CN117932699A - Encryption chip and chip encryption method - Google Patents
Encryption chip and chip encryption method Download PDFInfo
- Publication number
- CN117932699A CN117932699A CN202311872932.0A CN202311872932A CN117932699A CN 117932699 A CN117932699 A CN 117932699A CN 202311872932 A CN202311872932 A CN 202311872932A CN 117932699 A CN117932699 A CN 117932699A
- Authority
- CN
- China
- Prior art keywords
- encryption
- flow
- information
- chip
- encryption information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 238
- 230000008569 process Effects 0.000 claims abstract description 222
- 238000013461 design Methods 0.000 claims description 39
- 238000012360 testing method Methods 0.000 claims description 24
- 238000012795 verification Methods 0.000 claims description 20
- 238000012938 design process Methods 0.000 claims description 15
- 238000004806 packaging method and process Methods 0.000 claims description 12
- 238000005538 encapsulation Methods 0.000 claims description 9
- 238000004088 simulation Methods 0.000 claims description 8
- 238000012858 packaging process Methods 0.000 claims description 7
- 238000007664 blowing Methods 0.000 claims description 4
- 230000007246 mechanism Effects 0.000 claims description 2
- 238000004519 manufacturing process Methods 0.000 description 14
- 238000010586 diagram Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000015572 biosynthetic process Effects 0.000 description 3
- 230000010354 integration Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 238000010998 test method Methods 0.000 description 2
- 238000003466 welding Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000001459 lithography Methods 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides an encryption chip and an encryption method thereof. The encryption chip includes: the combined encryption module stores a plurality of groups of encryption information, each group of encryption information corresponds to one flow in the encryption chip forming process, each group of encryption information comprises the encryption information of the flow and comprehensive encryption information of a previous flow, the comprehensive encryption information of the previous flow is formed based on the comprehensive password information obtained by the previous flow, and the comprehensive password information of the next flow is formed based on the comprehensive password information of the current flow and the comprehensive password information obtained by the previous flow in the current flow. Therefore, the encryption anti-theft task of the chip can be thinned to each flow link in the encryption chip forming process, so that a final multi-level and multi-dimensional encryption anti-theft system is formed, and the risk of illegal theft of the chip is reduced.
Description
[ Field of technology ]
The invention relates to the field of chip design, in particular to an encryption chip and a chip encryption method.
[ Background Art ]
A chip generally refers to a carrier of an integrated circuit, and is also the result of the integrated circuit after being designed, manufactured, packaged, and tested, and is usually a stand-alone entity that can be immediately used. Integrated circuits are more focused on circuit design and layout, and chips are more focused on circuit integration, production, and packaging. The entity of an integrated circuit is often in the form of a chip, and the narrow definition of an integrated circuit emphasizes the circuit itself, and a broad sense of an integrated circuit may also include various meanings associated with the chip. The terms "chip" and "integrated circuit" are often used in a mixed manner.
The integrated circuit enters the automatic layout wiring of the rear end after the digital design and the analog design of the front end, and is taken out for production of a wafer foundry after the layout is finished, and then is packaged and tested. From market research, stand, function definition, circuit and layout design, time investment is from several months to tens of months, manpower investment is very often and even hundreds of engineers, and flow sheets and reform are not small expenses. The products developed in a very hard way bring huge losses to the ownership of the project once they are leaked or stolen.
GDSII (a database file format that has become a practical industry standard for integrated circuit layout for data conversion) files are stored and transferred, and MASK (an important element MASK used in lithography in integrated circuit manufacturing) has potential risks of leakage and theft during storage and use; chips that have been produced also present a risk of being reverse plagiarized.
Protection of integrated circuit intellectual property is now commonly achieved by protecting some particular method or function application and registering the protection with the integrated circuit layout design as a whole.
If some integrated circuits are not patented or cannot be protected by special patents, although special patent technologies are used in some cases, the actual operation has the potential risk that an infringer applies that the patent technology is invalid and cannot be protected by the patent.
Although the integrated circuit layout design registration can protect the whole layout, the organization or unit with the corresponding technology can adjust the layout when taking the GDSII file of the developer or by reverse engineering plagiarism, so that the final function is similar to the integrated circuit function of the developer, and the layout after different and modified can also apply for the integrated circuit layout design registration; if the developer's integrated circuit is truly infringed, the process of walking is a lengthy and time consuming matter of theory during legal litigation.
In order to reduce and alleviate further loss of GDSII or MASK after leakage or theft, and also to avoid illegal infringement of ownership rights caused by reverse plagiarism of chips, it is necessary to develop an encryption method to alleviate or even avoid loss of developers caused by the foregoing situation.
[ Invention ]
The invention aims to provide an encryption chip and a chip encryption method, which can refine the encryption anti-theft task of the chip to each flow link in the encryption chip forming process so as to form a final multi-level and multi-dimensional encryption anti-theft system and reduce the risk of illegal theft of the chip.
According to one aspect of the present invention, the present invention proposes an encryption chip comprising: the combined encryption module stores a plurality of groups of encryption information, each group of encryption information corresponds to one flow in the encryption chip forming process, each group of encryption information comprises the encryption information of the flow and comprehensive encryption information of a previous flow, the comprehensive encryption information of the previous flow is formed based on the comprehensive password information obtained by the previous flow, and the comprehensive password information of the next flow is formed based on the comprehensive password information of the current flow and the comprehensive password information obtained by the previous flow in the current flow.
In one embodiment, the stream cipher information of each set of cipher information includes the stream cipher information obtained by encrypting the stream cipher information using the first encryption algorithm of the stream; and encrypting the comprehensive password information obtained by the previous process by using the second encryption algorithm of the process to obtain the comprehensive encryption information of the previous process.
According to another aspect of the present invention, there is provided an encryption method of an encryption chip, the encryption chip including: the combined encryption module stores a plurality of groups of encryption information, each group of encryption information corresponds to one flow in the encryption chip forming process, each group of encryption information comprises the encryption information of the flow and comprehensive encryption information of a previous flow, the comprehensive encryption information of the previous flow is formed based on the comprehensive password information obtained by the previous flow, and the comprehensive password information of the next flow is formed based on the comprehensive password information of the current flow and the comprehensive password information obtained by the previous flow in the current flow.
Compared with the prior art, the combined encryption module stores multiple groups of encryption information, and each group of encryption information corresponds to one flow in the encryption chip forming process, so that the encryption anti-theft task of the chip can be thinned to each flow link in the encryption chip forming process to form a final multi-level and multi-dimensional encryption anti-theft system, and the risk of illegal stealing of the chip is reduced.
[ Description of the drawings ]
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. Wherein:
FIG. 1 is a schematic flow chart of designing and manufacturing a conventional chip;
FIG. 2 is a schematic diagram of a sample wafer design and manufacturing process of an encryption chip according to the present invention;
FIG. 3 is a schematic flow chart of a conventional mass production process of an encryption chip;
FIG. 4 is a schematic flow chart of mass production of the encryption chip in the present invention;
Fig. 5 is an exemplary diagram of writing a corresponding set of encryption information in an encryption chip in a process N in the formation of the encryption chip in the present invention;
Fig. 6 is a block diagram of a set of encryption information formed in each flow in the encryption chip in the present invention in one example.
[ Detailed description ] of the invention
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.
Reference herein to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic may be included in at least one implementation of the invention. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
In the invention, the encryption anti-theft task of the chip is thinned to each flow link of design, production and application, and the software and hardware are utilized to cooperatively encrypt to form a final multi-level and multi-dimensional encryption anti-theft system, so that the difficulty and the decryption cost of decryption are increased finally, and the risk of illegal theft of the chip is reduced.
The invention encrypts all links of the integrated circuit to form a final multi-level and multi-dimensional encryption anti-theft system. Specifically, in the step of function definition, the encryption anti-theft function of the project is carefully planned, and encryption rules and rules for encryption task implementation are formulated; encrypting during front-end digital design and analog design; encryption is performed during layout and wiring; encrypting during layout design; encryption is carried out during wafer testing; encryption is carried out during packaging; encryption is performed in the application software. They all need a specific password to enable a certain function or a certain function, and different passwords are needed according to different projects, and each part of the passwords must be correct to enable the chip, and different versions of the same project have different passwords.
The line width and the integration level of the integrated circuit determine the flow of the integrated circuit design, and different companies or different projects of the same company are not identical in the design flow when the integrated circuit design is performed, and generally, after the market research is finished and the stand passes, the integrated circuit generally goes through the flow shown in fig. 1 before the integrated circuit is designed to be mass produced; the dashed lines shown in the following figures represent that this iterative operation is "possible".
Fig. 2 is a schematic flow chart of designing and manufacturing a sample wafer of an encryption chip in the present invention. The invention implements encryption in each flow link.
FIG. 3 is a schematic flow chart of a conventional mass production process of an encryption chip; fig. 4 is a schematic flow chart of mass production and manufacture of the encryption chip in the present invention. Compared with the prior art, the invention implements encryption in each flow link.
Specifically, in connection with the descriptions of fig. 2 and fig. 4, the related encryption task is implemented step by step in the present invention, which is specifically as follows.
A function definition link for carefully planning the encryption anti-theft function of the project and making encryption rules and rules for implementing encryption tasks;
Encryption is carried out during digital behavior design, so that all functions or part of functions cannot be operated due to the fact that a correct secret key is not available; if a specific code is embedded after being encrypted by a certain encryption rule, a certain function or certain functions of the chip cannot be enabled without the correct input of the specific code and being received and identified by the chip when the chip is started and initialized at a later stage;
Encryption is carried out during layout and wiring, and partial functions cannot be operated due to incorrect keys; such as encryption information of an encryption area implementing the process by adding circuits and logic, which can be implemented by setting certain specific nodes of the encryption area circuit of the process to a high level or a low level;
Encryption is carried out when the analog module is designed, and all functions or part of functions cannot be operated due to the fact that a correct secret key is not available; if a specific code is embedded after being encrypted by a certain encryption rule, the specific code is not correctly input and received and identified by the chip when the chip is started and initialized, and a certain function or certain functions or analog modules of the chip can not be enabled, but the performance is reduced, and the like;
Encryption is carried out during layout drawing, and partial functions cannot be operated due to the fact that a correct secret key is not used; such as setting a high or low level for certain node connections to enable certain function or functions;
Encryption of masks, such as replacing a mask or masks periodically (every week), wherein different manufacturing dates of the same mask are different, the difference of the front and rear versions of a mask is different in encryption area, namely the information related to encryption, and the operation needs to be supported by a front-end layout and other mask presettings which are not replaced, namely the front-end design and the rear-end design need to support the modification of a later mask or masks, so that partial functions cannot be operated due to the fact that a correct key is not available;
Encryption is performed during wafer testing, such as blowing certain fuses, and more encryption means are available for supporting OTP (One Time Program), MTP (Multi-Time Program) and other specific processes; thus, the failure of the correct key will result in some of the functions not being able to function;
encryption is performed during packaging, such as setting certain pressure welding chips high or low, so that specific password information is formed, and therefore, partial functions of the chip cannot be operated due to the fact that a correct secret key is not available;
The application software encrypts, writes all or part of the information into a program, encrypts the program, and the program needs to be updated periodically (every week), otherwise the program cannot run correctly; when the process of replacing a mask, blowing a fuse or operating OTP or MTP, packaging pressure welding chip change and the like involves the process encryption bit, the application software also needs to be correspondingly adjusted and updated;
The encryption tasks of the above processes are encrypted by a set specific encryption method, and the operators of different processes do not know the keys of the other party, i.e. the keys are limited to be known by a specific minority of operators, and the total keys are the partial keys after the partial keys are summarized. The encryption method can also be set to be that after a certain process A is encrypted, the encryption part of the process A is partially decrypted or completely decrypted when the next process B or a certain subsequent process C or D or E and the like is performed, so that the complexity of the whole secret key can be limited, and meanwhile, the secret leakage of an internal person can be avoided.
Because the encryption task is nested into a plurality of processes of design, production and application, passwords of each process are difficult to analyze or guess one by one, and the encryption task is cooperatively encrypted by software and hardware, the decryption difficulty is increased, and the encryption anti-theft effect is achieved.
The method can achieve the purposes that even if an illegal vain obtains the GDSII file or MASK of a developer, the wafer can be produced and packaged into a chip or the chip cannot be correctly operated after being copied reversely, thereby increasing the decryption difficulty, increasing the decryption cost and preventing or delaying the sales and the profit-making of the chip.
In summary, the present invention finally provides an encryption chip. The encryption chip includes: and combining the encryption modules. And a plurality of groups of encryption information are stored in the combined encryption module, and each group of encryption information corresponds to one flow in the encryption chip forming process. Specifically, in each of some processes in the encryption chip forming process, a set of encryption information may be stored in the combined encryption module. However, in some processes in the formation of the encryption chip, the encryption information may not be stored in the combined encryption module.
Each group of encryption information comprises the encryption information of the flow and comprehensive encryption information of the previous flow, wherein the comprehensive encryption information of the previous flow is formed based on the comprehensive password information obtained by the previous flow, and the comprehensive password information of the next flow is formed based on the comprehensive password information of the current flow and the comprehensive password information obtained by the previous flow in the current flow. Specifically, in one embodiment, the stream cipher information of each set of encryption information includes the present stream cipher information and the present stream check information obtained by encrypting the present stream cipher information using the first encryption algorithm of the present stream. And encrypting the comprehensive password information obtained by the previous process by using the second encryption algorithm of the process to obtain the comprehensive encryption information of the previous process. The present flow refers to a flow corresponding to the set of encryption information.
Fig. 6 is a block diagram of a set of encryption information formed in each flow in the encryption chip in the present invention in one example. As shown in fig. 6, part 1 is the pre-flow integrated encryption information, and parts 2 to 3 are the present-flow encryption information.
Specifically, the encryption chip forming process includes a plurality of processes in a digital behavior design process, a layout wiring process, an analog module design process, a layout drawing process, a mask process, a wafer test process and a packaging process, and a set of encryption information corresponding to the current process is written into the combined encryption module in each of the plurality of processes in the digital behavior design process, the layout wiring process, the analog module design process, the layout drawing process, the mask process, the wafer test process and the packaging process.
Fig. 5 is an exemplary diagram of writing a corresponding set of encryption information in an encryption chip in a flow N in the formation process of the encryption chip in the present invention. As shown in fig. 5, when n=1, i.e., the present flow is the first flow, the integrated password information obtained by the previous flow (N-1=0) of the first flow is a predetermined value, i.e., the initial integrated password information is a predetermined value.
In connection with fig. 5 and 6, the description will be given here taking, as an example, encryption of a reticle process, a wafer test process, and a packaging process.
First, a set of encryption information corresponding to a reticle process is written in the reticle process.
In the present invention, the first encryption algorithm is, for example, summing the corresponding digits by decimal digits, and of course, other more complex encryption algorithms are also possible; the second encryption algorithm is for example summing the corresponding digits in decimal digits, but other more complex encryption algorithms are possible. The first encryption algorithm of each flow may be the same or different, and the same is described herein as an example, and the second encryption algorithm of each flow may be the same or different, and the same is described herein as an example. For example, the product of the password information of the current process and the integrated password information obtained from the previous process is the integrated password information of the next process.
Now assume that the pre-process integrated password information sent from the process preceding the reticle process is 20231208 in decimal. Thus, the comprehensive encryption information of the previous process in the mask process is as follows: decimal 2+0+2+3+1+2+0+8=18, binary is 10010, and after the upper bit is zero-padded, the prior process comprehensive encryption information in the mask process is 0001 0010.
If the reticle flow writes the flow code information in decimal 127 (but other data is also possible), its binary representation is 111 1111, and after the upper bit is zero-padded, the flow code information will be binary 0000 0000 0111 1111.
The flow check information is decimal 1+2+7=10, the binary representation is 1010, and after the upper bits are zero-padded, the flow check information is binary 0000 1010.
The integrated code information sent to the next process is 20231208×127= 2569363416 in decimal, which is the integrated code information sent to the wafer test process.
And then writing a group of encryption information corresponding to the wafer test flow in the wafer test flow.
The comprehensive encryption information of the previous flow of the wafer test is decimal 2+5+6+9+3+6+3+4+1+6=45, the binary representation is 101101, and after the upper bit is zero-filled, the comprehensive encryption information of the previous flow is written into the binary 0010 1101;
if the flow password information written in the wafer test flow is 31 in decimal, the binary representation of the flow password information is 1 1111, and after the upper bit is zero-filled, the flow password information is written in 0001 1111 in binary;
The flow verification information of the wafer test flow is decimal 3+1=4, the binary representation is 100, and after the upper bit is zero-filled, the flow verification information is written into the binary 0000 0100;
Then the integrated password information for the next flow is decimal 20231208×127×31= 79650265896, which is the integrated password information for the encapsulation flow.
Then, a group of encryption information corresponding to the packaging flow is written in the packaging flow.
The front-flow comprehensive encryption information of the packaging flow is 7+9+6+5+0+2+6+5+8+9+6=63, the binary representation is 111111, and after the upper bit is zero-padded, the front-flow comprehensive encryption information is written into the binary 00111111;
Assuming that the flow password information written in the packaging process is decimal 17, the binary representation of the flow password information is 10001, and after the upper bit is zero-padded, the flow password information is written in binary 0001 0001;
the flow verification information of the packaging flow is decimal 1+7=8, the binary representation is 1000, and after the upper bit is zero-filled, the flow verification information is written into the binary 0000 1000;
Then the combined password information for the next flow is 20231208×127×31×17= 1354054520232 in decimal.
In one embodiment, the encryption task is executed by setting information such as a device, a circuit, a combination logic, a sequential logic, or data for executing the anti-theft encryption task in one or more of the digital behavior design flow, the layout wiring flow, the analog module design flow, the layout drawing flow, the mask flow, the wafer test flow, the packaging flow, the chip application flow, and the like.
In an alternative embodiment, in the digital behavior design process, some circuits or logic are added in the encryption chip based on the process encryption information and the pre-process comprehensive encryption information, and a plurality of specific nodes of the added circuits or logic are set to be high or low, so that the finally formed encryption chip records the process encryption information and the pre-process comprehensive encryption information, and a group of encryption information related to the digital behavior design process is stored in a combined encryption module of the encryption chip.
In an alternative embodiment, in the layout and routing process, some circuits or logic are added in the encryption chip based on the current process encryption information and the previous process comprehensive encryption information, and a plurality of specific nodes of the added circuits or logic are set to be high or low, so that the finally formed encryption chip records the current process encryption information and the previous process comprehensive encryption information, and a group of encryption information related to the layout and routing process is stored in a combined encryption module of the encryption chip.
In an alternative embodiment, in the design process of the simulation module, some circuits or logic are added in the encryption chip based on the current process encryption information and the previous process comprehensive encryption information, and a plurality of specific nodes of the added circuits or logic are set to be high or low, so that the finally formed encryption chip records the current process encryption information and the previous process comprehensive encryption information, and a group of encryption information related to the design of the simulation module is stored in a combined encryption module of the encryption chip.
In an optional embodiment, in the layout drawing process, a plurality of predetermined nodes in a layout are set to high level or low level based on the current process encryption information and the previous process comprehensive encryption information, so that the encryption chip formed based on the layout records the current process encryption information and the previous process comprehensive encryption information, and a group of encryption information related to the layout drawing process is stored in a combined encryption module of the encryption chip.
In an alternative embodiment, in the mask process, by adding the structure formed based on the current process encryption information and the structure formed based on the previous process comprehensive encryption information to the formed mask, the current process encryption information and the previous process comprehensive encryption information are recorded in an encryption chip formed based on the mask, so that a group of encryption information related to the mask process is stored in a combined encryption module of the encryption chip.
Specifically, since the mask is fabricated based on the GDSII file, in practice, the GDSII file must support encryption operations at the mask, the method may be one or more of the following methods or a combination thereof: 1) Adding or deleting a plurality of similar or dissimilar Vias (VIAs); 2) Connecting a node to power or ground with a layer or layers of wires; 3) The metal lines in some of the encrypted areas with one layer or several layers are disconnected.
In an alternative embodiment, in the wafer test procedure, a predetermined plurality of fuses in the encryption chip are fused based on the current procedure encryption information and the previous procedure comprehensive encryption information, so that the current procedure encryption information and the previous procedure comprehensive encryption information are recorded in the encryption chip, and thus a group of encryption information related to the wafer test procedure is stored in a combined encryption module of the encryption chip.
In an alternative embodiment, in the encapsulation process, a predetermined plurality of bonding pads of the encryption chip are set to a high level or a low level based on the current process encryption information and the previous process integrated encryption information, so that the encryption chip records the current process encryption information and the previous process integrated encryption information, thereby storing a set of encryption information related to the encapsulation process in a combined encryption module of the encryption chip.
The application software process refers to the operation of the processes and has the process encryption information of the software process and the process comprehensive encryption information, and refers to the last step of the processes and generates comprehensive password information, and details can be deduced according to the processes and are not repeated. The purpose of adding the process encryption information and the prior process comprehensive encryption information to the application software process is to identify whether the current software version is matched with the current chip version, and the expired software version cannot pass the password verification when the chip verification of the new version is carried out.
And loading multiple sets of encryption information in a combined encryption module of the encryption chip in software (such as test software or application software) running on the basis of the encryption chip. After the encryption chip is powered on and initialized, the software verifies each group of encryption information in the combined encryption module of the encryption chip when performing read-write operation on the encryption chip, if verification is passed, the encryption chip can work normally, and if any one step of verification is not passed, the encryption chip cannot work normally. Preferably, after the encryption chip is powered on and initialized, the multiple sets of encryption information in the combined encryption module are subjected to self-checking, and after the self-checking is passed, the software is used for verification.
In one embodiment, if M consecutive verifications fail, the encryption chip initiates a self-destruction mechanism that causes a system-level signal (e.g., clock signal CLK, system reset signal RST, etc.) or circuit (e.g., bandgap reference of analog circuit, bias used by analog circuit, etc.) to operate in error by blowing a fuse in the encryption chip, e.g., M is a natural number of 3 or more.
It can be seen that the set of encryption information formed in each flow is related not only to the encryption information input in the flow, but also to the encryption information input in all the flows before. Therefore, the encryption degree is greatly improved, and the theft cost is greatly increased.
The invention also provides an encryption method of the encryption chip. The encryption chip includes: the combined encryption module stores a plurality of groups of encryption information, each group of encryption information corresponds to one flow in the encryption chip forming process, each group of encryption information comprises the encryption information of the flow and comprehensive encryption information of a previous flow, the comprehensive encryption information of the previous flow is formed based on the comprehensive password information obtained by the previous flow, and the comprehensive password information of the next flow is formed based on the comprehensive password information of the current flow and the comprehensive password information obtained by the previous flow in the current flow.
Specifically, the stream cipher information of each set of cipher information includes the stream cipher information obtained by encrypting the stream cipher information by using the first encryption algorithm of the stream; and encrypting the comprehensive password information obtained by the previous process by using the second encryption algorithm of the process to obtain the comprehensive encryption information of the previous process. The integrated password information obtained by the previous flow of the first flow is a predetermined value.
Specifically, the encryption chip forming process includes a plurality of processes of a digital behavior design process, a layout wiring process, an analog module design process, a layout drawing process, a mask process, a wafer test process and a packaging process. And writing a group of encryption information corresponding to the flow into the combined encryption module in each of a plurality of flows in a digital behavior design flow, a layout wiring flow, an analog module design flow, a layout drawing flow, a mask plate flow, a wafer test flow and a packaging flow.
In one embodiment, in the digital behavior design flow, some circuits or logic are added in the encryption chip based on the present flow encryption information and the previous flow comprehensive encryption information, and a plurality of specific nodes of the added circuits or logic are set to be high level or low level, so that the finally formed encryption chip records the present flow encryption information and the previous flow comprehensive encryption information, and a group of encryption information related to the digital behavior design flow is stored in a combined encryption module of the encryption chip.
In one embodiment, in the layout and routing process, some circuits or logic are added in the encryption chip based on the present process encryption information and the previous process comprehensive encryption information, and a plurality of specific nodes of the added circuits or logic are set to be high or low, so that the finally formed encryption chip records the present process encryption information and the previous process comprehensive encryption information, and a group of encryption information related to the layout and routing process is stored in a combined encryption module of the encryption chip.
In one embodiment, in the design process of the simulation module, some circuits or logic are added in the encryption chip based on the current process encryption information and the previous process comprehensive encryption information, and a plurality of specific nodes of the added circuits or logic are set to be high or low, so that the finally formed encryption chip records the current process encryption information and the previous process comprehensive encryption information, and a group of encryption information related to the design of the simulation module is stored in a combined encryption module of the encryption chip.
In one embodiment, in the layout drawing process, a plurality of predetermined nodes in a layout are set to high level or low level based on the current process encryption information and the previous process comprehensive encryption information, so that the encryption chip formed based on the layout records the current process encryption information and the previous process comprehensive encryption information, and a group of encryption information related to the layout drawing process is stored in a combined encryption module of the encryption chip.
In one embodiment, in the mask process, by adding a structure formed based on the current process encryption information and a structure formed based on the previous process comprehensive encryption information to the formed mask, the current process encryption information and the previous process comprehensive encryption information are recorded in an encryption chip formed based on the mask, so that a group of encryption information related to the mask process is stored in a combined encryption module of the encryption chip.
In one embodiment, in the wafer test process, a predetermined plurality of fuses in the encryption chip are fused based on the current process encryption information and the previous process integrated encryption information, so that the current process encryption information and the previous process integrated encryption information are recorded in the encryption chip, and a set of encryption information related to the wafer test process is stored in a combined encryption module of the encryption chip.
In one embodiment, in the encapsulation process, a predetermined plurality of bonding pads of the encryption chip are set to a high level or a low level based on the present process encryption information and the previous process integrated encryption information, so that the encryption chip records the present process encryption information and the previous process integrated encryption information, thereby storing a set of encryption information related to the encapsulation process in a combined encryption module of the encryption chip.
In one embodiment, in the application software process, based on the current process encryption information and the previous process comprehensive encryption information, a specific plurality of combined codes of "0" and "1" are written, so that the application software of the encryption chip records the current process encryption information and the previous process comprehensive encryption information, and a group of encryption information related to the application software process is stored in a combined encryption module added to the application software process of the encryption chip.
And loading a plurality of groups of encryption information in the combined encryption module of the encryption chip in software running based on the encryption chip, wherein after the encryption chip is powered on and initialized, the software verifies each group of encryption information in the combined encryption module of the encryption chip when performing read-write operation on the encryption chip, if verification is passed, the encryption chip can work normally, and if any verification is not passed, the encryption chip cannot work normally.
It should be noted that any modifications to the specific embodiments of the invention may be made by those skilled in the art without departing from the scope of the invention as defined in the appended claims. Accordingly, the scope of the claims of the present invention is not limited to the foregoing detailed description.
Claims (11)
1. An encryption chip, comprising:
The combined encryption module stores a plurality of groups of encryption information, each group of encryption information corresponds to one flow in the encryption chip forming process, each group of encryption information comprises the encryption information of the flow and comprehensive encryption information of a previous flow, the comprehensive encryption information of the previous flow is formed based on the comprehensive password information obtained by the previous flow, and the comprehensive password information of the next flow is formed based on the comprehensive password information of the current flow and the comprehensive password information obtained by the previous flow in the current flow.
2. The encryption chip of claim 1, wherein the encryption chip is configured to,
The stream flow encryption information of each group of encryption information comprises the current flow encryption information and the current flow verification information obtained by encrypting the current flow encryption information by using the first encryption algorithm of the current flow;
The comprehensive password information obtained by the previous process is encrypted by utilizing the second encryption algorithm of the process to obtain the comprehensive encryption information of the previous process,
The integrated password information obtained by the previous flow of the first flow is a predetermined value.
3. The encryption chip of claim 1, wherein the encryption chip is configured to,
The encryption chip forming process comprises a plurality of processes of a digital behavior design process, a layout wiring process, an analog module design process, a layout drawing process, a mask process, a wafer test process and a packaging process,
And writing a group of encryption information corresponding to the flow into the combined encryption module in each of a plurality of flows in a digital behavior design flow, a layout wiring flow, an analog module design flow, a layout drawing flow, a mask plate flow, a wafer test flow and a packaging flow.
4. The encryption chip of claim 3, wherein the encryption chip,
In the digital behavior design flow, a plurality of circuits or logics are added in the encryption chip based on the flow encryption information and the pre-flow comprehensive encryption information, and a plurality of specific nodes of the added circuits or logics are set to be high level or low level, so that the finally formed encryption chip records the flow encryption information and the pre-flow comprehensive encryption information, and a group of encryption information related to the digital behavior design flow is stored in a combined encryption module of the encryption chip; or alternatively
In the layout and wiring process, some circuits or logic are added in the encryption chip based on the present process encryption information and the previous process comprehensive encryption information, and a plurality of specific nodes of the added circuits or logic are set to be high level or low level, so that the finally formed encryption chip records the present process encryption information and the previous process comprehensive encryption information, and a group of encryption information related to the layout and wiring process is stored in a combined encryption module of the encryption chip; or alternatively
Adding some circuits or logic into the encryption chip based on the current flow encryption information and the previous flow comprehensive encryption information in the design flow of the simulation module, and setting a plurality of specific nodes of the added circuits or logic to be high level or low level, so that the finally formed encryption chip records the current flow encryption information and the previous flow comprehensive encryption information, thereby storing a group of encryption information related to the design of the simulation module in a combined encryption module of the encryption chip; or alternatively
In the layout drawing process, a plurality of preset nodes in a layout are set to be high level or low level based on the current process encryption information and the previous process comprehensive encryption information, so that the encryption chip formed based on the layout records the current process encryption information and the previous process comprehensive encryption information, and a group of encryption information related to the layout drawing process is stored in a combined encryption module of the encryption chip; or (b)
In the mask process, a structure formed based on the basic process encryption information and a structure formed based on the previous process comprehensive encryption information are added on the formed mask, so that the current process encryption information and the previous process comprehensive encryption information are recorded in an encryption chip formed based on the mask, and a group of encryption information related to the mask process is stored in a combined encryption module of the encryption chip; or (b)
In the wafer test flow, fusing a plurality of fuses in the encryption chip based on the flow encryption information and the pre-flow comprehensive encryption information, so that the flow encryption information and the pre-flow comprehensive encryption information are recorded in the encryption chip, and a group of encryption information related to the wafer test flow is stored in a combined encryption module of the encryption chip; or (b)
In the encapsulation process, a predetermined plurality of bonding pads of the encryption chip are set to be high or low based on the current process encryption information and the previous process comprehensive encryption information, so that the encryption chip records the current process encryption information and the previous process comprehensive encryption information, and a group of encryption information related to the encapsulation process is stored in a combined encryption module of the encryption chip.
5. The cryptographic chip of claim 1, wherein the plurality of sets of cryptographic information in the combined cryptographic module of the cryptographic chip are loaded in software running on the basis of the cryptographic chip,
After the encryption chip is powered on and initialized, the software verifies each group of encryption information in the combined encryption module of the encryption chip when performing read-write operation on the encryption chip, if verification is passed, the encryption chip can work normally, and if any one step of verification is not passed, the encryption chip cannot work normally.
6. The encryption chip of claim 5, wherein the encryption chip is configured to,
After the encryption chip is powered on and initialized, the multiple groups of encryption information in the combined encryption module are subjected to self-checking, and after the self-checking is passed, the software is used for verification.
7. The encryption chip of claim 5, wherein if M consecutive verifications fail, the encryption chip initiates a self-destruction mechanism that causes a system-level signal or circuit to operate in error by blowing fuses in the encryption chip, M being a natural number equal to or greater than 3.
8. An encryption method of an encryption chip, characterized in that the encryption chip comprises: the combined encryption module stores a plurality of groups of encryption information, each group of encryption information corresponds to one flow in the encryption chip forming process, each group of encryption information comprises the encryption information of the flow and comprehensive encryption information of a previous flow, the comprehensive encryption information of the previous flow is formed based on the comprehensive password information obtained by the previous flow, and the comprehensive password information of the next flow is formed based on the comprehensive password information of the current flow and the comprehensive password information obtained by the previous flow in the current flow.
9. The encryption method according to claim 8, wherein,
The stream flow encryption information of each group of encryption information comprises the current flow encryption information and the current flow verification information obtained by encrypting the current flow encryption information by using the first encryption algorithm of the current flow;
The comprehensive password information obtained by the previous process is encrypted by utilizing the second encryption algorithm of the process to obtain the comprehensive encryption information of the previous process,
The integrated password information obtained by the previous flow of the first flow is a predetermined value,
The encryption chip forming process comprises a plurality of processes of a digital behavior design process, a layout wiring process, an analog module design process, a layout drawing process, a mask process, a wafer test process and a packaging process,
And writing a group of encryption information corresponding to the flow into the combined encryption module in each of a plurality of flows in a digital behavior design flow, a layout wiring flow, an analog module design flow, a layout drawing flow, a mask plate flow, a wafer test flow and a packaging flow.
10. An encryption method according to claim 9, characterized in that,
In the digital behavior design flow, a plurality of circuits or logics are added in the encryption chip based on the flow encryption information and the pre-flow comprehensive encryption information, and a plurality of specific nodes of the added circuits or logics are set to be high level or low level, so that the finally formed encryption chip records the flow encryption information and the pre-flow comprehensive encryption information, and a group of encryption information related to the digital behavior design flow is stored in a combined encryption module of the encryption chip; or alternatively
In the layout and wiring process, some circuits or logic are added in the encryption chip based on the present process encryption information and the previous process comprehensive encryption information, and a plurality of specific nodes of the added circuits or logic are set to be high level or low level, so that the finally formed encryption chip records the present process encryption information and the previous process comprehensive encryption information, and a group of encryption information related to the layout and wiring process is stored in a combined encryption module of the encryption chip; or alternatively
Adding some circuits or logic into the encryption chip based on the current flow encryption information and the previous flow comprehensive encryption information in the design flow of the simulation module, and setting a plurality of specific nodes of the added circuits or logic to be high level or low level, so that the finally formed encryption chip records the current flow encryption information and the previous flow comprehensive encryption information, thereby storing a group of encryption information related to the design of the simulation module in a combined encryption module of the encryption chip; or alternatively
In the layout drawing process, a plurality of preset nodes in a layout are set to be high level or low level based on the current process encryption information and the previous process comprehensive encryption information, so that the encryption chip formed based on the layout records the current process encryption information and the previous process comprehensive encryption information, and a group of encryption information related to the layout drawing process is stored in a combined encryption module of the encryption chip; or (b)
In the mask process, a structure formed based on the basic process encryption information and a structure formed based on the previous process comprehensive encryption information are added on the formed mask, so that the current process encryption information and the previous process comprehensive encryption information are recorded in an encryption chip formed based on the mask, and a group of encryption information related to the mask process is stored in a combined encryption module of the encryption chip; or (b)
In the wafer test flow, fusing a plurality of fuses in the encryption chip based on the flow encryption information and the pre-flow comprehensive encryption information, so that the flow encryption information and the pre-flow comprehensive encryption information are recorded in the encryption chip, and a group of encryption information related to the wafer test flow is stored in a combined encryption module of the encryption chip; or (b)
In the encapsulation process, a predetermined plurality of bonding pads of the encryption chip are set to be high or low based on the current process encryption information and the previous process comprehensive encryption information, so that the encryption chip records the current process encryption information and the previous process comprehensive encryption information, and a group of encryption information related to the encapsulation process is stored in a combined encryption module of the encryption chip.
11. The encryption method according to claim 10, wherein the plurality of sets of encryption information in the combined encryption module of the encryption chip are loaded in software running based on the encryption chip,
After the encryption chip is powered on and initialized, the software verifies each group of encryption information in the combined encryption module of the encryption chip when performing read-write operation on the encryption chip, if verification is passed, the encryption chip can work normally, and if any one step of verification is not passed, the encryption chip cannot work normally.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311872932.0A CN117932699A (en) | 2023-12-30 | 2023-12-30 | Encryption chip and chip encryption method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311872932.0A CN117932699A (en) | 2023-12-30 | 2023-12-30 | Encryption chip and chip encryption method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117932699A true CN117932699A (en) | 2024-04-26 |
Family
ID=90769400
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311872932.0A Pending CN117932699A (en) | 2023-12-30 | 2023-12-30 | Encryption chip and chip encryption method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117932699A (en) |
-
2023
- 2023-12-30 CN CN202311872932.0A patent/CN117932699A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6427099B2 (en) | Integrated Circuit Secure Function and Key Management | |
| Yasin et al. | Trustworthy hardware design: Combinational logic locking techniques | |
| Koushanfar | Integrated circuits metering for piracy protection and digital rights management: An overview | |
| CN102542191B (en) | RTL (register transfer level) IP (intellectual property) core protecting method | |
| US10771062B1 (en) | Systems and methods for enhancing confidentiality via logic gate encryption | |
| US8117661B2 (en) | Encryption based silicon IP protection | |
| Engels et al. | The end of logic locking? a critical view on the security of logic locking | |
| TW201926112A (en) | Communication system and method for operating a communication system | |
| US11611429B2 (en) | Comprehensive framework for protecting intellectual property in the semiconductor industry | |
| Shakya et al. | Introduction to hardware obfuscation: Motivation, methods and evaluation | |
| CN104268488A (en) | System And Method For Product Registration | |
| CN102714060A (en) | Paired programmable fuses | |
| KR102049665B1 (en) | Device and method for detecting points of failures | |
| US8074077B1 (en) | Securing circuit designs within circuit design tools | |
| US7545934B2 (en) | Security information packaging system, LSI, and security information packaging method | |
| CN102971984B (en) | Method for authenticating a storage device and host device | |
| US6526511B1 (en) | Apparatus and method for modifying microprocessor system at random and maintaining equivalent functionality in spite of modification, and the same microprocessor system | |
| US11582033B2 (en) | Cryptographic management of lifecycle states | |
| Calzada et al. | Heterogeneous integration supply chain integrity through blockchain and CHSM | |
| CN117932699A (en) | Encryption chip and chip encryption method | |
| JP2011022690A (en) | Simulation model generation device | |
| US20080104396A1 (en) | Authentication Method | |
| US10222417B1 (en) | Securing access to integrated circuit scan mode and data | |
| Bloom et al. | Fab forensics: Increasing trust in IC fabrication | |
| CN113032791B (en) | IP core, IP core management method and chip |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |