics can not copy function data change, and therefore freeze the key after key is stored in the data set.
Description
Technical field
The present invention relates to the integrated circuit, the electronics dresses that include the memory circuits such as flash memory or other nonvolatile memories
It sets and its operating method, the integrated circuit has the security feature using exclusive key or exclusive identification code.
Background technique
Developing the integrated circuit memory dress including nonvolatile memory (such as flash memory) with high capacity
It sets.Certain technologies are considered as being possible to reach on the integrated million mega bit order array (terabit scale
array).In addition, memory device is just being deployed in by so-called " Internet of Things (the internet of connected in network
Things, IoT) " in device, the network system is operated with such as internet protocol communication technology.To Internet of things device and
The worry of the device of other storage data is Information Security.Therefore, it just in deployment secure agreement and is interrogating/is responding
(challenge/response) technology, the security protocol need to carry out with exclusive key to encrypt and reflect with exclusive ID
Recognize.
Security protocol need to generate, update, store and protect using key management technology the exclusive key utilized and
ID。
Physics can not copy function (physical unclonable function, PUF) be that one kind can be used for for physics
Entity (such as integrated circuit) creates the program of exclusive random key.Using physics can not copy function be a kind of for generating
For supporting the chip id key that uses of inherently safe (hardware intrinsic security, the HIS) technology of hardware
Solution.Generate physics can not the circuit of copy function be, or including, the physical entity being implemented in entity structure, wherein
The entity structure generate can assess easily but it is difficult to predict code.
In the application (such as running gear and embedded equipment) required with high safety, use physics that can not answer
Function processed creates key.A kind of exemplary physical can not copy function be that ring oscillator physics can not copy function
(ring-oscillator PUF) uses the intrinsic manufacture variability (manufacturing of the circuit propagation delays of grid
variability).Another exemplary physical can not copy function be that static random access memory (SRAM) physics can not
Copy function, wherein the threshold voltage difference in each transistor makes static random access memory with logical zero or logical one
To power on.Referring to charles-Hull moral (Charles Herder) et al., written " physics copy function and can not be answered
With: study course (Physical Unclonable Functions and Applications:A Tutorial) ", page 1126
To page 1141, the journal (Proceedings of the IEEE) of the Institute of Electrical and Electronics Engineers (IEEE) | volume 102, the 8th phase,
In August, 2014.
The prior art has proposed a kind of use resistive random access memory (resistive random access
Memory the physics of physical property) can not copy function.It " is used for after 10 years referring to lucky this (Yoshimoto) et al. is written
40 nanometers of Embedded Applications and the bit error rate at 125 DEG C with < 0.5% based on resistive random access memory
Physics can not copy function (A ReRAM-based Physically Unclonable Function with Bit Error
0.5% after of Rate <, 10 years at, 125 DEG C of for 40nm embedded application) ", page 198 is extremely
Page 199,2016 VLSI technical papers science abstract seminars (2016 Symposium on VLSI Technology
Digest of Technical Papers).The application presented in that article, which is proposed, improve meeting because of aging deterioration
Resistive random access memory-physics of bit error rate can not copy function (ReRAM-PUF) traditional ID production method into
Row improvement.However, such physics based on resistive random access memory can not be in copy function, the data that are created
Still may be due to the resistance drift of memory cell (drift) by destruction (corrupt), this may make bit error rate depositing
It takes or using stored key when is unacceptable.Such resistance drift in certain applications in integrated circuit (such as
It may be more prominent under the hot conditions encountered in automotive vehicles applications).
Using using physics can not copy function circuit generate data set when, the problem of due to high bit error rate, first
Preceding technology has depended on error-correcting code to improve reliability.It is issued for example, with reference to Lee (Lee) et al. on June 2nd, 2016
Patent Application Publication the 2016/0156476th " physics can not copy function circuit and in the not reproducible function of physics
Method (the Physically Unclonable Function Circuits And that key is registered can be executed in circuit
Methods Of Performing Key Enrollment In Physically Unclonable Function
Circuits)”。
It is a kind of provide support using by physics can not copy function generate key and other exclusive keys technology phase
Prestige be include that the integrated circuit of nonvolatile memory is expected to.In addition, it is expected that even if in the dress for understanding this technology of arrangement
In the case where the definite manufacturing process set, this device can be manufactured simply but can be generated can not reproducible or pre- in reality
The code of survey.
Summary of the invention
The physics being implemented on integrated circuit described below can not copy function circuit can be configured to reach Gao An
The demand of full property.In some technological applications, exclusive and privately owned security key is needed to be authenticated or data encryption/solution
Close function.Physics on integrated circuit can not copy function circuit exclusive and privately owned security key can be generated through using.
By technology described below, safely security key that this is exclusive and privately owned host can be sent to by integrated circuit, and
For security function.
In addition, can make copy function and the key of improvement can not be generated using general random number producer using physics
The electronic device and system that the safety circuitry flexibility of (enhanced key) and reliability improve are suggested.This place
The technology of narration can not be answered with physics by using quasi-random numbers generator (pseudo-random number generator)
The combination of functional circuit processed is to improve the entropy (entropy) of security key.
Device and system described herein is suitable for the use of Internet of things device, and can be implemented under circumstances.
Device described herein can be by actual fabrication in single package formula integrated circuit or multi-chip module, wherein single
A packaged integrated circuit or multi-chip module include execute physics can not copy function with generate physics can not copy function it is close
The circuit of key, and optionally include tandom number generator.Described device may include logic, by logically consolidated material
Reason can not copy function key and random number to generate the key of improvement.Physics can not copy function may include using non-volatile
Property memory cell the first subclass, and improve key can be stored in the Nonvolatile memery unit on this device
Second subset close.It may include exclusive or (XOR) for generating the logic of key of improvement in the embodiment of this place narration
Function with carry out physics can not the position (bit-wise) of copy function key and random number or the exclusive or of byte (byte-wise),
To generate the key of improvement.In another way, the logical combination may include hash function (hash function, or
Hash function).Hash function image (mapping) physics can not copy function key and random number, with logarithm carry out Hash
Operation (hash) is using the key as improvement.This place narration embodiment in, physics can not copy function can be used by
Entropy derived from Nonvolatile memery unit in multiple Nonvolatile memery units, can not copy function to generate physics
Key.Tandom number generator may include quasi-random numbers generator or certainty tandom number generator (determinative
Random number generator), to be produced as the random number of the function of the kind value (seed value) of variation.
For example, a kind of electronic device as mentioned (memory circuit) is deposited by actual fabrication in including non-volatile
The single package formula integrated circuit or multi-chip module of memory array, the nonvolatile memory array include by memory
Multiple blocks that unit is formed store key in the particular block in the multiple block.The memory circuit includes using
In the port for carrying out PERCOM peripheral communication from the array.The memory circuit includes the safety for being coupled to the memory array
Logic (security logic) is stored in the multiple block to allow to access in the protocol using the key of the improvement
In each block in data allow that the data in each block being stored in the multiple block are decrypted or add
It is close.The memory circuit and including access control circuit (access control circuit), the access control circuit
It is coupled to the array, and including for allowing the particular block of the security logic to the key for storing the improvement
Read-only access is carried out, for using and preventing external communication network or device to access institute via the port in the agreement
State the logic of particular block.The access control circuit can have wherein and allow to access the particular block via the port
The first state of the key is written;And wherein forbid accessing the particular block via the port to be read out
Or write-in;But it is described specific to allow the security logic to access during executing security protocol with host or other external device (ED)s
Block is come the second state for being read out.The packaged integrated circuit or multi-chip module may include for using memory
Storage stack unit in array come execute function (including physics can not copy function, such as this exposure is described depends on
Exemplary functions of the charge trapping non-volatile memory unit as physical circuit) it is not reproducible close to generate initial physical
The logic of key, and the tandom number generator for generating random number, and by combinational logic (combinatorial
Logic the key to generate improvement) is combined.In this exposure the embodiment described, the key of multiple keys and improvement can be stored
In the particular block on integrated circuit or in different blocks.In addition, the security logic can be configured to make it is the multiple close
Specific key in key be only used once or a limited number of number come allow access be stored in the area the multiple block Zhong Ge
Data in block.In some embodiments, the key being stored in particular block can be for for example including thousands of or millions of
The big key of position.
This exposure provides a kind of charge used on the integrated by including floating grid and dielectric charge trapping technology
Entropy derived from trapping non-volatile memory unit and in some embodiments use other kinds of nonvolatile memory list
Member, and merge the entropy as derived from tandom number generator, generate the operation that can be used as the data set of exclusive identification symbol or exclusive key
Method.The operating method may include physics can not copy function, the physics can not copy function can make in a group
Distinct threshold (such as threshold voltage) is established in memory cell.The method can be used for generating can be with errors in zero level rate or pole
Low level error rate and use based on physics can not copy function stabilization data set.
A kind of electronic device as mentioned includes one group of charge trapping memory cell, such as flash cell.Including circuit
System, the circuit system is located on integrated circuit, on the processor system that can access the integrated circuit or
It include certain parts on the integrated circuit and on the processor system, the circuit system can access described
One group of charge trapping memory cell, for providing data set using one group of charge trapping memory cell.It is described
The entropy that data set has the data set bigger in conjunction with random number with the key of offer improvement, the key of the improvement, and
With the bigger entropy of the random number.
In one embodiment, the not reproducible function of physics is used in the method for the entropy for the output for improving tandom number generator
Energy key and tandom number generator generate the key of improvement, this is to be provided as random number production by by the not reproducible key of physics
The seed (seed) of raw device, and can not be predicted in the not reproducible key reality of physics.
One kind generating the operation of data set on the integrated circuit for including programmable memory cell (such as flash cell)
Method is suggested.The operating method includes: to make to be exposed to programmable to deposit on the integrated circuit with described one group of address
Storage unit introduces different threshold value after being jointly processed by, and one group of programmable memory cell is located at a starting
In the range of distribution.The operating method includes: to search having for one group of programmable memory cell to be located at the distribution
First part in threshold value the first subset and one group of programmable memory cell have be located at the starting
The second subset of threshold value in the second part of distribution.The operating method includes using first subset and described second
The address of at least one of subset and tandom number generator generate data set.
In one embodiment, the data set is generated by following manner: described is selected using the address
Memory cell in one of one subset and the second subset, and selected memory cell applied bias voltage is applied
Add operation between first subset of memory cell and the second subset to establish sensing tolerance.Implement at one
In example, the sensing tolerance can be established by following manner: to the memory cell in one of selected in the subset
It is addressed, and operation is applied to the memory cell applied bias voltage through addressing, so that its threshold value is changed to the starting
Threshold value distribution except distribution.Hereafter, described one group can be compiled by the reading voltage being used in the sensing tolerance
Memory cell in journey memory cell is read out to generate the data set.
In another embodiment, by according at least one of first subset and described second subset at
Member's identity, and be combined the address of the memory cell according to the address of the memory cell at least one
To generate the data set.A kind of technology for combining the address may include sequentially to one of described subset or every
The address of one carries out ordered series of numbers (concatenate).The data set including combined address can be stored in the collection
At in memory different from one group of programmable memory cell on circuit.
In this exposure another technology, the data set is generated by following manner: searching the starting
The first line of demarcation and second line of demarcation different from first line of demarcation in distribution;Recognize described one group programmable storage
First subset with the first line of demarcation threshold value below described in the first part for being located at the starting distribution of device unit,
And one group of programmable memory cell has the second line of demarcation described in the second part for being located at the starting distribution
The second subset of above threshold value;And come using the address of at least one of first subset and the second subset
Generate data set.
A kind of method for searching the line of demarcation comprises determining that the threshold voltage in the starting distribution, the threshold
Threshold voltage makes the counting of the memory cell with the threshold value lower than the threshold voltage, is higher than the threshold voltage to having
The ratio of counting of memory cell of threshold value be within the scope of target rate;And it is subtracted by from the threshold voltage
First constant sets described second point plus second constant by the threshold voltage to set the line of demarcation
Boundary line.Another kind for the method for searching the line of demarcation include: read using the first mobile reading voltage iteration it is described
The data value in one group of programmable memory cell, and voltage is read lower than described first to having in described one group
The memory cell of threshold value is counted, and reads described first counted in first object count range
Voltage is taken to set the line of demarcation;And described one group is read using mobile second reading voltage iteration and programmable is deposited
The data value in storage unit, and to the memory in described one group with the threshold value for being higher than the second reading voltage
Unit is counted, and is set using the second reading voltage counted within the scope of the second object count is made
Second line of demarcation.
A kind of operation includes that the method for the circuit of multiple Nonvolatile memery units and tandom number generator is mentioned
Out.The method includes execute physics can not copy function to generate initial key;The initial key is stored in non-volatile
In the set of property memory cell;Tandom number generator is executed to generate random number;Logically merge initial key and random number
To generate the key of improvement;The key of improvement is stored in the nonvolatile memory list of multiple Nonvolatile memery units
In the second set of member;And after storing initial key, make for be stored in nonvolatile memory set in data
Change disability.A kind of method manufacturing integrated circuit according to being used to generate the method for data set provided by this exposure
It is suggested.
A kind of electronic device is suggested comprising one group of programmable memory cell and use on integrated circuit
In the logic for generating data set by this exposure described program.
After consulting the following drawings and being described in detail, it is understood that other schemes and advantage of the invention.
Detailed description of the invention
Fig. 1 be include multiple flash cells and controller device simplification block diagram, the controller be used for use institute
State multiple flash cells execute physics can not copy function and tandom number generator to provide data set.
Fig. 2 be include multiple programmable memory cells and controller device another example, the controller is used for
Executed using the multiple programmable memory cell physics can not copy function to provide data set.
Fig. 3 illustrates the block of the programmable memory cell in the flash memory on integrated circuit, can not answer including physics
Mac function processed.
Fig. 4 A to Fig. 4 D illustrates by the first subset and second subset for searching one group of programmable memory cell and is based on
The first subset and second subset that are recognized and the example for establishing stable data set to generate data set.
Fig. 5 A to Fig. 5 D illustrates to show such as another example for generating data set referring to as described in Fig. 4 A to Fig. 4 D and table 1
Even if there is also variation (variation) in data set using identical program.
Fig. 6 is shown included programmable storage list referring to as described in Fig. 4 A to Fig. 4 D and table 1 and Fig. 5 A to 5D and table 2
The exemplary process diagram for stablizing data set is generated on the integrated circuit of member.
Fig. 7 A to Fig. 7 D illustrates by the first subset, second subset and the third for searching one group of programmable memory cell
Subset come generate data set and for the data set construct address mapping example.
Fig. 8 is shown produced on the integrated circuit for including programmable memory cell referring to as described in Fig. 7 A to Fig. 7 D and table 3
The exemplary process diagram of raw data set.
Fig. 9 is shown produced on the integrated circuit for including programmable memory cell referring to as described in Fig. 7 A to Fig. 7 D and table 3
The another exemplary flow chart of raw data set.
Figure 10 A to Figure 10 C illustrates that the threshold value by the programmable memory cell in one group is set to starting distribution.
Figure 10 D to Figure 10 F illustrates can be used for the example flash monotechnics that data set is generated as described in this exposure.
Figure 11, which is shown, applies operation using initialization bias to set the threshold value of the programmable memory cell in one group
At the exemplary process diagram of starting distribution.
Figure 12 A to figure 12 C illustrates to can be used for producing dependent on the diversity of threshold voltage in charge trapping memory cell
The program of raw data set.
It is including programmable charge trapping memory cell that Figure 13, which is in such a way that 2A to Figure 12 C referring to Fig.1 is explained,
The exemplary process diagram for stablizing data set is generated on integrated circuit.
Figure 14 A to Figure 14 C illustrates to can be used for producing dependent on the diversity of threshold voltage in charge trapping memory cell
The alternative program of raw data set.
It is including programmable charge trapping memory cell that Figure 15, which is in such a way that 4A to Figure 14 C referring to Fig.1 is explained,
The exemplary process diagram 1500 for stablizing data set is generated on integrated circuit.
Figure 16 is to include flash array and provide the control of data set using the memory array and tandom number generator
The simplification block diagram of the integrated circuit of device processed.
Figure 17 be show with register system (enrollment system) coupling include physics can not copy function electricity
The system diagram of the packaged integrated circuit or multi-chip module of road system and nonvolatile memory.
Figure 17 A be show the physics including substitution can not copy function circuit system and nonvolatile memory envelope
The system diagram of dress formula integrated circuit or multi-chip module, wherein the packaged integrated circuit or multi-chip module can be coupled to
It is similar to register system shown in Figure 17.
Figure 18 illustrate can the substitution of nonvolatile memory used in the system as similar system shown in Figure 17 match
It sets.
Figure 19 illustrates the another of nonvolatile memory to replace used in the system as similar system shown in Figure 17
Generation configuration.
Figure 20 illustrates the data structure that can be used for storing safe ID and address mapping, and the safe ID and address mapping are
According to this disclose the physics can not copy function some embodiments and generate and can be stored in such as system shown in Figure 17
System in.
Figure 21 is the simplified system diagram for including packaged integrated circuit or multi-chip module and host, and the host is by object
Reason can not copy function circuit be used together with nonvolatile memory.
Figure 22 to Figure 24 is the simplification for illustrating the operation similar to system as system shown in Figure 21 in various embodiments
Flow chart.
Figure 25 to Figure 27 provide to as described in this exposure physics can not duplicate circuit system and nonvolatile memory group
The various alternative configurations closed simplify explanation.
Figure 28 illustrate include physics can not copy function circuit and tandom number generator configuration.
Figure 29 is the simplified flowchart of the program executed on the integrated by controller, wherein described program to
Execute physics can not copy function and tandom number generator, and freeze (freeze) generation key.
Figure 30 is the simplified flowchart of the program of the substitution executed on the integrated by controller, wherein described replace
For program to execute physics can not copy function and tandom number generator, and freeze generate key.
Figure 31 is the simplified flowchart of another alternative program executed on the integrated by controller, wherein described
Another alternative program to execute physics can not copy function and tandom number generator, and freeze generate key.
Figure 32 is the simplified flowchart of the another alternative program executed on the integrated by controller, wherein described
Another alternative program to execute physics can not copy function and tandom number generator, and freeze generate key.
Figure 33 to Figure 38 illustrate for Applied Physics can not copy function key agreement, and this agreement be for safety
Function.
[symbol description]
100,440,1600: integrated circuit
110: task function circuit
111,116,131,141,151,161,171,1631,1651,1661,1671: bus
115: access control block
120,181: input/output interface
122,192,194: route
125,1640: security logic
130: memory
140: physics can not copy function program controller
150,1650,1784: tandom number generator
160,1660: logic circuitry
170,1670: key
180: packaged integrated circuit or multi-chip module
182,191: route
183: access control switch
184: sensing amplifier/buffer
185: array
186: address decoder
186 ': decoder architecture
186A: locking bit/position
187: particular block
187A, 187B, 187C: sub-block
189: memory cell
189A: physics can not copy function
190,1640,1713: security logic
193: state of a control machine
193A: indicating unit
195: other circuit systems
198: host
198A: key database
199: intraconnections
200,300,800,900,1300,1500: flow chart
201、210、220、230、240、250、260、310、320、801、810、820、 830、832、834、835、901、
910、920、930、1301、1310、1320、1330、 1340、1350、1360、1370、1501、1510、1512、1514、
1516、1518、1520、 1522、1524、1526、1528、1730、1731、1732、1733、1734、1735、1750、 1751、
1752、1753、1760、1761、1762、2900、2901、2902、2903、2904、2905、2906、2907、3000、3001、
3002、3003、3004、3005、3006、3007、 3008、3009、3010、3100、3101、3102、3103、3104、3105、
3106、3107、 3108、3109、3110、3200、3201、3202、3203、3204、3205、3206、3207、 3208、3209、
3210: step
410: processor system
420: physics can not copy function logical AND driver
430: device carrying implement/detector
450: safety circuit
460: flash array
470: flash array
471: physics can not copy function block
472: bootstrap block block
473: parameter block
474: relay protective scheme
475: peripheral circuit system
500,700: initiation threshold distribution
510,610,710: originating the first part of distribution
520,620,720: originating the second part of distribution
525: distribution
530: sensing tolerance
600: initiation threshold distribution
625,735: threshold value distribution
630,740: sensing tolerance
730: originating the Part III of distribution
750: the second sensing tolerances
816: initial threshold distribution
817: threshold range/range
818: starting distribution
840,850,860: substrate
841,851: source area
842,852: drain region
843,853: control grid
844,856: tunneling layer
845: floating grid
846,848: oxide skin(coating)
847: nitride layer
857: electric charge trapping layer
858: barrier layer
863: vertical channel structure
867: wordline
869: bit line
1200: initiation threshold distribution
1210,1211,1220,1221: sub- distribution
1240:VRWith VR+ between difference
1400: starting distribution
1410,1420,1430: sub- distribution
1610: flash array
1620: access and bias circuit
1630: physics can not copy function controller
1632: address and parameter storage
1633: state machine
1710: integrated circuit or multi-chip module
1711,1785: physics can not copy function circuit
1712: controller
1714,1771,1776,1781,1787: nonvolatile memory
1720: host
1770: physical circuit
1775: circuit/physics can not copy function circuit
1780: tandom number generator
1786: logic circuit
3300: host
3301: integrated circuit
3302,3303: interfacial level controller 3304,3305: logic circuit
3306,3335: key stores block/key storage
3309: tandom number generator
3311: memory array
3315: command decoder
3337: physics can not copy function circuit
3339: buffer
VR: read voltage
VR+: read voltage in top
VR: read voltage in lower part
Specific embodiment
Detailed description to this technology embodiment is provided referring to each figure.It should be understood that being not intended to for this technology being limited to
The Constructional embodiments and method specifically disclosed, but other features, element, method and embodiment can be used to practice this
Technology.Illustrate that preferred embodiment to be illustrated to this technology, rather than limits the range of this technology, range be by
Claims define.Those skilled in the art will appreciate that various equivalence changes forms described below in technique.With
Identical Ref. No. refers to identical element in various embodiments jointly.
Fig. 1 be include multiple programmable memory cells and controller device simplification block diagram, the controller uses
In executed using the multiple programmable memory cell physics can not copy function and tandom number generator to provide data
Collection.In this example, described device includes the integrated circuit 100 with the memory formed using programmable memory cell.
Memory 130 can by physics can not copy function for providing proprietary data collection.Wherein task function is illustrated referring to Figure 17
Circuit 110 be include multiple block of memory cells flash array another embodiment.This exposure also illustrates other implementations
Example.
Integrated circuit 100 includes task function circuit (mission function circuit) 110, task function electricity
Road 110 may include special logic (sometimes referred to as application specific integrated circuit logic (application-specific
Integrated circuit logic)), such as data processing used in microprocessor and digital signal processor
Device resource, large size (large-scale) memory (such as flash memory, static random access memory, dynamic random access memory
Device (DRAM), programmable resistance memory (programmable resistance memory)) and various types of electricity
Combination (referred to as System on Chip/SoC (system-on-a-chip, SOC) configuration or the application specific integrated circuit on road
(application specific integrated circuit, ASIC)).Integrated circuit 100 includes input/output interface
120, input/output interface 120 may include radio port or cable port, to provide the access to other devices or network.?
In this simplification explanation, access control block (access control block) 115 is placed in input/output interface 120 and appoints
It is engaged between functional circuit 110.Access control block 115 by bus 116 is coupled to input/output interface 120 and by bus
111 are coupled to task function circuit 110.Access control block 115 executes access-control protocol, to allow or forbid in task
It communicated, provided to the data for crossing input/output interface 120 between functional circuit 110 and input/output interface 120
Encryption or decryption and other for providing support security logic service or provide the combination of above-mentioned function.
To support access control block 115, in this example, in placement security logic 125 on chip.Security logic 125
Be coupled to be one group of flash cell of memory 130 (flash array) a part.Physics can not copy function be stored in it is non-easily
In the set of the property lost memory cell, and proprietary data collection is then provided or is used to provide using as initial key.Safety
Logic 125 is also coupled to tandom number generator 150.Tandom number generator 150 generates random number in bus 151.Logic circuit
The combinable initial key of system 160 and random number are to generate the key 170 improved via bus 161.In embodiment, logic
Circuit system 160 may include the output exclusive or for using initial key and random number as input and generating the key as improvement
Function, and including image initial key and random number using Hash value and the hash function of the key as improvement.In some realities
In example, initial physical in online (bus 131) can not copy function key can have N number of position, in online (bus 151)
Random number can have M position, and the key of the improvement in online (bus 161) can have X position.X is less than the summation of N and M
(namely N+M).Alternatively, in other embodiments, X is less than the one at least within of N and M.Improvement in bus 171 it is close
Key 170 can be accessed by security logic 125, and be used for access control block 115 by the security logic 125 in route 122
In the communication of progress.
In this example of device, physics can not copy function program controller 140 (such as by really as with memory
State machine on the integrated circuit of 130 (flash arrays)) signal is provided to control the application of bias setting supply voltage, with reality
It is applied to the program for generating data set and related other is operated and used for reading when accessing memory 130
Other operations of data set provided by memory 130.Circuit system (such as bit line, wordline, use on integrated circuit
In bit line and the driver of wordline etc.) reach access to one group of charge trapping memory cell, to use one group of electricity
Lotus trapping memory cell provides data set.
Physics on integrated circuit can not copy function program controller 140 include for execute to generate data set certain
A little or all operationss logics.In one embodiment, the physics on integrated circuit can not copy function program controller 140 include
Bias is executed to apply logic necessary to operation and may be in response to the setting command (set up command) from external source
The logic is executed, without being controlled by system off-chip (off-chip system).
In some embodiments, physics can not copy function program controller 140 include in response to instruction (indicator) and
It prevents programming or wipe can not the operation that applies of the bias on copy function memory cell in physics.
It may include that special purpose logic circuitry including use state machine known in the art carrys out control described in implementation
Device.In alternative embodiments, the controller include can be by actual fabrication in the general processor on same integrated circuit, institute
It states general processor and executes the operation that computer program carrys out control device.In yet other embodiments, using special logic electricity
The combination of road system and general processor carrys out implementation controller.
In some embodiments, ppu system may include for reaching to integrated circuit and for generating data
The circuit system of the access of the logic of collection.The ppu system may include for combining the circuit system on integrated circuit
System is to provide the circuit system of data set, such as probe of wafer circuit (wafer probe circuit), control bus, voltage
Source etc..The logic circuit that can access the storage stack unit and bias for being controlled program apply circuit
System may include partial component in ppu system and on the integrated.
This exposure example utilizes the charge trapping memory cell for example utilized in some kinds of flash memory
(charge trapping memory cell).Charge storing structure in charge trapping memory cell may include polysilicon
Floating gate structure or other electric conductivity or semiconduction floating gate structure, and may include known in flash memory technology
Multiple field dielectric charge trapping structure, such as oxidenitride oxide (oxide-nitride-oxide, ONO);Oxygen
Compound-Nitride Oxide-Nitride Oxide (oxide-nitride-oxide-nitride-oxide, ONONO);
Silicon-oxide-Nitride Oxide-silicon (silicon-oxide-nitride-oxide-silicon, SONOS);Band gap work
Journey designs silicon-oxide-nitride-oxide-silicon (bandgap engineered silicon-oxide-nitride-
Oxide-silicon, BE-SONOS);Tantalum nitride, aluminium oxide, silicon nitride, silica, silicon (tantalum nitride,
Aluminum oxide, silicon nitride, silicon oxide, silicon, TANOS);And the high dielectric of metal is normal
Number band gap engineering design silicon-oxide-nitride-oxide-silicon (metal-high-k bandgap-engineered
Silicon-oxide-nitride-oxide-silicon, MA BE-SONOS).
In other embodiments, physics can not be deposited in copy function memory cell for providing the programmable of data set
Storage unit may include programmable resistance memory unit or other kinds of memory cell.It can for provide data set
Programming resistors memory cell may include the programmable element with the programmable resistance that can refer to threshold resistance reading.It is described
Programmable resistance element can be for example comprising metal oxide or phase-change material.
Fig. 2 illustrates to include one group of programmable memory cell on integrated circuit, and for using described one group
Programmable memory cell generates another example of the device of the logic of data set.In this example, described device includes processing
Device system 410, with the program for generating data set as described in this exposure for execution to be executed or caused on integrated circuit 440.Collection
It is connected to processor system 410 before encapsulation during manufacture at circuit 440, such as is with crystalline substance in some embodiments
Round formula is attached.In other embodiments, processor system 410 is connected to the integrated circuit in packing forms.
For execute generate on the integrated based on physics can not copy function data set program exemplary system
System may include in production line (manufacturing line) using test equipment or using such similar to test equipment
Equipment (it includes circuit system for accessing integrated circuit, such as probe of wafer circuit, voltage source etc.) and execute warp
Program.For example, manufacturing line, which can have, is configured to connect and can be configured to described in this exposure with integrated circuit
Multiple device to test machines (device tester) that the execution of program is controlled, multiple device detector (device
Prober), multiple device carrying implements (device handler) and multiple interface detection adapter (interface test
adapter).Alternately, system can be configured to interface with packaged integrated circuit, and can be deployed far from collection
At the manufacturing line of circuit, such as it is deployed in the assembly installation place using the original equipment manufacturer of integrated circuit.
As shown in Figure 2, example processor system 410 include physics can not copy function logical AND driver 420 and
Device carrying implement/detector 430.Be intended to by physics can not copy function logical AND driver 420 act on integrated circuit 440
It is coupled to device carrying implement/detector 430.Integrated circuit 440 includes safety circuit 450.In this example, safety circuit 450
In large-scale flash array 460 be used for using physics can not copy function generate data set.
Example integrated circuit in processor system 410 can be integrated circuit 100 described with reference to Figure 1.It is manufacturing
During integrated circuit 100, processor system 410 executes movement represented in this exposure to generate the key including improvement
Data set, and can be reserved for the duplicate of the data set or the data derived from the data set as integrated circuit and factory
In processor system (for example, processor system 410) between shared secret.
In alternative embodiments, after producing integrated circuit, at the scene, user can be for example using processor system
Data set is generated in the flash array 460 of system 410 as host and on the integrated, therefore can be reserved for the data set
As the shared secret between integrated circuit and the processor system (such as processor system 410) of scene (rather than in factory).
Generate target privacy key and using physics can not the method for copy function code include: to make host to safety device
Issuing physics can not copy function reading instruction;Can not be after copy function read instruction receiving physics, safety device is to master
Machine send as the ciphertext (cipher text) of the temporary secure key encryption of use physics can not copy function code, or to master
Machine is sent can not copy function code as the physics of not encrypted plaintext (plain text);Receiving, physics is not reproducible
After function code, host according to physics can not copy function code be ciphertext or plaintext and to physics can not copy function code carry out
Decryption or not to physics can not copy function code be decrypted, to obtain target privacy key;Host is issued to safety device
Physics can not copy function transfer (transfer) instruction;And can not be after copy function transfer instruction receiving physics, peace
Full device program physics can not copy function code be target cipher key address, using as target privacy key.It is not reproducible in physics
Function code is programmed to after the target cipher key address in safety device, and host and safety device have for encrypting/decrypting
Identical target privacy key.
In embodiment, host issue state read instruction with judge physics can not copy function code whether successfully by
It is programmed for the target cipher key address as target privacy key.
In embodiment, host deactivate (block) physics can not copy function read instruction so that physics is not reproducible
Function reads instruction and is no longer issued.
In embodiment, host deactivates the not reproducible transfer instruction of physics, so that the not reproducible transfer instruction of physics is no longer
It is issued.
In embodiment, target cipher key address is defined as the adjunct (appendant) of transfer instruction.
In embodiment, temporary privacy key is (pre-programmed) being previously programmed.
Figure 33 illustrates system and the various communication protocols for system, including via communication linkage
(communication link) is coupled to the host 3300 of integrated circuit 3301.Integrated circuit 3301 uses integrated circuit
Circuit system arrangement physics on 3301 can not copy function, to meet security purpose.It is described in detail in implementing Fig. 33 herein
The various technologies of component.Figure 34 to Figure 38 illustrates the same system using similar elements symbol, wherein various communication protocols are supported
Physics in the security function of system can not copy function key use.
In this example, host 3300 may include computer system or processor integrated circuit, this computer system or place
Reason device integrated circuit includes the various logic component for supporting security function.Component illustrated by Figure 33 includes interfacial level controller
3302, it is established between client terminal device (e.g. integrated circuit 3301 or multi-chip module) by interfacial level controller 3302
Communication linkage;Safety logic circuit 3304, executes security function, and the keyed hash information e.g. widely used authenticates code
(keyed-hash message authentication code;HMAC) function, high-order encryption standard (advanced
encryption standard;AES) function or its fellow, the function for authenticating, encryption/decryption functionality, or combinations thereof
Function.In addition, more illustrating that the component of host 3300 includes tandom number generator 3308 and key storage block (key storage
Device) 3306.Host includes processing circuit (processing circuit) and logic (not shown), to coordinate these components
Operation, host be, for example, include execute computer program for general purpose processor, specific use logic circuit,
The circuit combined with both specific uses for general service and so on.Host can be used can be on integrated circuit 3301
It is decoded and the instruction that is performed is with coordinated manipulation.
Integrated circuit 3301 in this example includes the interfacial level controller on interfacial level controller 3303, with host 3300
3302 is complementary.In this example, command decoder 3315 is coupled to interfacial level controller, and can receive and decode from host
Instruction, and component on integrated circuit provides the control and timing (timming) signal needed for decode instruction.Phase
As, integrated circuit 3301 includes the safety logic circuit 3305 complementary with the logic circuit 3304 on host.As herein in detail
It is thin to discuss, tandom number generator 3309 is selectively provided on integrated circuit 3301.In this embodiment, integrated circuit
3301 include memory array 3311, e.g. nonvolatile memory array, dynamic random access memory (dynamic
random access memory;DRAM), static random access memory (static random access memory;
SRAM) or its fellow, it is suitable for specific implementation.Key storage block (key storage) 3335 is coupled to memory array
Column 3311, wherein key storage block (key storage) 3335 can be a part of memory array 3311, or separate
Reservoir.For example, key storage block 3335 may include static random access memory buffer (register), dodge
Memory cell buffer, single programmable buffer (one time programmable register) and so on.This reality
Example in integrated circuit 3301 include physics can not copy function circuit 3337, can be performed physics can not copy function to produce
Biology reason can not copy function data set.In addition, buffer 3339 is included in this embodiment, logical with host 3300
The working storage application of working storage and other selectivity for device is used as in letter.
System shown in Figure 33 may be implemented in multiple embodiments, using any or all skills described herein
Art.In general, system shown in Figure 33 has host 3300 and client terminal device, wherein host 3300 includes processor, peace
Full logic and communication interface, and client terminal device includes integrated circuit 3301 or multi-chip module.Integrated circuit or multi-chip
Module include security logic, communication interface and logic with use physics can not copy function and generate physics can not copy function
Key, and by physics can not copy function key be stored in physics can not be in copy function key storage.In addition, integrated
Logic is provided on circuit or multi-chip module, the not reproducible key of physics is provided to host based on various configurations.
As described herein, in some embodiments, physics can not copy function use by using in integrated circuit or
The entropy that nonvolatile memory in multiple Nonvolatile memery units on multi-chip module generates.In other embodiments
In, it can apply different types of physics can not copy function.
In Figure 33, illustrate for there are can not copy function key by physics in the environment of host trusty
It is provided to the agreement of host.In the environment, the agreement may include that send instructions or series of instructions (1) to client fill
It sets namely integrated circuit 3301.3315 pairs of command decoder instructions or series of instructions on client terminal device decode,
And control need to generate physics can not copy function key timing and circuit system, and provide physics can not copy function it is close
Key (2) is to host 3300.Once host receive physics can not copy function key, physics can not copy function key warp
The key storage (3) being transferred to by interfacial level controller 3302 on host.At this point, both host and client terminal device have object
Reason can not copy function key duplicate, and can not copy function key in security function Applied Physics.It then, will be another
Instruction or instruction set in extra instruction (4) be transferred to client, client be in physics can not copy function key mentioned
Be supplied to integrated circuit after host or the circuit system on multi-chip module deactivate can not copy function key storage for physics
Change.
Figure 34 illustrate for share with host physics can not copy function key another agreement.In this embodiment, in
Client terminal device receives instruction or series of instructions, and decodes by command decoder to instruction or series of instructions, with
Carry out a series of functions.Instruction or instruction set may include the first instruction (1), and the first instruction (1) causes physics can not copy function
Key by physics can not copy function circuit 3337 shift (2) to key storage 3335.Instruction or instruction set can recognize storage
Device array 3311 and memory array 3311 is addressed, the position in memory array to provide key storage 3335,
Or on the other hand identification physics can not copy function key storage.In some embodiments, be stored in key storage it
Before, by be close to logic (glue logic) modification the not reproducible key of physics, be close to logic be, for example, hash function or other
The function of being controlled by security logic, wherein above-mentioned security logic has complementary logic in host.It is following in instruction set
Or the signal of the subsequent capable of emitting key state read operation of instruction (3), it will be close with customer in response end (integrated circuit 3301)
Key is transferred to host 3300 by key storage 3335.At host, key is transferred to key by safety logic circuit 3304
Reservoir 3306, or directly it is transferred to key storage 3306.In following or subsequent instruction (5), host can be deactivated
For the instruction or instruction set of key state read operation, or deactivates and need in other client terminal devices for transmitting key
Movement.
Figure 35 illustrates the agreement calculated for replacement of keys.System is by this agreement and through application will be based on physics not
The key that the replacement of keys of reproducible functional image data set had previously been shared.According to this agreement, instruction or instruction from host are decoded
Collection (1) is to cause execution physics can not copy function read operation.It instructs in response to this, client terminal device (integrated circuit
3301) by from physics can not copy function circuit 3337 physics can not copy function data set duplicate and key store
Safety in circuit side (circuit-side) the duplicate transfer (2) to integrated circuit 3301 of shared key in device 3335
Logic circuit 3305.Safety logic circuit 3305 using shared key encryption physics can not copy function data set, and by
By the physics of encryption can not copy function key be transferred to host and by physics can not copy function key be provided to host.?
In this example, complimentary security logic circuit 3304 on host 3300 reads temporarily shared secret from key storage 3306
Host computer side (host-side) duplicate of key (3).In addition, the safety logic circuit 3304 on host 3300 receives encryption
Physics can not copy function key, using temporarily shared privacy key with can not copy function key to the physics of encryption
Be decrypted, and provide new physics can not copy function key, and by this new physics can not copy function key (4) turn
Move to key storage 3306.In this stage, both host 3300 and client (integrated circuit 3301) have based on physics not
The duplicate of the new key of reproducible functional image data set.Host can then send instructions (5) with deactivate be used for the not reproducible function of physics
It can the instructions of other operations or further using for instruction set of state reading or needs to generate new key.
The calculation of replacement of keys shown in Figure 35 is comprising providing the Transient Key being shared between host and client.Figure 36
Illustrate the various agreements of shared Transient Key to Figure 38.In Figure 36, host 3300 is using tandom number generator 3308 to generate
Random number, to be used to shift (1) to safety logic circuit 3304 as Transient Key, and by Transient Key.Transient Key
It is optionally temporarily stored in key storage 3306, or is stored in its elsewhere.Then, host turns random number
Move the buffer 3339 on (2) to client terminal device (integrated circuit 3301).In this example, client terminal device 3301 is then
By temporary random number key transfer (3) to key storage 3335.
In Figure 37, generated for the first time using the tandom number generator 3309 on client terminal device (integrated circuit 3301)
Shared Transient Key.In this example, this random number is transferred the buffer 3339 of (1) to client terminal device.In addition,
Also by this random number by the key storage 3335 on buffer transfer (2) to client terminal device.It will be applied to Transient Key
This random number be transferred (3) to host, and be transferred (4) to safety logic circuit via interfacial level controller 3302.
In Figure 38, Transient Key is generated via different programs and Transient Key is stored in the storage of the key on host
In storage 3306.This key is transferred (1) to host interface controller 3302, here with key write instruction or instruction set
This key is shifted into the key storage 3335 on (2) to client terminal device.
Fig. 3 is returned to, Fig. 3 illustrates that large-scale flash array 470, large-scale flash array 470 can be electric with safety described in this exposure
A part of task function circuit or the task function circuit on the integrated circuit that road is used together.Large-scale flash array
470 may include formed by flash-programmable memory unit block (for example, memory block 0,1 ... N), physics can not
Copy function block 471, bootstrap block block (boot block) 472 and parameter block 473.In addition, flash array may include using
In control to the relay protective scheme 474 of the access of memory blocks various in array, relay protective scheme 474 includes being used for guard bit
The memory of (protection bit).Physics can not copy function block 471 can for be retained in memory array with to
It is specially configured in some embodiments to store the particular block of the purpose of key.
In the embodiment of integrated circuit for including flash array as shown in Figure 3, the safety circuit of the integrated circuit
Flash array 460 in 450 may include in large-scale flash array 470, such as physics can not the equal blocks of copy function block 471.
In other embodiments, the flash array 460 in safety circuit 450 and flash array 470 separate, and may include structure difference
It is different from large-scale flash array 470 in the memory cell and framework of large-scale flash array 470.It is proposed referring to Figure 17
Include large-scale flash memory another embodiment.
Large-scale flash array 470 may include anti-or (NOR) flash architecture and non-(NAND) flash architecture or other types
Flash architecture.Due to the physics described in this exposure can not copy function algorithm be to be executed in storage stack unit, thus
Physics can not copy function block 471 may include enough memory cells to cover group or multiple groups all, and provide confession
Safety circuit 450 with for create physics can not copy function data set or many physics can not copy function data set.
Physics can not copy function logical AND driver 420 or the state machine on integrated circuit or can not copy function as described above
The combination of state machine on logical drive 420 and integrated circuit, available periphery associated with large-scale flash array 470
Reading, programming and erasing logic in circuit system 475 come can not copy function program application according to the physics described in this exposure
Bias applies scheme, with change physics can not memory cell in copy function block 471 threshold voltage.
Physics can not copy function block can be supported by relay protective scheme 474, with prevent to based on physics can not copy function
Data set or accidentality access or unwarranted access are carried out to the memory cell for storing the data set.It is described to draw
Guide block block may include write lock-out feature (write lock-out feature), for the integrated circuit including memory array
Guarantee data integrity (data integrity).The bootstrap block block, which can be stored, initializes necessary code for integrated circuit,
And it is called when the code is lost and restores routine (recovery routine).The bootstrap block block can be stored to integrated circuit
In flash array be programmed and wipe necessary to code.The parameter block can storage parameter data.The protection is patrolled
Volumes 474 be coupled to memory block and physics can not copy function block 471, modified from accidentality or not with being protected
Authorized modification.Protect memory block from a reality of modification (including the use of protected code (rotection code))
It illustrates for big vast (Hung) et al. in publication on August 27th, 2015 and entitled " is protected using non-volatile protected code and volatility
Code is protected to carry out data of nonvolatile storage protection (Nonvolatile Memory Data Protection Using
Nonvolatile Protection Codes and Volatile Protection Codes) " U.S. Patent application it is public
It opens in case US 2015-0242158, the Patent Application Publication is incorporated to this exposure for reference, just as completely old
It is set forth in this exposure the same.
In some embodiments, relay protective scheme 474 is configured to restrain in response in the instruction for restraining state
(indicator) programming and/or erasing program so that for physics can not the change of copy function data set be suppressed.
Therefore, if instruction (indicator) is set, be associated in by physics can not copy function logical AND driver 420 apply
The peripheral circuit system 475 of flash array 470 will not application programming and erasing pulse to physics can not copy function block 471.
Indicate that (indicator) can be fuse (fuse), single programming unit (one-time-programming;OPT), Yi Jihuan
Storage.
In some embodiments, relay protective scheme 474 can be implemented to execute for can not copy function block in physics
It executes to generate in 471 and carries out authenticating program with before the operation of storage key.Can by use e.g. password, fingerprint and
Hardware key implementation authenticates program.
Illustrate to can be used for referring to Fig. 4 A to Fig. 4 D to be jointly processed by dependent on having undergone (such as manufacture sequence or it is common partially
Pressure application scheme) charge trapping memory cell in the diversity of threshold voltage generate the program of data set, it is described common
Processing meeting so that charge it is tunneling into or the charge storing structure that is tunneling out in memory cell, and then change is stored in the electricity
The amount of charge in lotus memory structure.So that being jointly processed by of being established of starting distribution in the sense can be " can not to answer
System ": the threshold voltage being thus jointly processed by based in individual charge trapping units in each group program, voltage and
The variation of temperature (process, voltage and temperature) and one group of charge trapping memory cell with it is another
Group charge trapping memory cell between and between an integrated circuit and another integrated circuit it is different.For such original
Cause, even if being jointly processed by described in knowing, the variation of the still unpredictable threshold voltage of people, and therefore unpredictable according to they
The data obtained collection of variation and generation.
Fig. 4 A is the curve graph of threshold voltage Yu element count relationship, is illustrated in one group of programmable memory cell
Each memory cell initiation threshold distribution 500, initiation threshold distribution 500 be physics can not copy function program start when
It establishes.For exemplary purposes, certain points are represented, in the distribution to represent address Addr=0,1,2,3,4 and 5
The threshold voltage of the memory cell at place.It can be seen that, the threshold voltage of discrete cell and the address of memory cell are unrelated.
This exposure is represented using term " address " can be used for selecting memory according to the physical order of memory cell
The logical signal of unit.In memory technology, address is decoded to generate logical signal, and then to for depositing
The bias of storage unit applies circuit system and is controlled.In some embodiments, " address " can be not need to be decoded
Logical signal.In some embodiments, " address " of unit can for for example following shielding (mask) shown in Figure 20 or
Position in mapping table (mapping table).The form that address can be combined, and can be shielded by shielding is formed
Combined address is stored, wherein each entry in the shielding enables (enable) or deactivates at (block) corresponding address
Memory cell.
Initiation threshold distribution 500 can be because as etching program or deposition procedure, (such as what is used during manufacturing is related to collect
At circuit be exposed in plasma-based or ion with above memory cell formed patterned metal layer program) result exist
It manufactures abiogenous charge trapping when completing and occurs.It in alternative embodiments, can be for example using by the control on integrated circuit
The bias of device control processed applies operation (such as erasing operation as described below etc.) to establish initiation threshold distribution 500.At one
In example, starting distribution is using page erasing operation or block erasing operation in one group of programmable memory cell
All members and establish, wherein block includes multiple pages formed by programmable memory cell.Referring to September 29 in 2016
The U.S. Patent application of day publication and entitled " page in flash memory wipes (Page Erase in Flash Memory) " is public
Open case the 2016/0284413rd A1.So that the program that starting distribution is established is in the storage not according to address in a group
It is executed in the case where being distinguished in device unit.So that the program that is established of starting distribution can for physics can not copy function, with
Making starting distribution is exclusive for undergoing each group of programmable memory cell of described program.
In the present note, initiation threshold distribution 500 has threshold level (upper threshold in top as shown in the figure
Level), it is extremely low threshold that the top threshold level, which indicates to make the memory cell in one group to have the probability of higher thresholds,
It is worth level.For example this top threshold level can be set as example wiping in the algorithm for establishing initiation threshold distribution 500
It verifies level (erase verify level).
Fig. 4 B illustrate physics can not next stage in copy function, wherein will have positioned at line of demarcation threshold value below
Memory cell be recognized as in starting distribution first part 510 in threshold voltage memory cell son
The member of concentration.In addition, the memory cell with the threshold value for being located at line of demarcation or more is recognized as having in starting distribution
Second part 520 in threshold voltage memory cell subset in member.Therefore, one group of programmable storage list
There is member threshold value to be at the first subset (such as Addr=0,3 and 4) and threshold value in the first part of starting distribution
Second subset (for example, Addr=1,2 and 5) in the second part of starting distribution.
The address of the memory cell in the first subset and second subset can be established by following manner: using boundary
The memory list that reading voltage on line operates programmable memory cell application scanning, and will return to the first logic state
The address of member is recorded as the first subset and the address for returning to the memory cell of the second logic state is recorded as second subset.
To the position of the memory cell in each of storable subset about for providing data set of the record of the address
Information.
In some embodiments, search operation (finding operation) can be used to define boundaries, it is described to look into
The counting and second for the programmable memory cell for looking for operation to generate in the first subset (have and be located at line of demarcation threshold value below)
The counting of programmable memory cell in subset (there is the threshold value for being located at line of demarcation or more).The counting can be compared
Compared with to generate the ratio.In data set 0 and 1 number can be made to be enough to maintain safe number at can ensure that the ratio set
According to the value of collection.For example, it may be desirable to make 0 pair 1 of ratio close to 1.For actual embodiment, target rate range can example
Such as between 2/3 and 3/2, in this case, each subset has 40% to 60% of memory cell in a whole group.It can
Target rate range is adjusted according to using this to disclose the design specification of the specific integrated circuit of the technology.
The threshold voltage of individual charge trapping units in one group can drift about at any time, so that initiation threshold was distributed for 500 generations
Table is only stable distribution in a short time.Therefore, stable data set is generated for certain types dependent on starting distribution
Memory cell be it is unpractical, in the memory cell of those types, such drift can make threshold value be located at line of demarcation
The threshold voltage in certain units on side drifts to the other side in line of demarcation a time point.Therefore, using certain skills
Art will originate the insensitive stabilization data set of such drift of the pairs of threshold voltage of distribution shifts.
It is a kind of to be related at the technology for stablizing data set using in the first subset and second subset for distribution shifts to be originated
Memory cell address.In such technology, the data set based on those distinct thresholds may include one or two in subset
The ordered series of numbers of the address of person or include the entry that the unit at address is deactivated or enabled shielding.The example shown in Fig. 4 A
In, the ordered series of numbers of the address of the first subset and second subset can for expressed in binary form in figure 0,3,4 ..., 1,2,
Or the version of this sequence 5....Certainly, in a particular embodiment, hundreds of, number may be present in the ordered series of numbers of address
Thousand or millions of a addresses.Address through ordered series of numbers can be stored in the memory on integrated circuit (for example, with one shown in Fig. 4 D
The different protected storage block of group) in.Such protected storage block can be provide with extremely low bit error rate and
The non-volatile stable storage of this ability of data set is delivered in some examples in the case where without using error-correcting code.
In alternative embodiments, the address of the first subset and the unit in second subset can be as example referring to screen described in Figure 20
Cover expression.
As shown in the figure, according to another technology, identical group of Nonvolatile memery unit can be used to create base
In the stabilization data set of threshold voltage.To reach such embodiment, programming behaviour can be executed to the memory cell in second subset
Make so that its threshold voltage is moved into the distribution 525 of the first verifying level or more as shown in Fig. 4 C, in this example,
The first verifying level can be higher than the top threshold level of initiation threshold distribution 500.In other embodiments, the first verifying
Level can be lower than the top threshold level of initiation threshold distribution 500, as long as sufficient sensing tolerance can be generated as described below
(read margin).
After executing programming operation using the first verifying level, it can be obtained and change similar to distribution shown in Fig. 4 C is such
It is distributed (changed distribution) afterwards.The programming operation changes the threshold value electricity of the memory cell in second subset
Pressure, to establish sensing tolerance 530 between the first subset and second subset.Sensing tolerance 530 is designed to wide true to being enough
It protects the following reliability operated: data set is read, to judge that particular memory cell is in the first subset or in second subset
Member.After being distributed after establishing change shown in Fig. 4 C, the reading for being used for reading in sensing tolerance 530 can be used
Voltage VRTo read the storage stack unit.Sensing tolerance 530 can be to be significant (sufficiently large), so that in read operation
A possibility that mistake occur is extremely low.
Table 1 is the table for representing the data set being stored in same group of memory cell, and described one is shown in the first row
The sequence address of memory cell in group and show in a second row represent by physics can not copy function program generate number
According to the data value (or key) of collection.In this table, data value can be obtained by being read out to the memory cell at 0 to 5 place of address
100110.In an actual embodiment, the length of data set can be hundreds of, thousands of or millions of a positions.
Table 1
| Address | Key |
| ....0000 | 1 |
| ....0001 | 0 |
| ....0010 | 0 |
| ....0011 | 1 |
| ....0100 | 1 |
| ....0101 | 0 |
| ........ | ........ |
Fig. 5 A to Fig. 5 D and table 2 are to represent as the sequence of figures Fig. 4 A to Fig. 4 D and table 1 to one group of charge
Trapping memory cell execute same physical can not copy function program another example.In this example, even if physics can not
Copy function program is identical, and the data obtained collection is also different.
Fig. 5 A illustrates that one group including the memory cell at address Addr=0,1,2,3,4 and 5 is programmable and deposits
The initiation threshold distribution 600 of storage unit.The starting distribution has top threshold level.
Fig. 5 B illustrates first part 610 and the second part 620 of starting distribution.One group of programmable memory cell
The first subset (for example, Addr=1,2,3 and 4) and threshold value being in the first part of starting distribution with threshold value are in
Originate the second subset (for example, Addr=0 and 5) in the second part of distribution.Data set based on those distinct thresholds can wrap
The ordered series of numbers of the address of some or all unit in one or both of enclosed tool concentration.In the example shown in Fig. 5 A, in the first subset
Some or all unit address and second subset in the ordered series of numbers of address of some or all unit can be for digital shape
Formula expression (1,2,3,4 ...);The version of (0,5...) or this sequence.As described above, the address through ordered series of numbers can store up
Be stored on integrated circuit memory (such as with address is wherein shown in binary form Fig. 5 D shown in it is a different set of by
Protect memory block) in.Such protected storage block can be to provide with extremely low bit error rate and in some instances
The non-volatile stable storage of this ability of data set is delivered in the case where without using error-correcting code.
Fig. 5 C illustrate the second subset applied bias voltage to programmable memory cell apply operation (for example, programming) with
Resulting result after sensing tolerance 630 is established between the first subset and second subset.For example, when ratio is in mesh
When marking in ratio ranges, second subset may include the programmable memory cell with the threshold value for being located at line of demarcation or more.It is described
Bias applies operation and the threshold value of the programmable memory cell in second subset is changed to threshold value distribution 625.Threshold value distribution
625 can be located at the first verifying level or more.
Fig. 5 D shows the data set based on those distinct thresholds, and the data set includes one or both ground in subset
The ordered series of numbers of location or include shielding about the entry of the unit at the address.In the example shown in Fig. 5 B, the first subset
Address and the ordered series of numbers of address of second subset can be (1,2,3,4 ...) expressed in figure in binary form;(0,
) or the version of this sequence 5....Certainly, in a particular embodiment, all multiaddresses may be present in the ordered series of numbers of address.Through
Ordered series of numbers address can be stored in the memory (such as with a different set of protected storage block shown in Fig. 5 D) on integrated circuit
In.Such protected storage block can be to provide with extremely low bit error rate and in some instances in without using error correction
The non-volatile stable storage of this ability of data set is delivered in the case where code.
Table 2 is to show the sequence address of the memory cell in described one group in the first row and show in a second row
Represent by physics can not copy function program generate data set data value (or key) table.In this table, to address 0
Memory cell to 5 be read out can obtain it is different from generated data value in example shown in Fig. 4 A to Fig. 4 D and table 1
Data value 011110.
Table 2
| Address | Key |
| ....0000 | 0 |
| ....0001 | 1 |
| ....0010 | 1 |
| ....0011 | 1 |
| ....0100 | 1 |
| ....0101 | 0 |
| ........ | ........ |
Therefore, the data set is different members in one group of charge trapping memory cell due to described one
The function of distinct threshold voltage for causing being jointly processed by for charge trapping in group and having.Can be used different groups programmable deposits
Storage unit be physics can not each example of copy function program reach such result.For certain form of memory
Same group of programmable memory cell can be used by new starting distribution is created for each new data set to generate in unit
Multiple data sets.In addition, for the data for being stored in being used to establish in mutually allochoric one group of identical memory cell
Collection, can be replaced legacy data collection by new data set.
It is including programmable electricity that Fig. 6, which is in a manner of being explained referring to Fig. 4 A to Fig. 4 D, table 1 and Fig. 5 A to Fig. 5 D and table 2,
The flow chart 200 for stablizing data set is generated on the integrated circuit of lotus trapping memory cell.In this example, program is so that one
Group flash cell has the starting distribution of threshold value and starts (step 201), and the starting distribution is different by obtaining as described above
The common physical of threshold voltage can not copy function program and establish.In this example, described program includes searching memory list
Member, such as the address by first subset in the determination storage stack unit with the threshold value for being located at line of demarcation or more
And address (the step 210) with the second subset for being located at line of demarcation threshold value below.The boundary can be chosen by rule of thumb
Line and be stored in as parameter can not be in the system that is controlled of execution of copy function to physics.Alternately,
Illustrated in such example, line of demarcation can be adjusted according to the desired characteristic of the characteristic of starting distribution and data set.It is replaced such
For in scheme, described program determines counting of the counting of memory cell in the first subset to memory cell in second subset
Ratio (step 220).This ratio can for the numerical value such as 1/1 or can for example fall into desired use according to data set and
In the tolerance interval 3/2 to 2/3 of selection.
If the ratio is unacceptable (step 230), described program adjustment line of demarcation (step 240) is simultaneously returned
To step 210 to recognize the first subset and second subset.If the ratio is acceptable (step 230), described program is moved
It moves to the first subset being identified and second subset based on memory cell come the step of establishing stable data set.As above
Described, in a kind of alternative solution, described program can store the address in the first subset and in order the second son of storage in order
The address of concentration, and use through ordered series of numbers address as stablizing data set.
In alternative solution illustrated by Fig. 6, the program for establishing stable data set includes: in second subset
Memory cell applied bias voltage applies operation to be distributed after foundation change in the storage stack unit, after the change
Being distributed between the memory cell in the memory cell and second subset in the first subset has sensing tolerance (step
250).For charge trapping memory cell, it may include using the line of demarcation sufficiently above threshold voltage that this bias, which applies operation,
Verifying level come be programmed operation (such as be incremented by step pulse program (incremental step pulsed
Programming, ISPP)), to establish sensing tolerance.Can only in second subset with address memory cell application
Bias applies operation.In this way, can reach pair by using the reading voltage being located in sensing tolerance be read
The identification of memory cell in first subset and the identification of the memory cell in second subset.Therefore program shown in Fig. 6 is wrapped
It includes and reads the step that the memory cell sequence in described one group carrys out output data set by the reading voltage used in sensing tolerance
Suddenly (260).Institute's output data set can be provided to external system (such as to physics can not the execution of copy function control
System), to be used as shared secret in security protocol.The data set can steadily be stored in the storage stack list
In member, be because sensing tolerance makes following scenario described have a possibility that extremely low: the member's being initially recognized as in second subset is deposited
Storage unit will make in its threshold voltage shift range that most the first subset is recognized.
Fig. 7 A to Fig. 7 D and table 3 illustrate to can be used for generating the another of stable data set based on the starting of threshold value distribution
Kind technology.
Fig. 7 A illustrates that one group including the memory cell at address Addr=0,1,2,3,4,5 and 6 is programmable and deposits
The initiation threshold distribution 700 of storage unit.
Fig. 7 B illustrates first part 710, second part 720 and the Part III 730 of starting distribution.The of starting distribution
A part includes less than top threshold level and being located at the first line of demarcation threshold value below, and the second part for originating distribution includes
Less than top threshold level and the threshold value more than second line of demarcation big compared with the first line of demarcation, and originate the third of distribution
Part includes the threshold value between the first line of demarcation and the second line of demarcation.It may include for the desired characteristic based on data set
To search one or both program in the first line of demarcation and the second line of demarcation.
One group of programmable memory cell have threshold value be in starting distribution first part in subset (for example,
Addr=0 and 3), threshold value be in starting distribution second part in subset (for example, Addr=2 and 5) and threshold value be in
Subset in the Part III of starting distribution being located between the first reading level and the second reading level.
The threshold voltage of individual charge trapping units in described one group can drift about at any time, so that initiation threshold is distributed
700 represent is only stable distribution in a short time.Therefore, stable data set is generated to Mr. Yu dependent on starting distribution
The memory cell of types is unpractical a bit, and in the memory cell of those types, such drift can be such that threshold value is located at
The threshold voltage in certain units on the side of line of demarcation drifts to the other side in line of demarcation a time point.Therefore, it applies
Certain technologies will originate the insensitive stabilization data set of such drift of the pairs of threshold voltage of distribution shifts.
As shown in the figure, a kind of technology for establishing stable data set based on threshold voltage can be used same group it is non-
Volatile memory-elements.It, can be to the threshold having between the first line of demarcation and the second line of demarcation to reach such embodiment
Memory cell in the subset of value executes programming operation, so that its threshold voltage is moved to the first verifying level or more, herein
In example, the first verifying level is higher than the top threshold level of initiation threshold distribution 500.In other embodiments, described
First verifying level is smaller than the top threshold level of initiation threshold distribution 500, as long as sufficient sense can be generated as described below
Survey tolerance.
After executing programming operation using the first verifying level, it can obtain changing similar to distribution shown in Fig. 7 C is such
After be distributed.The programming operation changes the threshold voltage of memory cell, to establish sense between the first subset and second subset
Survey tolerance 740.Sensing tolerance 740 is designed to wide to the reliability for being enough to ensure that following operation: using in sensing tolerance
Voltage is read to read data set, to judge that particular memory cell is the member in the first subset or in second subset.?
It establishes after changing shown in Fig. 7 C after being distributed, the reading voltage V in sensing tolerance 740 can be usedRTo read described one
Group memory cell.It can be significant for sensing tolerance 740, so that a possibility that occurring mistake in read operation is extremely low.
Table 3 is the table for representing the data set being stored in same group of memory cell, and described one is shown in the first row
The sequence address of memory cell in group and show in a second row represent by physics can not copy function program generate number
According to the data value (or key) of collection.In this table, data value 1 can be obtained by being read out to the memory cell at 0 to 6 place of address
01 X of X, 0 X, wherein " X " is random value (don ' t care), it is because it undergoes bias to apply with to due to sensing tolerance to establish
Memory cell in the subset of add operation carries out sensing resulting result corresponding.In an actual embodiment, the number
It can be hundreds of or thousands of positions according to the length of collection.
Table 3
| Address | Key |
| ....0000 | 1 |
| ....0001 | X |
| ....0010 | 0 |
| ....0011 | 1 |
| ....0100 | X |
| ....0101 | 0 |
| ....0110 | X |
| ........ | ........ |
In this example, number is provided using the first subset of one group of programmable memory cell and second subset
According to collection (for example, " key data ").For example, using the first subset and second subset at address Addr=0,2,3 and 5
In programmable memory cell provide data set 1010, wherein data " 1 " be using at address Addr=0 and 3 first son
The programmable memory cell of concentration and provide, and data " 0 " be using in the second subset at address Addr=2 and 5 can
Program memory cells and provide.The data set does not include one group of programmable memory cell for establishing sense
The data in the subset (for example, at address Addr=1,4 and 6) of tolerance are surveyed, the subset, which has, to be located at except starting distribution
Threshold value distribution 735 in threshold value.In this example, shown " X " indicates the memory cell for being not used in data set.
In some embodiments, bias in this example, which applies operation, can also establish the between its other in the subsets
Two sensing tolerances 750, the second sensing tolerance 750 it is wide to be enough even wherein program, voltage, temperature (process,
Voltage, temperature, PVT) variation it is relatively large under conditions of also can for sensing programmable memory cell second
Threshold voltage difference between subset and third subset ensures reliability.This information can be used for generating data set.
Address mapping (address map) can be by the programmable storage in one group of programmable memory cell
Device unit, application scanning operation, to record in the first subset, second subset and third subset for providing compiling for data set
The address of journey memory cell constructs.For example, it can be marked in third subset with flag (skip flag) is skipped
The address of programmable memory cell, therefore the programmable storage list that will do not read in third subset when providing data set
Member, the data set can be used as authenticating the key of agreement or cryptographic protocol or be used as other kinds of secret data value or only
There is data value.Alternately, can come as described in referring to Figure 20 using mask logic.
In response to interrogating, physics can not copy function ID circuit system logic (for example, security logic 125, Fig. 1;Safety
Circuit 450, Fig. 2) data set provided as follows can be used to provide key: according to recorded in address mapping
First subset of one group of programmable memory cell and the address of second subset, using having recorded in address mapping
The programmable memory cell of address, skip whereby or the third subset without using one group of programmable memory cell in
Programmable memory cell with address.
As described above, the data set based on those distinct thresholds may include one or both in subset in alternative program
In some or all unit address combination (such as ordered series of numbers).Fig. 7 D shows the data set based on those distinct thresholds, institute
State the ordered series of numbers that data set includes the address of one or more of subset.In the example shown in Fig. 7 D, including it is present in each line of demarcation
Between memory cell the first subset address with include be present in the second of the first line of demarcation memory cell below
The ordered series of numbers of the address of subset, wherein can be (Isosorbide-5-Nitrae, 6 ...) expressed in figure in binary form;(0,3 ...) or this sequence
The version of column.Certainly, in a particular embodiment, hundreds of or thousands of addresses may be present in the ordered series of numbers of address.Through ordered series of numbers
Address can be stored on integrated circuit memory (such as from have starting distribution storage stack unit it is different by
Protect memory block) in.Such protected storage block can be to provide with extremely low bit error rate and in some instances
The non-volatile stable storage of this ability of data set is delivered in the case where without using error-correcting code.
In the example shown in Fig. 4 D, Fig. 5 D and Fig. 7 D, data set is one or more of each subset (such as the first subset
In some or all unit, some or all unit in second subset and some or all list in third subset
Member) address ordered series of numbers or this sequence version.In some embodiments, can be used only one in each subset (such as
Third subset) in memory cell address as data set.It can be used and be different from ordered series of numbers or the logic other than ordered series of numbers
Function (such as hash function or shielding form) carrys out combination of address, to form the data set for including address combination.
It is including programmable charge trapping memory list that Fig. 8, which is in a manner of being explained referring to Fig. 7 A to Fig. 7 D and table 3,
The flow chart 800 for stablizing data set is generated on the integrated circuit of member.In this example, program is so that one group of flash cell has
The starting of threshold value is distributed and starts (step 801), and the starting distribution is by obtaining the common of distinct threshold voltage as described above
It handles and establishes.In this example, described program includes the address in the determining storage stack unit, and described one group is deposited
Storage unit include be located at the first line of demarcation threshold value below unit the first subset, have be located at the second line of demarcation
The third subset of the second subset of the unit of above threshold value and the unit with the threshold value between the line of demarcation
(step 810).The line of demarcation can by rule of thumb or otherwise be chosen, and be stored in physics not as parameter
In the system that the execution of reproducible function is controlled.It alternately, can be according to starting point illustrated in such example
The desired characteristic of the characteristic of cloth and data set adjusts line of demarcation.In such alternative solution, described program determines the first subset
Ratio (step 820) of the counting of middle memory cell to the counting of memory cell in second subset.Then, algorithm judges
Whether the ratio matches (step 830) with desired extent.If judging the ratio and inappropriate at step 830,
Line of demarcation (the step 835) is adjusted, and described program is back to step 810 until reaching adequate rate.If in step
The ratio is appropriate at 830, then algorithm continues to establish the stabilization that can be used as exclusive key for representing the distribution
Data set.As described above, the address of the memory cell in each subset can be combined in a kind of alternative solution to be formed solely
There is data set, and the proprietary data collection is stored in protected storage.In Fig. 8 embodiment described, the journey
Sequence continues to apply operation to the memory cell applied bias voltage in third subset, and then establishes in the first subset and the
It is distributed (step 832) after the change between two subsets with the threshold value of sensing tolerance, and records the memory in third subset
The address of unit.In this way, can skipped by the address of third subset and from using the reading voltage in sensing tolerance
The first subset and the read data value of second subset sensed while memory cell in third subset is steady to represent
Determine data set (834).Stable data can be established such as other combinations of the use information described in various alternative solutions above
Collection.In addition, in some embodiments, bias can be omitted and apply step 832.
Fig. 9 is the flow chart 900 for establishing stable data set using the starting distribution of threshold value in one group of flash cell.
Program starts from the starting for making one group of flash cell have threshold value distribution (step 901).Next, described program determination has
The address of first subset of the memory cell of the threshold value more than the first line of demarcation has below the second line of demarcation
Threshold value memory cell second subset address and memory with the threshold value between the line of demarcation
Address (the step 910) of the third subset of unit.The address sequence of memory cell at least one of each subset is stored up
It is stored in (step 920) in the memory separated with the storage stack unit.Exportable be used as is stored in the address sequence
The function of address in column or the data set (step 930) equal with the address being stored in the address sequence.Such place
It discusses, data set can merge with random number and generate the key of improvement.
Figure 10 A to Figure 10 C illustrates a kind of can be used for the threshold of the charge trapping memory cell in storage stack unit
Value is set to the program with the starting distribution of distinct threshold voltage.Figure 10 A illustrates the initial of one group of programmable memory cell
Threshold value distribution 816.In this example, the initial threshold distribution is the distribution before programming operation or erasing operation, described
Programming operation cause electronics or negative electrical charge it is tunneling into charge storing structure with the threshold voltage of increasing unit, the erasing operation
Initiation electronics is tunneling out charge storing structure or initiation positive charge is tunneling electric with the threshold value of reduction unit into charge storing structure
Pressure.In this example, the memory cell in described one group can have any initial threshold to be distributed.In this example, described first
The distribution of beginning threshold value includes being located at the first verifying level relatively low threshold range below.
Figure 10 B illustrates to be programmed to all members in one group of programmable memory cell compared with the first verifying level
The big resulting result of threshold range 817.This similar preprogrammed operation used in a flash memory.
Figure 10 C illustrates to wipe all members in one group of programmable memory cell to establish starting point
Threshold value in cloth 818 is resulting as a result, wherein the starting distribution is including being located at the second verifying level threshold value below.In step
Distribution in rapid 830 can be used as the starting distribution of above procedure.Other technologies can also be applied, including use threshold value shown in Figure 10 B
Range 817 is as starting distribution.
This exposure technology (including technology described in 0A to Figure 10 C referring to Fig.1) for establishing starting distribution can
Applied to charge trapping memory cell.Illustrate the example of charge trapping memory cell in Figure 10 D, Figure 10 E and Figure 10 F.
Figure 10 D is formed at the simplification figure of the flat floating gate memory cell on substrate 840.Source area 841 and leakage
Polar region 842 is placed in the opposite sides of charge trapping structure.Control grid 843 is overlie in charge trapping structure, and can be
Such as a part of wordline.The charge trapping structure includes the tunneling layer 844 usually formed by silica, usually by polycrystalline
Silicon formed floating gate layer 845, including multi-layer oxide-nitride-oxide configuration blocking dielectric structure, it is described
Multi-layer oxide-nitride-oxide configuration has oxide skin(coating) 846, nitride layer 847 and oxide skin(coating) 848.It is right
Floating gate memory cell as floating gate memory cell shown in similar Figure 10 D such as is programmed and wipes at the physics
Function can cause the charge that charge is tunneling and change is become trapped in floating grid 845.The amount of charge is trapped according to each list
The physical characteristic of member and be varied, including change of program, temperature change, voltage change etc..Therefore, similar for establishing
The operation for stating initiation threshold as initiation threshold can obtain being in relatively wide in the mass storage unit on single device
Threshold voltage in wide distribution.
Figure 10 E is formed at the simplification figure of the flat dielectric charge trapping memory cell on substrate 850.Source area 851
And drain region 852 is placed in the opposite sides of charge trapping structure.Control grid 853 overlies the charge trapping structure
On, and can be a part of such as wordline.The charge trapping structure includes usually by oxide or by multiple thin dielectric layer shapes
At tunneling layer 856.The electric charge trapping layer for generally comprising silicon nitride or other dielectric materials is mounted with above tunneling layer 856
857.There is the barrier layer usually formed by another dielectric oxide (such as silica) above electric charge trapping layer 857
858.As floating gate memory cell, memory cell as memory cell shown in similar Figure 10 E is compiled
The physical functions such as journey and erasing can cause the charge that charge is tunneling and change is become trapped in electric charge trapping layer 857.It is trapped electricity
The amount of lotus can be varied according to the physical characteristic of each unit, including change of program, temperature change, voltage change etc..Cause
This, the operation for establishing initiation threshold as similar above-mentioned initiation threshold can be in the massage storage list on single device
The threshold voltage in relatively wide distribution is obtained in member.
Figure 10 F is formed at the vertically simplification figure with non-flash structure of the three-dimensional (3D) on substrate 860.Vertical channel knot
Structure (for example, 863) is placed between the stacking formed by wordline (for example, 867).Such as dielectric charge trapping structure or floating
The charge storing structures such as gate structure are placed between wordline and vertical channel structure 863.Vertical channel structure 863 is coupled to
Bit line 869.In the substrate, it is mounted with shared source conductor, and then via vertical channel structure 863 in bit line 869 and base
It is to establish current path with non-string between plate 860.Flash memory structure shown in Figure 10 F can also be used for using programming operation or erasing behaviour
Make the relatively wide distribution that threshold voltage is established in the mass storage unit on device.
Other kinds of flash memory unit structure (including other three-dimensional storage technologies) can also dispose for this exposure institute
The physics stated can not copy function program.
Figure 11, which is shown, applies operation using initialization bias to set the threshold value of the programmable memory cell in one group
At the exemplary process diagram 300 of starting distribution, the initialization bias, which applies operation, can be applied to charge storage memory list
Memory cell as member, including similar above-mentioned memory cell.At step 310, by one group of programmable storage
All members in unit are programmed to the threshold range big compared with the first verifying level.In an example, it can be used to be referred to as and pass
Increase step pulse program (ISPP) sequence programmed algorithm come to all members in one group of programmable memory cell into
Row programming, wherein increasing pulse height and executing program verification step until meeting expectation threshold value level.In step 320
Place, wipes all members in one group of programmable memory cell, with the threshold value established in starting distribution, institute
Stating starting distribution includes being located at the second verifying level threshold value below.
According to such program for establishing starting distribution for programming operation or erasing operation verifying level can with for pair
Programming operation applied by larger memory on same integrated circuit and the verifying level of erasing operation are identical.As another
Selection, visual specific embodiment needs to adjust the verifying level for establishing starting distribution, so that starting distribution has
For for creating the desired characteristic of data set as described in this exposure.Although in this example using wherein by net positive charge
Charge trapping structure is added to be distributed with " erasing " program of the threshold value of reduction unit to generate starting, it is also possible, however, to use
Net negative charge is wherein added to charge trapping structure with " programming " program of the threshold value of increasing unit.In addition, as described above,
Starting distribution can be " initial " point of the threshold value as obtained from fabrication schedule or other programs for undergoing storage stack unit
Cloth.It is " initial " distribution and be distributed as obtained from erasing operation or programming operation can be considered as physics can not copy function.
In addition, can be used for the nonvolatile memory based on programmable resistance memory unit and wherein cause resistance
Net reduce think that the readings electric current of unit reduces " setting (set) " program of threshold voltage and is distributed to generate starting.As another
One selection, it is possible to use wherein cause having a net increase of greatly to increase " resetting for threshold voltage for the electric current that reads of unit for resistance
(reset) " program.In addition, as described above, starting distribution can be by fabrication schedule or to make one group of programmable resistance memory list
" initial " distribution of threshold value obtained from other programs of member experience.It is " initial " to be distributed and operated by setting operation or reset
To distribution can be considered as physics can not copy function.
Figure 12 A to figure 12 C illustrate it is another for using physics can not copy function come for the type referring to described in Fig. 9
The technology of charge trapping memory cell generation data set.In fig. 12, illustrate for example to can be used physics can not copy function
(threshold value of each memory cell in storage stack unit is such as made to be moved to top threshold value electricity using erasing authentication function
Equal erasing operation below) generate initiation threshold distribution 1200.Starting distribution can be characterized as having shown in figure
Top threshold level and lower threshold level, and to be convenient for this explanation, it can be for the standard configured for memory array
To there is read operation the memory cell for the threshold value being distributed in 1200 in initiation threshold to be characterized as representative data value " 0 ".
Figure 12 B illustrates the next step when establishing data set.In this example, 1200 are distributed using from initiation threshold
Side start mobile reading voltage VRLevel read the memory cell in described one group.It is assumed that the movement
Reading voltage is the storage stack unit then to be read using voltage is read, and determine tool since lower threshold level
There is the counting of the number of the memory cell of the threshold value positioned at the threshold value above and below.Make this read voltage it is mobile until
Number and desired parameter in the memory cell for reading voltage above and below, which match, (such as to be approximately equal or has
Have about 1 ratio) until.In this stage, can will have to be located in sub- distribution 1210 and read voltage VRThreshold value below
Memory cell is characterized as representative data value " 1 ", and can will be had to be located in sub- distribution 1220 and be read voltage VRAbove threshold
The memory cell of value is characterized as with data value " 0 ".For example, the sustainable progress of read operation is to lower than reading
There is the programmable of threshold level for being higher than reading level to deposit for the counting of the programmable memory cell of the threshold level of level
Until the ratio of the counting of storage unit is within the scope of target rate.For example, when with lower than the threshold for reading level
Be worth level programmable memory cell counting, corresponding to the memory cell in one group about 50% when, target rate model
Ratio in enclosing can be substantially equal to 1.Can establish is in the ratio in target rate range (such as 40% to 60%)
Level is read as being read out each memory cell in one group of programmable memory cell to generate stable number
According to the reading voltage V of collectionR。
Figure 12 C illustrates the next step when establishing data set.According to such technology, voltage V is read to topR+ and under
Read voltage V in portionRChosen, with define initiation threshold distribution 1200 to carry out memory cell to data value strong
The son distribution of storage.Once determined to read voltage V in conjunction with as described in Figure 12 BR, can be by reading voltage VRSurrounding is established
Tolerance is sensed, and establishes the first line of demarcation and the second line of demarcation in distribution, so that corresponding to VRWith VR+ between difference
1240 sensing tolerance 1230 makes to read voltage V between the first line of demarcation and the second line of demarcationRIn sensing tolerance
It is interior.For example, the first line of demarcation, which can be located at, subtracts 300 millivolts (mV) with reading level for a kind of certain types of flash cell
At corresponding threshold level, and the second line of demarcation can add at 300 millivolts of corresponding threshold levels positioned at reading level.?
In another example, the first line of demarcation can be located at and read voltage VRLevel subtract the 30% corresponding threshold value electricity for reading level
It is flat (to read voltage V in lower partR) at, and the second line of demarcation can be located at and read voltage VRLevel plus read level 30%
Corresponding threshold level (reads voltage V in topR+) at.
The memory cell stored by force in son distribution 1211 and son distribution 1221 to data value " 1 " and " 0 " can be used
To generate data set.The address of such memory cell is recorded in the memory on integrated circuit (such as stable flash memory area
In block, in different types of nonvolatile memory or such as static random access memory or dynamic random access memory
In equal volatile storages) it is used in the security protocols such as example encrypting and authenticating for integrated circuit.The reading at the center of can be used
Take voltage value VRAnd institute's recording address of strong sensing tolerance is provided to execute read operation.In this way, merely with phase
The memory cell that data value is stored by force for reading voltage, and then make to send out when reading data because of threshold drift
The probability of raw mistake is extremely low.
It is including programmable charge trapping memory cell that Figure 13, which is in such a way that 2A to Figure 12 C referring to Fig.1 is explained,
The exemplary process diagram 1300 for stablizing data set is generated on integrated circuit.In this example, program is so that one group of flash cell tool
There is the starting of threshold value to be distributed and start (step 1301), the starting distribution is by obtaining distinct threshold voltage as described above
It is jointly processed by and establishes.In such alternative solution, (voltage V is read using mobile reading levelR) in described one group
Memory cell executes read operation (step 1310).Described program, which determines, to be had lower than the current threshold level for reading level
Programmable memory cell counting, to having the programmable memory cell for being higher than the current threshold level for reading level
Counting ratio (step 1320).Then, described program judges whether the ratio is within the scope of target rate (step
1330).For example, corresponding to one when the counting with the programmable memory cell lower than the current threshold level for reading level
Memory cell in group about 130% when, the ratio within the scope of target rate can be substantially equal to 1.If the ratio is simultaneously
It is non-to be within the scope of target rate (step 1330, no), then reading level for example can be adjusted by reading level is incremented by
(step 1340), wherein the level that reads can be from the minimum threshold electricity for being located at distribution for the first time iteration of step 1310
Flat place or threshold level below start.Then, read operation is back to step 1310 and continues to carry out to the ratio being in
Within the scope of target rate until (step 1330, yes).Foundation makes the ratio be in the reading level within the scope of target rate,
As for being read out each memory cell in one group of programmable memory cell to generate stable data
The reading voltage V of collectionR(Figure 12 B) (step 1350).
If the ratio is within the scope of target rate at step 1330, described program continues based on number
Come in distribution according to the desired characteristic of collection, establishes one or both (step 1340) in the first line of demarcation and the second line of demarcation.Example
Such as, described program can be in starting distribution (Fig. 4 B) in reading voltage VRSurrounding establishes sensing tolerance, so that sensing tolerance (example
Such as, 530, Fig. 4 C) between the first line of demarcation and the second line of demarcation, and make to read voltage VRIn sensing tolerance.Example
Such as, the first line of demarcation, which can be located at, subtracts 300 millivolts of corresponding threshold levels (lower part reading voltage V with reading levelR) at,
And the second line of demarcation can be located at and read level plus 300 millivolts of corresponding threshold levels (top reading voltage VR+) at.Example
Such as, the first line of demarcation can be located at subtracts at the 30% corresponding threshold level for reading level with reading level, and the second line of demarcation
It can be located at and be added at the 30% corresponding threshold level for reading level with reading level.
Program shown in Figure 13 includes the following steps 1360: determining in the storage stack unit has by the first boundary
The address for the first subset that line defines, the second subset defined by the second line of demarcation address and have and be located at the first boundary
The address of the third subset of threshold value between line and the second line of demarcation, and established using determined address and represent the distribution
The stabilization data set that can be used as exclusive key.
Program shown in Figure 13 includes the following steps 1370: by the reading voltage V used in sensing tolerance 530 (Fig. 4)R
Memory cell sequence in described one group is read out and carrys out output data set.Institute's output data set can be provided to outside
System (such as to physics can not copy function the system that is controlled of execution), to be used as shared secret in security protocol.
The data set can be steadily stored in the storage stack unit, be because sensing tolerance makes following scenario described with extremely low
A possibility that: the memory cell for the member being initially recognized as in second subset will make its threshold voltage shift most first
In the range that subset is recognized.
Using such technology, data set depends upon the number for being confirmed as the memory cell stored by force to data value
Mesh.This number is distributed in a starting can be varied between next starting distribution.Therefore, when generating data set, if unit
Number be greater than data set desired size, then can clip memory cell sequence, if unit number be less than data set
Desired size, then can fill up memory cell sequence.
Figure 14 A to Figure 14 C illustrate using physics can not copy function deposit for the charge trapping of the type referring to described in Fig. 9
The yet another embodiment of storage unit generation data set.In Figure 14 A, illustrate for example use the not reproducible function of physics as described above
The starting distribution 1400 that can be generated.Starting distribution 1400 can have opposite to extend with threshold level far from central peak
Rough Gauss (Gaussian) distribution of symmetrical decline (drop-off).However, the distribution is unlikely to be actually symmetrical
's.As described above, such missing of symmetry makes different number of memory list in the program described in referring to Fig.1 3
Member carries out " strong " storage to data.It, can be to the number of the memory cell of strong storage data according to technology shown in Figure 14 A to Figure 14 C
Mesh reaches tightened up control.
As illustrated in Figure 14 A, current read voltage can be used iteratively to read by using the first read operation and executing
Take each memory cell in the storage stack unit and to the memory having lower than the current threshold value for reading level
The program that the number of unit is counted is characterized by the memory cell stored by force to data value " 1 " to search
Son distribution 1410, first read operation apply to be located at the threshold value at or near the lower limits of starting distribution 1400 and open
Begin mobile reading level.When the counting reaches defined threshold value, then the current level that reads of storage is as the first lower part
Line voltage of demarcating (reads voltage V in lower partR-)。
As illustrated in Figure 14 B, current read voltage can be used iteratively to read by using the second read operation and executing
Take each memory cell in the storage stack unit and to the memory with the threshold value for being higher than current reading level
The number of unit is counted to search the second son for being characterized by the memory cell for storing data value " 0 " by force
Distribution 1420, second read operation apply to be located at the threshold value at or near the upper bound of starting distribution 1400 and start
Mobile reading level.When the counting reaches defined threshold value, then the current level that reads of storage is as the second top
Line voltage of demarcating (reads voltage V in topR+)。
As illustrated in Figure 14 C, third distribution 1430 includes having (to read electricity in lower part positioned at the first boundary line voltage
Press VR) and the second boundary line voltage (top reading voltage VR+) between threshold value memory cell.Using falling into data
First son distribution 1410 of " strong " storage of value " 1 " progress is interior and falls into the second son point of storage " strong " to data value " 0 " progress
The address of memory cell in cloth 1420, can be by the reading electricity used between the first line of demarcation and the second line of demarcation
Press VRMemory cell is read out to generate data set.The case where starting distribution is characterized by rough Gaussian Profile
Under, (voltage V can be read in lower part by the first boundary line voltageR) and the second boundary line voltage (top reading voltage VR+) ask
Average value reads voltage to generate this.Starting distribution wherein can be towards the implementation of more high threshold or more Low threshold deflection (skew)
In example, it may be used formula that the deflection in distribution is taken into account and generate the reading voltage.
It is including programmable charge trapping memory cell that Figure 15, which is in such a way that 4A to Figure 14 C referring to Fig.1 is explained,
The exemplary process diagram 1500 for stablizing data set is generated on integrated circuit.In this example, program is so that one group of flash cell tool
There is the starting of threshold value to be distributed and start (step 1501), the starting distribution is by obtaining distinct threshold voltage as described above
It is jointly processed by and establishes.In this example, described program includes determining in the storage stack unit, has and is located at first
The address of first subset of line of demarcation threshold value below, and the second subset with the threshold value for being located at the second line of demarcation or more
Address.With a kind of a memory cell stored by force to data value " 0 " of offer predetermined number and predetermined number to data
The mode for the memory cell that value " 1 " is stored by force, to determine the line of demarcation.It can be stored up the line of demarcation as parameter
Being stored in can not be in the system that is controlled of execution of copy function to physics.
In such alternative solution, the memory cell in described one group is executed using the level that reads of first movement
First read operation (step 1510).Described program, which determines to have, is located at the first reading level (lower part reading voltage VR) below
Threshold level programmable memory cell first count (step 1512).Then, described program judges first meter
Whether number matches with predetermined number T1, or whether falls into (step 1514) in number range.
If the first counting is not received (step 1514, no), then can for example be adjusted by the first reading level is incremented by
First reads level (step 1516), wherein the first reading level can be located at certainly for the first time iteration of step 1510
At the lower threshold level of distribution or threshold level below starts.First read operation then returns to step 1510 and holds
Until continuous progress is received (step 1514, yes) to the first counting.
Program shown in Figure 15, which is included in starting distribution, establishes the first boundary line voltage (lower part reading voltage VR) conduct
So that the first counting is predetermined number or reads level (step 1518) close to the first of predetermined number T1.It can determine and store tool
Have and is located at the first line of demarcation (lower part reading voltage VR) threshold level below memory cell address, in this step
Place establishes the stabilization that can be used as exclusive key for representing the distribution at later step when the second line of demarcation is established
Data set.
Program shown in Figure 15 includes (reading voltage V in top using the second mobile reading levelR+) in described one group
Memory cell carry out the second read operation (step 1520).Described program, which determines to have, is higher than the second threshold for reading level
Be worth the programmable memory cell of level second counts (step 1522).Then, described program judges that second counting is
No is acceptable, such as whether it matches with predetermined number T2, or whether falls into (step 1524) in number range.?
In some embodiments, if the counting in the first read operation is equal to the mesh of data set with the sum of the counting in the second read operation
Mark count or data set destination address number or in the target position count in the range of or the destination address number
In the range of mesh, then the number can be received.
If the second counting is not received (step 1524, no), then can for example be adjusted by making the second reading level successively decrease
Second reads level (step 1526), wherein second, which reads level, to be distributed from being located at for the first time iteration of step 1520
Top threshold level at or more than threshold level start.Second read operation then return to step 1520 and continue into
Until row is received (step 1524, yes) to the second counting.
Program shown in Figure 15, which is included in establish the second line of demarcation in starting distribution and be used as, makes the second counting received second
It reads level and (reads voltage V in topR+), and established using the first line of demarcation and the second line of demarcation and read voltage VR, such as by means of
By being averaged according to following equation sequence: VR=(VR-+ VR+)/2 (steps 1528).
Although including as shown in Figure 15, step 1510,1512,1514 and 1516 for establish the first line of demarcation
Iteration is executed before the iteration including step 1520,1522,1524 and 1526 for establishing the second line of demarcation, so
And in other embodiments, the iteration including step 1520,1522,1524 and 1526 for establishing the second line of demarcation can
It is executed before the iteration including step 1510,1512,1514 and 1516 for establishing the first line of demarcation.
Program shown in Figure 15 can continue similar to the such step of the step 1360 of program shown in Figure 13: determine described one
First subset of the memory cell that data value " 1 " is stored by force defined in group memory cell by the first line of demarcation
Address and the second subset that data value " 0 " is stored by force defined by the second line of demarcation address.In some implementations
In example, it is possible to use there is not stored by force to data value for the threshold value between the first line of demarcation and the second line of demarcation
The address of third subset of memory cell establish data set.
Program shown in Figure 15 can continue similar to the such step of the step 1340 of program shown in Figure 13: by use feeling
Survey the reading voltage V in toleranceRMemory cell sequence in described one group is read out and carrys out output data set.Can by institute
Output data set be provided to external system (such as to physics can not copy function the system that is controlled of execution), to pacify
It is used as shared secret in full agreement.The data set can be steadily stored in the storage stack unit, because of VRWith VR+
Between sensing tolerance make following scenario described that there is a possibility that extremely low: be initially recognized as in the first subset and second subset
The memory cell of member will be in the range that recognize most another subset of its threshold voltage shift.
It in one embodiment, can be by by the first subset and second subset point in one group of programmable memory cell
It is not specified to the first predetermined number T1 and the second predetermined number T2, and to complete data set (being calculated with the number of unit)
Predetermined length T is set, wherein T=T1+T2, indicates the number of position in the data set.For example, first object counts
Range and the second object count range may include the first predetermined length T1 and the second predetermined length T0, be distributed in order in starting
In establish the first line of demarcation and the second line of demarcation, using as make the first counting and second count respectively with the first predetermined length T1
And second predetermined length T0 match first read level and second read level.When number each when data set is so limited
When the sum of mesh does not match with defined length, since the subtle degree (granularity) of mobile read operation can be greater than one
A unit, thus extra unit or data available can be removed from data set to fill up data set, to form corrected length
Degree.
Figure 16 illustrate include flash array 1610 integrated circuit 1600, flash array 1610 include one group of physics can not
Copy function memory cell, one group of physics can not copy function memory cell can as described above can not by physics
Copy function acts on the distribution for establishing threshold value.Integrated circuit 1600 includes the not reproducible function of physics as described above in conjunction with fig. 1
It can control device 1630 and security logic 1640.Physics can not copy function controller 1630 provided in bus 1631 it is initial close
Key.Integrated circuit 1600 includes the tandom number generator 1650 that random number is generated in bus 1651.Integrated circuit 1600 wraps
The logic circuitry 1660 for merging the initial key in bus 1631 and the random number in bus 1651 is included, and by with line
The bus 1661 that (bus 1671) is coupled to security logic 1640 generates the key 1670 of improvement.In embodiment, logic circuit
System 1660 may include the exclusive or function for using initial key and random number as input and generating the output as the key improved
Can, and the hash function including image initial key and random number is using Hash value and as the key of improvement.Further it is provided that
The access for enabling flash array 1610 to be used and bias circuit 1620, including word line driver, sensing amplifier, bit line
Driver, voltage source and other be located at the circuit on flash array periphery.In this example, physics can not copy function controller
1630 be connected to flash array 1610 access and bias circuit 1620 and including for implement this exposure described program (for example,
Including some or all program in program shown in Fig. 6, Fig. 8, Fig. 9, Figure 11, Figure 13 and Figure 15) logic and memory money
Source.
In the illustrated embodiment, physics can not include state machine 1633 and ground in copy function controller 1630
Location and parameter storage 1632.State machine 1633 may include for based on to the storage stack in flash array 1610
The physics of unit application can not copy function generate the logic of data set.It is described in the embodiment that this discloses the technology
Following steps can be performed in logic: the subset of read memory cell or son distribution when generating data set are searched, by parameter
(such as threshold value for above-mentioned line of demarcation, the threshold value for reading data value from recognized subset) is recorded in address and parameter
In reservoir 1632, and by the address for being identified memory cell for using when generating data set be recorded in address with
In parameter storage 1632.Following steps also can be performed in the logic: store is in address and parameter storage 1632
Voltage and address are read, to generate data value sequence from flash array 1610.
The state machine may also comprise for causing to the programmable memory cell in one group of programmable memory cell
Be scanned and the program of applying this exposure described with based on physics can not copy function generate and stablize the logic of data set.
Security logic 1640 may include for dispose interrogate input and use from flash array 1610, from address and parameter
Reservoir 1632 or the data set read from the initial key in bus 1631 provide the logic of response output.Security logic
1640 may include the encryption and decoding resource using data set, and may include for using data set to authenticate agreement to control
Logic.In some embodiments, response can be passing through/losing applied to enabling such as task function circuit on the integrated
Lose (pass/fail) signal.In other embodiments, response can be applied to except integrated circuit 1600 in security protocol
It will use the circuit system of the data set.In some embodiments, the security logic includes using special logic, quilt
Carry out properly programmed general processor, by the logic circuit of progress properly programmed programmable gate array or those types
Combination carrys out the state machine of implementation.In addition, in some embodiments, security logic 1640 can be shared for implementation state machine
1633 logic.
Such as flash memory, programmable resistance memory, single programmable memory (one-time- can be used
Programmable memory) etc. nonvolatile memories come implementation address and parameter storage 1632.In addition, the storage
Other kinds of memory can be used to come implementation, including the volatile storage such as static random access memory for device, wherein
The backup duplicate of the address and parameter is stored in flash array 1610 or is stored in other that can be accessed by integrated circuit and deposits
In reservoir.
State machine 1633 can be used special logic, be carried out properly programmed general processor, be properly programmed by progress
The combination of programmable gate array or the logic circuit of those types carries out implementation.Tandom number generator 1650 can be certainty
Tandom number generator or quasi-random numbers generator, and special logic can be used, carried out properly programmed general processor, quilt
The combination of the logic circuit of properly programmed programmable gate array or those types is carried out to carry out implementation.In some embodiments
In, tandom number generator 1650 can be a part of state machine 1633.
Therefore, Figure 16 illustrates the example of integrated circuit comprising: one group of programmable memory cell is located at integrated circuit
On, the distribution with threshold value;Memory stores described point had in one group of programmable memory cell in threshold value
The address of the memory cell of threshold value in first son distribution of cloth;And logic, for using stored address generating data
Collection.
The feature of the distribution can be that using physics can not copy function and formed.
In some embodiments, the first son distribution is separated by sensing tolerance and the second son, and described for generating
The logic of data set includes for reading each memory cell in one group of programmable memory cell according to address order
To generate the logic of data value, the data set for the member identities in the first son distribution according to whether change.
In some embodiments, in addition the memory stores threshold value in the storage stack unit and is in described one
The address of memory cell in second son distribution of the distribution of the threshold value of the memory cell in group;And it is described for generating
The logic of data set includes using the stored address about the first son distribution and the second son distribution.
In some embodiments, in addition the memory is the first line of demarcation of mapped storage of threshold value and with described first
The second different line of demarcation of line of demarcation;And first son distribution in memory cell include having in the storage stack unit
There is the first subset positioned at the first line of demarcation threshold value below, and the memory cell in the second son distribution includes described one group
There is the second subset for the threshold value for being located at the second line of demarcation or more in memory cell.
In some embodiments, the logic for generating data set selected using the address the first subset and
Memory cell in one of second subset;And use the reading voltage between the first line of demarcation and the second line of demarcation
Memory cell in one group of programmable memory cell is read out.
In some embodiments, the programmable memory cell in described one group is charge trapping memory cell, and institute
Stating threshold value is threshold voltage.
In some embodiments, the integrated circuit may include for applying circuit to Application of integrated circuit using bias
Bias applies the logic of operation, and the bias applies the charge storage of programmable memory cell of the operation in described one group
Cause the change of charge in structure to establish the distribution.
In some embodiments, the logic includes the state machine on the integrated circuit.
In some embodiments, the integrated circuit include to interrogate input make a response with use data set generate sound
The logic that should be exported.
Figure 17 illustrate include packaged integrated circuit or multi-chip module 180 system, packaged integrated circuit or multicore
Piece module 180 includes input/output interface 181 (including for the reception and communication instruction from host and for enabling
With the command decoder of the operation of coordinated control circuit, or coupling so far command decoder) and non-volatile flash memory array
185.Herein, electronic system means to include host and client terminal device (e.g. packaged integrated circuit or multi-chip mould
Block) system.Input/output interface 181 is provided in external device (ED) or communication network and nonvolatile memory array
The port of PERCOM peripheral communication is carried out between 185.Memory array 185 include formed by memory cell multiple blocks (for example,
Referring to figure 3 above), key is stored in the particular block 187 in the multiple block.Security logic 190 is coupled to non-volatile
Property memory array 185, to allow to access in each block for being stored in the multiple block in the protocol using key
Data.System shown in Figure 17 and Figure 17 A, which may also comprise, to be generated the tandom number generator of random number (such as Figure 16 is indicated
1650), merge can not copy function programmable controller (such as 1630 being indicated of being indicated of Figure 16 by physics with Figure 17
193) logic circuitry (such as Figure 16 indicated 1660) of the initial key provided, to generate the key 1670 of improvement.
The key of initial key or improvement can be used in security logic 190.Referring to Fig.1 6 about tandom number generator 1650, logic
Circuit system 1660 and the key 1670 of improvement can be applied to Figure 17 and Figure 17 A, and details are not described herein.Including access control
The access control circuit of switch (access control switch) 183 is coupled to the array, and including for allowing institute
It states security logic and read-only access is carried out to particular block for using and preventing external device (ED) or communication network to pass through in the protocol
By the logic of port access particular block.In various embodiments, other combinations of access rule, Jin Errong can be used
Perhaps security logic has bigger flexibility in the use aspects to particular block.
In this example, nonvolatile memory array 185 includes flash memory.The particular block 187 for storing key can be in object
Any place being located in array in reason, but it can be physically located in the top block with minimum physical address as described
In or can the neighbouring bootstrap block block with minimum physical address, name just a few herein.
Nonvolatile memory array 185 is coupled to sensing amplifier/buffer 184 so that data can flow into and
Flash array is flowed out, the particular block 187 including stream into and out storage key.In this example, access control switch 183
It is placed between sensing amplifier/buffer 184 and input/output interface 181.The data read from array 185 can be in route
It is routed to input/output interface 181 on 182 or security logic 190 can be routed on route 191.
In the illustrated embodiment, address decoder 186 is coupled together with block lock-bit (block lock bit)
To array 185, the block lock-bit is used to control the permission for reading and being written data in correspondence block in an array.Herein
In example, one group of nonvolatile memory of setting storage security key in particular block 187, and particular block 187 couples
To corresponding locking bit or position 186A.The locking bit or position 186A for being coupled to particular block 187 may include being different from for array
In other blocks locking bit structure logical construction or entity structure, and logically different function can be carried out.For
The entity structure for storing block locking bit includes fuse, single programming unit (one-time-programming;OPT) and
Buffer or other can be used for store e.g. block lock position state instruction memory means.Area for particular block
Block locking bit or position may be coupled to the buffer in sensing amplifier/buffer 184, be stored in therein one to restrain key
Group memory cell write-in, therefore be written into herein in key and selectively after test and validation frozen storage in spy
Determine the key of block.It is, for example, referring to figure that other control logics on flash memory state of a control machine 193 or device, which execute,
29, described in 30 by setting for particular block or in block store key unit collection block lock position to freeze
Tie key.
In addition, block lock position 186A associated with the storage particular block 187 of key is controllable to be coupled to access control
Make switch 183 logic, with the address for accessing array correspond to particular block 187 address when prevent data from spy
Determine block 187 and flow upwardly to input/output interface 181 in the path that route is formed 182 via sensing amplifier/buffer, simultaneously
Data are allowed to flow upwardly to security logic 190 in the path 191 that route is formed from particular block 187.
In addition, in the illustrated embodiment, with physics can not copy function program controller quick flashing state of a control machine
193 are coupled to memory array 185 on route 194 and are coupled to security logic 190 on route 192.It is intended to use for generation
Make the purpose of the data set of key, physics can not copy function the specific storage stack list in memory array 185 can be used
Memory cell in member 189 executes the program described in this exposures.In this example of device, quick flashing state of a control machine 193
Signal is provided to control the application of biasing scheme supply voltage, to implement to deposit for generating the program of data set and in access
Other related operations when memory array 185.It in some embodiments, include tandom number generator, random number on device
Generator be coupled to flash memory state of a control machine physics can not copy function programmable controller 193, tandom number generator it is defeated
Out in logic with physics can not copy function key merge.
Circuit system (such as bit line, wordline, for bit line and the driver of wordline etc.) on integrated circuit is reached
Access to one group of flash cell, for providing the data set for generating key.
As described, may also comprise for example can be in System on Chip/SoC system for packaged integrated circuit or multi-chip module 180
(system-on-a-chip system) or circuit system combined with other of memory in other circuit systems for encountering
195。
In the example shown, packaged integrated circuit or multi-chip module 180 are by intraconnections (interconnect)
199 are coupled to host 198, wherein host 198 can be to step on for including those for the system of the configuration of many devices
Note system (enrollment system).Host 198 can maintain key database 198A, can maintain in key database 198A
There is dependent on key stored in particular block 187 information needed for executing security protocol.In some embodiments, it holds
Information needed for row security protocol includes the duplicate of key.
In a kind of exemplary methods of operationthe, during manufacture or encapsulation, quick flashing state of a control machine 193 can be as joined above
It can not copy function according to collaboratively physics is executed with host 198 described in Fig. 2.The physics can not copy function can be using described
Storage stack unit 189 can be used to form the data set of key to generate.Complete physics can not copy function execution
Afterwards, data set can be then copied to the spy for being retained or being configured for storage key from the storage stack unit 189
Determine block 187.The system produces one or all multi-key ciphers to be stored in the particular block 187 retained for this purpose.
In this stage, phase-key replication into host 198 and can also be maintained in key database 198A.It can not be answered executing physics
Function processed, merge physics can not copy function key and random number and by the phase-key replication of improvement into particular block 187 simultaneously
After any required information is copied in register system, fuse (fuse) or the write-in storage of other kinds of single can be used
Device element (write once memory element) sets lock-bit 186A associated with particular block 187, outer to prevent
Portion's circuit or communication network access keys.In addition, physics can not the specific storage stack used in copy function
Unit 189 can be wiped free of or otherwise be override, to eliminate the sign for the key that can be stored in memory array 185.
Figure 17 A illustrates the alternate embodiment for the circuit being implemented in encapsulation type integrated circuit or multi-chip module, is scheming
The component symbol for identification element for being similar to and being shown in Figure 17 is reused in 17A, and is repeated no more.In Figure 17 A
In, including physics can not copy function 189A multiple Nonvolatile memery unit actual fabrications in except array 185 it
In outer circuit, and be coupled to using physics can not copy function 189A come execute physics can not copy function control
Circuit, wherein the control circuit of this example is a part of flash memory state of a control machine 193.In this example, locking bit with
Decoder architecture 186 ' is coupled to all blocks of array.The physics of this embodiment can not copy function 189A be practical
It is made in a part of the blocks of cells except array, and there is different peripheral circuits to allow to carry out read-only deposit to block
It takes or read-only access is carried out to block via security logic 190.In other embodiments, physics can not copy function
189A can by the layout (layout) of a part really as array, but have do not support it is non-for the not reproducible function of physics
The programming of a part of energy or the access circuit of erasing operation.In this embodiment, not for the peripheral circuit of array 185
Being connected to (or not can be used for accessing) physics can not copy function 189A.Specifically, physics can not copy function list
First 189A can not be read out, program and wipe under the control of copy function coordination with physics in separation and in control circuit.
Indicating unit 193A, which is coupled to physics, copy function 189A or to be coupled to control circuit, with by being switched on/off object
Reason can not copy function or be switched on/off physics can not programming in copy function 189A or erasing carry out frozen storage
In physics can not one group of Nonvolatile memery unit in copy function 189A key.As indicating unit 193A
The example of entity structure include fuse, single programming unit (one-time-programming;OPT) and buffer or
Other can be used for storing other memory means for the state instruction for being similar to block lock position.
Other control logics on flash memory state of a control machine 193 or device are executable be similar to referring to Figure 31 with
Program described in Figure 32, this program are, for example, to set instruction in indicating unit 193A to enable or deactivate in control circuit
In physics can not copy function, and therefore freeze key.It in some embodiments, include tandom number generator, institute on device
State tandom number generator be coupled to flash memory state of a control machine physics can not copy function programmable controller 193, it is described random
The output of number producer and physics can not copy function key merge.
Figure 18 and Figure 19 explanation is for different embodiments, the different instances of the configuration of nonvolatile memory array.Scheming
In 18, wherein the particular block for storing the memory cell of key includes the first sub-block 187A and the second sub-block 187B.
Be located in the first sub-block 187A by physics can not copy function be used to generate the storage stack unit of key.In addition,
Key can be held in the storage stack unit for generating data set or be moved into the first sub-block 187A
Another group of memory cell.Second sub-block 187B is maintained according to referring for example to Fig. 7 A to Fig. 7 D, Fig. 8, Figure 12 A to figure
The program of 12C and Figure 13 described program etc. executes the mapping of a unit or multiple lists that physics can not generate during copy function
Member mapping.
Figure 19 be wherein by physics can not the storage stack unit 189 that uses of copy function be located at memory array 185
The alternative solution except particular block 187 in (flash array) and for storing key.In this example, for storing
The particular block of key includes the first sub-block 187C for wherein maintaining one key or multiple keys in memory.
Second sub-block 187B maintains one unit mapping that physics can not generate during copy function or multiple units reflect
It penetrates.
Figure 20 explanation can be used for storing key and unit in the embodiment as similar Figure 17 to embodiment illustrated in fig. 19
The data structure of image.For generating key, (in this example, the storage stack unit for safe ID) is generated by safe ID
Device block represents.This block with " block " address for recognizing initial position and has bit address 1 to 10 in the figure.Preferable
In system, safe ID Generator Block can have thousands of positions.In addition, associated with each bit address be to provide " code letter
The data value of breath ", the data value indicate the data that use example program as shown in Figure 8 or such as program shown in Figure 19 are sensed
Value.Number in the embodiment being addressed using mapping table shown in Figure 20 or unit mapping to data set, in certain units
It is not used in key according to value and is accordingly regarded as " random value " unit.The address of mapping table identification " arbitrarily value " unit
And the address of the unit for key.Therefore, the mapping table in this example has initial address and address bit 1 to 10,
The address bit corresponds to the bit address 1 to 10 of the unit in safe ID Generator Block.Setting and ground in a memory cell
The corresponding flag in each of location position, so indicate effective unit in safe ID Generator Block (in key) or
Invalid unit (is not used in key).Cipher key number can be generated by logic and (AND) operation is carried out to mapping table and code information
According to wherein the mapping table is used as shielding.As described above, safe ID Generator Block is can be located at nonvolatile memory battle array
Any place or the storage stack unit in the particular block for storing safe ID in column.Described one group wherein
Memory cell be in the embodiment except particular block for storing safe ID, can be then by safe ID generator
Data in block are copied to the particular block.
Figure 21 explanation using physics can not copy function generate and key and the key be stored in nonvolatile memory
In system advanced configuration.The system comprises the hosts 1720 for being coupled to integrated circuit or multi-chip module 1710.It is integrated
Circuit or multi-chip module 1710 include physics can not copy function circuit 1711, controller 1712 and security logic 1713.
Controller 1712 is coupled to physics can not copy function circuit 1711 and nonvolatile memory 1714.
It can refer to Figure 22 and understand for some embodiments the operation of system shown in Figure 21.Therefore, workable for generate
Key, can not the generation key data (step 1730) of copy function circuit 1711 from physics.The key is analyzed, with
Judge whether it meets safety standard, for example whether having sufficient randomness (step 1731).If the key meets specification,
The key is then stored into (the step 1732) into nonvolatile memory 1714 via controller 1712.If the key is not
Meet specification, then program is recycled to step 1730, with retry physics can not copy function, and then generate key.The physics
Can not copy function can generate the key with any length simultaneously using one group of Nonvolatile memery unit as previously discussed
Retry based on physics can not copy function key generation procedure.As described, physics can not copy function circuit 1711 and control
Device 1712 processed generates another key for cooperating, and then cycles back to step 1730 until generating satisfactory key.
Otherwise, key, which generates, completes, one or more keys are stored and are ready for security logic utilization.It is described close to use
Key, described program include: to obtain key data (1733) from nonvolatile memory, and execute security function in the protocol, institute
Agreement is stated to be related in host 1720 and nonvolatile memory about the keying material of one or more keys (1734).It can be by
Register system be host 1720 provide execute the security protocol dependent on key needed for data or host 1720 can for
Used system during setting key.Security function can be collaboratively configured with register system or the communication server, to utilize
Multiple keys.In some embodiments, produced and stored key be utilized only once or a limited number of number, with
Maintain high security and high anti-snooping.In addition, in some embodiments, a kind of can be depended on for each communication session
The mode of the subset of single big key utilizes the big key.It can be needed according to specific use environment come other peaces of implementation
Full agreement.It is executable to send signals to notice reply key during security procedure is using key in the program shown in Figure 22
The key updating protocol being updated.This may include replaced after a period of time or after fixed access times it is close
Key.In addition, if used login for several times (log in) attempts its for showing just to attempt conjecture key that fail or detect
His event, then replaceable key.Therefore, program shown in Figure 22 comprises determining whether the step of more new key (step 1735).If
Key needs to update, then program is recycled to step 1730, and execute physics can not copy function to update one or more keys.
If key does not need to update at 1735, program is recycled to the execution for continuing to use key to support security function.
When in such as circulation shown in the step 1731 of Figure 22 and 1735 using physics can not copy function create
When new key, can make in some embodiments physics can not parameter shifts used in copy function, to improve every
A possibility that generating the key being different in essence in one circulation.Certainly, in some embodiments using flash cell, to phase
It can not the producible sufficiently different key of copy function parameter with unit application same physical.It in other instances, can be each
New physics can not copy function varying cyclically be used to generate the bias voltage of initial distribution.In addition, can not be answered as physics
A part of function processed can generate the pulse for changing when each distribution and applying in increasing step pulse program (ISPP) algorithm
Number.In other example, generate the memory cell that is utilized when pulse can in a region from array one
Group is changed to different in another region of array one groups.
In some embodiments shown in such as Figure 23 and Figure 24, Premium Features can be considered with two parts.Figure 23 is said
The bright function that can be executed before key is by system use during manufacture or before being transported to client or otherwise.Scheming
In 23, program starts (step 1750) with electric power starting event.Execute physics can not copy function, and capture include one or
The key data of multiple keys, and the key data is provided to register system or other will need the key data
External system (step 1751).Key data is stored in (step 1752) in nonvolatile memory as described above.?
After the key data has been stored in nonvolatile memory, protect the key data not by external communication network
Or device accesses (step 1753).At the scene, program substantially carries out as shown in figure 24, wherein being opened with electric power starting event
Begin (step 1760).Described program includes: to obtain shielded key data (1761) from nonvolatile memory, and use
Key come with external device (ED) execute include communication protocol (such as interrogate-respond and exchange) security function (step 1762).
As illustrated in fig. 25, physics can not copy function physical circuit 1770, such as static random-access can be used to deposit
Memory circuit, the circuit based on metal, the circuit based on delay, is based on vibration at programmable resistance memory element circuit (RRAM)
Swing the circuit etc. of device.In general, physics can not circuit used in copy function there is relatively low stability, thus need
Specific logical or error correction are wanted reliably to use key.Nonvolatile memory 1771 for storing key may include
Highly stable nonvolatile memory, for example, flash memory, programmable resistance memory (RRAM), phase transition storage (PCRAM),
Single programmable memory etc..In other embodiments, by physics can not the circuit 1775 that uses of copy function can have relatively
High stability.However, key can also be stored in nonvolatile memory 1776, nonvolatile memory 1776 also has
High stability, and can provide more preferably access control and other usually can not can not copy function circuit 1775 with physics
Associated function.
In some embodiments, as shown in figure 27, using tandom number generator (random number generator)
1780 generate key, and the security key can then be stored in nonvolatile memory 1781 and in such as this exposure
It is used in the system of the system etc..
In some embodiments, as shown in figure 28, physics can not copy function circuit 1785 can be generated with the first estate
Security information with such as 1024 positions is using as initial key.Tandom number generator 1784 can produce random number.It can be by this
Initial key and random number of the kind in the first estate are provided to logic circuit 1786, and logic circuit 1786 uses such as Hash
Function by the first estate data conversion indicated by initial key and random number at have such as 128 positions as improvement
Second class information of key or other bit combinations generated according to the security information in the first estate.It is improveing
Key in the second class information can then store into nonvolatile memory 1787.Described program is by (the step that is switched on
2900) start.For example, this can occur to be installed on test fixture (test jig) or registration system as described above in device
In system.In addition, this program can begin at other issue physics can not copy function circuit enabling signal event, with generate
Initial key.After step 2900, enable for carry out physics can not copy function circuit system (step 2901).It connects
Get off, execute physics can not copy function to generate initial key (step 2902).Initial key be then stored in one group it is non-
Unit (step in volatile memory-elements, in the particular block of the unit e.g. in nonvolatile memory array
2903).Such as above-mentioned example, one group of Nonvolatile memery unit can be equal to can not copy function use by physics
This group of Nonvolatile memery unit, or can be initial key can not to be written after the execution of copy function in physics
This group of Nonvolatile memery unit.
Figure 29 is the simplified flowchart for the program that the controller in the device shown in e.g. Figure 17 or Figure 17 A executes,
This program to freeze by use physics can not copy function generate initial key.In this flow chart, the starting of this program
In booting (step 2900).For example, this can occur to be installed on test fixture (test jig) or as described above in device
In register system.In addition, this program can begin at other issue physics can not copy function circuit enabling signal event,
To generate initial key.After step 2900, enable for carry out physics can not copy function circuit system (step
2901).Next, execute physics can not copy function to generate initial key (step 2902).Initial key is then stored
In one group of Nonvolatile memery unit, in the particular block of the unit e.g. in nonvolatile memory array
Unit (step 2903).Such as above-mentioned example, one group of Nonvolatile memery unit can be equal to not reproducible by physics
This group of Nonvolatile memery unit that function uses, or can be for can not initial key after the execution of copy function in physics
This group of Nonvolatile memery unit being written.Tandom number generator is executed to generate random number (step 2904).It executes
Logic circuitry generates the key (step 2905) of improvement to merge initial key and random number.Then by the close of improvement
Key is stored in (step 2906) in second group of Nonvolatile memery unit of multiple Nonvolatile memery units.Implementing
In example, logic circuitry may include using initial key with random number as input and generating as the defeated of the key improved
Exclusive or function out, and may include image initial key and random number using logarithm carry out Hash and as the key of improvement
Hash function.After initial key is stored in one group of Nonvolatile memery unit, setting instruction (indicator) is to stop
With the change for initial key, the e.g. programming and erasing operation (step 2907) in supression particular block.
Figure 30 is that simplifying for the alternative program that the controller in the device shown in e.g. Figure 17 or Figure 17 A executes is flowed
Cheng Tu, this alternative program to freeze by use physics can not copy function generate initial key.In flow charts, this
Program starts from the (step 3000) that is switched on.For example, this can occur to be installed on test fixture (test jig) or such as in device
In the upper register system.In addition, this program can begin at other issue physics can not copy function circuit enabling signal
Event, to generate initial key.After step 3000, enable for carry out physics can not copy function circuit system
(step 3001).Next, execute physics can not copy function to generate initial key (step 3002).Initial key is then
It is stored in one group of Nonvolatile memery unit, the given zone of the unit e.g. in nonvolatile memory array
Unit (step 3003) in block.Such as above-mentioned example, one group of Nonvolatile memery unit can be equal to by physics not
This group of Nonvolatile memery unit that reproducible function uses, or can be for can not be after the execution of copy function just in physics
This group of Nonvolatile memery unit that beginning key is written.Tandom number generator is executed to generate random number (step
S3004).Execution logic circuit system generates the key (step 3005) of improvement to merge initial key and random number.Then
The key of improvement is stored in (step in second group of Nonvolatile memery unit of multiple Nonvolatile memery units
3006).In embodiment, logic circuitry may include using initial key and random number as input and generating as changing
The exclusive or function of the output of good key, and may include image initial key and random number using logarithm carry out Hash and as
The hash function of the key of improvement.In this program, then assessment by use physics can not copy function generate improvement
Key and random number adaptability (suitability), this assessment is, for example, by judge whether the key improved has and fill
Randomness (the step 3007) of foot.Algorithm then judges whether the key of improvement is satisfactory (step 3008).If to changing
The test of good key is carried out in outside, then can provide via the port (port) on memory device and fill from outside
The signal set is successfully tested with instruction.If the key of improvement is undesirable, can be mentioned via the port on memory device
For the signal from external device (ED), to indicate test crash, and the program (step for generating the key of improvement can be retried
3009).If the key improved in step 3008 is met the requirements, instruction (indicator) can be set to deactivate storage
The change of data in one group of Nonvolatile memery unit of initial key, therefore freeze to use initial key in a device
(step 3010).
As described above, another technology after generating key for freezing this key includes that deactivated physics is not reproducible
Function, e.g. by the circuit system deactivated for executing this function.
Figure 31 is the flow chart that can be, for example, the program that the controller in the device of Figure 17 or Figure 17 A executes.?
In this example, described program is by (the step 3100) that is switched on.As described above, this program can begin at other starting events.?
After startup program, logic first determines whether key has been stored in one group of non-volatile memories for storing key
In device unit.Therefore, it may compare this group of Nonvolatile memery unit and scheduled physics can not copy function block pattern
(step 3101).Pointing out the pattern that no key is written into can be, e.g., be all 0 pattern or be all 1 pattern.?
After check pattern, judge whether the pairing (step 3102) for finding predetermined pattern.If not finding pairing, logic is by example
If so, deactivate for execute physics can not copy function circuit or by restraining the state machine of control circuit to holding
Row physics can not copy function state with deactivate physics can not copy function (step 3103).If finding pairing, logic is borrowed
By, e.g., enable for execute physics can not copy function circuit or by making state machine proceed to execution physics
Can not the state of copy function can not copy function (step 3104) to enable physics.Enable physics can not copy function it
Afterwards, it then executes and generates initial key (step 3105).Then, initial key is stored in one group of nonvolatile memory list
In member, the specific physics in array is e.g. stored according to different embodiments in copy function block or to be stored in
(step 3106) in the memory cell of difference group.Tandom number generator is executed to generate random number (step 3107).It executes
Logic circuitry generates the key (step 3108) of improvement to merge initial key and random number.Then, by the close of improvement
Key is stored in (step 3109) in second group of Nonvolatile memery unit in multiple Nonvolatile memery units.In reality
It applies in example, logic circuitry may include using initial key and random number as input and generating as the key improved
The exclusive or function of output, and may include image initial key and random number using Hash value and the Hash of the key as improvement
Function.After the key for successfully createing improvement, then optionally setting instruction (indicator) is stored with deactivating
Change (the step 3110) of the storage stack unit of initial key.As described above, in some embodiments, storage is initial close
The storage stack unit of key may not have support except be used in physics can not operation in copy function programming operation or
The peripheral circuit of erasing operation.In the case, it may be unnecessary to which setting instruction (indicator) is to prevent from programming and wipe.
Figure 32 is the process for the alternative program that can be executed by the controller being located in the e.g. device of Figure 17 or Figure 17 A
Figure.In this example, this program starts from power-on event (step 3200).As described above, this program can begin at other rise
Dynamic event.After launching the program, logic can enter need using include and communication with external apparatus with start key generate journey
The physics of sequence can not execute the state for authenticating agreement before copy function.Agreement is authenticated when starting this, logic executes this agreement
(step 3201).If authenticating herein, key under agreement generates the starting of circulation and failed (step 3202), logic can make
Be, for example, those referring to the technology of Figure 31 discussion deactivate physics can not copy function circuit, and also deactivate in some cases
Ranging (RNG) (step 3203).If authenticating the starting success (step 3202) that key under agreement generates circulation herein, logic
Enabling physics can not copy function circuit (step 3204).Then, executable physics can not copy function to generate initial key
(step 3205).After generating initial key, initial key can be stored in (step in one group of Nonvolatile memery unit
3206).Tandom number generator is executed to generate random number (step 3207).Execution logic circuit system is to merge initial key
Key (the step 3208) of improvement is generated with random number.Then the key of improvement is stored in multiple nonvolatile memories
(step 3209) in second group of Nonvolatile memery unit in unit.In embodiment, logic circuitry may include making
It uses initial key and random number as input and generates the exclusive or function of the output as the key improved, and may include image
Initial key and random number using Hash value and the hash function of the key as improvement.Selectively, successfully store it is close
After key, instruction (indicator) can be set to deactivate the change for the data for being stored in one group of Nonvolatile memery unit
(step 3210).
In various embodiments, the technology described referring to Figure 29 to Figure 32 can various combinations and be utilized.Citing and
Speech, the demand that the program of inspection storage stack unit can authenticate agreement with successful execution merges, not reproducible to enable physics
Functional circuit.In addition, physics can not copy function be stored in after one group of Nonvolatile memery unit and verify or tester
Reason can not copy function program can with the program integration that one group of Nonvolatile memery unit is checked for predetermined pattern or
The demand that agreement can be authenticated with successful execution merges or can merge with above-mentioned the two.
In an aspect of this exposure, to similar Fig. 6, Fig. 8, Fig. 9, Figure 11, Figure 13, Figure 15 and Figure 29 to Figure 32
The computer program that the execution of program as shown program and other programs described in this exposure is controlled, can be used as
Instruction is stored on a computer-readable access to memory or more than one memory, wherein the memory includes nonvolatile
The computer-readable data storage medium of property.Using the computer-readable access to memory, physics can not copy function machine
(for example, processor system 410, Fig. 2) can cause to the programmable memory cell in one group of programmable memory cell into
It goes and scans, and can be based on physics using the program described in this exposure can not the stable data set of copy function generation.
In addition, as described above, include one group of programmable memory cell integrated circuit may include state machine or its
He is configured to execute the logical resource of those programs.In other alternative solution, using can not copy function by physics
The combination of the computer program that machine executes and the logic of implementation on the integrated.
In this exposure the embodiment described, the storage stack unit using the starting distribution with threshold voltage comes
It establishes and stablizes data set.This storage stack unit can be a part of larger memory array, such as Fig. 3, Figure 16, Figure 17
And shown in Figure 17 A.Alternately, the storage stack unit can be the storage stack unit specially provided.
One group of storage in the embodiment that the task function of wherein integrated circuit includes memory array, for such purpose
Device unit can have structure identical from the memory cell in the array or can have different structures.In addition, institute
The storage stack unit used can be positioned to any pattern on the integrated, including close-coupled array pattern or point
Cloth pattern.
In embodiment, can repeatedly reuse the storage stack unit for establishing starting distribution has to generate
Multiple stable data sets of different content.Therefore, logic can be provided in the system for disposing such embodiment, to collect to one
At the memory cell on circuit using physics can not copy function program, and then generate can with one integrated circuit
The proprietary data collection shared in other devices communicated.
As described above, example described in this exposure is based on using charge trapping memory cell, such as flash memory.One
(including in the embodiment configured as shown in Fig. 3, Figure 16, Figure 17 and Figure 17 A) in a little embodiments, the technology can expand
Exhibition to other programmable memory cell technologies, including based on metal oxide programmable resistance unit, be based on phase-change material
Programmable resistance unit, reluctance type memory (magneto-resistive memory) and other kinds of feature exist
It is jointly processed by starting distribution as experience in the memory cell technologies that can be used in establishing starting distribution
As a result, threshold voltage or threshold resistance relative to memory cell address and randomly change.
The data set generated as described in this exposure can have the content exclusive for specific integrated circuit.Such as pacifying
In the example of full agreement, the data set can be used to form the response to interrogating.The data set can be used as in encryption agreement
Key.The data set can be used as exclusive identification symbol.The data set can be used as random key.
This various aspect for disclosing the technology includes following embodiment.
In one embodiment, illustrate it is a kind of include one group of programmable memory cell integrated circuit on generate number
According to the method for collection.The method can include: make to be exposed to described one group programmable storage on the integrated circuit with address
Device unit introduces different threshold value after being jointly processed by, and one group of programmable memory cell is located at a starting point
In the range of cloth.The method may also comprise: (1) searching having for one group of programmable memory cell and rise in described
First subset of the threshold value in the first part of beginning distribution and having for one group of programmable memory cell are in institute
State the second subset of the threshold value in the second part of starting distribution;And (2) use first subset and second son
The address of at least one of collection generates the data set.
It is described to be jointly processed by can include: etching step or deposition step during manufacture, the etching step or described
Deposition step causes charge trapping in the charge storing structure of the programmable memory cell in described one group.It is described
Being jointly processed by may also comprise: applying circuit using the bias on the integrated circuit and carries out bias application operation, described one
Cause charge in the charge storing structure of the programmable memory cell in group.
In one embodiment, a kind of method for manufacturing integrated circuit is illustrated.The method can include: described integrated
Multiple programmable memory cells are formed on circuit;The integrated circuit is connected to system, the system is configured to and institute
State integrated circuit exchange signal;And use the system by following manner in the multiple programmable memory cell
Data set is generated in one group of programmable memory cell of the starting distribution with threshold value: (1) searching described one group and programmable deposit
Storage unit have in it is described starting distribution first part in threshold value the first subset and described one group can compile
The second subset with the threshold value in the second part in the starting distribution of journey memory cell;And (2) use institute
The address of at least one of the first subset and the second subset is stated to generate the data set.
In one embodiment, a kind of electronic device is illustrated.The electronic device can include: one group of programmable storage
Unit is located on integrated circuit;Logic, for being generated using one group of programmable memory cell by following manner
Data set, wherein there is one group of programmable memory cell the starting of threshold value to be distributed: (1) searching described one group may be programmed
Memory cell have in it is described starting distribution first part in threshold value the first subset and it is described one group can
The second subset with the threshold value in the second part in the starting distribution of program memory cells;And (2) make
The data set is generated with the address of at least one of first subset and the second subset.
In one embodiment, a kind of product is illustrated.The product may include computer-readable non-transitory data storage
Media are deposited, the computer-readable non-transitory data storage medium storage is for including one group of programmable storage list
The instruction of the program of data set is generated on the integrated circuit of member, described instruction can be by being configured to connect to the integrated electricity
The system on road executes.The program can include: that (1) searches one group of programmable memory cell has in starting
First subset of the threshold value in the first part of distribution and having for one group of programmable memory cell are in described
Originate the second subset of the threshold value in the second part of distribution;And (2) use first subset and the second subset
At least one of address generate the data set.
Finding step as described in the examples can include: determine the first part and described that the starting is distributed
Line of demarcation between the second part of beginning distribution is located at line of demarcation threshold value below so as to have in described one group
The programmable memory cell counting in described one group have be located at the line of demarcation more than threshold value described in can
The ratio of the counting of program memory cells is within the scope of target rate.
It is as described in the examples to use address step can include: using in first subset and the second subset
The address of the programmable memory cell at least one selects the programmable memory cell;To described
Selected programmable memory cell applied bias voltage applies operation, to establish threshold for one group of programmable memory cell
It is distributed after the change of value, being distributed between first subset and the second subset after the change has sensing tolerance;With
And the programmable memory cell in described one group is read using the reading voltage in the sensing tolerance, to generate
The data set.It is described to may also comprise using address step: according in first subset and the second subset
Member identities at least one combine the storage at least one in first subset and the second subset
The address of device unit;And use the combined address as the data set.
In one embodiment, a kind of method for generating data set on the integrated is illustrated.The integrated circuit includes
One group of programmable memory cell, and the programmable memory cell has the threshold value in starting distribution.The method packet
It includes: searching the of the threshold value of one group of programmable memory cell having in the first part in the starting distribution
The threshold value of one subset and one group of programmable memory cell having in the second part in the starting distribution
Second subset.The method can include: applied bias voltage applies operation, for the programmable storage in described one group
Unit is distributed after establishing the change of threshold value, and being distributed between first subset and the second subset after the change has
Sense tolerance;And the data set is provided using being distributed after the change.
In one embodiment, a kind of method for generating data set on the integrated is illustrated.The integrated circuit includes
One group of programmable memory cell, and the programmable memory cell has the threshold value in starting distribution.The method packet
It includes: searching the of the threshold value of one group of programmable memory cell having in the first part in the starting distribution
The threshold value of one subset and one group of programmable memory cell having in the second part in the starting distribution
Second subset.The method can include: described in combination at least one of first subset and the second subset
The address of programmable memory cell;And the data set is provided using combined address.
In one embodiment, a kind of device is illustrated.Described device can include: one group of charge trapping memory cell;With
And circuit system, one group of charge trapping memory cell can be accessed, to use one group of charge trapping memory list
Member provides data set, and the data set is the different members of one group of charge trapping memory cell due to described one
Cause being jointly processed by for charge trapping in the charge storing structure in the charge trapping memory cell in group and has
The function of distinct threshold voltage.One group of charge trapping memory cell has order and the distinct threshold voltage has
There is starting to be distributed, and the data set is that having for one group of charge trapping memory cell is located at starting distribution
A part in threshold voltage subset the position according to the order function.
In one embodiment, illustrate it is a kind of include one group of programmable memory cell integrated circuit on generate number
According to the method for collection.The described method includes: making to be exposed to described one group programmable storage on the integrated circuit with address
Device unit introduces different threshold value after being jointly processed by, and one group of programmable memory cell is located at a starting point
In the range of cloth.The method also includes: that (1) searches the first line of demarcation in the starting distribution and demarcates with described first
The second different line of demarcation of line;(2) the had in the starting distribution of one group of programmable memory cell is recognized
The tool of first subset in the first line of demarcation threshold value below described in a part and one group of programmable memory cell
There is the second subset of the threshold value in the second line of demarcation described in the second part in the starting distribution or more;And (3) use
The address of at least one of first subset and the second subset generates the data set.
In one embodiment, a kind of method for manufacturing integrated circuit is illustrated.The method can include: described integrated
Multiple programmable memory cells are formed on circuit;The integrated circuit is connected to system, the system is configured to and institute
State integrated circuit exchange signal;And use the system by following manner in the multiple programmable memory cell
Data set is generated in one group of programmable memory cell of the starting distribution with threshold value: (1) being searched in the starting distribution
First line of demarcation and second line of demarcation different from first line of demarcation;(2) one group of programmable storage list is recognized
Member have in it is described starting distribution first part described in the first line of demarcation threshold value below the first subset and
One group of programmable memory cell has the second line of demarcation described in the second part in the starting distribution or more
Threshold value second subset;And (3) are produced using the address of at least one of first subset and the second subset
The raw data set.
In one embodiment, a kind of device is illustrated.Described device includes: one group of programmable memory cell, is located at collection
At on circuit;And logic, for generating data set by following manner using one group of programmable memory cell,
Wherein the storage stack unit have threshold value starting be distributed: (1) search it is described starting distribution in the first line of demarcation and
Second line of demarcation different from first line of demarcation;(2) it recognizes having for one group of programmable memory cell and is in institute
Stating the first subset for originating the first line of demarcation threshold value below described in the first part of distribution and described one group may be programmed
Second son of the threshold value with the second line of demarcation described in the second part in the starting distribution or more of memory cell
Collection;And (3) generate the data set using the address of at least one of first subset and the second subset.
In one embodiment, a kind of product is illustrated.The product includes computer-readable non-transitory data storage
Media, the computer-readable non-transitory data storage medium storage is in the collection including programmable memory cell
At the instruction for the program for generating data set on circuit, described instruction can be held by the system for being configured to connect to integrated circuit
Row.Described program includes: that (1) searches the first line of demarcation in the starting distribution and different from first line of demarcation the
Two lines of demarcation;(2) recognize one group of programmable memory cell has institute in the first part in the starting distribution
State the first subset of the first line of demarcation threshold value below and having in described for one group of programmable memory cell
Originate the second subset of the threshold value in the second line of demarcation described in the second part of distribution or more;And (3) use first son
The address of collection and at least one of the second subset generates the data set.
The step of lookup as described in the examples first line of demarcation and second line of demarcation can include: determine institute
The threshold voltage in starting distribution is stated, the threshold voltage makes the memory cell with the threshold value lower than the threshold voltage
Counting target rate range is in the ratio of counting of the memory cell with the threshold value higher than the threshold voltage
It is interior, and first line of demarcation is set by first constant is subtracted from the threshold voltage, and by the threshold value electricity
Pressure sets second line of demarcation plus second constant.The finding step may also comprise: read electricity using mobile first
Pressure has in described one group lower than described iteratively to read the data value in one group of programmable memory cell
The memory cell of the threshold value of first reading voltage is counted, and use makes described count count model in first object
Described first in enclosing reads voltage to set first line of demarcation.The finding step may also comprise: use mobile the
The data value in one group of programmable memory cell is read to two reading voltage iterations, and high to having in described one group
It is counted in the memory cell of the threshold value of the second reading voltage, and use makes described count in the second target
Described second in count range reads voltage to set second line of demarcation.
The step of generation as described in the examples data set can include: described first is selected using the address
The programmable memory cell in one of subset and the second subset;And using first line of demarcation with
Reading voltage between second line of demarcation reads the programmable storage in one group of programmable memory cell
Device unit.The generation step may also comprise: according in first subset and the second subset at least one
Member identities combine the programmable storage at least one in first subset and the second subset
The address of device unit.
As described in the examples be jointly processed by may include etching step or deposition step during manufacture, the etching
Step or the deposition step cause charge in the charge storing structure of the programmable memory cell in described one group
Trapping.Described be jointly processed by may also comprise: apply circuit using the bias on the integrated circuit and carry out bias application operation,
To cause charge in the charge storing structure of the programmable memory cell in described one group.
In one embodiment, illustrate it is a kind of include programmable memory cell integrated circuit on generate data set
Method.The described method includes: having the threshold value of the memory cell in described one group in storage storage stack unit
Distribution first son distribution in threshold value memory cell address;And using the stored address to generate
State data set.
In one embodiment, a kind of integrated circuit is illustrated.The integrated circuit includes: one group of programmable storage list
Member, on integrated circuit and with threshold value distribution;Memory, storing has in one group of programmable memory cell
The address of the memory cell of threshold value in first son distribution of the distribution in threshold value;And logic, for using institute
Stored address is stated to generate data set.
The distribution be characterized by using physics can not copy function and formed.The first son distribution is by sense
It surveys tolerance and the second son to separate, and the logic is configured to generate the data set by following manner: according to ground
Location order reads the memory cell in one group of programmable memory cell, to generate according to whether for described the
Member identities in one son distribution and the data value that changes.In addition the memory stores threshold in the storage stack unit
The address of memory cell in second son distribution of the distribution of the threshold value of memory cell of the value in described one group;And
It includes using described in the first son distribution and the second son distribution that the logic, which is configured to generate the data set,
Stored address.In addition the memory is the first line of demarcation of mapped storage of threshold value and different from first line of demarcation
Second line of demarcation, wherein the memory cell in the first son distribution includes having for the storage stack unit
Positioned at the first subset of the first line of demarcation threshold value below, and the memory cell packet in the second son distribution
Include the second subset with the threshold value for being located at second line of demarcation or more of the storage stack unit.
Logic as described in the examples is configured to generate the data set by following manner: using the address
To select the memory cell in one of first subset and described second subset;And demarcate using described first
Reading voltage between line and second line of demarcation reads the memory list in one group of programmable memory cell
Member.
The logic can be configured to use the application circuit of the bias on the integrated circuit and apply in described one group
The programmable memory cell charge storing structure in cause change with establish the distribution bias apply operation;
And to interrogate input make a response with use the data set generate response output.The logic may include described integrated
State machine on circuit.
In this exposure the embodiment described, the programmable memory cell in described one group is that charge trapping is deposited
Storage unit, and the threshold value is threshold voltage.
In one embodiment, a kind of memory circuit is illustrated.The memory circuit includes: (1) non-volatile memories
Device array, in multiple blocks including being formed by memory cell and the particular block including being stored in the multiple block
Key;(2) port, for carrying out PERCOM peripheral communication from the array;(3) security logic is coupled to the memory array,
The security logic allows to access in each block being stored in the multiple block in the protocol using the security key
Data;And (4) access control circuit, it is coupled to the array, the access control circuit includes described for allowing
Security logic to the particular block carry out read-only access in the agreement using and prevent deposited via the port
Take the logic of the particular block.
In one embodiment, a kind of device including packaged integrated circuit or multi-chip module is described.Described device packet
Include (1) nonvolatile memory array, multiple blocks including memory cell, and including being stored in the specific of multiple blocks
Key in block;(2) port, the PERCOM peripheral communication for the data from array;(3) security logic is coupled to memory
Array, and enable using the key in agreement the access of the data for the block being stored in multiple blocks: and (4) access
Control circuit is coupled to array, including patrolling by for the security logic in agreement particular block enabling read-only access
Volume, and prevent from accessing particular block via port.
In one embodiment, illustrate that a kind of operation includes the method for the circuit of nonvolatile memory array.The side
Method includes: in the particular block that key is stored in multiple blocks of the nonvolatile memory array by (1);(2) by outer
Part device or communication network use port from the array access data;(3) by being coupled to the nonvolatile memory array
Safety logic circuit allow to access in the protocol using the key being stored in the particular block be stored in it is described
The data in each block in multiple blocks;(4) allow the security logic to the particular block carry out read-only access with
For using in the agreement, and prevent to access the particular block via the port.
This exposure agreement may include interrogating/response protocol, it is described interrogate/response protocol includes via the end
Mouth carries out data exchange.
This exposure access control circuit has and allows to access the particular block via the port wherein to write
Enter the first state of the key, wherein forbid accessing the particular block via the port to be read out or be written, simultaneously
Allow the second state that the security logic accesses the particular block to be read out.The access control circuit includes
Allow and forbid accessing the block lock-bit of the correspondence block in the multiple block.
It in embodiment, include logic in the packaged integrated circuit or multi-chip module.The logic can will use
The key that the storage stack unit generates is stored into the particular block, and one group in memory array can be used
Memory cell executes function to generate the key.The storage stack unit is located in the particular block.
The key includes data value and the identification son in the subset of the storage stack unit
The address mapping that the member of concentration uses for the security logic.
The memory array, the port, the security logic and the access control circuit can be placed in individually
On integrated circuit.
A kind of memory device is described in one embodiment.Memory device includes that physics can not copy function circuit;With
And protection circuit, be configured to restrain physics can not memory cell in copy function circuit program and wiping
Except program.In embodiment, protection circuit includes instruction (indicator), it is indicated that programming or erasing physics can not copy functions
The accessibility (accessibility) of circuit, and instruction be restrain physics can not copy function circuit program or
In the state for wiping program.In embodiment, fuse, single programming unit (one-time-programming are designated as;
) or buffer OPT.In embodiment, physics can not copy function circuit include the warp in nonvolatile memory array
One group of unit of selection, and the circuit includes write-in bias generator (write bias generator), and it is inclined to generate write-in
Press-fitting is set so that memory cell to be written in an array;And wherein write-in bias generator is suppressed that be connected to physics not reproducible
The seleced storage stack unit of functional circuit, write-in bias generator physics can not copy function circuit be activated
When be deactivated.
In embodiment, protection circuit, which is configured to execute, authenticates calculation, can not be replicated with judgement programming or erasing physics
The accessibility of functional circuit.Authenticating calculation may include that password authenticates (passcode authentication).
In embodiment, it authenticates calculation connection (interface) and authenticates mechanism or entity key (hardware in fingerprint
key)。
A kind of memory device is described in example.Memory device include physics can not copy function circuit, provide initial close
Key;Tandom number generator generates random number;And logic circuitry, merging initial key with random number is the close of improvement
Key;And control circuit, it is configured to check the specific pattern of the content of the key of improvement to allow (permit) or restrain
(inhibit) physics can not copy function circuit write-in program.For example, need to allow the specific pattern of write-in program
It can be all 1 or be all zero.
Although referring to preferred embodiment detailed above and the instant disclosure present invention, however, it should be understood that those realities
Example is intended to descriptive sense meaning and not restrictive.It is expected that those skilled in the art will readily recognize that retouching and combination, institute
Stating retouching and combination will be in scope of the invention.
Claims (24)
1. a kind of electronic system, including client terminal device and host, the host includes processor, security logic and communicates boundary
Face, the client terminal device corresponds to the host, and the client terminal device includes:
Integrated circuit or multi-chip module have security logic, communication interface and logic to use physics can not copy function
And generate physics can not copy function key and the storage physics can not copy function key in the not reproducible key storage of physics
Storage;And
Logic is located on the integrated circuit or the multi-chip module, by the physics can not copy function key provide
To the host.
2. electronic system as described in claim 1, wherein the client terminal device includes multiple Nonvolatile memery units,
On the integrated circuit or the multi-chip module, and wherein the physics can not copy function use it is described by using
The entropy that Nonvolatile memery unit in multiple Nonvolatile memery units generates.
3. electronic system as described in claim 1, wherein the client terminal device includes command decoder and circuit system, position
In on the integrated circuit or the multi-chip module, in response to receiving the finger from the host via the communication interface
Order or one group of instruction, in the offer physics the not reproducible function of the physics can not be deactivated after copy function to the host
The change of energy key storage.
4. electronic system as described in claim 1, wherein the physics can not copy function key storage include one group non-
Volatile memory-elements.
5. electronic system as described in claim 1, wherein the client terminal device includes:
Multiple Nonvolatile memery units are located on the integrated circuit or the multi-chip module;And
Command decoder and circuit system are located on the integrated circuit or the multi-chip module, in response to via described logical
Believe that interface receives the instruction or one group of instruction from the host, to use specific to the described instruction from the host
Or the address in one group of instruction identifies the not reproducible function of the physics in the multiple Nonvolatile memery unit
It can key storage.
6. electronic system as described in claim 1, wherein the client terminal device includes being located at the integrated circuit or described
Command decoder on multi-chip module, be configured so that:
The logic is caused to use physics via the received instruction or one group of instruction from the host of the communication interface
Can not copy function to generate physics copy function key and the not reproducible key of the physics can not be sent to the host
Execution.
7. electronic system as described in claim 1, wherein the client terminal device includes being located at the integrated circuit or described
Command decoder on multi-chip module, be configured so that:
Via the received instruction or one group of command reception from the host of the communication interface from the host
Transient Key, and using the Transient Key with encrypt the physics can not copy function key, and by send it is encrypted
The physics can not copy function key and by the physics can not copy function key be provided to the host.
8. electronic system as described in claim 1, wherein the client terminal device includes being located at the integrated circuit or described
Command decoder on multi-chip module, be configured so that:
The integrated electricity is stored in via the received instruction or one group of instruction use from the host of the communication interface
Transient Key on road or the multi-chip module with encrypt the physics can not copy function key, and it is encrypted by sending
The physics can not copy function key and by the physics can not copy function key be provided to the host.
9. electronic system as described in claim 1, wherein the client terminal device includes being located at the integrated circuit or described
Command decoder on multi-chip module, be configured so that:
Making for tandom number generator is caused via the received instruction or one group of instruction from the host of the communication interface
With to generate Transient Key, and the Transient Key being sent to the host, and the Transient Key is stored in the collection
At on circuit or the multi-chip module;And
In response to described instruction or one group of instruction with encrypt the physics can not copy function key, and by send through plus
The close physics can not copy function key and by the physics can not copy function key be provided to the host.
10. electronic system as described in claim 1, wherein the client terminal device includes being located at the integrated circuit or described
Command decoder on multi-chip module, be configured so that:
It is caused via the received replacement of keys instruction or replacement of keys instruction sequence from the host of the communication interface
The logic using physics can not copy function can not copy function key, shared with the host by using to generate physics
Secret key encryption described in physics can not copy function key and send the encrypted physics can not copy function key
To the execution of the host.
11. electronic system as claimed in claim 10, wherein being located at the institute on the integrated circuit or the multi-chip module
Command decoder is stated more to be configured to deactivate the replacement of keys instruction or the subsequent use of the replacement of keys instruction sequence.
12. electronic system as described in claim 1, wherein the client terminal device includes multiple nonvolatile memory lists
Member is located on the integrated circuit or the multi-chip module, and wherein the physics can not copy function use by using
The entropy that Nonvolatile memery unit in the multiple Nonvolatile memery unit generates can not replicate function to generate physics
Can data set, and merge the physics can not copy function data set and the random number from tandom number generator, to generate
The physics can not copy function key.
13. a kind of operating method of electronic system, the electronic system includes client terminal device and host, and the host includes place
Device, security logic and communication interface are managed, the client terminal device includes integrated circuit or multi-chip module, and the client fills
It sets and corresponds to the host, the operating method of the electronic system includes:
Using the physics being located on the integrated circuit or the multi-chip module can not copy function can not be answered with generating physics
Function key processed and by the physics can not copy function key be stored in physics can not be in copy function key storage;And
By the physics can not copy function key be provided to the host.
14. the operating method of electronic system as claimed in claim 13, wherein the client terminal device includes being located at the collection
At multiple Nonvolatile memery units on circuit or the multi-chip module, wherein the physics can not copy function use
The entropy generated by the Nonvolatile memery unit used in the multiple Nonvolatile memery unit.
15. the operating method of electronic system as claimed in claim 13, comprising: in response to receiving the finger from the host
Enable or one group of instruction, by the physics can not copy function key be provided to the host after deactivate the physics can not
The change of copy function key storage.
16. the operating method of electronic system as claimed in claim 13, wherein the physics can not the storage of copy function key
Device includes one group of Nonvolatile memery unit.
17. the operating method of electronic system as claimed in claim 13, wherein the client terminal device includes being located at the collection
It at multiple Nonvolatile memery units on circuit or the multi-chip module, and include: in response to being received from the host
Instruction or one group of instruction, using the particular address in described instruction or one group of instruction with recognize be stored in it is the multiple non-
The physics in volatile memory-elements can not copy function key.
18. the operating method of electronic system as claimed in claim 13, comprising: in response to from the host it is received instruction or
One group of instruction, causes the execution of the integrated circuit or the logic on the multi-chip module, to use the physics that can not answer
Function processed with generate the physics can not copy function key, and by the physics can not copy function key be sent to the master
Machine.
19. the operating method of electronic system as claimed in claim 13, comprising: in response to from the host it is received instruction or
One group of instruction receives Transient Key from the host, using the Transient Key encrypt the physics can not copy function key,
And by send the encrypted physics can not copy function key with by the physics can not copy function key be provided to
The host.
20. the operating method of electronic system as claimed in claim 13, comprising: in response to from the host it is received instruction or
One group of instruction, encrypted using Transient Key the physics can not copy function key, and by sending the encrypted object
Reason can not copy function key with by the physics can not copy function key be provided to the host.
21. the operating method of electronic system as claimed in claim 13, comprising: in response to from the host it is received instruction or
One group of instruction generates Transient Key using tandom number generator, the Transient Key is sent to the host, and will be described temporary
When key be stored on the integrated circuit or the multi-chip module;And
In response to described instruction or one group of instruction, encrypt the physics can not copy function key, and by send through plus
The close physics can not copy function key with by the physics can not copy function key be provided to the host.
22. the operating method of electronic system as claimed in claim 13, comprising: in response to referring to from the received replacement of keys of host
Enable or a group key displacement instruction, cause logic using the physics can not copy function with generate physics can not copy function it is close
The execution of key, can not copy function key and will be through adding using physics described in the secret key encryption shared with the host
The close physics can not copy function key be sent to the host.
23. the operating method of electronic system as claimed in claim 22, comprising: in response to being set from the received key of the host
Instruction or group key displacement instruction are changed, subsequent the making of the replacement of keys instruction or group key displacement instruction is deactivated
With.
24. the operating method of electronic system as claimed in claim 13, wherein the client terminal device includes being located at the collection
At multiple Nonvolatile memery units on circuit or the multi-chip module, wherein the physics can not copy function use
The entropy generated by the Nonvolatile memery unit used in the multiple Nonvolatile memery unit is to generate physics not
Reproducible functional image data set, and including merge the physics can not copy function data set with from tandom number generator with
Machine number can not copy function key to generate the physics.
Applications Claiming Priority (6)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US15/601,582 US10715340B2 (en) | 2016-08-04 | 2017-05-22 | Non-volatile memory with security key storage |
| US15/601,582 | 2017-05-22 | ||
| US201762528460P | 2017-07-04 | 2017-07-04 | |
| US62/528,460 | 2017-07-04 | ||
| US201762594547P | 2017-12-05 | 2017-12-05 | |
| US62/594,547 | 2017-12-05 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108958650A true CN108958650A (en) | 2018-12-07 |
| CN108958650B CN108958650B (en) | 2021-06-15 |
Family
ID=64499400
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810497723.5A Active CN108958650B (en) | 2017-05-22 | 2018-05-22 | Electronic system and method of operating the same |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108958650B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3680905A1 (en) * | 2019-01-13 | 2020-07-15 | eMemory Technology Inc. | Random code generator |
| CN114444140A (en) * | 2020-11-02 | 2022-05-06 | 旺宏电子股份有限公司 | Non-duplicable function application in memory |
| TWI783176B (en) * | 2019-08-23 | 2022-11-11 | 大陸商雅特力科技(重慶)有限公司 | Method for managing secure library supporting data storage, and associated electronic device |
| US11736286B2 (en) | 2020-12-11 | 2023-08-22 | PUFsecurity Corporation | Method and secure boot control circuit for controlling secure boot of electronic device and method for controlling enrollment of electronic device |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200913627A (en) * | 2007-05-11 | 2009-03-16 | Validity Sensors Inc | Method and system for electronically securing an electronic device using physically unclonable functions |
| US20090165086A1 (en) * | 2007-12-21 | 2009-06-25 | Spansion Llc | Random number generation through use of memory cell activity |
| CN102165458A (en) * | 2008-09-26 | 2011-08-24 | 皇家飞利浦电子股份有限公司 | Authenticating a device and a user |
| US20140140513A1 (en) * | 2012-11-19 | 2014-05-22 | International Business Machines Corporation | Reliable physical unclonable function for device authentication |
| CN104254853A (en) * | 2012-04-25 | 2014-12-31 | 株式会社日立制作所 | File storage system and file cloning method |
| CN104751050A (en) * | 2015-04-13 | 2015-07-01 | 成都睿峰科技有限公司 | Client application program management method |
| CN104836669A (en) * | 2015-05-08 | 2015-08-12 | 东南大学 | Security authentication method based on SRAM PUF (Static Random Access Memory Physical Uncloable Function), terminal and authentication system |
| US20160148679A1 (en) * | 2014-11-21 | 2016-05-26 | Panasonic Intellectual Property Management Co., Ltd. | Tamper-resistant non-volatile memory device |
| US20160323096A1 (en) * | 2015-04-29 | 2016-11-03 | Samsung Electronics Co., Ltd. | Non-leaky helper data: extracting unique cryptographic key from noisy f-puf fingerprint |
| CN106575324A (en) * | 2014-04-09 | 2017-04-19 | 有限公司Ictk | Authentication apparatus and method |
| CN106688027A (en) * | 2014-09-15 | 2017-05-17 | Arm 有限公司 | PUF and address dependent data encryption |
-
2018
- 2018-05-22 CN CN201810497723.5A patent/CN108958650B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200913627A (en) * | 2007-05-11 | 2009-03-16 | Validity Sensors Inc | Method and system for electronically securing an electronic device using physically unclonable functions |
| US20090165086A1 (en) * | 2007-12-21 | 2009-06-25 | Spansion Llc | Random number generation through use of memory cell activity |
| CN102165458A (en) * | 2008-09-26 | 2011-08-24 | 皇家飞利浦电子股份有限公司 | Authenticating a device and a user |
| CN104254853A (en) * | 2012-04-25 | 2014-12-31 | 株式会社日立制作所 | File storage system and file cloning method |
| US20140140513A1 (en) * | 2012-11-19 | 2014-05-22 | International Business Machines Corporation | Reliable physical unclonable function for device authentication |
| CN106575324A (en) * | 2014-04-09 | 2017-04-19 | 有限公司Ictk | Authentication apparatus and method |
| CN106688027A (en) * | 2014-09-15 | 2017-05-17 | Arm 有限公司 | PUF and address dependent data encryption |
| US20160148679A1 (en) * | 2014-11-21 | 2016-05-26 | Panasonic Intellectual Property Management Co., Ltd. | Tamper-resistant non-volatile memory device |
| CN104751050A (en) * | 2015-04-13 | 2015-07-01 | 成都睿峰科技有限公司 | Client application program management method |
| US20160323096A1 (en) * | 2015-04-29 | 2016-11-03 | Samsung Electronics Co., Ltd. | Non-leaky helper data: extracting unique cryptographic key from noisy f-puf fingerprint |
| CN104836669A (en) * | 2015-05-08 | 2015-08-12 | 东南大学 | Security authentication method based on SRAM PUF (Static Random Access Memory Physical Uncloable Function), terminal and authentication system |
Non-Patent Citations (2)
| Title |
|---|
| SAUVAGYA RANJAN SAHOO; SUDEENDRA KUMAR; KAMALAKANTA MAHAPATRA: ""A Modified Configurable RO PUF with Improved Security Metrics"", 《2015 IEEE INTERNATIONAL SYMPOSIUM ON NANOELECTRONIC AND INFORMATION SYSTEMS》 * |
| 孙梅;张栋冰;张娟: ""一种基于PUF的低成本RFID认证协议分析与改进"", 《合肥学院学报(自然科学版)》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3680905A1 (en) * | 2019-01-13 | 2020-07-15 | eMemory Technology Inc. | Random code generator |
| US10748591B2 (en) | 2019-01-13 | 2020-08-18 | Ememory Technology Inc. | Random code generator |
| TWI783176B (en) * | 2019-08-23 | 2022-11-11 | 大陸商雅特力科技(重慶)有限公司 | Method for managing secure library supporting data storage, and associated electronic device |
| CN114444140A (en) * | 2020-11-02 | 2022-05-06 | 旺宏电子股份有限公司 | Non-duplicable function application in memory |
| US11736286B2 (en) | 2020-12-11 | 2023-08-22 | PUFsecurity Corporation | Method and secure boot control circuit for controlling secure boot of electronic device and method for controlling enrollment of electronic device |
| TWI825522B (en) * | 2020-12-11 | 2023-12-11 | 熵碼科技股份有限公司 | Method and secure boot control circuit for controlling secure boot of electronic device and method for controlling enrollment of electronic device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108958650B (en) | 2021-06-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10680809B2 (en) | Physical unclonable function for security key | |
| CN108958707A (en) | Circuit and its operating method with PUF and tandom number generator | |
| TWI732903B (en) | Electronic apparatus, memory apparatus and operation method thereof | |
| US10855477B2 (en) | Non-volatile memory with physical unclonable function and random number generator | |
| US11601269B2 (en) | Unchangeable physical unclonable function in non-volatile memory | |
| US10742406B2 (en) | Key generation and secure storage in a noisy environment | |
| CN108958650A (en) | Electronic system and its operating method | |
| JP2016105585A (en) | Non-volatile memory device having tamper resistance, integrated circuit card, authentication method for non-volatile memory device, and encryption method and decryption method using non-volatile memory device | |
| CN108959976B (en) | Method for operating circuit with nonvolatile memory cell and circuit using the same | |
| Jia et al. | Extracting robust keys from NAND flash physical unclonable functions | |
| TWI716685B (en) | Electronic system and operation method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |