CN113079019B - Integrated circuit device and method and system for generating security key thereof - Google Patents
Integrated circuit device and method and system for generating security key thereof Download PDFInfo
- Publication number
- CN113079019B CN113079019B CN202110337813.XA CN202110337813A CN113079019B CN 113079019 B CN113079019 B CN 113079019B CN 202110337813 A CN202110337813 A CN 202110337813A CN 113079019 B CN113079019 B CN 113079019B
- Authority
- CN
- China
- Prior art keywords
- key
- bits
- address
- otp
- programmable device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 95
- 230000006870 function Effects 0.000 claims abstract description 51
- 230000004044 response Effects 0.000 claims abstract description 24
- 230000003068 static effect Effects 0.000 claims description 27
- 238000004891 communication Methods 0.000 claims description 14
- 230000008569 process Effects 0.000 description 27
- 238000012795 verification Methods 0.000 description 20
- 238000010586 diagram Methods 0.000 description 14
- 238000012360 testing method Methods 0.000 description 14
- 238000012545 processing Methods 0.000 description 10
- 238000004519 manufacturing process Methods 0.000 description 7
- 230000008859 change Effects 0.000 description 6
- 238000003860 storage Methods 0.000 description 5
- 239000000758 substrate Substances 0.000 description 5
- 238000013500 data storage Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000008672 reprogramming Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 108010076504 Protein Sorting Signals Proteins 0.000 description 1
- 230000032683 aging Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005266 casting Methods 0.000 description 1
- 239000004020 conductor Substances 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000003362 replicative effect Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 229910052710 silicon Inorganic materials 0.000 description 1
- 239000010703 silicon Substances 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Transmitters (AREA)
Abstract
A system and method of generating a security key for an integrated circuit device includes generating a plurality of key bits having a Physically Unclonable Function (PUF) device. A PUF may comprise a random number generator that may create random bits. The random bits may be stored in a non-volatile memory. The number of random bits stored in the non-volatile memory allows a plurality of challenges and responses to interact to obtain a plurality of security keys from the PUF. Embodiments of the application also relate to integrated circuit devices.
Description
Technical Field
Embodiments of the present application relate to integrated circuit devices and methods and systems for generating security keys thereof.
Background
As the reliance on computer systems and the internet has increased in many areas such as personal communications, shopping, banking, commerce, etc., the need to improve network security has also increased. Many security measures may be employed, including encryption. A Physical Unclonable Function (PUF) is a physical object that is embodied in a physical structure that can be used to produce an output. The output is easy to evaluate, but the output is difficult or almost unpredictable. The PUF output may be used as a unique identity or key in secure computation and communication.
A single PUF device must be easy to manufacture, but in practice it is almost impossible to replicate, even given the exact manufacturing process that produces it. In this regard, it is a hardware simulation of unidirectional functionality. PUFs are typically implemented in integrated circuits and are typically used in applications with high security requirements.
Disclosure of Invention
Some embodiments of the application provide a method of generating a security key for an integrated circuit device, comprising: generating a plurality of key bits with a random number generator; storing the plurality of key bits in a non-volatile memory; and generating the security key from the plurality of key bits stored in the non-volatile memory.
Further embodiments of the present application provide an integrated circuit device comprising: a physically unclonable function generator for outputting two or more security keys, each security key comprising a plurality of key bits, wherein the physically unclonable function generator comprises: a Static Random Access Memory (SRAM) that is read after initialization to provide one or more of the plurality of key bits; a one-time programmable (OTP) device for: storing the plurality of key bits read from the static random access memory; and providing one of the two or more security keys from the plurality of key bits when an address is received.
Still further embodiments of the present application provide a system for generating a security key for an integrated circuit device, the system comprising: a random number generator comprising: a Static Random Access Memory (SRAM) that is read after initialization to provide a plurality of bits; a Linear Feedback Shift Register (LFSR) for scrambling the plurality of bits read from the sram into scrambled key bits; an input address scrambler for: receiving an input address; scrambling the input address to a scrambled address; providing the scrambled address; a one-time programmable (OTP) device in communication with the linear feedback shift register and the input address scrambler for: storing the scrambled key bits provided from the linear feedback shift register; associating the scrambled key bits with an address; receiving the scrambled address from the input address scrambler; determining the address associated with the scrambled key bit, the address matching the scrambled address; reading the scrambled key bits having the address matching the scrambled address; providing the scrambled key bits as the security key; an output register in communication with the one-time programmable device, the output register to: receiving the security key from the one-time programmable device; and outputting the security key.
Drawings
The various aspects of the invention are best understood from the following detailed description when read in connection with the accompanying drawings. It should be noted that the various components are not drawn to scale according to standard practice in the industry. In fact, the dimensions of the various features may be arbitrarily increased or reduced for clarity of discussion.
Fig. 1 is a block diagram illustrating aspects of an exemplary Physical Unclonable Function (PUF) generator/device in accordance with an example of the present application.
FIG. 2 is a block diagram illustrating aspects of the exemplary controller of FIG. 1 in accordance with an example of the present application.
Fig. 3 is a block diagram illustrating aspects of an exemplary data structure of the PUF device of fig. 1 in accordance with an example of the present application.
Fig. 4A is a communication diagram illustrating aspects of communication between components of PUF devices according to an example of the application.
Fig. 4B is another communication diagram illustrating aspects of communication between components of PUF devices according to an example of the application.
Fig. 5 is a process flow diagram illustrating aspects of a method for storing random numbers in a non-volatile memory of a PUF device in accordance with an example of the present application.
Fig. 6 is a process flow diagram illustrating aspects of an exemplary method for generating PUF security keys in accordance with an example of the present application.
Fig. 7 is another process flow diagram illustrating aspects of a method for storing random numbers in a non-volatile memory of a PUF device in accordance with an example of the present application.
Fig. 8 is a process flow diagram illustrating aspects of a method for determining the state of a PUF device in accordance with an example of the present application.
Detailed Description
The following disclosure provides many different embodiments, or examples, for implementing different features of the provided subject matter. Specific examples of components and arrangements are described below to simplify the present disclosure. These are, of course, merely examples and are not intended to limit the invention. For example, in the following description, forming a first component over or on a second component may include an instance in which the first component and the second component are formed in direct contact, and may also include an instance in which additional components may be formed between the first component and the second component, such that the first component and the second component may not be in direct contact. Furthermore, the present invention may repeat reference numerals and/or characters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various examples and/or configurations discussed.
As mentioned above, a Physical Unclonable Function (PUF) is a physical object that is embodied in a physical structure that can be used to produce an output that is easy to evaluate but nearly unpredictable. Integrated Circuit (IC) devices typically include electronic circuitry formed on a semiconductor substrate or "chip" formed of a semiconductor material such as silicon. Rather than building one item at a time, components of an IC device are formed on a substrate by a photolithographic process. The electronic devices formed on the substrate are interconnected by conductors or lines that are also formed on the substrate by a photolithographic process. Each IC device is unique due to physical randomness, even though the same manufacturing process materials are utilized, although in high volume manufacturing. This inherent variation can be extracted and used as its unique identifier, like human DNA. According to the examples disclosed herein, this variation is used to create a unique IC device signature that is used as a PUF, because it is unique, inherent to a particular device, unclonable (not mimicking or replicating), repeatable, etc.
Fig. 1 is a block diagram illustrating an example of an integrated circuit device that may include a PUF device/generator 100 in accordance with aspects of the invention. An integrated circuit device includes a substrate that forms an electronic device, which may be any of a number of types of devices implemented by an integrated circuit, such as a processing device or a memory device. PUF device 100 is configured to receive a challenge via input port 116. In response to the challenge, the authentication circuit is configured to provide a response in the form of a security key, which is output by the PUF circuit 100 via the output port 120. As described above, PUF 100 is constructed based on the occurrence of different physical process variations during IC fabrication. These static physical changes allow the IC to have a unique fingerprint (or fingerprints) specific to the IC. When a particular challenge is received via the input port 116, a corresponding unique response is generated. An IC capable of generating multiple fingerprints is a powerful PUF because multiple challenge and response pairs can be utilized.
With some PUF generation techniques, some potential security key bits may differ from one PUF generation to another. In the present invention, such key bits are referred to as random bits. In general, these random bits are not suitable for key generation because messages encrypted with a key having random bits may not be reliably decrypted. The useful bits are collected and identified to generate a unique and reliable key for each IC device. In some examples disclosed herein, the scrambled random bits are reserved, rather than a record of the key bits used to generate the security key. In the example shown in fig. 1, a scrambled version of the random bits is stored in non-volatile memory 110. Generating the security key includes: accessing the memory 110; and then outputting the response key.
The PUF device 100 is configured to generate a security key comprising a predetermined number of key bits. As described above, the security key is provided in response to the received challenge and is unique to the particular IC device 100 due to inherent variations in the manufacturing process used for the device. In some examples, PUF device 100 includes a random number generator 104, for example, a memory array, such as an SRAM memory array, in which memory cells of the array generate key bits of a security key. The size of the SRAM array or the number of memory cells of the SRAM array used for key generation may be determined based on the size of the required security key.
The processing memory 110 is provided for PUF data processing. In the example shown, the processing memory 110 is a non-volatile memory (NVM). In some examples, the processing memory 110 is a one-time programmable (OTP) memory or device. Hereinafter, the processing memory 110 may be interchangeably referred to as the NVM 110 or the OTP 110, but it should be noted that the processing memory 110 is not limited to a non-volatile memory or to an OTP memory or device.
A request 124 for a security key is received in the form of a challenge. The input address block 116 processes such requests or challenges to ensure the correctness of the challenge before presenting the challenge to the processing memory 110. Based on the valid response, the security key is retrieved by the processing memory 110. In some examples, the input address block 116 responds by scrambling the input address process to randomize requests for security keys sent to the processing memory 110.
In the exemplary circuit shown in fig. 1, the memory for storing the scrambled bits comprises a non-volatile memory provided on the PUF device 100 itself. In other examples, the memory is external to the PUF device 100. In fig. 1, the memory is an antifuse OTP 110 marking the address of the scrambled random bit identified in PUF 100. As will be discussed further below, initially OTP 110 contains no information. During the debugging process, OTP 110 is updated with scrambled bits and addresses at the end of each of the plurality of steps. At the end of all steps, OTP 110 will contain information about all scrambled bits. This information is used by the PUF 100 to generate a security key that is responsive to the received challenge. The illustrated example also includes a controller 102. In the example of implementing NVM 110 via OTP 110, controller 102 is connected with OTP 110 for read and write modes.
The authentication circuit 100 shown further comprises an input address block 116, which provides an interface external to the PUF device 100. For example, the input address block 116 initiates access to the PUF device 100 and tracks all transactions related to OTP 110 access and data collection.
The PUF device 100 obtains the inherent differences between the manufactured devices to generate a PUF signature. For example, there are PUFs based on delay chains, where the PUF converts a variation (difference) into a delay variation. A PUF based on a delay chain employs a set of delay chains made of logic gates. Each chain will have a different delay due to static changes in the components. With the sampling delay, a signature may be generated for a random number from a Random Number Generator (RNG) 104.
Another approach is a memory-based PUF in which the change in the device in the bistable element is converted to generate either a "1" or a "0". Such a memory-based PUF includes an array of memory cells that may be implemented as any one of a plurality of arrays of memory cells, such as Static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), magnetoresistive Random Access Memory (MRAM), resistive Random Access Memory (RRAM), read Only Memory (ROM), and the like. A particular type of memory-based PUF is an SRAM PUF, which includes an SRAM array 106. These PUFs use small memory cell variations to generate signatures. For example, a signature may be generated from the start-up state of a cell by an SRAM array, which is random and unique among different SRAMs.
In some configurations, RNG 104 includes a memory array on which PUFs are based. For example, such SRAM-based PUFs use the memory initial data content (start-up conditions) of the SRAM array 106 to generate a security key. Bits of the generated key that do not change state from one start-up period to the next are referred to as stable bits. Attempting to identify and record each stable bit to be used for key generation would require a significant amount of time and recording the stable bits may expose the key generation to end attacks. Furthermore, due to environmental effects, noise and aging that may affect the stable bits of the memory, a large number of additional bits will be required to correct the error.
As described above, some examples implement PUF generators via SRAM memory. For example, the PUF signature may be generated by using the start-up state of the SRAM device. Although SRAM devices include symmetrical cells (bits), manufacturing variations may still result in each bit tending to be in a high state (i.e., logic "1") or a low state (i.e., logic "0") when the SRAM device is activated. This initial start-up state of bits is randomly distributed across the entire SRAM device, which causes variability in the unique key that can be defined by the PUF to produce the SRAM device.
In other examples where SRAM is used as the PUF generator, each bit of the security key is generated by comparing access speeds (e.g., read speeds) of two memory cells of the memory device. In such an instance, there is no need to repeatedly start and shut down the memory device, because the PUF signature is based on a comparison of the read speeds.
Regardless of the type of SRAM-based RNG 104, the bits or signature of the SRAM 106 may be scrambled. Scrambling the SRAM bits can further randomize the random bits from the SRAM 106 and prevent security compromise by reading the SRAM 106 because the bits stored in the OTP 110 are different from the bits read from the SRAM 106. The scrambler 108 may be a bit folding circuit. In other configurations, scrambler 108 may be a Linear Feedback Shift Register (LFSR) and, optionally, paired with one or more XOR gates. Regardless of the type of scrambler, the read SRAM bits can be scrambled or changed to a new configuration, which makes the PUF 100 difficult to damage, since even if the read SRAM is not identical to the bits stored in the OTP 110.
Another component of the PUF 100 may be a built-in self-test (BIST) 112.BIST 112 may determine the function or proper operation of OTP 110 and/or RNG 104. BIST 112 may send and receive signals from OTP 110 and RNG 104 to determine that both components 110, 104 are operating and working properly. This operational information may be communicated back to the controller 102.
The verification component 114 can verify information or data stored within the OTP110 and/or from the RNG 104. For example, RNG 104 can store bits within OTP110, and then verification component 114 can read bits from OTP110 and compare the bits to information in a register of RNG 104 to determine whether the bits are correctly written to OTP 110. Any type of information generated from the verification may then be sent to the controller 102 for further operation. In other cases, OTP110 may also verify information being read and sent to output register 118. In this manner, the controller 102 may determine whether the output to the output register 118 has been sent and/or is correct.
The output register 118 may store bits from the OTP 110 for output from the PUF 100. The output register 118 may be configured by the controller 102 to change the size of the key or the number of response bits to be sent from the PUF 100. In at least some configurations, the output port 120 can output a set number of bits, e.g., 16 bits, in parallel or serial format. Output register 118 may store keys of different sizes that may be greater than 16 bits of output port 120. Thus, the output register 118 may be configured to store the entire output key to be sent from the output port 120 as one or more signals 128. The output port 120 may send the key bits in several signals 128, for example 16 bits at a time, after which, in one or more consecutive reads, the output port 120 obtains all the key bits from the output register 118 and the entire key is sent out as signal 128.
The output port 120 may be a parallel port or a serial port that sends the signal 128 to another device or function on or off an integrated circuit in communication with the PUF 100. The output port 120 may have a set digit, e.g., 16 digits, that the output port 120 may send in any one of the signals 128. The output port 120 may send a continuous or repeated output until the entire key is provided as the output signal 128.
The PUF 100 may also include an input address block 116. The input address block 116 may accept an input challenge signal 124, which may include an address. This address may be sent by the input address block 116 to the OTP110 to retrieve the key with the address. The key may be output as a response to the polling signal as described herein. In at least some configurations, the input address block 116 may also scramble the address 124. In this way, the output key is randomized according to address and is prevented from being determined by repeated challenges and responses. The scrambler in the input address block 116 may be an LFSR or other circuit.
One set of functions or components of the controller 102 may be as shown in fig. 2. The functional components 202-216 may represent different types of functions or processes performed or generated by the controller 102. These different functions may be embodied as firmware loaded into the controller 102 from a memory, or may be gates or other hardware permanently embodied in an integrated circuit of the controller 102. In any case, these different functions help to generate an output from the PUF 100 and control the different functions that the PUF 100 can utilize.
The random number generator and/or random number generator interface 202 may interact with the RNG 104. Thus, in at least some configurations, the controller 102 can read or write to the SRAM 106. In addition, controller 102 may activate SRAM or RNG 104. The controller 102 may also be coupled to a scrambler 108. Thus, the controller 102 may activate the scrambler 108, affect the function of the scrambler, read information from the scrambler 108, or otherwise utilize the scrambler 108.
The controller 102 may also include an NVM interface 204. The NVM interface 204 can interact with the nonvolatile memory 110. Thus, the controller 102 can read information or write information to the NVM 110. In some configurations, the controller 102 may only be able to read certain portions of the NVM 110. For example, controller 102 may determine whether OTP 110 has been programmed with a random number. Further, controller 102 may initiate OTP 110 or perform other operations including, for example, having OTP 110 send a key to output register 118.
The initial writing of NVM function 206 may proceed to NVM110 with a first initial storage of random numbers. This initial writing of NVM function 206 may cause SRAM 106 to provide data to scrambler 108, which may then be read or written into OTP 110. Thus, the initial writing of NVM function 206 controls the process for storing random numbers into NVM110.
Verification of NVM function 208 may verify, through verification block 114, that the information being written to OTP 110 is the same as the information provided in the registers of scrambler 108. Accordingly, controller 102 may interact with verification block 114, with random number generator 104, and with OTP 110 to determine whether to write the correct data from RNG 104 into OTP 110.
In some configurations, the controller 102 may act as a scrambler to scramble bits from the SRAM 106 using an optional scrambler of the RNG bit function 210. In this way, the controller 102 functions as a scrambler 108. Accordingly, the controller 102 may include bit folding circuit functionality, LFSR circuitry/functionality, or other types of scrambling techniques. The controller 102 may provide the necessary scrambling of bits for the OTP 110.
After NVM 110 stores the random number scrambled from scrambler 108, the shutdown of NVM function 212 may stop writing to NVM 110. Accordingly, controller 102 may also cause OTP device 110 to set one or more bits indicating that OTP 110 has been written and that a key has been stored. Further, when starting up the PUF 100, the controller 102 may read these set bits from the OTP 110 and then, based on the already programmed OTP 110 state, may write bits, e.g. 1 and 0, to the SRAM 106 to prevent reading the starting state of the SRAM.
The key size determiner 214 may be an interface that may receive the signal 122 indicating the key size desired as output. The key size determiner 214 may then interact with the output registers 118 to set the size of registers storing and receiving bits associated with keys having the set key size. Hereinafter, the controller 102 may control the output register 118 to send the key to the output port 120.
The input/output interface 216 may interact with circuits, devices, functions, etc. external to the PUF 100. The input signal 122 may be sent to the input/output interface 216 of the controller 102 to perform certain functions. In addition, the input/output interface 216 may also send the signal 126 or other signals sent from the PUF 100. The input/output interface 216 may interact with the output registers 118 and/or the output ports 120 to send the output signals 126, 128. These output signals 126, 128 may include an indication that the output 128 is ready in the output register 118 and/or the output port 120. When receiving a challenge (possibly with an address) to request a secure key, the input/output interface 216 may also interact with the input address block 116, which input address block 116 may receive the address and scramble the address to receive an indication at the controller that has received the address. The input address block 116 may provide an address to the NVM 110 to have a key read out placed in the output register 118. Thus, external communication may be controlled by the input/output interface 216 of the controller 102.
An example of a data structure 300 that may represent random bits stored as a key in OTP 110 may be as shown in fig. 3. The data structure 300 may have different fields or portions as provided and shown in fig. 3. There may be more or fewer fields or portions as shown in fig. 3, as represented by ellipse 310. The data structure 300 may include a portion of one or more reserved bits 302, one or more addresses 304, associated with one or more random numbers 306. The reserved bits 302 may be one or more bits used to provide information to the controller 102 or other components within the PUF 100. For example, reserved bit 302 may have one or more bits set to indicate that OTP 110 has been programmed with a key stored as random number 306.
Address 304 is a set of Identifiers (IDs) or data that indicates or is associated with a set of random numbers in portion 306. The address 304 may be specified or targeted by the input address block 116. The random number 306 associated with the address 304 may be extracted by requesting a key from the data structure 300 using the address 304.
The random number 306 is a set of scrambled bits from the SRAM 106 stored within the OTP 110. These random numbers 306 are keys that may be accessed or retrieved from or during the challenge/response. The random number 306 may be partially entered into the data structure 300, such as portion 308. In other configurations, portion 308 represents a set of random bits equal to the key. These portions 308 may include output bits that are sent to the output registers 118 and then to the output ports 120. Thus, several keys 308 may exist within the random number that may be accessed. The large number of random bits that can be encapsulated into the security key allows flexibility in using the OTP 110 to provide many different security keys.
Examples of the various signals that may occur in PUF 100 may be as shown in fig. 4A and 4B. The controller 102 may receive the reset signal 402 into the input/output interface 216. The reset signal 402 may be an external signal for resetting the PUF 100. In response to the reset signal 402, the controller 102 may send a reset or start signal 404 to the random number generator 104, e.g., to the SRAM106 and/or a signal 406 to the OTP 110.
In addition, the controller 102 can send a test signal 408 to the BIST 112.BIST 112 may request the state of RNG 104 and/or OTP 110 in signals 410a and 410 b. RNG 104 can respond to the status in signal 412 and nonvolatile memory 110 can respond to the status in signal 414. This status information may be sent back from the BIST 112 to the controller 102 in signal 416. The controller 102 can then know the status of the different components within the PUF 100 and report the status externally, if necessary. Thus, these signals 402 to 416 represent signals for resetting and/or self-checking to determine that the internal circuitry of the PUF 100 is working properly.
The controller 102 may then receive the status check signal 418. In response to signal 418, controller 102 may query nonvolatile memory 110 for the state of OTP 110 using signal 420. Signal 420 may represent controller 102 reading reserved bits 302 from data structure 300. These reserved bits 302 may indicate whether the OTP 110 has been programmed. This information may be sent back to the controller 102 or read by the controller 102. The controller 102 may then receive the signal 422 in signal 424 and output the status. State 424 may indicate whether OTP 110 has been programmed.
If OTP 110 has not been programmed, controller 102 may then store information into OTP 110. In this signal sequence, controller 102 may send signal 426 to RNG 104 to begin generating a scrambled random number to be stored in OTP 110. RNG 104 can then provide these scrambled random numbers to OTP 110 in signal 428. Although SRAM 106 may be read in 16 bit blocks or blocks of other sizes, bits may be read into OTP 110 one bit at a time. The random bits may be stored in NVM 110.
After reading a set of bits into OTP 110, OTP 110 and RNG 104 may each send the stored bits as signals 430a and 430b to verification block 114. The verification block 114 may determine whether the bits stored into the OTP 110 are the same as the bits output from the RNG 104. If the bit is verified, the verification block 114 may send a signal 432 indicating verification back to the controller 102. If the verification block 114 indicates that the bits are not identical, then the controller 102 may receive a signal 432 indicating a write failure. The controller 102 may then cause the SRAM 106 to retransmit the scrambled bits to the OTP 110. If the verification fails twice, the controller 102 may output an error as signal 122. If the verification is correct, however, the controller 102 may indicate that the process of storing the random bit into the OTP 110 will continue, as indicated by arc 434.
In some examples, controller 102 may continue the process represented by arc 434. After all possible random bits are stored in OTP 110, controller 102 may send signal 436 to burn-in OTP 110 and prevent OTP 110 from receiving more bits. Thus, then OTP 110 may not be able to store more bits at that time, but may be used for the challenge and response procedure for generating or providing the key.
The controller 102 may also receive the key size signal 438 shown in fig. 4B. The key size signal 438 may indicate the size of the key to be output by the PUF 100. In response to signal 438, controller 102 may then send signal 440 to output register 118 to set the key size according to the information in signal 438. Thus, the output register 118 may provide available storage capacity for all bits requesting the key as output.
Controller 102 may then receive challenge signal 442 to request a key. This signal 442 may trigger the controller 102 to send a signal 444 to the OTP 110 in preparation for receiving address input as a challenge. The controller 102 may also be coupled to the input address block 116 to determine when an input address is received and to control the output of that address to the OTP 110. An input address may be received at input address block 116 in signal 446. The input address may then be scrambled and the scrambled address may be sent as signal 448 to OTP 110.OTP 110 may access an address in address data 304 and read out a random number 306 associated with the received address. The associated random number 306 represents a key that may then be sent as signal 450 to the output register 118 and/or the verification block 114 (not shown). The output register 118 may then provide the key to the output port 120 in a smaller portion in signal 452. The controller 102 may also send a signal 454 to indicate that the output register 118 and/or the output port 120 are ready for output. When an indication that an output can be received, an output key can be sent out of the output port 120 as a continuous signal 456.
Fig. 5 is a process flow diagram generally illustrating aspects of an exemplary method 500 for generating random numbers and storing those random numbers into OTP 110 in accordance with aspects of the invention. A general sequence of operations of method 500 is shown in fig. 5. Method 500 may include more or fewer operations or steps, or may be arranged in a different order than those shown in fig. 5. The method 500 may be performed as a set of computer executable instructions that are executed by a processor, such as the controller 102 of the PUF 100, and encoded or stored on a computer readable medium. Further, the method 500 may be implemented by a gate or circuit associated with a processor, an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), a system on a chip (SOC), another IC, or other hardware device, such as the controller 102. Hereinafter, the method 500 will be explained with reference to the systems, components, devices, modules, circuits, firmware, software, signals, data structures, methods, etc. described in connection with fig. 1-4B and fig. 6-8; it will be appreciated by those skilled in the art that some or all of the operations of method 500 may be implemented by or using elements other than those described below.
In operation 508, registers, devices, components, and controller 102 may be reset. The input/output interface 216 of the controller 102 may receive the reset signal 402 as part of the signal 122. The reset signal 402 instructs the controller 102 to reset or start the PUF 100. RNG interface 202 can then send a reset or start signal 404 to SRAM 106.NVM interface 204 may send a reset or start signal 406 to OTP 110. The controller 102 may also send test signals 408 to the BIST 112 to test the functionality of other components.
Then, in operation 512, BIST 112 may implement a self test on RNG 104 and/or OTP 110. NVM 110 and RNG 104 can send responses back to BIST 112, which can indicate whether those components 104, 110 are operating and working properly. The self-test information may then be sent back to the controller 102.
Then, in operation 516, the controller 102 may receive the optional status check signal 418 and then perform a status check on the OTP110. The status check may be initiated by an input signal 418 received by the input/output interface 216 of the controller 102. In other cases, the controller 102 may check the status without an input signal. NVM interface 204 of controller 102 may send signal 420 to OTP110 to determine the state of OTP110. Signal 420 reads reserved bit 302 in OTP110 to determine whether the reserved bit indicates that OTP110 has been written with a random bit and locked.
The reserved bit may have a bit to indicate that OTP110 has been written and/or locked. In another configuration, there may be two or more bits set to indicate that OTP110 has been written and/or locked. For example, the reserved bits may be read and analyzed by majority voting of three or more bits to determine that OTP110 has been written and/or locked. Controller 102 may then determine the state of OTP110 based on the reserved bits. This state may be sent out by the input/output interface 216 as output signal 424.
Then, in operation 520, an initial write of the NVM function 206 of the controller 102 may initiate the SRAM106 of the random number generator 104. Specifically, the initial writing of NVM function 206 begins or initializes SRAM 106. Initialization may provide a first set of random bits in the SRAM106 based on the uniqueness of the SRAM 106. In operation 524, these unique random bits may be read from SRAM106 by an initial write to NVM function 206. The read bits may then be sent to the scrambler 108, where the random bits from the SRAM106 are scrambled, in operation 528. The bit folding circuit or linear feedback shift register may scramble the bits such that the bits in the scrambler 108 are different from those read from the SRAM 106. The scrambled random number bits may then be stored in a register or memory of the scrambler 108 for storage in the OTP 110.
In operation 536, RNG 104 can write the scrambled bits to OTP 110 from the register with the scrambled bits. In some configurations, OTP 110 may only receive one bit per clock cycle. Thus, if the bit register in scrambler 108 has more than one bit, RNG 104 may send one bit from RNG 104 to OTP 110 once during each clock cycle. This bit is written into OTP 110 until a block of bits has been written. At this point, a block of bits may be read from OTP 110 to verify block 114.
In operation 540, the verification block 114 may compare the bit block sent from the OTP 110 with the bits from the register of the scrambler 108. The validation block 114 determines whether the two bitblocks are identical. If the blocks are not identical, a message 432 may be sent to verification of the NVM function 208 of the controller 102, and then the message 432 may restart the process to write the bit block again to the OTP 110. If the blocks are identical, a signal 432 indicating a positive comparison may then be sent to verification of the NVM function 208 of the controller 102, and the process continues.
At this point, the controller 102 may determine whether there are more random bits to store in the OTP 110 in operation 544. If the OTP is not full and there are more bits to store, the method 500 may continue with a "Yes" return to operation 524 to store the next block of bits. If, however, OTP 110 has a complete set of random bits stored within OTP device 110, method 500 may continue "no" to operation 548, where controller 102 may lock OTP 110 in operation 548.
In operation 548, the turning off of the NVM function 212 of the controller 102 may lock the OTP 110 by setting the reserved bit 302 within the OTP device 110. Thus, the shutdown of the NVM function 212 of the controller 102 may prevent any further data storage within the OTP 110. At this point, the random number stored in OTP 110 is stored as a set of possible keys 308 within field 306. Each of the random bits 306 may be associated with an address 304. To obtain the key, OTP 110 may accept an address that matches the address in field 304. If the address messages match, OTP 110 can read out the random bits associated with the received address and send the set of data as a key to output register 118.
Fig. 6 is a process flow diagram generally illustrating aspects of an exemplary method 600 for generating a security key in accordance with aspects of the invention. The general sequence of the operations of method 600 is shown in fig. 6. Method 600 may include more or fewer operations or steps, or may be arranged in a different order than those shown in fig. 6. The method 600 may be performed as a set of computer executable instructions that are executed by a processor, such as the controller 102 of the PUF 100, and encoded or stored on a computer readable medium. Further, the method 600 may be implemented by gates or circuitry associated with a processor, ASIC, FPGA, SOC, IC, or other hardware device, such as the controller 102. Hereinafter, the method 600 will be explained with reference to the systems, components, devices, modules, circuits, firmware, software, signals, data structures, methods, etc. described in connection with fig. 1 to 5 and 7 to 8; it will be appreciated by those skilled in the art that some or all of the operations of method 600 may be implemented by or using elements other than those described below.
In operation 608, the PUF 100 may receive the address as a challenge. Address input signal 446 (a portion of signal 124) may be sent to input address block 116. The input address 446 may be provided with a challenge or other signal 442 that may be sent to the controller 102 as part of the signal 122. Address signal 442 may be received by controller 102 and then another signal 444 may be sent to OTP 110 to initiate a response by OTP 110 with a key when address signal 448 is provided.
Optionally, in operation 612, the input address block 116 may scramble the input address 446. Input address block 116 may also include other types of scramblers of the LFSR. The input address block 116 may scramble the input address 446 to make the provided security key more random. The scrambled address may then be sent to OTP 110 as signal 448 to access OTP 110 in operation 616. Thus, the input address block 116 provides the scrambled address to the OTP 110 to retrieve the desired security key.
In operation 620, the key size determiner 214 of the controller 102 may receive the key size indicator signal 438. The controller 102 may use the key size indicator message 438 to set the output key size in the output register 118 by sending a signal 440 to the output register 118. The key size information may also be stored in the controller 102. Hereinafter, in operation 620, when the key is obtained, the controller 102 may determine the key size. The controller 102 may access information stored regarding the key size and provide that information to the OTP 110 and/or the output register 118.
Then, in operation 624, OTP 110 may retrieve stored random bit 306 associated with received address 444 within data structure 300. Thus, OTP 110 can scan for address 304 that is the same or matches address 444. When a match is found, the OTP 110 can retrieve the random number 306 associated with the address 304; OTP 110 retrieves a digital bit associated with key size 308 set by controller 102.
The key information may then be sent as signal 450 to output register 118 in operation 628. The output register 118 may accept the full key size. Output register 118 may then output the bits stored in output register 118 as signal 452 to output port 120 for transmission as signal 456, which signal 456 may be part of signal 128. In some cases, the output port 120 may accept a smaller portion of the data in the key 308 stored in the output register 118. Thus, the output register 118 may repeatedly send data to the output port 120. In operation 632, the output register 118 may read a portion of the keys in the register and send them out through the output port 120 until the entire key is sent as signal 456. In at least some cases, the input/output interface 216 of the controller 102 may send the output ready signal 126 when the key is ready to be sent out.
Fig. 7 is a process flow diagram generally illustrating aspects of an exemplary method 700 for generating a random number stored in OTP 110 in accordance with aspects of the invention. The general sequence of operations of method 700 is shown in fig. 7. Method 700 may include more or fewer operations or steps, or may include an order of operations or steps in a different arrangement than those shown in fig. 7. The method 700 may be performed as a set of computer executable instructions that are executed by a processor, such as the controller 102 of the PUF 100, and encoded or stored on a computer readable medium. Further, the method 700 may be implemented by gates or circuitry associated with a processor, ASIC, FPGA, SOC, IC, or other hardware device, such as the controller 102. Hereinafter, the method 700 will be explained with reference to the systems, components, devices, modules, circuits, firmware, software, signals, data structures, methods, etc. described in connection with fig. 1 to 6 and 8; it will be appreciated by those skilled in the art that some or all of the operations of method 700 may be implemented by or using elements other than those described below.
In operation 708, registers, devices, components, and controller 102 may be reset. The input/output interface 216 of the controller 102 may receive the reset signal 402 as part of the signal 122. The reset signal 402 instructs the controller 102 to reset or start the PUF 100. RNG interface 202 can then send reset or start signal 404 to SRAM 106.NVM interface 204 may send a reset or start signal 406 to OTP 110. The controller 102 may also send test signals 408 to the BIST 112 to test the functionality of other components.
Then, in operation 712, BIST 112 may implement a self test on RNG 104 and/or OTP 110. NVM 110 and RNG 104 can send responses back to BIST 112, which can indicate whether those components 104, 110 are operating and working properly. The self-test information may then be sent back to the controller 102.
Then, in operation 716, the controller 102 may receive the optional status check signal 418 and then perform a status check on the OTP 110. The status check may be initiated by an input signal 418 received by the input/output interface 216 of the controller 102. In other cases, the controller 102 may check the status without an input signal. NVM interface 204 of controller 102 may send signal 420 to OTP110 to determine the state of OTP 110. Signal 420 reads reserved bit 302 in OTP110 to determine whether the reserved bit indicates that OTP110 has been written with a random bit and locked.
The reserved bit may have a bit to indicate that OTP110 has been written and/or locked. In another configuration, there may be two or more bits set to indicate that OTP110 has been written and/or locked. For example, the reserved bits may be read and analyzed by majority voting of three or more bits to determine that OTP110 has been written and/or locked. Controller 102 may then determine the state of OTP110 based on the reserved bits. This state may be sent out by the input/output interface 216 as output signal 424.
Then, in operation 720, an initial write of the NVM function 206 of the controller 102 may initiate the SRAM106 of the random number generator 104. Specifically, the initial writing of NVM function 206 begins or initializes SRAM 106. Initialization may provide a first set of random bits in the SRAM106 based on the uniqueness of the SRAM 106. In operation 724, these unique random bits may be read from SRAM106 by an initial write to NVM function 206. The read bits may then be sent to a scrambler 108, where the random bits from the SRAM106 are scrambled, in operation 728. The bit folding circuit or linear feedback shift register may scramble the bits such that the bits in the scrambler 108 are different from those read from the SRAM 106. The scrambled random number bits may then be stored in a register or memory of the scrambler 108 for storage in the OTP 110 in operation 732.
In operation 736, RNG 104 can write the scrambled bits to OTP 110 from a register with the scrambled bits. In some configurations, OTP 110 may only receive one bit per clock cycle. Thus, if the bit register in scrambler 108 has more than one bit, RNG 104 may send one bit from RNG 104 to OTP 110 once during each clock cycle. This bit is written into OTP 110 until a block of bits has been written. At this point, a block of bits may be read from OTP 110 to verify block 114.
In operation 740, the verification block 114 may compare the bit block transmitted from the OTP 110 with the bits from the register of the scrambler 108. The validation block 114 determines whether the two bitblocks are identical. If the blocks are not identical, a message 432 may be sent to verification of the NVM function 208 of the controller 102, and then the message 432 may restart the process to write the bit block again to the OTP 110. If the blocks are identical, a signal 432 indicating a positive comparison is then sent to verification of the NVM function 208 of the controller 102, and the process continues.
At this point, controller 102 may determine whether there are more random bits to store in OTP 110 in operation 744. If the OTP is not full and there are more bits to store, method 700 may continue with a "yes" return to operation 720 to store the next block of bits. If, however, OTP 110 has a complete set of random bits stored within OTP device 110, method 700 may continue "no" to operation 748 where controller 102 may lock OTP 110. In operation 744, there may be more random bits to store in the OTP 110. But in size, SRAM 106 may be smaller than OTP 110, e.g., in size OTP 110 may be 16kbit and in size SRAM 106 may be 1kbit. In these cases, the SRAM 106 may be reinitialized by the controller 102 to restart the process of reading out the random bits. In this way, several iterations of initializing and reading bits from SRAM 106 may be used to write a larger OTP 110. Thus, rather than returning to operation 724, the method 700 continues to return to operation 720 in several iterations, as shown in FIG. 5.
In operation 748, the turning off of NVM function 212 of controller 102 may lock OTP 110 by setting a reserved bit 302 within OTP device 110. Thus, the shutdown of the NVM function 212 of the controller 102 may prevent any further data storage within the OTP 110. At this point, the random number stored in OTP 110 is stored as a set of possible keys 308 within field 306. Each of the random bits 306 may be associated with an address 304. To obtain the key, OTP 110 may accept an address that matches the address in field 304. If the address messages match, OTP 110 can read out the random bits associated with the received address and send the set of data as a key to output register 118.
Fig. 8 is a process flow diagram generally illustrating aspects of an exemplary method 800 of starting a process with a PUF 100 in accordance with aspects of the present invention. A general sequence of operations of method 800 is shown in fig. 8. Method 800 may include more or fewer operations or steps, or may be arranged in a different order than those shown in fig. 8. The method 800 may be performed as a set of computer executable instructions that are executed by a processor, such as the controller 102 of the PUF 100, and encoded or stored on a computer readable medium. Further, the method 800 may be implemented by gates or circuitry associated with a processor, ASIC, FPGA, SOC, IC, or other hardware device, such as the controller 102. Hereinafter, the method 800 will be explained with reference to systems, components, devices, modules, circuits, firmware, software, signals, data structures, methods, etc. described in connection with fig. 1-7; it will be appreciated by those skilled in the art that some or all of the operations of method 800 may be implemented by or using elements other than those described below.
In operation 808, registers, devices, components, and controller 102 may be reset. The input/output interface 216 of the controller 102 may receive the reset signal 402 as part of the signal 122. The reset signal 402 instructs the controller 102 to reset or start the PUF 100. RNG interface 202 can then send reset or start signal 404 to SRAM 106.NVM interface 204 may send a reset or start signal 406 to OTP 110. The controller 102 may also send test signals 408 to the BIST 112 to test the functionality of other components.
Then, in operation 812, BIST 112 may implement a self test on RNG 104 and/or OTP 110. NVM 110 and RNG 104 can send responses back to BIST 112, which can indicate whether those components 104, 110 are operating and working properly. The self-test information may then be sent back to the controller 102.
Then, in operation 816, the controller 102 may receive the optional status check signal 418 and then perform a status check on the OTP 110. The status check may be initiated by an input signal 418 received by the input/output interface 216 of the controller 102. In other cases, the controller 102 may check the status without an input signal. NVM interface 204 of controller 102 may send signal 420 to OTP110 to determine the state of OTP 110. Signal 420 reads reserved bit 302 in OTP110 to determine whether the reserved bit indicates that OTP110 has been written with a random bit and locked.
The reserved bit may have a bit to indicate that OTP 110 has been written and/or locked. In another configuration, there may be two or more bits set to indicate that OTP 110 has been written and/or locked. For example, the reserved bits may be read and analyzed by majority voting of three or more bits to determine that OTP 110 has been written and/or locked. Then, in operation 820, the controller 102 may determine a state of the OTP 110 based on the reserved bit. This state may be sent out by the input/output interface 216 as output signal 424.
If the lock bit is set, the method 800 continues "yes" to operation 824, where the controller 102 may write the bit to the SRAM 106. Here, after initialization, SRAM 106 may contain the same or similar sets of bits as those written or provided to the scrambler and then written to OTP 110. To prevent those bits from being read out and possibly allow an external device or function to determine the contents of the OTP 110, the controller 102 may write those bits (e.g., ones and/or zeros) into the SRAM 106 to change the contents stored in the SRAM 106. In this way, if SRAM 106 is read, the contents in SRAM 106 will be different from the contents used to create the key in OTP 110.
In operation 828, if it is determined that the lock bit is not set, process 800 may continue with "no" to store the random bit in OTP 110. The storage of the random bits in operation 828 may be similar to the process described in connection with fig. 5 and 7.
Furthermore, the disclosed embodiments provide, among other things, PUFs that may generate unique signatures from SRAM or random number generators. These signatures may be stored in the NVM where they do not change due to changes in heat or lifetime of the integrated circuit. In previous SRAM-based devices, the signature in the SRAM may change over time and heat. In other past OTP type PUFs, those previous PUFs required an external port to store these bits in the OTP. This external port of the PUF is a weakness of PUF security, as this port can be used for writing or reading from an OTP. In aspects herein, SRAM inside the PUF does not use external ports and thus the risk of reprogramming is reduced or eliminated. Furthermore, with components inside the PUF, aspects herein do not need to provide casting worker information about the PUF. Even with the above differences, PUF devices can have many challenge/response pairs because of the large number of bits stored in the OTP.
Thus, the PUF device herein provides a reliable way to generate multiple signatures as challenge and response pairs for a security function. The PUFs herein have sufficient entropy (randomness) between each PUF to guarantee uniqueness. Finally, PUFs can prevent reprogramming attacks and "cold start" attacks.
Aspects of the invention include a method of generating a security key for an integrated circuit device, comprising: generating a plurality of key bits with a random number generator; storing a plurality of key bits in a non-volatile memory; and generating a security key from the stored plurality of key bits.
In some embodiments, the random number generator comprises a Static Random Access Memory (SRAM), wherein the plurality of key bits are read from the SRAM after initializing the SRAM. In some embodiments, the random number generator further comprises: a scrambler that scrambles the plurality of key bits read from the static random access memory. In some embodiments, the scrambler is one of a bit-folding circuit or a linear feedback shift register. In some embodiments, the non-volatile memory comprises a one-time programmable (OTP) device. In some embodiments, the plurality of key bits are stored into the one-time programmable device, and wherein the plurality of key bits represent two or more security keys.
In some embodiments, the one-time programmable device receives an address and retrieves a security key associated with the address. In some embodiments, the address is scrambled prior to providing the address to the one-time programmable device. In some embodiments, the method further comprises: receiving a key size indicator; and setting a key size for the secure key according to the key size indicator. In some embodiments, the method further comprises: outputting the security key in response to receiving the address.
In some embodiments, the method further comprises: locking the one-time programmable device after storing the plurality of key bits, wherein a locking bit is set in the one-time programmable device to indicate that the one-time programmable device is locked, wherein the one-time programmable device does not store additional bits after setting the locking bit. In some embodiments, the method further comprises: it is determined whether the lock bit is set. In some embodiments, the random number generator comprises a static random access memory and the non-volatile memory comprises a one-time programmable device, wherein the static random access memory stores fewer bits than the one-time programmable device, and the static random access memory is initialized two or more times to provide the plurality of key bits to the one-time programmable device.
Another aspect of the invention includes an integrated circuit device having a PUF generator configured to output two or more security keys, each security key including a plurality of key bits, wherein the PUF generator includes: a Static Random Access Memory (SRAM) that is read after initialization to provide one or more of the plurality of key bits; a one-time programmable (OTP) device for: storing a plurality of key bits read from the SRAM; and providing one of the two or more security keys from the plurality of key bits when the address is received.
In some embodiments, the physical unclonable function generator further comprises: a scrambler for scrambling the key bits read from the static random access memory. In some embodiments, the scrambler is one of a bit-folding circuit or a linear feedback shift register. In some embodiments, the physical unclonable function generator further comprises: an input address scrambler receives an input address and scrambles the input address to generate an address that is provided to the one-time programmable device. In some embodiments, the physical unclonable function generator further comprises: a controller for controlling the functions of the static random access memory and the one-time programmable device; and an output register, wherein the controller also receives a key size indicator signal and sets the output register to store bits according to the key size indicator signal for the secure key.
Another aspect of the invention includes a system for generating an integrated circuit device security key, which may have a random number generator, comprising: a Static Random Access Memory (SRAM) that is read after initialization to provide a plurality of bits; a Linear Feedback Shift Register (LFSR) for scrambling a plurality of bits read from the SRAM; an input address scrambler for: receiving an input address; scrambling the input address to a scrambled address; providing a scrambled address; a one-time programmable (OTP) device in communication with the LFSR and the input address scrambler for: storing the scrambled key bits provided from the LFSR; associating the scrambled key bits with an address; receiving the scrambled address from the input address scrambler; determining an address associated with the scrambled key bit, the address matching the scrambled address; reading scrambled bits having an address matching the scrambled address; providing the scrambled key bits as a security key; an output register in communication with the OTP device, the output register for: receiving a security key from the OTP device; and outputting the security key.
In some embodiments, the system further comprises: a controller for: controlling the functions of the static random access memory and the one-time programmable device; receiving a key size indicator signal; and setting the output register to store bits according to the key size indicator signal for the secure key.
The foregoing outlines features of several examples so that those skilled in the art may better understand the aspects of the present invention. Those skilled in the art will appreciate that they may readily use the present invention as a basis for designing or modifying other processes and structures for carrying out the same purposes and/or achieving the same advantages of the embodiments presented herein. Those skilled in the art should also realize that such equivalent constructions do not depart from the spirit and scope of the invention, and that they may make various changes, substitutions, and alterations herein without departing from the spirit and scope of the invention.
Claims (20)
1. A method of generating a security key for an integrated circuit device, comprising:
generating a plurality of key bits with a random number generator;
storing the plurality of key bits in a non-volatile memory, wherein the non-volatile memory comprises a one-time programmable (OTP) device;
Generating the security key from the plurality of key bits stored in the non-volatile memory; and
Locking the one-time programmable device after storing the plurality of key bits, wherein a locking bit is set in the one-time programmable device to indicate that the one-time programmable device is locked, wherein the one-time programmable device does not store additional bits after setting the locking bit.
2. The method of claim 1, wherein the random number generator comprises a Static Random Access Memory (SRAM), wherein the plurality of key bits are read from the SRAM after initializing the SRAM.
3. The method of claim 2, wherein the random number generator further comprises: a scrambler that scrambles the plurality of key bits read from the static random access memory.
4. A method according to claim 3, wherein the scrambler is one of a bit-folding circuit or a linear feedback shift register.
5. The method of claim 4, wherein the scrambler is paired with one or more XOR gates when the scrambler is a linear feedback shift register.
6. The method of claim 1, wherein the plurality of key bits are stored into the one-time programmable device, and wherein the plurality of key bits represent two or more security keys.
7. The method of claim 5, wherein the one-time programmable device receives an address and retrieves a security key associated with the address.
8. The method of claim 7, wherein the address is scrambled prior to providing the address to the one-time programmable device.
9. The method of claim 7, further comprising:
Receiving a key size indicator signal; and
Setting a key size for the secure key according to the key size indicator signal.
10. The method of claim 7, further comprising: outputting the security key in response to receiving the address.
11. The method of claim 1, wherein the one-time programmable device is an antifuse one-time programmable device.
12. The method of claim 1, further comprising: it is determined whether the lock bit is set.
13. The method of claim 1, wherein the random number generator comprises a static random access memory, wherein the static random access memory stores fewer bits than the one-time programmable device, and the static random access memory is initialized two or more times to provide the plurality of key bits to the one-time programmable device.
14. An integrated circuit device, comprising:
A physically unclonable function generator for outputting two or more security keys, each security key comprising a plurality of key bits, wherein the physically unclonable function generator comprises:
A Static Random Access Memory (SRAM) that is read after initialization to provide one or more of the plurality of key bits;
A one-time programmable (OTP) device for:
storing the plurality of key bits read from the static random access memory, locking the one-time-programmable device after storing the plurality of key bits, wherein a locking bit is set in the one-time-programmable device to indicate locking the one-time-programmable device, wherein after setting the locking bit, the one-time-programmable device does not store additional bits; and
When an address is received, one of the two or more security keys is provided from the plurality of key bits.
15. The integrated circuit device of claim 14, wherein the physical unclonable function generator further comprises: a scrambler for scrambling the key bits read from the static random access memory.
16. The integrated circuit device of claim 15, wherein the scrambler is one of a bit-folding circuit or a linear feedback shift register.
17. The integrated circuit device of claim 14, wherein the physical unclonable function generator further comprises: an input address scrambler receives an input address and scrambles the input address to generate an address that is provided to the one-time programmable device.
18. The integrated circuit device of claim 14, wherein the physical unclonable function generator further comprises:
a controller for controlling the functions of the static random access memory and the one-time programmable device; and
An output register, wherein the controller also receives a key size indicator signal and sets the output register to store key bits associated with the security key for which a key size is set according to the key size indicator signal for the security key.
19. A system for generating a security key for an integrated circuit device, the system comprising:
A random number generator comprising:
A Static Random Access Memory (SRAM) that is read after initialization to provide a plurality of bits;
A Linear Feedback Shift Register (LFSR) for scrambling the plurality of bits read from the sram into scrambled key bits;
an input address scrambler for:
receiving an input address;
scrambling the input address to a scrambled address;
providing the scrambled address;
A one-time programmable (OTP) device in communication with the linear feedback shift register and the input address scrambler for:
Storing the scrambled key bits provided from the linear feedback shift register, locking the one-time-programmable device after storing the plurality of key bits, wherein a locking bit is set in the one-time-programmable device to indicate locking the one-time-programmable device, wherein after setting the locking bit the one-time-programmable device does not store additional bits;
Associating the scrambled key bits with an address;
Receiving the scrambled address from the input address scrambler;
Determining the address associated with the scrambled key bit, the address matching the scrambled address;
Reading the scrambled key bits having the address matching the scrambled address;
providing the scrambled key bits as the security key;
An output register in communication with the one-time programmable device, the output register to:
receiving the security key from the one-time programmable device; and
Outputting the security key.
20. The system of claim 19, further comprising: a controller for:
controlling the functions of the static random access memory and the one-time programmable device;
Receiving a key size indicator signal; and
The output register is set to store key bits associated with the security key for which a key size is set according to the key size indicator signal for the security key.
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US202063002670P | 2020-03-31 | 2020-03-31 | |
| US63/002,670 | 2020-03-31 | ||
| US17/106,856 US11528135B2 (en) | 2020-03-31 | 2020-11-30 | Integrated circuit (IC) signatures with random number generator and one-time programmable device |
| US17/106,856 | 2020-11-30 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113079019A CN113079019A (en) | 2021-07-06 |
| CN113079019B true CN113079019B (en) | 2024-04-30 |
Family
ID=76611437
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110337813.XA Active CN113079019B (en) | 2020-03-31 | 2021-03-30 | Integrated circuit device and method and system for generating security key thereof |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113079019B (en) |
| TW (1) | TWI781544B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115237831B (en) * | 2022-09-22 | 2023-02-07 | 瀚博半导体(上海)有限公司 | Data transmission method, device, chip, electronic equipment and medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107924448A (en) * | 2015-09-29 | 2018-04-17 | 英特尔公司 | The one-way cipher art that hardware is implemented |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6961852B2 (en) * | 2003-06-19 | 2005-11-01 | International Business Machines Corporation | System and method for authenticating software using hidden intermediate keys |
| US8160244B2 (en) * | 2004-10-01 | 2012-04-17 | Broadcom Corporation | Stateless hardware security module |
| JP2008027327A (en) * | 2006-07-25 | 2008-02-07 | Sony Corp | Memory access controller and memory access control method, and communication equipment |
| US7822207B2 (en) * | 2006-12-22 | 2010-10-26 | Atmel Rousset S.A.S. | Key protection mechanism |
| US9432184B2 (en) * | 2008-09-05 | 2016-08-30 | Vixs Systems Inc. | Provisioning of secure storage for both static and dynamic rules for cryptographic key information |
| US8594333B2 (en) * | 2008-09-05 | 2013-11-26 | Vixs Systems, Inc | Secure key access with one-time programmable memory and applications thereof |
| KR102461042B1 (en) * | 2015-02-12 | 2022-11-01 | 삼성전자주식회사 | Payment processing method and electronic device supporting the same |
| CN106845975A (en) * | 2015-12-05 | 2017-06-13 | 上海阿艾依智控系统有限公司 | The embedded devices and methods therefor that continues to pay dues is interlocked based on radio-frequency identification card and smart mobile phone |
| US10910079B2 (en) * | 2016-05-09 | 2021-02-02 | Intrinsic Id B.V. | Programming device arranged to obtain and store a random bit string in a memory device |
-
2021
- 2021-03-03 TW TW110107560A patent/TWI781544B/en active
- 2021-03-30 CN CN202110337813.XA patent/CN113079019B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107924448A (en) * | 2015-09-29 | 2018-04-17 | 英特尔公司 | The one-way cipher art that hardware is implemented |
Also Published As
| Publication number | Publication date |
|---|---|
| TW202139041A (en) | 2021-10-16 |
| CN113079019A (en) | 2021-07-06 |
| TWI781544B (en) | 2022-10-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10769309B2 (en) | Apparatus and method for generating identification key | |
| Tehranipoor et al. | DRAM-based intrinsic physically unclonable functions for system-level security and authentication | |
| Zalivaka et al. | Reliable and modeling attack resistant authentication of arbiter PUF in FPGA implementation with trinary quadruple response | |
| EP2191410B1 (en) | Identification of devices using physically unclonable functions | |
| US11528135B2 (en) | Integrated circuit (IC) signatures with random number generator and one-time programmable device | |
| EP2359520B1 (en) | Distributed puf | |
| US9129671B2 (en) | Semiconductor device identifier generation method and semiconductor device | |
| Bhargava et al. | An efficient reliable PUF-based cryptographic key generator in 65nm CMOS | |
| US11962693B2 (en) | Integrated circuit (IC) signatures with random number generator and one-time programmable device | |
| US20170295027A1 (en) | Apparatus and Method for Processing Authentication Information | |
| Delvaux et al. | Secure lightweight entity authentication with strong PUFs: Mission impossible? | |
| EP3542261B1 (en) | Method for performing a trustworthiness test on a random number generator | |
| US11329834B2 (en) | System and method for generating and authenticating a physically unclonable function | |
| Zalivaka et al. | Design and implementation of high-quality physical unclonable functions for hardware-oriented cryptography | |
| CN113079019B (en) | Integrated circuit device and method and system for generating security key thereof | |
| Lee et al. | Samsung physically unclonable function (SAMPUF™) and its integration with Samsung security system | |
| US20240348435A1 (en) | Integrated circuit (ic) signatures with random number generator and one-time programmable device | |
| Li et al. | Enhancing tpm security by integrating sram pufs technology | |
| US20200401690A1 (en) | Techniques for authenticating and sanitizing semiconductor devices | |
| Mandadi | Remote Integrity Checking using Multiple PUF based Component Identifiers | |
| US20220300624A1 (en) | Hardware storage unique key | |
| Pehl | Design, Evaluation, and Application of Security Primitives that are Based on Hardware-Intrinsic Features | |
| Srivathsa | Secure and energy efficient physical unclonable functions | |
| Zalivaka et al. | NAND Flash Memory Devices Security Enhancement Based on Physical Unclonable Functions | |
| Che | Model Building and Security Analysis of PUF-Based Authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |