GB2605168A - An integrated circuit having a secure area - Google Patents

An integrated circuit having a secure area Download PDF

Info

Publication number
GB2605168A
GB2605168A GB2104149.6A GB202104149A GB2605168A GB 2605168 A GB2605168 A GB 2605168A GB 202104149 A GB202104149 A GB 202104149A GB 2605168 A GB2605168 A GB 2605168A
Authority
GB
United Kingdom
Prior art keywords
response code
code
interface
volatile memory
secure area
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB2104149.6A
Other versions
GB2605168B (en
GB202104149D0 (en
Inventor
Chandler-Page Michael
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cirrus Logic International Semiconductor Ltd
Original Assignee
Cirrus Logic International Semiconductor Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cirrus Logic International Semiconductor Ltd filed Critical Cirrus Logic International Semiconductor Ltd
Priority to GB2104149.6A priority Critical patent/GB2605168B/en
Publication of GB202104149D0 publication Critical patent/GB202104149D0/en
Publication of GB2605168A publication Critical patent/GB2605168A/en
Application granted granted Critical
Publication of GB2605168B publication Critical patent/GB2605168B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/71Hardware identity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2121Chip on media, e.g. a disk or tape with a chip embedded in its case

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The present disclosure relates to a method for securing and accessing a secure area of an integrated circuit (IC). Prior to use of the IC by an end-user a keypair comprising a public key and a private key is generated based on a random number. The public key and the private key are unique or statistically unique to the IC. A first asymmetric cryptographic operation is performed with the private key of the keypair and a global public key to generate a first response code, and the first response code is written to a non-volatile memory of the IC. The public key of the keypair is written to the non-volatile memory as a challenge code. An entity seeking access to the secure area obtains the challenge code from non-volatile memory of the IC, performs a second asymmetric cryptographic operation with the challenge code and a global private key to generate a second response code and transmits the second response code to the IC. The IC compares the received second response code to the first response code and permits access to the secure area if the received second response code corresponds to the stored first response code.

Description

AN INTEGRATED CIRCUIT HAVING A SECURE AREA
Field of the Invention
The present disclosure relates to an integrated circuit (IC) having a secure area, and to methods for securing and permitting access to the secure area.
Backq round Many integrated circuits (ICs) include security features that restrict access to the IC or to a secure area (e.g. a secure memory area and/or a secure register area) of the IC, in order to prevent unauthorised access to secrets or other sensitive data contained in the IC, e.g. by hackers, malware and the like.
However, in certain circumstances it may be necessary to permit access to the IC, for example for debugging during development or testing of the IC, or for fault analysis in the event that the IC fails or develops a fault.
Typical approaches to permitting access to the IC involve performing cryptographic operations inside the IC in order to authenticate a request for access to the IC or its secure area. The aim of these approaches is to avoid embedding a global secret in the IC, in order to prevent discovery of the secret by reverse engineering of a single IC from compromising the security of all instances of that IC.
In some approaches a user must present a cryptographic certificate to the IC, which is validated by the IC using a global public key embedded in the IC. In other approaches the IC transmits a challenge to the user. The user signs the challenge with a cryptographic signature and returns the signed challenge to the IC, which validates the signed challenge using an embedded public key.
These approaches are flexible, as they allow authority to access the secure area to be delegated. However, they rely on the IC being able to perform cryptographic authentication, which typically involves executing a complex algorithm for millions of cycles, before allowing access to the secure area of the chip.
Such approaches are thus not suitable for fault analysis, since if an IC has failed or developed a fault it may not be capable of performing the operations required for cryptographic authentication of a request to access the IC or its secure area.
Summary
According to a first aspect, the invention provides a method for securing and accessing a secure area of an integrated circuit (IC), the method comprising: prior to use of the IC by an end-user: generating a keypair comprising a public key and a private key based on a random number, wherein the public key and the private key are unique or statistically unique to the IC; performing a first asymmetric cryptographic operation with the private key of the keypair and a global public key to generate a first response code; writing the first response code to a non-volatile memory of the IC; and writing the public key of the keypair to the non-volatile memory as a challenge code; at an entity seeking access to the secure area: obtaining the challenge code from non-volatile memory of the IC; performing a second asymmetric cryptographic operation with the challenge code and a global private key to generate a second response code; and transmitting the second response code to the IC; and at the IC: comparing the received second response code to the first response code; and permitting access to the secure area if the received second response code corresponds to the stored first response code.
The first and second asymmetric cryptographic operations may each comprise a Diffie-Hellman cryptographic operation.
The first and second asymmetric cryptographic operations may each comprise a discrete logarithm cryptography operation.
The first and second asymmetric cryptographic operations may each comprise an elliptic curve cryptography operation.
The entity may obtain the challenge code via an interface. The interface may comprise a JTAG interface, an Inter-Integrated Circuit (I2C) interface, a serial peripheral interface (SPI) or a Soundwiree interface, for example.
According to a second aspect, the invention provides an integrated circuit (IC) for use in the method of the first aspect, the IC comprising: a secure area; non-volatile memory storing the challenge code and the first response code; and comparison circuitry, wherein the comparison circuitry is configured to compare the second response code provided by the entity seeking access to the secure area to the first response code and to permit or prevent access to the secure area based on the comparison.
A portion of the non-volatile memory storing the first response code may be non-readable by an entity external to the IC.
The non-volatile memory storing the challenge code and the first response code may be non-modifiable once programmed with the challenge code and the first response code.
The non-volatile memory may comprise one-time-programmable (OTP) memory, for example.
According to a third aspect, the invention provides a method for permitting access to the secure area of an integrated circuit (IC) according to the second aspect, the method comprising: at the entity seeking access to the secure area: obtaining the challenge code from the non-volatile memory of the IC; performing a second asymmetric cryptographic operation with the challenge code and the global private key to generate a second response code; and transmitting the second response code to the IC; and at the IC: comparing the received second response code to the first response code stored in non-volatile memory of the IC; and permitting access to the secure area if the received second response code corresponds to the stored first response code.
The entity may obtains the challenge code via an interface. The interface may comprise a JTAG interface, an Inter-Integrated Circuit (I2C) interface, a serial peripheral interface (SPI) or a Soundwire® interface, for example.
According to a fourth aspect, the invention provides a system for accessing the secure area of an integrated circuit (IC) according to the second aspect, wherein the system is configured to: receive the challenge code obtained from the non-volatile memory of the IC; perform a second asymmetric cryptographic operation with the challenge code and the global private key to generate the second response code; and output the second response code to the comparison circuitry of the IC.
The system may further comprise an analysis tool configured to obtain the challenge code via an interface. The interface may comprise a JTAG interface, an Inter-Integrated Circuit (I2C) interface, a serial peripheral interface (SPI) or a Soundwire® interface, for
example.
The system may further comprise a hardware security module configured to perform the symmetric cryptographic operation with the challenge code and the global private key to generate the second response code.
According to a fifth aspect, the invention provides a system for programming an integrated circuit (IC) according to the second aspect with the challenge code and the first response code, the system comprising: a random number generator; a keypair generator configured to generate a keypair comprising a public key and a private key based on a random number generated by the random number generator, wherein the public key and the private key are unique or statistically unique to the IC; and a cryptographic unit configured to perform a first asymmetric cryptographic operation with the private key of the keypair and a global public key to generate the first response code, wherein the system is configured to write the first response code to the non-volatile memory and to write the public key of the keypair to the non-volatile memory as the challenge code.
Brief Description of the Drawings
Embodiments of the invention will now be described, strictly by way of example only, with reference to the accompanying drawings, of which: Figure 1 is a schematic diagram illustrating an integrated circuit (IC) having a secure area; Figure 2 is a schematic diagram illustrating an example system for programming non-volatile memory of the IC of Figure 1 with a challenge code and a response code; Figure 3 is a schematic diagram illustrating an example system for accessing the secure area of the IC of Figure 1; and Figure 4 is a flow diagram illustrating steps in a method for accessing the secure area of the IC of Figure 1.
Detailed Description
The present disclosure relates to a secure integrated circuit (IC), e.g. an integrated circuit having a secure area such as a secure memory area or one or more secure registers, and to a method and system for securing and accessing the IC. In contrast to the approaches discussed above, the IC is not required to perform any cryptographic operations in order to authenticate a request for access to the IC or its secure area.
Instead, the IC performs a simple comparison of two values to determine if the request for access originates from an authorised entity.
Figure 1 illustrates an integrated circuit (IC) according to the present disclosure. The integrated circuit, shown generally at 100 in Figure 1, has a secure area 110 that can only be accessed by authorised entities, processes or users. The secure area 110 may comprise the whole of or a majority of the IC, or may comprise, for example, a secure area of memory for storing sensitive data. In order to access the secure area 110 the entity, process or user requesting access must be authenticated by the IC 100 to prove that it is authorised to access the secure area 110.
The IC 100 further includes non-volatile memory 120, which may be, for example, onetime programmable (OTP) memory. The non-volatile memory 120 stores a challenge code 122 and a first response code 124. The challenge code 122 and the first response code 124 are used in an authentication process to authenticate an entity, process or user requesting access to the secure area 110. The challenge code 122 represents a challenge that the entity, process or user requesting access must pass in order to be permitted access to the secure area 110, and the first response code 124 represents an expected response of an authorised entity, process or user to the challenge. The challenge code 122 and the first response code 124 are both unique (or statistically unique) to the IC 100, and are programmed into the non-volatile memory 120 prior to use of the IC by an end-user, e.g. during manufacture or test of the IC 100, or during assembly, test or deployment of a host device containing the IC 100. For example, the challenge code 122 and the first response code 124 may be programmed into the non-volatile memory 120 during a wafer test stage of a manufacturing process for the IC 100.
Once the challenge code 122 and the first response code 124 have been programmed into the non-volatile memory 120, the non-volatile memory is effectively locked such that it cannot be modified, thereby preventing any modification, deleting, overwriting etc. of the challenge code 122 or the first response code 124. Further, a portion of the non-volatile memory 120 storing the first response code 124 configured such that it cannot be read by any entity external to the IC, to ensure that the first response code 124 remains secret.
The IC further includes comparison circuitry 130 configured to compare the first response code 124 stored in the non-volatile memory 120 to a second response code received from an entity, processor or user requesting access to the secure area 110, and to permit or prevent access to the secure area 110 based on the comparison.
Figure 2 is a schematic diagram illustrating an example system for programming the non-volatile memory 120 of the IC 100 with a challenge code 122 and a response code 124. The system, shown generally at 200 in Figure 2, may be part of a production test system that is used to test a semiconductor wafer from which the IC 100 is formed during manufacture of the IC 100, or may be part of system used during assembly, test or deployment of a host device containing the IC 100.
The system 200 includes a random number generator 210, which may be configured to produce a random number for each IC programmed. The random number generator 210 may be configured to generate a distinct (e.g. statistically unique) random number for each IC programmed. An output of the random number generator 210 is coupled to an input of a keypair generator 220, which is configured to generate, based on a random number received from the random number generator 210, a unique (or statistically unique) keypair comprising a public key 230 and a private key 240. This keypair may be unique (or statistically unique) for every IC programmed. The keypair generator 220 may be configured to perform an asymmetric cryptographic algorithm to generate the public key 230 and the private key 240. For example, the keypair generator 220 may be configured to perform a discrete logarithm cryptography algorithm such as an elliptic curve cryptography (ECC) algorithm, and the public key 230 and the private key may each be, for example, 256-bit ECC (elliptic curve cryptography) keys.
The public key 230 is written to the non-volatile memory 120 as the challenge code 122, which is unique (or statistically unique) to the IC.
The private key 240 is provided as a first input to a cryptographic unit 250, which also receives, as a second input, a global public key 260, which may be, for example, a 256 bit ECC public key. The cryptographic unit 250 is configured to perform an asymmetric cryptographic operation (using the same kind of cryptography as is used by the keypair generator 220) with the private key 240 and the global public key 260, to generate the first response code 124, which is unique (or statistically unique) to the IC 100 and is written to the non-volatile memory 120 of the IC 100. The asymmetric cryptographic operation performed by the cryptographic unit 250 may be, for example, a discrete logarithm cryptography (e.g. an ECG) Diffie-Hellman cryptographic operation, in which case the system 200 effectively performs one half of a Diffie-Hellman key agreement, with the response code 124 being equivalent to a shared secret of a Diffie-Hellman key agreement.
Once the challenge code 122 (i.e. public key 230) and the response code 124 have been written to the non-volatile memory 120, the non-volatile memory 120 is made permanently non-modifiable, and the portion of the non-volatile memory 120 that stores the response code 124 is made permanently non-readable by any entity outside of the IC, to ensure that the response code 124 (which should remain secret) cannot simply be read from the non-volatile memory 120 by an external entity.
Although in Figure 2 the random number generator 210, keypair generator 220 and encryption unit 250 are shown as separate functional units, it will be appreciated that these functional units could be implemented by a single processor or processing unit, e.g. a computer or the like.
Figure 3 is a schematic diagram illustrating an example system for accessing the secure area 110 of the IC 100, e.g. for the purpose of fault analysis. The system, shown generally at 300 in Figure 3, may be deployed, for example, in a returns centre to analyse ICs that have been returned as failed or faulty.
The system 300 includes an analysis tool 310. The analysis tool 310 may be, for example, a computer or other processing system comprising an interface 312 such as a JTAG interface for connecting the analysis tool 310 to the IC 100, to permit fault analysis and/or debugging of the IC 100. Alternatively, the analysis tool 310 can connect to a host device (e.g. a mobile telephone) that incorporates the IC 100 via a suitable interface of the host device, e.g. an I2C (Inter-Integrated Circuit) interface, an SPI (serial peripheral interface) or a Soundwiree interface, such that the IC 100 does not need to be removed from the host device, which simplifies analysis of the IC 100.
In this example the system 300 further includes a hardware security module 320, which comprises a cryptographic unit 322, which may be, for example, a processor executing suitable program code.
In use of the system 300, a first input of the cryptographic unit 322 is coupled to the analysis tool 310. A second input of the cryptographic unit 322 receives a global private key 324 which is complementary to the global public key 260 used in the system 200, and an output of the cryptographic unit 322 is coupled to an input of the comparison circuitry 130 of the IC 130.
In use of the system 300, the analysis tool 310 retrieves or receives the challenge code 122 from the non-volatile memory 120 of the IC 100 via the interface 312 (or via an interface of the host device), and transmits it to the hardware security module 320. The cryptographic unit 322 performs an asymmetric cryptographic operation on the challenge code 122 and the global private key 324, to generate a code, which is output to the comparison circuitry 130 of the IC 100 as a second response code 326. The asymmetric cryptographic operation may be, for example, an elliptic curve Diffie-Hellman operation, in which case the system 300 effectively performs the other half of the Diffie-Hellman key agreement that is performed by the system 200, with the second response code being equivalent to the shared secret of the Diffie-Hellman key agreement.
The comparison circuitry 130 compares the first response code 124 stored in the nonvolatile memory 120 of the IC 100 to the second response code 326 received from the cryptographic unit 322, and permits or denies the analysis tool 310 access to the secure area 110, based on the comparison.
If the system 300 is authorised to access the secure area 110, it will have access (granted by the relevant authority, e.g. the vendor of the IC 100) to the global private key 324 that is complementary to the global public key 260 used by the cryptographic unit 250 of the system 200 of Figure 2, such that the system 300 can use the global private key 324 to perform cryptographic operations. Thus, if the system 300 is authorised to access the secure area 110, the result of cryptographically combining the unique-perchip public key (i.e. the challenge code) 122 with the global private key 324 to create the second response code 326 will be identical to the result of cryptographically combining the unique-per-chip private key 240 with the global private key 260 used in the system 200 of Figure 2 to create the first response code 124 -i.e. the second response code 326 will be the same as the first response code 124.
Accordingly, if the first and second response codes 124, 326 match, it proves that the second response code 326 was generated using the global private key 324 that is cryptographically complementary to the global public key 260. Since only authorised users have access to the global private key 324, if the first and second response codes 124, 326 match, it proves that the system 300 (or a user of the system 300) is authorised to access the secure area 110. In this case, the result of the comparison performed by the comparison circuitry 130 will be an indication that the second response code 326 received from the cryptographic unit 322 corresponds to the stored first response code 124. The comparison circuitry 130 thus outputs an unlock signal to a controller (e.g. a memory controller) associated with the secure area 110 to permit access to the secure area 110 by the analysis tool 310.
On the other hand, if the system 300 is not authorised to access the secure area 110, it will not have access to the global private key 324 and thus the second response code 326 received by the comparison circuitry 130 from the cryptographic unit 322 does not correspond to the stored first response code 124. The comparison circuitry 130 thus does not output the unlock signal and access to the secure area 110 is denied.
The use of a hardware security module 320 in the system 300 enhances the security of the global private key 324, because the hardware security module 320 prevents any direct access to the global private key 324, thus making unauthorised access to the global private key 324 difficult. However, in some examples the hardware security module 320 may not be provided. Instead, the analysis tool 310 could access the global private key 324 directly and perform the cryptographic operation to generate the second response code 326 itself The Diffie-Hellman algorithm is typically used for the purpose of secure data transmission to establish a shared secret that is common to both the sender and receiver of the information, which can subsequently be used as the basis for a key for high-performance symmetric cryptography. In contrast, the system described above with reference to Figure 3 directly compares the shared secret generated by the system 200 and stored in the non-volatile memory 120 of the IC 100 as the response code 124 to the shared secret generated by the hardware security module 320 (or the analysis tool 310, where no hardware security module 320 is provided) based on the received challenge code 122 and the global private key 324 to determine if the system 300 is authorised to access the secure memory area 110.
This approach reduces the amount of non-volatile memory 120 required to store the challenge code 122 and the response code 124, in comparison to other approaches that use, for example, 1024 bit RSA (Rivest-Shamir-Adleman) encryption, as the use of 256 bit ECC encryption produces a shorter challenge code 122 and first response code 124 than 1024 bit RSA encryption. Additionally, 256 bit ECC encryption is generally more secure than 1024 bit RSA encryption, and thus the approach described above with respect to Figures 2 and 3 provides greater security than, e.g., 1024 bit RSA based approaches.
Figure 4 is a flowchart illustrating steps in a method for accessing the secure memory area 110 of the IC 100.
At step 410, a system (e.g. system 300) requesting access to the secure area 110 retrieves or receives the challenge code 122 from the non-volatile memory 120 of the IC At step 420, the system requesting access performs a cryptographic operation with the challenge code 122 and a private key. For example, in the system 300 the cryptographic operation may be an asymmetric key algorithm such as a Diffie-Hellman algorithm using the global private key 324 and the challenge code 122.
At step 430 the decrypted challenge code is output, by the system requesting access, to the comparison circuitry 130 of the IC 100 as a second response code. The second response code may be output to the comparison circuitry 130 via an interface such as a JTAG interface, or via an interface such as an I2C, SPI or Soundwire® interface of a host device incorporating the IC 100.
In step 440 the comparison circuitry 130 compares the received second response code to the stored first response code 124 to determine (step 450) if the received second response code corresponds to the stored first response code 124. If so, access to the secure area 110 of the IC 100 is permitted (step 460). If not, access to the secure area 110 of the IC 100 is denied (step 470).
As will be appreciated from the foregoing discussion, the systems, methods and IC of the present disclosure provide an efficient approach to accessing a secure IC, or a secure area of an IC, that does not require the IC to perform any cryptographic operation itself. Using the approach described above it may be possible to access the secure IC, or a secure area of an IC, even if the IC has failed or developed a fault, thus allowing analysis of the IC to determine the cause of the failure or fault. Further, in the disclosed systems, methods and IC, there is no need for the IC or the system 200 to store a global secret, and thus the risk that a global secret could be discovered by reverse engineering a single IC (thus compromising the security of all instances of that IC) or by compromising the system 200 is averted.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims. The word "comprising" does not exclude the presence of elements or steps other than those listed in a claim, "a" or "an" does not exclude a plurality, and a single feature or other unit may fulfil the functions of several units recited in the claims. Any reference numerals or labels in the claims shall not be construed so as to limit their scope.

Claims (15)

  1. CLAIMS1. A method for securing and accessing a secure area of an integrated circuit (IC), the method comprising: prior to use of the IC by an end-user: generating a keypair comprising a public key and a private key based on a random number, wherein the public key and the private key are unique or statistically unique to the IC; performing a first asymmetric cryptographic operation with the private key of the keypair and a global public key to generate a first response code; writing the first response code to a non-volatile memory of the IC; and writing the public key of the keypair to the non-volatile memory as a challenge code; at an entity seeking access to the secure area: obtaining the challenge code from non-volatile memory of the IC, performing a second asymmetric cryptographic operation with the challenge code and a global private key to generate a second response code; and transmitting the second response code to the IC; and at the IC: comparing the received second response code to the first response code; and permitting access to the secure area if the received second response code corresponds to the stored first response code.
  2. 2. A method according to claim 1, wherein the first and second asymmetric cryptographic operations comprise a Diffie-Hellman cryptographic operation.
  3. 3. A method according to claim 1 or claim 2, wherein the first and second asymmetric cryptographic operations comprise a discrete logarithm cryptography operation.
  4. 4. A method according to claim 3, wherein the first and second asymmetric cryptographic operations comprise an elliptic curve cryptography operation.
  5. 5. A method according to any one of the preceding claims, wherein the entity obtains the challenge code via an interface, wherein the interface comprises a JTAG interface, an Inter-Integrated Circuit (I2C) interface, a serial peripheral interface (SPI) or a Soundwire® interface.
  6. 6. An integrated circuit (IC) for use in the method of any one of the preceding claims, the IC comprising: a secure area; non-volatile memory storing the challenge code and the first response code and comparison circuitry, wherein the comparison circuitry is configured to compare the second response code provided by the entity seeking access to the secure area to the first response code and to permit or prevent access to the secure area based on the comparison.
  7. 7. An IC according to claim 6, wherein a portion of the non-volatile memory storing the first response code is non-readable by an entity external to the IC.
  8. 8. An IC according to claim 6 or claim 7, wherein the non-volatile memory storing the challenge code and the first response code is non-modifiable once programmed with the challenge code and the first response code.
  9. 9. An IC according to any one claims 6 to 8, wherein the non-volatile memory comprises one-time-programmable (OTP) memory.
  10. 10. A method for permitting access to the secure area of an integrated circuit (IC) according to any one of claims 6 to 9, the method comprising: at the entity seeking access to the secure area: obtaining the challenge code from the non-volatile memory of the IC; performing a second asymmetric cryptographic operation with the challenge code and the global private key to generate a second response code; and transmitting the second response code to the IC; and at the IC: comparing the received second response code to the first response code stored in non-volatile memory of the IC; and permitting access to the secure area if the received second response code corresponds to the stored first response code.
  11. 11. A method according to claim 10, wherein the entity obtains the challenge code via an interface, wherein the interface comprises a JTAG interface, an Inter-Integrated Circuit (I2C) interface, a serial peripheral interface (SPI) or a Soundwire® interface.
  12. 12. A system for accessing the secure area of an integrated circuit (IC) according to any one of claims 6 to 9, wherein the system is configured to: receive the challenge code obtained from the non-volatile memory of the IC; perform a second asymmetric cryptographic operation with the challenge code and the global private key to generate the second response code; and output the second response code to the comparison circuitry of the IC.
  13. 13. A system according to claim 12, further comprising an analysis tool configured to obtain the challenge code via an interface, wherein the interface comprises a JTAG interface, an Inter-Integrated Circuit (I2C) interface, a serial peripheral interface (SPI) or a Soundwire® interface.
  14. 14. A system according to claim 12 or claim 13, further comprising a hardware security module configured to perform the symmetric cryptographic operation with the challenge code and the global private key to generate the second response code.
  15. 15. A system for programming an integrated circuit (IC) according to any one of claims 6 to 9 with the challenge code and the first response code, the system comprising: a random number generator; a keypair generator configured to generate a keypair comprising a public key and 25 a private key based on a random number generated by the random number generator, wherein the public key and the private key are unique or statistically unique to the IC; and a cryptographic unit configured to perform a first asymmetric cryptographic operation with the private key of the keypair and a global public key to generate the first response code, wherein the system is configured to write the first response code to the non-volatile memory and to write the public key of the keypair to the non-volatile memory as the challenge code.
GB2104149.6A 2021-03-24 2021-03-24 An integrated circuit having a secure area Active GB2605168B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB2104149.6A GB2605168B (en) 2021-03-24 2021-03-24 An integrated circuit having a secure area

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB2104149.6A GB2605168B (en) 2021-03-24 2021-03-24 An integrated circuit having a secure area

Publications (3)

Publication Number Publication Date
GB202104149D0 GB202104149D0 (en) 2021-05-05
GB2605168A true GB2605168A (en) 2022-09-28
GB2605168B GB2605168B (en) 2023-03-29

Family

ID=75689850

Family Applications (1)

Application Number Title Priority Date Filing Date
GB2104149.6A Active GB2605168B (en) 2021-03-24 2021-03-24 An integrated circuit having a secure area

Country Status (1)

Country Link
GB (1) GB2605168B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030204743A1 (en) * 2002-04-16 2003-10-30 Srinivas Devadas Authentication of integrated circuits
US20110208966A1 (en) * 1997-07-15 2011-08-25 Silverbrook Research Pty Ltd Integrated circuit for authentication of consumable storage device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110208966A1 (en) * 1997-07-15 2011-08-25 Silverbrook Research Pty Ltd Integrated circuit for authentication of consumable storage device
US20030204743A1 (en) * 2002-04-16 2003-10-30 Srinivas Devadas Authentication of integrated circuits

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SINGH ANUJ KUMAR ET AL: "Elliptic Curve Signcryption-Based Mutual Authentication Protocol for Smart Cards", APPLIED SCIENCES, vol. 10, no. 22, November 2020 (2020-11-01), pages 8291, XP055868646, ISSN: 2076-3417, DOI: 10.3390/app10228291 *

Also Published As

Publication number Publication date
GB2605168B (en) 2023-03-29
GB202104149D0 (en) 2021-05-05

Similar Documents

Publication Publication Date Title
US10872154B2 (en) Secure device state apparatus and method and lifecycle management
CN111095213B (en) Secure boot method, device, equipment and storage medium for embedded program
TWI483139B (en) Secure key storage using physically unclonable functions
US8572410B1 (en) Virtualized protected storage
US8893295B2 (en) Secure and private location
US10318765B2 (en) Protecting critical data structures in an embedded hypervisor system
US20130086385A1 (en) System and Method for Providing Hardware-Based Security
US8146154B2 (en) Method and system for using shared secrets to protect access to testing keys for set-top box
Pierce et al. Enhanced secure architecture for joint action test group systems
US10860744B2 (en) System and method for ensuring integrity and confidentiality of data programmed in an insecure manufacturing environment
US9152576B2 (en) Mode-based secure microcontroller
CN110046489B (en) Trusted access verification system based on domestic Loongson processor, computer and readable storage medium
US10303886B2 (en) Component for processing a protectable datum and method for implementing a security function for protecting a protective datum in such a component
WO2020002441A1 (en) Method of debugging a device
Sami et al. End-to-end secure soc lifecycle management
US11736285B2 (en) Method for controlling device activation and associated electronic device
US11768963B2 (en) System and method for validating trust provisioning operation on system-on-chip
CN114521261A (en) Undefined lifecycle state identifier for managing security of an integrated circuit device
US8781118B1 (en) Digital fingerprints for integrated circuits
US20220317184A1 (en) Secured debug
US8844022B2 (en) Method and system to allow system-on-chip individual I/O control to be disabled and enabled by programmable non-volatile memory
CN115062330B (en) TPM-based intelligent password key password application interface implementation method
Lee et al. A brief review on jtag security
GB2605168A (en) An integrated circuit having a secure area
US20230010319A1 (en) Deriving independent symmetric encryption keys based upon a type of secure boot using a security processor