TW202238608A - Semiconductor device with security function and security method thereof - Google Patents

Semiconductor device with security function and security method thereof Download PDF

Info

Publication number
TW202238608A
TW202238608A TW110111434A TW110111434A TW202238608A TW 202238608 A TW202238608 A TW 202238608A TW 110111434 A TW110111434 A TW 110111434A TW 110111434 A TW110111434 A TW 110111434A TW 202238608 A TW202238608 A TW 202238608A
Authority
TW
Taiwan
Prior art keywords
security code
semiconductor device
code data
security
word line
Prior art date
Application number
TW110111434A
Other languages
Chinese (zh)
Other versions
TWI750073B (en
Inventor
土口知範
Original Assignee
力晶積成電子製造股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 力晶積成電子製造股份有限公司 filed Critical 力晶積成電子製造股份有限公司
Priority to TW110111434A priority Critical patent/TWI750073B/en
Application granted granted Critical
Publication of TWI750073B publication Critical patent/TWI750073B/en
Publication of TW202238608A publication Critical patent/TW202238608A/en

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

A semiconductor device with security function and security method thereof are provided. The semiconductor device includes an internal circuit; a programmable memory unit, coupled to the internal circuit for storing security code data; a judging circuit, coupled to programmable memory unit, for receiving the security code data, and output a security code if the security code data is judged to be able to used as the security code; and comparison circuit, comparing the security code and authentication data. If the security code and authentication data are the same, an enable signal is generated and provided to the internal circuit. Whether the security code data can be used as the security code is judged by a parity bit of the security code data.

Description

具有保全功能的半導體裝置及其保全方法Semiconductor device with security function and security method thereof

本發明是有關於一種保全技術,且特別是有關於一種具有保全功能的半導體裝置及其保全方法。The present invention relates to a security technology, and in particular to a semiconductor device with a security function and a security method thereof.

近年來,非授權存取的風險有越來越高的趨勢。一般來說,半導體記憶裝置會採用嵌入式熔絲(embedded fuse)或一次性可程式化記憶體(one-time program,OTP)來儲存冗餘資訊、批次號等等。此外,半導體記憶裝置在上述熔絲之類構件預先寫入安全碼(security code),以提供使用者驗證,來防止非授權存取。In recent years, the risk of unauthorized access has been increasing. Generally, semiconductor memory devices use embedded fuses or one-time programmable memory (OTP) to store redundant information, batch numbers, and the like. In addition, the semiconductor memory device pre-writes a security code on the above-mentioned components such as the fuse to provide user authentication and prevent unauthorized access.

但是,即使在半導體裝置提供安全碼來防止非授權的存取,還是有機會被破解或盜用。此時需要有變更安全碼的需求,使半導體裝置內的安全碼可以保持在最新。However, even if a security code is provided in the semiconductor device to prevent unauthorized access, there is still a chance of being cracked or stolen. At this time, there is a need to change the security code so that the security code in the semiconductor device can be kept up to date.

因此,如何提供可以更新半導體裝置內部安全碼,使其保持最新狀態,而進一步防止非授權存取,便是此領域需要考量的問題。Therefore, how to update the internal security code of the semiconductor device to keep it up-to-date and further prevent unauthorized access is a problem that needs to be considered in this field.

本發明提供一種具有保全功能的半導體裝置,包括:內部電路;可程式化記憶單元,耦接至內部電路,用以儲存安全碼資料以及內部電路所需的資料;判斷電路,耦接可程式化記憶單元,用以接收安全碼資料,並且在安全碼資料被判斷為能作為安全碼時,輸出安全碼;以及比較電路,從外部接收驗證資料以及從判斷電路接收保全碼,並比較驗證資料與保全碼,並且在驗證資料與保全碼為相同時,輸出致能訊號給內部電路。其中,判斷安全碼資料是否能作為安全碼是依據安全碼資料中的校驗位元。The present invention provides a semiconductor device with a security function, comprising: an internal circuit; a programmable memory unit coupled to the internal circuit for storing security code data and data required by the internal circuit; a judging circuit coupled to the programmable The memory unit is used to receive the security code data, and when the security code data is judged to be used as the security code, output the security code; and the comparison circuit receives the verification data from the outside and the security code from the judging circuit, and compares the verification data with the security code, and when the verification data is the same as the security code, an enable signal is output to the internal circuit. Wherein, judging whether the security code data can be used as the security code is based on the check bits in the security code data.

根據一實施方式,在上述具有保全功能的半導體裝置中,可程式化記憶單元包括由多條字元線(i條,i=0~n-1,n為整數)所構成的陣列區域,用以儲存安全碼資料。According to one embodiment, in the above-mentioned semiconductor device with a security function, the programmable memory unit includes an array area composed of a plurality of word lines (i, i=0~n-1, n is an integer), used to save the security code information.

根據一實施方式,在上述具有保全功能的半導體裝置中,所述判斷電路判斷安全碼資料是否能作為安全碼還包括:讀取多條字元線的第i條字元線所儲存的安全碼資料;當與第i條字元線所儲存的安全碼資料相應的校驗位元為第一值,讀取第i+1條字元線所儲存的安全碼資料;以及當與第i+1條字元線所儲存的安全碼資料相應的校驗位元為第二值時,將第i條字元線所儲存的安全碼資料輸出作為安全碼,校驗位元為第一值時,繼續讀取第i+2條字元線所儲存的安全碼資料。According to an embodiment, in the above-mentioned semiconductor device with a security function, the judging circuit for judging whether the security code data can be used as a security code further includes: reading the security code stored in the i-th word line of the plurality of word lines data; when the check bit corresponding to the security code data stored in the i word line is the first value, read the security code data stored in the i+1 word line; When the check bit corresponding to the security code data stored in one word line is the second value, output the security code data stored in the i-th word line as the security code, and when the check bit is the first value , continue to read the security code data stored in the i+2th word line.

根據一實施方式,在上述具有保全功能的半導體裝置中,當與第0條字元線所儲存的安全碼資料相應的校驗位元為第二值時,判斷可程式化記憶單元尚未儲存安全碼資料,可程式化記憶單元能接收來自內部電路的程式化命令,對可程式化記憶單元進行程式化。According to one embodiment, in the above-mentioned semiconductor device with security function, when the check bit corresponding to the security code data stored in the 0th word line is the second value, it is determined that the programmable memory unit has not stored the security code. code data, the programmable memory unit can receive programming commands from the internal circuit to program the programmable memory unit.

根據一實施方式,在上述具有保全功能的半導體裝置中, 校驗位元的第一值可以是1,而第二值可以是0。 According to one embodiment, in the above semiconductor device having a security function, The first value of the parity bit can be 1, and the second value can be 0.

根據一實施方式,在上述具有保全功能的半導體裝置中,內部電路至少包括記憶體電路。根據一實施方式,在上述具有保全功能的半導體裝置中,驗證資料可以通過半導體裝置的位址接腳輸入。根據一實施方式,在上述具有保全功能的半導體裝置中,可程式化記憶單元至少包括一次可程式化記憶體或電子熔絲。According to one embodiment, in the above semiconductor device having a security function, the internal circuit includes at least a memory circuit. According to an embodiment, in the above-mentioned semiconductor device with a security function, verification data can be input through address pins of the semiconductor device. According to an embodiment, in the above-mentioned semiconductor device with security function, the programmable memory unit includes at least one-time programmable memory or electronic fuse.

根據本發明另一實施例,提供一種半導體裝置的保全方法,半導體裝置具有可程式化記憶單元,用以儲存安全碼資料。半導體裝置的保全方法包括:從半導體裝置外部接收驗證資料;從可程式化記憶單元接收安全碼資料,並且在安全碼資料被判斷為能作為安全碼時,提供安全碼;比較驗證資料與保全碼,並且在驗證資料與保全碼為相同時,使半導體裝置可以被存取。其中,判斷安全碼資料是否能作為安全碼是依據安全碼資料中的校驗位元。According to another embodiment of the present invention, a semiconductor device security method is provided. The semiconductor device has a programmable memory unit for storing security code data. The semiconductor device security method includes: receiving verification data from outside the semiconductor device; receiving security code data from a programmable memory unit, and providing a security code when the security code data is judged to be a security code; comparing the verification data with the security code , and when the verification data and the security code are the same, the semiconductor device can be accessed. Wherein, judging whether the security code data can be used as the security code is based on the check bits in the security code data.

根據一實施方式,在上述半導體裝置的保全方法中,可程式化記憶單元包括由多條字元線(i條,i=0~n-1,n為整數)所構成的陣列區域,用以儲存所述安全碼資料,半導體裝置的保全方法更包括:讀取多條字元線的第i條字元線所儲存的安全碼資料;當與第i條字元線所儲存的安全碼資料相應的校驗位元為第一值,讀取第i+1條字元線所儲存的安全碼資料;以及當與第i+1條字元線所儲存的安全碼資料相應的校驗位元為第二值時,將第i條字元線所儲存的安全碼資料輸出作為安全碼,校驗位元為第一值時,繼續讀取第i+2條字元線所儲存的安全碼資料。According to one embodiment, in the above method for securing a semiconductor device, the programmable memory unit includes an array area composed of a plurality of word lines (i, i=0~n-1, n is an integer), for Storing the security code data, the security method of the semiconductor device further includes: reading the security code data stored in the ith word line of the plurality of word lines; The corresponding check bit is the first value, read the security code data stored in the i+1 word line; and when the check bit corresponding to the security code data stored in the i+1 word line When the element is the second value, output the security code data stored in the i-th word line as the security code; when the check bit is the first value, continue to read the security code data stored in the i+2 word line code data.

根據一實施方式,在上述半導體裝置的保全方法中,當與第0條字元線所儲存的安全碼資料相應的校驗位元為第二值時,判斷可程式化記憶單元尚未儲存安全碼資料,並對可程式化記憶單元進行程式化。According to one embodiment, in the above-mentioned security method for a semiconductor device, when the check bit corresponding to the security code data stored in the 0th word line is the second value, it is determined that the programmable memory unit has not stored the security code data, and program the programmable memory unit.

根據一實施方式,在上述半導體裝置的保全方法中,校驗位元的第一值可以是1,而第二值可以是0。According to an embodiment, in the above security method for a semiconductor device, the first value of the check bit may be 1, and the second value may be 0.

根據一實施方式,在上述半導體裝置的保全方法中,半導體裝置可以由記憶體電路所構成。根據一實施方式,在上述半導體裝置的保全方法中,可程式化記憶單元可以包括一次可程式化記憶體或電子熔絲。根據一實施方式,在上述半導體裝置的保全方法中,更包括:通過半導體裝置的位址接腳輸入驗證資料。According to one embodiment, in the semiconductor device maintenance method described above, the semiconductor device may be constituted by a memory circuit. According to an embodiment, in the above method for securing a semiconductor device, the programmable memory unit may include a one-time programmable memory or an electronic fuse. According to an embodiment, the above semiconductor device security method further includes: inputting verification data through address pins of the semiconductor device.

基於上述,根據本發明實施例,通過當前的字元線與下一條字元線的校驗位元,可以知道可程式化記憶單元中所儲存的安全碼資料是否為最新。當有駭客或非法存取半導體裝置,可程式化記憶單元可以再次進行程式化,以更新安全碼。Based on the above, according to the embodiment of the present invention, whether the security code data stored in the programmable memory unit is up to date can be known through the check bits of the current word line and the next word line. When there is a hacker or illegal access to the semiconductor device, the programmable memory unit can be reprogrammed to update the security code.

圖1是根據本發明實施例所繪的習知的具有保全功能的半導體裝置的方塊示意圖。在此,只有例示與本實施例相關的電路構件,其他電路則適當地省略,且在不脫離本發明範疇下,本技術領與者可以對電路架構進行適當地變更或修改。FIG. 1 is a schematic block diagram of a conventional semiconductor device with a security function according to an embodiment of the present invention. Here, only circuit components related to this embodiment are illustrated, and other circuits are appropriately omitted, and those skilled in the art can make appropriate changes or modifications to the circuit architecture without departing from the scope of the present invention.

如圖1所示,具有保全功能的半導體裝置100至少包括內部(核心)電路102、可程式化記憶單元104、判斷電路106與比較電路108等。內部電路102例如可以是記憶體元件等的IP電路。As shown in FIG. 1 , a semiconductor device 100 with a security function includes at least an internal (core) circuit 102 , a programmable memory unit 104 , a judgment circuit 106 , a comparison circuit 108 , and the like. The internal circuit 102 may be, for example, an IP circuit such as a memory element.

可程式化記憶單元104耦接到內部電路102,在一實施方式,可程式化記憶單元104可以是一次可程式化(OTP)記憶體或電子熔絲(eFUSE)等可進行程式化的記憶體元件。可程式化記憶單元104一般可以儲存修整(trimming)或冗餘(redundancy)資料,並經由資料線DATA提供給內部電路102,且可基於來自內部電路102的控制訊號CTRL,將上述的修整資料、冗餘資料等提供給內部電路102,以進行相應的動作。依據本實施例,可程式化記憶單元104的一部分區域(記憶單元)還用來儲存安全碼資料(包括安全碼與校驗位元)。The programmable memory unit 104 is coupled to the internal circuit 102. In one embodiment, the programmable memory unit 104 may be a programmable memory such as a one-time programmable (OTP) memory or an electronic fuse (eFUSE). element. The programmable memory unit 104 can generally store trimming or redundancy data, and provide it to the internal circuit 102 through the data line DATA, and based on the control signal CTRL from the internal circuit 102, the above trimming data, Redundant data and the like are provided to the internal circuit 102 for corresponding actions. According to this embodiment, a part of the programmable memory unit 104 (memory unit) is also used to store security code data (including security code and check bits).

判斷電路106耦接到可程式化記憶單元104,其從可程式化記憶單元104接收安全碼資料,判斷安全碼資料是否可以作為安全碼。若判斷可作為安全碼(即最新安全碼),判斷電路106便將該安全碼輸出到比較電路108。判斷安全碼資料是否能作為安全碼是依據安全碼資料中的校驗位元(parity bit)來進行判斷。關於安全碼的判斷與決定方式,後面會詳述。讀取安全碼的時間點通常是在啟動半導體裝置100後,便會載入安全碼的資料。The judging circuit 106 is coupled to the programmable memory unit 104, and receives the security code data from the programmable memory unit 104, and judges whether the security code data can be used as the security code. If it is judged that it can be used as a security code (ie, the latest security code), the judging circuit 106 outputs the security code to the comparison circuit 108 . Whether the security code data can be used as a security code is judged according to a parity bit in the security code data. The way of judging and determining the security code will be described in detail later. The time to read the security code is usually after the semiconductor device 100 is started, and then the data of the security code will be loaded.

比較電路108耦接至內部電路102與判斷電路106用以接收判斷電路106所輸出的安全碼以及從半導體裝置100外部輸入的驗證資料。比較電路108將接收到的驗證資料與安全碼加以比較,並且產生比較結果。在此,外部輸入的驗證資料例如可以從半導體裝置100的位址接腳(address pin)或其他閒置的備用接腳來輸入。The comparing circuit 108 is coupled to the internal circuit 102 and the judging circuit 106 for receiving the security code output by the judging circuit 106 and the verification information input from the outside of the semiconductor device 100 . The comparison circuit 108 compares the received verification information with the security code and generates a comparison result. Here, the externally input verification data can be input from, for example, address pins of the semiconductor device 100 or other idle spare pins.

當比較結果為相同(例如,可以輸出高準位電位“H”或“1”)時,其表示使用者為合法或經授權的使用者,則比較電路108輸出致能訊號En給內部電路102。內部電路102在接收到致能訊號En後,便使內部電路102啟動,而使用者便可以對半導體裝置100(主要為內部電路102)進行存取。When the comparison result is the same (for example, the high level potential "H" or "1" can be output), it means that the user is a legal or authorized user, and the comparison circuit 108 outputs the enable signal En to the internal circuit 102 . After the internal circuit 102 receives the enable signal En, the internal circuit 102 is activated, and the user can access the semiconductor device 100 (mainly the internal circuit 102 ).

此外,當比較結果為相異(例如,可以輸出低準位電位“L”或“0”)時,其表示使用者為非法或非經授權的使用者(如駭客等),比較電路108便不會輸出致能訊號En給內部電路102。內部電路102因為不會收到致能訊號En,故該非法或非經授權的使用者便無法啟動內部電路102,而入侵者無法對半導體裝置100(主要為內部電路102)進行存取。In addition, when the comparison result is different (for example, a low level potential "L" or "0" can be output), it indicates that the user is an illegal or unauthorized user (such as a hacker, etc.), and the comparison circuit 108 Then the enable signal En will not be output to the internal circuit 102 . Since the internal circuit 102 will not receive the enable signal En, the illegal or unauthorized user cannot activate the internal circuit 102 , and intruders cannot access the semiconductor device 100 (mainly the internal circuit 102 ).

接著詳細說明本發明實施例之安全碼是如何程式化(改變)以及判斷何者才是安全碼。圖2是根據本發明實施例所例示的對安全碼進行程式化的示意圖。如圖2所示,其繪示了圖1的可程式化記憶單元的結構示意圖。Then describe in detail how the security code of the embodiment of the present invention is programmed (changed) and which one is the security code. FIG. 2 is a schematic diagram illustrating programming of a security code according to an embodiment of the present invention. As shown in FIG. 2 , it shows a schematic structural diagram of the programmable memory unit in FIG. 1 .

如圖2所示,可程式化記憶單元104的一部分區域(記憶單元)是用來儲存安全碼。圖2所繪示的僅是用來儲存安全碼資料的示意圖,用來儲存其他資料的部分則予與省略,本技術領域者可以知悉如何設計與配置。As shown in FIG. 2 , a part of the programmable memory unit 104 (memory unit) is used to store security codes. 2 is only a schematic diagram for storing security code data, and the part for storing other data is omitted, and those skilled in the art can know how to design and configure it.

在圖2中,可程式化記憶單元104包括由多(n)條字元線WL0~WL(n-1) (n為整數)所構成的陣列區域,用以儲存安全碼資料。陣列區域包括用來儲存安全碼的資料區域以及用來儲存校驗位元的區域。作為一個例子,其以三條字元線WL0、WL1、WL2和四條位元線構成的記憶體陣列來說明,但非用以限制本發明的實施架構。字元線與位元線(即,陣列的大小)的數量可以依據實際需求來適當地變化。在此例中,陣列區域包括資料區(前四位元)和校驗位元區(第五位元),如其名所示,每一條字元線的前四個記憶胞所儲存的資料是構成安全碼,而第五位元是校驗位元。此處,校驗位元是由1位元所構成,但不限於此。根據本實施例,在讀取一條字元線上的資料後,會判斷該資料是否可以作為安全碼。此時,作為判斷的基準是根據校驗位元。In FIG. 2 , the programmable memory unit 104 includes an array area composed of multiple (n) word lines WL0˜WL(n−1) (n is an integer) for storing security code data. The array area includes a data area for storing security codes and an area for storing check bits. As an example, a memory array composed of three word lines WL0 , WL1 , WL2 and four bit lines is used for illustration, but it is not intended to limit the implementation structure of the present invention. The number of word lines and bit lines (ie, the size of the array) can be appropriately changed according to actual needs. In this example, the array area includes the data area (the first four bits) and the parity bit area (the fifth bit). As the name indicates, the data stored in the first four memory cells of each word line is constitutes a security code, and the fifth bit is a check bit. Here, the parity bit is composed of 1 bit, but not limited thereto. According to this embodiment, after reading the data on a word line, it is judged whether the data can be used as a security code. At this time, the basis for judgment is based on the parity bit.

亦即,如圖1與圖2所示,內部電路102可以送出讀取的控制訊號給可程式化記憶單元104,以由第一條字元線WL0開始讀取所儲存的安全碼資料,當與第一條字元線WL0所儲存的安全碼資料相應的校驗位元為第一值(例如 “1”),則會繼續讀取第二條字元線WL1所儲存的安全碼資料。當與第二條字元線WL1所儲存的安全碼資料相應的所述校驗位元為第二值(例如 “0”)時,將第一條字元線WL0所儲存的安全碼資料輸出作為安全碼,而該校驗位元為第一值時,繼續讀取第三條字元線WL2所儲存的安全碼資料,並且直到與第(i+1)條字元線WLi所儲存的安全碼資料相應的所述校驗位元為第二值時,將第i條字元線WL(i-1)所儲存的安全碼資料輸出作為安全碼(i=1~n-1,i為整數)。That is, as shown in FIG. 1 and FIG. 2, the internal circuit 102 can send a read control signal to the programmable memory unit 104, so as to start reading the stored security code data from the first word line WL0, when If the check bit corresponding to the security code data stored in the first word line WL0 is the first value (such as “1”), the security code data stored in the second word line WL1 will continue to be read. When the check bit corresponding to the security code data stored in the second word line WL1 is a second value (such as "0"), output the security code data stored in the first word line WL0 As a security code, and when the check bit is the first value, continue to read the security code data stored in the third word line WL2, and until the data stored in the (i+1) word line WLi When the corresponding check bit of the security code data is the second value, the security code data stored in the ith word line WL(i-1) is output as the security code (i=1~n-1, i is an integer).

此外,當讀取第一條字元線WL0所儲存的安全碼資料後,如果相應的校驗位元為第二值(例如 “0”)時,則圖1的判斷電路106可判斷可程式化記憶單元104尚未儲存有安全碼資料。此時,可程式化記憶單元104可以接收來自內部電路102的程式化命令,對可程式化記憶單元104進行程式化,例如對第一條字元線WL0進行程式化。接著,將參考圖2,以具體的例子來進一步說明。In addition, after reading the security code data stored in the first word line WL0, if the corresponding parity bit is the second value (such as "0"), the judging circuit 106 in FIG. 1 can judge that the programmable The BL memory unit 104 has not yet stored the security code data. At this time, the programmable memory unit 104 may receive a programming command from the internal circuit 102 to program the programmable memory unit 104 , for example, program the first word line WL0 . Next, a specific example will be used for further description with reference to FIG. 2 .

在一開始,如圖2的左邊,資料區和校驗位元區的所有位元可以都是0,亦即起始值。換句話說,可程式化記憶單元104還沒有寫入儲存安全碼。當讀取第一條字元線WL0時,因為校驗位元的讀出值是0,所以判斷電路106可判斷為第一條字元線WL0內並沒有儲存安全碼。在一實施方式,內部電路102可以送出程式化命令給可程式化記憶單元104,以進行程式化。At the beginning, as shown on the left side of FIG. 2 , all the bits in the data area and the parity bit area can be 0, that is, the initial value. In other words, the programmable memory unit 104 has not been written to store the security code. When the first word line WL0 is read, since the read value of the parity bit is 0, the judging circuit 106 can judge that there is no security code stored in the first word line WL0. In one embodiment, the internal circuit 102 can send a programming command to the programmable memory unit 104 for programming.

例如,此時可以對可程式化記憶單元104進行第一次程式化,例如對第一條字元線WL0進行程式化,其如圖2中間所例示。此時,例如第一條字元線WL0之資料區所儲存的資料是“1010”,而其校驗位元為“1”。此時,便會再讀取第二條字元線WL1所儲存的資料。如果第二條字元線WL1所讀出的校驗位元是“0”,其代表第二條字元線WL1並沒有儲存安全碼資料,第一條字元線WL0所儲存的安全碼資料便是最新的。此時,判斷電路106便會判斷第一條字元線WL0的資料區所儲存的資料“1010”為安全碼,並且將此安全碼“1010”提供給比較電路108。藉此,比較電路108接收並比較外部輸入的驗證資料IN以及來自判斷電路106的安全碼“1010”,以判斷該存取是否為合法或已授權。如果驗證資料IN也是“1010”,則比較電路108會輸出致能訊號En給內部電路102,藉此啟動整個半導體裝置的運作。For example, the programmable memory unit 104 can be programmed for the first time at this time, for example, the first word line WL0 can be programmed, which is illustrated in the middle of FIG. 2 . At this time, for example, the data stored in the data area of the first word line WL0 is "1010", and its parity bit is "1". At this time, the data stored in the second word line WL1 will be read again. If the check bit read by the second word line WL1 is "0", it represents that the second word line WL1 does not store the security code data, and the security code data stored in the first word line WL0 is the latest. At this time, the judgment circuit 106 judges that the data “1010” stored in the data area of the first word line WL0 is a security code, and provides the security code “1010” to the comparison circuit 108 . Thus, the comparison circuit 108 receives and compares the verification data IN input from the outside and the security code “1010” from the judgment circuit 106 to judge whether the access is legal or authorized. If the verification data IN is also “1010”, the comparison circuit 108 will output the enable signal En to the internal circuit 102, thereby enabling the operation of the entire semiconductor device.

此外,萬一有發生駭客或非法存取時,內部電路102可以通過發送程式化命令給可程式化記憶單元104,藉以對可程式化記憶單元104進行程式化,在此例中(圖2右側),例如對第二條字元線WL1進行程式化。In addition, in case of a hacker or illegal access, the internal circuit 102 can program the programmable memory unit 104 by sending a programming command to the programmable memory unit 104. In this example (FIG. 2 Right), for example stylizing the second word line WL1.

如圖2所示,可程式化記憶單元104經過第二次程式化後,第一條字元線WL0所儲存的安全碼資料為 “10101”,其中安全碼為“1010”,校驗位元為 “1”;第二條字元線WL1所儲存的安全碼資料為 “11101”,其中安全碼為“1110”,校驗位元為“1”。 第三條字元線WL2尚未被程式化,校驗位元為 “0”。As shown in Figure 2, after the programmable memory unit 104 is programmed for the second time, the security code data stored in the first word line WL0 is "10101", wherein the security code is "1010", and the check bit is "1"; the security code data stored in the second word line WL1 is "11101", wherein the security code is "1110" and the check bit is "1". The third word line WL2 has not been programmed yet, and the parity bit is "0".

在此情況下,判斷電路106接收第一條字元線WL0所儲存的安全碼資料“10101”後,從校驗位元為“1”,便要繼續讀取第二條字元線WL1。由於可程式化記憶單元104係由第一條字元線WL0開始依次進行程式化,當判斷電路106接收第二條字元線WL1所儲存的安全碼資料“11101”時,從校驗位元為“1”便可以判斷出第一條字元線WL0所儲存安全碼“1010”已經不是最近一次程式化的安全碼資料,便要繼續讀取第三條字元線WL2的安全碼資料。此時,當判斷電路106接收第三條字元線WL2所儲存的安全碼資料“00000”後,從校驗位元為“0”便可以判斷出第二條字元線WL1所儲存安全碼“1110”是已經更新過的最新安全碼,可以作為安全碼。此時,判斷電路106將此安全碼“1110”提供給比較電路108。藉此,比較電路108接收並比較外部輸入的驗證資料IN以及來自判斷電路106的安全碼“1110”,以判斷該存取是否為合法或已授權。如果驗證資料IN也是“1110”,則比較電路108會輸出致能訊號En給內部電路102,藉此啟動整個半導體裝置的運作。In this case, after receiving the security code data “10101” stored in the first word line WL0, the judging circuit 106 continues to read the second word line WL1 since the check bit is “1”. Since the programmable memory unit 104 is programmed sequentially from the first word line WL0, when the judging circuit 106 receives the security code data “11101” stored in the second word line WL1, it starts from the check bit If it is "1", it can be judged that the security code "1010" stored in the first word line WL0 is not the last programmed security code data, and it is necessary to continue to read the security code data of the third word line WL2. At this time, when the judging circuit 106 receives the security code data "00000" stored in the third word line WL2, the security code stored in the second word line WL1 can be judged from the fact that the check bit is "0". "1110" is the latest security code that has been updated and can be used as a security code. At this time, the judging circuit 106 provides the security code “1110” to the comparing circuit 108 . Thus, the comparison circuit 108 receives and compares the verification information IN input from the outside and the security code “1110” from the judgment circuit 106 to judge whether the access is legal or authorized. If the verification data IN is also "1110", the comparison circuit 108 will output the enable signal En to the internal circuit 102, thereby enabling the operation of the entire semiconductor device.

通過上述的方法,半導體裝置100的判斷電路106通過接收到之安全碼資料中校驗位元,便可以判斷該字元線是否有儲存資料或是否該資料可以作為安全碼。根據本實施例,通過當前的字元線與下一條字元線的校驗位元,便可以知道可程式化記憶單元104中當前的字元線所儲存的安全碼資料是否為最新。根據本實施例,當有駭客或非法存取半導體裝置100,內部電路102便可以對可程式化記憶單元104進行程式化,以更新安全碼。Through the above method, the judging circuit 106 of the semiconductor device 100 can judge whether the word line has stored data or whether the data can be used as a security code by checking the bit in the received security code data. According to this embodiment, it can be known whether the security code data stored in the current word line in the programmable memory unit 104 is the latest through the check bits of the current word line and the next word line. According to this embodiment, when a hacker or illegal accesses the semiconductor device 100, the internal circuit 102 can program the programmable memory unit 104 to update the security code.

圖3是根據本發明實施例所繪的半導體裝置的保全方法的流程示意圖。如圖1與圖3所述,在步驟S100,例如使用者或其他者可以接入半導體裝置(例如記憶體)100的電源。FIG. 3 is a schematic flowchart of a semiconductor device preservation method according to an embodiment of the present invention. As shown in FIG. 1 and FIG. 3 , in step S100 , for example, a user or others can access the power of the semiconductor device (eg, memory) 100 .

接著,在步驟S102,使用者可以通過半導體裝置100的接腳,例如位址接腳或其他備用的接腳,從半導體裝置100的外部輸入驗證資料IN。Next, in step S102 , the user can input verification data IN from outside the semiconductor device 100 through pins of the semiconductor device 100 , such as address pins or other spare pins.

同時,在步驟S104,從如圖1所示可程式化記憶單元104接收安全碼資料。接著,在步驟S106,通過例如圖1的判斷電路106判斷安全碼資料是否能作為安全碼。如果該安全碼資料能作為安全碼,則進入步驟S108,通過判斷電路106提供(輸出)該安全碼給比較電路108。At the same time, in step S104, the security code data is received from the programmable memory unit 104 shown in FIG. 1 . Next, in step S106, it is judged whether the security code data can be used as the security code by, for example, the judging circuit 106 in FIG. 1 . If the security code data can be used as a security code, then enter step S108, and provide (output) the security code to the comparison circuit 108 through the judging circuit 106 .

在步驟S106,若判斷電路106判斷安全碼資料不能作為安全碼時,其表示安全碼可能已經更新過。此時,便回到步驟S104,繼續從可程式化記憶單元104取出下一筆資料,並在執行步驟S106,判斷該筆資料是否可作為安全碼。如前面圖2的說明,判斷安全碼資料是否能作為安全碼是依據安全碼資料中的校驗位元。利用校驗位元判斷是否可作為安全碼的方法已在前面說明過,在此不多做說明。In step S106, if the judging circuit 106 judges that the security code data cannot be used as the security code, it indicates that the security code may have been updated. At this time, it returns to step S104, continues to fetch the next piece of data from the programmable memory unit 104, and executes step S106 to determine whether the piece of data can be used as a security code. As described in Figure 2 above, judging whether the security code data can be used as a security code is based on the check bits in the security code data. The method of using the check bit to determine whether it can be used as a security code has been described above, and will not be further explained here.

接著,在步驟S110,比較安全碼和驗證資料IN是否相同,如果相同 (即 “是”),則表示此存取半導體電路100是合法或已授權。接著,在步驟S112,便使內部電路102啟動,使用者可以進行內部電路102的存取。反之,若在步驟S110的比較結果為否,其表示此存取半導體電路100是不合法或非授權。此時,進入步驟S112,停止內部電路102。Next, in step S110, compare whether the security code and the verification information IN are the same, if they are the same (ie "Yes"), it means that the access to the semiconductor circuit 100 is legal or authorized. Next, in step S112 , the internal circuit 102 is activated, and the user can access the internal circuit 102 . On the contrary, if the comparison result in step S110 is negative, it means that the access to the semiconductor circuit 100 is illegal or unauthorized. At this time, the process proceeds to step S112, and the internal circuit 102 is stopped.

綜上所述,本發明實施例,通過當前的字元線與下一條字元線的校驗位元,可以知道可程式化記憶單元中當前的字元線所儲存的安全碼資料是否為最新。當有駭客或非法存取半導體裝置,可程式化記憶單元可以再次進行程式化,以更新安全碼。To sum up, in the embodiment of the present invention, through the check bits of the current word line and the next word line, it can be known whether the security code data stored in the current word line in the programmable memory unit is the latest . When there is a hacker or illegal access to the semiconductor device, the programmable memory unit can be reprogrammed to update the security code.

100:半導體裝置 102:內部電路 104:可程式化記憶單元 106:判斷電路 108:比較電路 En:致能訊號 CTRL:控制訊號 IN:驗證資料 CLK:時脈訊號 RESET:重置訊號 DATA:資料 S100~S114:各執行步驟 100: Semiconductor device 102: Internal circuit 104: Programmable memory unit 106: judgment circuit 108: Comparison circuit En: enable signal CTRL: control signal IN: verification data CLK: clock signal RESET: reset signal DATA: data S100~S114: each execution step

圖1是根據本發明實施例所繪的習知的具有保全功能的半導體裝置的方塊示意圖。 圖2是根據本發明實施例所例示的對保全碼進行程式化以及判斷是否為安全碼的示意圖。 圖3是根據本發明實施例所繪的半導體裝置的保全方法的流程示意圖。 FIG. 1 is a schematic block diagram of a conventional semiconductor device with a security function according to an embodiment of the present invention. Fig. 2 is a schematic diagram of programming a security code and judging whether it is a security code according to an embodiment of the present invention. FIG. 3 is a schematic flowchart of a semiconductor device preservation method according to an embodiment of the present invention.

100:半導體裝置 100: Semiconductor device

102:內部電路 102: Internal circuit

104:可程式化記憶單元 104: Programmable memory unit

106:判斷電路 106: judgment circuit

108:比較電路 108: Comparison circuit

En:致能訊號 En: enable signal

CTRL:控制訊號 CTRL: control signal

IN:驗證資料 IN: verification data

CLK:時脈訊號 CLK: clock signal

RESET:重置訊號 RESET: reset signal

DATA:資料 DATA: data

Claims (15)

一種具有保全功能的半導體裝置,包括: 內部電路; 可程式化記憶單元,耦接至所述內部電路,用以儲存安全碼資料以及所述內部電路所需的資料; 判斷電路,耦接所述可程式化記憶單元,用以接收所述安全碼資料,並且在所述安全碼資料被判斷為能作為安全碼時,輸出所述安全碼;以及 比較電路,從外部接收驗證資料以及從所述判斷電路接收所述保全碼,並比較所述驗證資料與所述保全碼,並且在所述驗證資料與所述保全碼為相同時,輸出致能訊號給所述內部電路, 其中判斷所述安全碼資料是否能作為所述安全碼是依據所述安全碼資料中的校驗位元。 A semiconductor device with a security function, comprising: internal circuit; a programmable memory unit, coupled to the internal circuit, for storing security code data and data required by the internal circuit; a judging circuit, coupled to the programmable memory unit, for receiving the security code data, and outputting the security code when the security code data is judged to be a security code; and The comparison circuit receives the verification data from the outside and the security code from the judging circuit, compares the verification data with the security code, and outputs enable when the verification data and the security code are the same signal to the internal circuitry, Wherein judging whether the security code data can be used as the security code is based on the check bits in the security code data. 如請求項1所述的具有保全功能的半導體裝置,其中所述可程式化記憶單元包括由多條字元線(n條,n為整數)所構成的陣列區域,用以儲存所述安全碼資料。The semiconductor device with security function according to claim 1, wherein the programmable memory unit includes an array area composed of a plurality of word lines (n, n is an integer) for storing the security code material. 如請求項2所述的具有保全功能的半導體裝置,其中所述判斷電路判斷所述安全碼資料是否能作為所述安全碼還包括: 讀取所述多條字元線的第1條字元線所儲存的所述安全碼資料; 當與所述第1條字元線所儲存的所述安全碼資料相應的所述校驗位元為第一值,讀取第2條字元線所儲存的所述安全碼資料;以及 當與所述第2條字元線所儲存的所述安全碼資料相應的所述校驗位元為第二值時,將所述第1條字元線所儲存的所述安全碼資料輸出作為所述安全碼,所述校驗位元為所述第一值時,繼續讀取第3條字元線所儲存的所述安全碼資料,直到與第(i+1)條字元線所儲存的安全碼資料相應的所述校驗位元為第二值時,將第i條字元線所儲存的所述安全碼資料輸出作為所述安全碼(i=1~n-1,i為整數)。 The semiconductor device with security function as described in claim 2, wherein the judging circuit judging whether the security code data can be used as the security code also includes: reading the security code data stored in the first word line of the plurality of word lines; When the check bit corresponding to the security code data stored in the first word line is a first value, read the security code data stored in the second word line; and When the check bit corresponding to the security code data stored in the second word line is a second value, output the security code data stored in the first word line As the security code, when the check bit is the first value, continue to read the security code data stored in the third word line until it matches the (i+1)th word line When the check bit corresponding to the stored security code data is the second value, output the security code data stored in the i-th word line as the security code (i=1~n-1, i is an integer). 如請求項3所述的具有保全功能的半導體裝置,其中當與第1條字元線所儲存的所述安全碼資料相應的所述校驗位元為所述第二值時,判斷所述可程式化記憶單元尚未儲存所述安全碼資料,所述可程式化記憶單元能接收來自所述內部電路的程式化命令,對所述可程式化記憶單元進行程式化。The semiconductor device with a security function as described in claim 3, wherein when the check bit corresponding to the security code data stored in the first word line is the second value, it is judged that the The programmable memory unit has not stored the security code data, and the programmable memory unit can receive a programming command from the internal circuit to program the programmable memory unit. 如請求項3所述的具有保全功能的半導體裝置,其中所述校驗位元的所述第一值為1,所述第二值為0。The semiconductor device with security function according to claim 3, wherein the first value of the parity bit is 1, and the second value is 0. 如請求項1所述的具有保全功能的半導體裝置,其中所述內部電路至少包括記憶體電路。The semiconductor device having a security function according to claim 1, wherein the internal circuit includes at least a memory circuit. 如請求項1所述的具有保全功能的半導體裝置,其中所述驗證資料通過所述半導體裝置的位址接腳輸入。The semiconductor device with security function as claimed in claim 1, wherein the verification data is input through an address pin of the semiconductor device. 如請求項1所述的具有保全功能的半導體裝置,其中所述可程式化記憶單元至少包括一次可程式化記憶體或電子熔絲。The semiconductor device with security function according to claim 1, wherein the programmable memory unit includes at least one-time programmable memory or electronic fuse. 一種半導體裝置的保全方法,所述半導體裝置具有可程式化記憶單元,用以儲存安全碼資料,所述半導體裝置的保全方法包括: 從所述半導體裝置外部接收驗證資料; 從所述可程式化記憶單元接收所述安全碼資料,並且在所述安全碼資料被判斷為能作為安全碼時,提供所述安全碼; 比較所述驗證資料與所述保全碼,並且在所述驗證資料與所述保全碼為相同時,使所述半導體裝置可以被存取, 其中判斷所述安全碼資料是否能作為所述安全碼是依據所述安全碼資料中的校驗位元。 A security method for a semiconductor device, the semiconductor device has a programmable memory unit for storing security code data, the security method for the semiconductor device includes: receiving verification data from outside the semiconductor device; receiving the security code data from the programmable memory unit, and providing the security code when the security code data is judged to be a security code; comparing the verification data with the security code, and enabling the semiconductor device to be accessed when the verification data and the security code are the same, Wherein judging whether the security code data can be used as the security code is based on the check bits in the security code data. 如請求項9所述的半導體裝置的保全方法,其中所述可程式化記憶單元包括由多條字元線(n條,n為整數)所構成的陣列區域,用以儲存所述安全碼資料,所述半導體裝置的保全方法更包括: 讀取所述多條字元線的第1條字元線所儲存的所述安全碼資料; 當與所述第1條字元線所儲存的所述安全碼資料相應的所述校驗位元為第一值,讀取第2條字元線所儲存的所述安全碼資料;以及 當與所述第2條字元線所儲存的所述安全碼資料相應的所述校驗位元為第二值時,將所述第1條字元線所儲存的所述安全碼資料輸出作為所述安全碼,所述校驗位元為所述第一值時,繼續讀取第3條字元線所儲存的所述安全碼資料,直到與第(i+1)條字元線所儲存的安全碼資料相應的所述校驗位元為第二值時,將第i條字元線所儲存的所述安全碼資料輸出作為所述安全碼(i=1~n-1,i為整數)。 The method for securing a semiconductor device according to claim 9, wherein the programmable memory unit includes an array area composed of a plurality of word lines (n, n is an integer) for storing the security code data , the preservation method of the semiconductor device further includes: reading the security code data stored in the first word line of the plurality of word lines; When the check bit corresponding to the security code data stored in the first word line is a first value, read the security code data stored in the second word line; and When the check bit corresponding to the security code data stored in the second word line is a second value, output the security code data stored in the first word line As the security code, when the check bit is the first value, continue to read the security code data stored in the third word line until it matches the (i+1)th word line When the check bit corresponding to the stored security code data is the second value, output the security code data stored in the i-th word line as the security code (i=1~n-1, i is an integer). 如請求項10所述的半導體裝置的保全方法,其中當與第1條字元線所儲存的所述安全碼資料相應的所述校驗位元為所述第二值時,判斷所述可程式化記憶單元尚未儲存所述安全碼資料,並對所述可程式化記憶單元進行程式化。The semiconductor device security method according to claim 10, wherein when the check bit corresponding to the security code data stored in the first word line is the second value, it is judged that the The programmable memory unit has not stored the security code data, and the programmable memory unit is programmed. 如請求項10所述的半導體裝置的保全方法,其中所述校驗位元的所述第一值為1,所述第二值為0。The semiconductor device security method according to claim 10, wherein the first value of the parity bit is 1, and the second value is 0. 如請求項9所述的半導體裝置的保全方法,其中所述半導體裝置是由記憶體電路所構成。The method for securing a semiconductor device according to claim 9, wherein the semiconductor device is composed of a memory circuit. 如請求項9所述的半導體裝置的保全方法,其中所述可程式化記憶單元包括一次可程式化記憶體或電子熔絲。The method for securing a semiconductor device according to claim 9, wherein the programmable memory unit includes a one-time programmable memory or an electronic fuse. 如請求項9所述的半導體裝置的保全方法,更包括: 通過所述半導體裝置的位址接腳輸入所述驗證資料。 The semiconductor device preservation method as described in Claim 9, further comprising: The verification data is input through the address pins of the semiconductor device.
TW110111434A 2021-03-30 2021-03-30 Semiconductor device with security function and security method thereof TWI750073B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110111434A TWI750073B (en) 2021-03-30 2021-03-30 Semiconductor device with security function and security method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110111434A TWI750073B (en) 2021-03-30 2021-03-30 Semiconductor device with security function and security method thereof

Publications (2)

Publication Number Publication Date
TWI750073B TWI750073B (en) 2021-12-11
TW202238608A true TW202238608A (en) 2022-10-01

Family

ID=80681347

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110111434A TWI750073B (en) 2021-03-30 2021-03-30 Semiconductor device with security function and security method thereof

Country Status (1)

Country Link
TW (1) TWI750073B (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101740111B (en) * 2008-11-11 2013-11-06 国民技术股份有限公司 Semiconductor memory device and method thereof for realizing safe memory of data
KR20160103236A (en) * 2015-02-23 2016-09-01 삼성전자주식회사 Storage device and operating method of the same
US10754956B2 (en) * 2015-11-17 2020-08-25 Andium Inc. Security stack for embedded systems
US10387333B2 (en) * 2017-01-05 2019-08-20 Qualcomm Incorporated Non-volatile random access memory with gated security access
TWI627555B (en) * 2017-10-16 2018-06-21 旺宏電子股份有限公司 method for physically unclonable function-identification generation AND apparatus of THE SAME

Also Published As

Publication number Publication date
TWI750073B (en) 2021-12-11

Similar Documents

Publication Publication Date Title
US7466600B2 (en) System and method for initiating a bad block disable process in a non-volatile memory
US7031188B2 (en) Memory system having flash memory where a one-time programmable block is included
US6445606B1 (en) Secure poly fuse ROM with a power-on or on-reset hardware security features and method therefor
TWI754369B (en) Physical unclonable function code generation appratus and method thereof
EP3446313B1 (en) Systems and methods to provide security to one time program data
TW201734879A (en) SRAM-based authentication circuit
US10803969B1 (en) Memory authentication
US20110002186A1 (en) Secure electrically programmable fuse and method of operating the same
US6879518B1 (en) Embedded memory with security row lock protection
JP2001084780A (en) Nonvolatile semiconductor memory
US9230692B2 (en) Apparatuses and methods for mapping memory addresses to redundant memory
JP4920680B2 (en) A device that protects memory against attacks caused by error injection
KR100632939B1 (en) Memory system having flash memory where otp block is included
TWI750073B (en) Semiconductor device with security function and security method thereof
US7362645B2 (en) Integrated circuit fuses having corresponding storage circuitry
US7890721B2 (en) Implementation of integrated status of a protection register word in a protection register array
US20130291130A1 (en) Protection of Memory Field Using Illegal Values
CN113380317A (en) Repair circuit and memory device including the same
JPH11328326A (en) Ic card
KR20170075861A (en) Integrated circuit and memory device
JP2007193913A (en) Nonvolatile semiconductor storage device