CN113079019A - Integrated circuit device and method and system for generating security key thereof - Google Patents

Integrated circuit device and method and system for generating security key thereof Download PDF

Info

Publication number
CN113079019A
CN113079019A CN202110337813.XA CN202110337813A CN113079019A CN 113079019 A CN113079019 A CN 113079019A CN 202110337813 A CN202110337813 A CN 202110337813A CN 113079019 A CN113079019 A CN 113079019A
Authority
CN
China
Prior art keywords
bits
key
address
scrambled
controller
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110337813.XA
Other languages
Chinese (zh)
Other versions
CN113079019B (en
Inventor
吕士濂
李坤锡
王仕良
张琮永
池育德
李承恩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Taiwan Semiconductor Manufacturing Co TSMC Ltd
Original Assignee
Taiwan Semiconductor Manufacturing Co TSMC Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US17/106,856 external-priority patent/US11528135B2/en
Application filed by Taiwan Semiconductor Manufacturing Co TSMC Ltd filed Critical Taiwan Semiconductor Manufacturing Co TSMC Ltd
Publication of CN113079019A publication Critical patent/CN113079019A/en
Application granted granted Critical
Publication of CN113079019B publication Critical patent/CN113079019B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3278Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Transmitters (AREA)

Abstract

Systems and methods of generating a security key for an integrated circuit device include generating a plurality of key bits with a Physically Unclonable Function (PUF) device. The PUF may include a random number generator that may create random bits. Random bits may be stored in non-volatile memory. The number of random bits stored in the non-volatile memory allows multiple challenge and response interactions to obtain multiple security keys from the PUF. Embodiments of the present application also relate to integrated circuit devices.

Description

Integrated circuit device and method and system for generating security key thereof
Technical Field
Embodiments of the present application relate to integrated circuit devices and methods and systems for generating security keys thereof.
Background
As the reliance on computer systems and the internet increases in many areas such as personal communications, shopping, banking, commerce, etc., the need for improving network security also increases. Many security measures may be employed, including encryption. A Physical Unclonable Function (PUF) is a physical object embodied in a physical structure that can be used to produce an output. The output is easy to evaluate, but the output is difficult or hardly predictable. The PUF output may be used as a unique identifier or key in secure computations and communications.
A single PUF device must be easy to manufacture but in practice it is almost impossible to replicate, even given the precise manufacturing process that produced it. In this respect, it is a hardware simulation of the one-way function. PUFs are typically implemented in integrated circuits and are typically used in applications with high security requirements.
Disclosure of Invention
Some embodiments of the present application provide a method of generating a security key for an integrated circuit device, comprising: generating a plurality of key bits with a random number generator; storing the plurality of key bits in a non-volatile memory; and generating the security key from the plurality of key bits stored in the non-volatile memory.
Further embodiments of the present application provide an integrated circuit device comprising: a physical unclonable function generator to output two or more security keys, each security key comprising a plurality of key bits, wherein the physical unclonable function generator comprises: a Static Random Access Memory (SRAM) to be read after initialization to provide one or more of the plurality of key bits; a one-time programmable (OTP) device for: storing the plurality of key bits read from the SRAM; and providing one of the two or more security keys from the plurality of key bits when the address is received.
Still further embodiments of the present application provide a system for generating a security key for an integrated circuit device, the system comprising: a random number generator, comprising: a Static Random Access Memory (SRAM) to be read to provide a plurality of bits after initialization; a Linear Feedback Shift Register (LFSR) to scramble the plurality of bits read from the SRAM into scrambled key bits; an input address scrambler to: receiving an input address; scrambling the input address to a scrambled address; providing the scrambled address; a one-time programmable (OTP) device in communication with the linear feedback shift register and the input address scrambler to: storing the scrambled key bits provided from the linear feedback shift register; associating the scrambled key bits with an address; receiving the scrambled address from the input address scrambler; determining the address associated with the scrambled key bit, the address matching the scrambled address; reading the scrambled key bits having the address matching the scrambled address; providing the scrambled key bits as the security key; an output register in communication with the one time programmable device, the output register to: receiving the security key from the one-time programmable device; and outputting the security key.
Drawings
Various aspects of the invention are best understood from the following detailed description when read with the accompanying drawing figures. It should be noted that, in accordance with standard practice in the industry, various components are not drawn to scale. In fact, the dimensions of the various elements may be arbitrarily increased or decreased for clarity of discussion.
Fig. 1 is a block diagram illustrating aspects of an exemplary Physical Unclonable Function (PUF) generator/device according to an example of the present application.
Fig. 2 is a block diagram illustrating aspects of the example controller of fig. 1 according to an example of the present application.
Fig. 3 is a block diagram illustrating aspects of an exemplary data structure of the PUF device of fig. 1, according to an example of the present application.
Fig. 4A is a communication diagram illustrating aspects of communication between components of a PUF device according to an example of the application.
Fig. 4B is another communication diagram illustrating aspects of communication between components of a PUF device according to an example of the present application.
Figure 5 is a process flow diagram illustrating aspects of a method for storing random numbers in a non-volatile memory of a PUF device according to an example of the present application.
Figure 6 is a process flow diagram illustrating aspects of an exemplary method for generating a PUF security key according to an example of the present application.
Figure 7 is another process flow diagram illustrating aspects of a method for storing random numbers in a non-volatile memory of a PUF device according to an example of the present application.
Figure 8 is a process flow diagram illustrating aspects of a method for determining a state of a PUF device according to an example of the present application.
Detailed Description
The following disclosure provides many different embodiments, or examples, for implementing different features of the provided subject matter. Specific examples of components and arrangements are described below to simplify the present disclosure. These are, of course, merely examples and are not intended to limit the invention. For example, in the following description, forming a first feature over or on a second feature may include an example in which the first and second features are formed in direct contact, and may also include an example in which additional features may be formed between the first and second features, such that the first and second features may not be in direct contact. Moreover, the present disclosure may repeat reference numerals and/or characters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various examples and/or configurations discussed.
As mentioned above, a Physical Unclonable Function (PUF) is a physical object embodied in a physical structure that can be used to produce an easily evaluated, but hardly predictable output. Integrated Circuit (IC) devices typically include electronic circuitry formed on a semiconductor substrate or "chip" formed of a semiconductor material, such as silicon. Components of an IC device are formed on a substrate by a photolithographic process rather than building items one at a time. Electronic devices formed on a substrate are interconnected by conductors or lines also formed on the substrate by a photolithographic process. Although manufactured in large numbers, each IC device is unique due to physical randomness, even though the same manufacturing process materials are utilized. This intrinsic variation can be extracted and used as its unique identifier, like human DNA. According to the examples disclosed herein, such variation is used to create a unique IC device signature that is used as a PUF because it is unique, inherent to the particular device, unclonable (not imitable or reproducible), repeatable, etc.
Figure 1 is a block diagram illustrating an example of an integrated circuit device that may include a PUF device/generator 100 in accordance with an aspect of the present invention. Integrated circuit devices include substrates that form electronic devices, which may be any of a number of types of devices implemented by integrated circuits, such as processing devices or memory devices. The PUF device 100 is configured to receive a challenge via the input port 116. In response to the challenge, the authentication circuit is configured to provide a response in the form of a secure key, which is output by the PUF circuit 100 via the output port 120. As described above, the PUF100 is constructed based on the occurrence of different physical process variations during IC manufacturing. These static physical changes allow the IC to have a unique fingerprint (or multiple unique fingerprints) that is specific to the IC. When a particular challenge is received via input port 116, a corresponding unique response is generated. An IC capable of generating multiple fingerprints is a powerful PUF, since multiple challenge and response pairs may be utilized.
With some PUF generation techniques, some potential security key bits may differ from one PUF generation to another. In the present invention, such key bits are referred to as random bits. Typically, these random bits are not suitable for key generation, since messages encrypted with a key having random bits may not be reliably decrypted. Useful bits are collected and identified to generate a unique and reliable key for each IC device. In some examples disclosed herein, scrambled random bits are retained, rather than a record of key bits used to generate the security key. In the example shown in FIG. 1, a scrambled version of the random bits is stored in the non-volatile memory 110. Generating the security key includes: access the memory 110; and then outputs the response key.
The PUF device 100 is configured to generate a security key comprising a predetermined number of key bits. As described above, the security key is provided in response to a received challenge, and is unique to a particular IC device 100 due to inherent variations caused by the manufacturing process used for the device. In some examples, the PUF device 100 includes a random number generator 104, e.g., a memory array, such as an SRAM memory array, in which memory cells of the array generate key bits for a security key. The size of the SRAM array or the number of memory cells of the SRAM array used for key generation may be determined based on the size of the required security key.
A processing memory 110 is provided for PUF data processing. In the example shown, the processing memory 110 is a non-volatile memory (NVM). In some examples, the processing memory 110 is a one-time programmable (OTP) memory or device. Hereinafter, the processing memory 110 may be interchangeably referred to as the NVM110 or the OTP110, however, it should be noted that the processing memory 110 is not limited to non-volatile memory or to OTP memory or devices.
A request for a security key is received in the form of a challenge 124. The input address block 116 processes such requests or challenges to ensure correctness of the challenge before it is presented to the processing memory 110. Based on the valid response, the security key is retrieved by the processing memory 110. In some examples, the input address block 116 responds by scrambling the input address process to randomize requests for security keys sent to the processing memory 110.
In the exemplary circuit shown in fig. 1, the memory for storing the scrambled bits comprises a non-volatile memory provided on the PUF device 100 itself. In other examples, the memory is external to the PUF device 100. In fig. 1, the memory is an antifuse OTP110, which tags the address of scrambled random bits identified in the PUF 100. Initially OTP110 contains no information, as will be discussed further below. During the debug process, OTP110 is updated with the scrambled bits and addresses at the end of each of the multiple steps. At the end of all steps, the OTP110 will contain information about all scrambled bits. This information is used by the PUF100 to generate a security key in response to a received challenge. The illustrated example also includes a controller 102. In an example where the NVM110 is implemented via the OTP110, the controller 102 is connected with the OTP110 for read and write modes.
The illustrated authentication circuit 100 further comprises an input address block 116 providing an interface external to the PUF device 100. For example, input address block 116 initiates access to PUF device 100 and tracks all transactions related to OTP110 access and data collection.
The PUF device 100 obtains inherent differences between manufactured devices to generate a PUF signature. For example, there are PUFs based on delay chains, where the PUF converts variations (differences) into delay variations. Delay chain based PUFs employ a set of delay chains made of logic gates. Each chain will have a different delay due to static variations of the components. Through the sampling delay, a signature may be generated for the random number from the Random Number Generator (RNG) 104.
Another approach is memory-based PUFs, in which the variation of devices in a bi-stable element is transformed to generate either a "1" or a "0". Such memory-based PUFs include memory cell arrays that may be implemented as any one of a plurality of memory cell arrays, such as Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), Magnetoresistive Random Access Memory (MRAM), Resistive Random Access Memory (RRAM), Read Only Memory (ROM), and the like. A particular type of memory-based PUF is an SRAM PUF, which includes an SRAM array 106. These PUFs utilize small memory cell variations to generate signatures. For example, a signature may be generated from the start-up state of a cell by an SRAM array, which is random and unique across different SRAMs.
In some configurations, the RNG 104 includes a memory array on which the PUF is based. For example, such SRAM-based PUFs use the memory initial data content (start-up conditions) of the SRAM array 106 to generate a security key. The bits of the generated key that do not change state from one boot cycle to the next are called stable bits. However, attempting to identify and record each stable bit to be used for key generation would require a significant amount of time, and recording the stable bit may expose key generation to end attacks. Furthermore, due to environmental effects, noise and aging that may affect the stable bits of the memory, a large number of additional bits will be required to correct the error.
As described above, some examples implement a PUF generator via SRAM memory. For example, the PUF signature may be generated by using a startup state of the SRAM device. Although SRAM devices include symmetric cells (bits), manufacturing variations can still result in each bit tending to be in either a high state (i.e., a logic "1") or a low state (i.e., a logic "0") when the SRAM device is activated. This initial start-up state of bits is randomly distributed across the entire SRAM device, which causes variability in the unique key that can be defined by the PUF to produce the SRAM device.
In other examples where SRAM is used as a PUF generator, each bit of the security key is generated by comparing the access speeds (e.g., read speeds) of two memory cells of the memory device. In such an example, there is no need to repeatedly start and shut down the memory device because the PUF signature is based on a comparison of read speeds.
Regardless of the type of SRAM-based RNG 104, the bits or signatures of the SRAM106 may be scrambled. The scrambled SRAM bits may further randomize the randomized bits from SRAM106 and prevent security compromise by reading SRAM106 because the bits stored in OTP110 are different from the bits read from SRAM 106. The scrambler 108 may be a bit folding circuit. In other configurations, the scrambler 108 may be a Linear Feedback Shift Register (LFSR), and optionally paired with one or more XOR gates. Regardless of the type of scrambler, the read SRAM bits may be scrambled or changed to a new configuration, which makes the PUF100 difficult to compromise because even if the read SRAM is not the same as the bits stored in the OTP 110.
Another component of the PUF100 may be a built-in self test (BIST) 112. BIST 112 may determine the functionality or appropriate operation of OTP110 and/or RNG 104. BIST 112 may send and receive signals from OTP110 and RNG 104 to determine that both components 110, 104 are working and working properly. The operational information may be transmitted back to the controller 102.
Verification component 114 may verify information or data stored within OTP110 and/or from RNG 104. For example, RNG 104 may store bits within OTP110, and then verify component 114 may read the bits from OTP110 and compare the bits to information in a register of RNG 104 to determine whether the bits were correctly written to OTP 110. Any type of information generated from this verification may then be sent to the controller 102 for further operation. In other cases, the OTP110 may also verify the information being read and sent to the output register 118. In this manner, the controller 102 may determine whether the output to the output register 118 has been sent and/or is correct.
Output register 118 may store bits from OTP110 for output from PUF 100. Output register 118 may be configured by controller 102 to change the size of the key or the number of response bits to be issued from PUF 100. In at least some configurations, the output port 120 may output the set digits, e.g., 16 bits, in a parallel or serial format. The output register 118 may store keys of different sizes, which may be larger than 16 bits of the output port 120. Thus, the output register 118 may be configured to store the entire output key to be issued from the output port 120 as one or more signals 128. The output port 120 may send the key bits in several signals 128, e.g., 16 bits at a time, after which the output port 120 obtains all of the key bits from the output register 118 in one or more consecutive reads, and the entire key is issued as signal 128.
The output port 120 may be a parallel port or a serial port that sends the signal 128 to another device or function on or off the integrated circuit in communication with the PUF 100. The output port 120 may have a set number bit, e.g., 16 bits, that the output port 120 may send in any one of the signals 128. The output port 120 may send a continuous or repeated output until the entire key is provided as the output signal 128.
The PUF100 may also include an input address block 116. The input address block 116 may accept an input challenge signal 124, which may include an address. The address may be sent by the input address block 116 to the OTP110 to retrieve the key with the address. The key may be output as a response to the challenge signal as described herein. In at least some configurations, the input address block 116 may also scramble the address 124. In this way, the output key is randomized according to the address, and the key is prevented from being determined by repeated challenge and response. The scrambler in the input address block 116 may be an LFSR or other circuit.
A set of functions or components of the controller 102 may be as shown in fig. 2. The functional components 202 through 216 may represent different types of functions or processes performed or generated by the controller 102. These various functions may be embodied as firmware loaded into the controller 102 from memory, or may be gates or other hardware permanently embodied in the integrated circuit of the controller 102. In any case, these different functions help to produce the output from the PUF100 and control the different functions that the PUF100 can utilize.
The random number generator and/or the random number generator interface 202 may interact with the RNG 104. Thus, in at least some configurations, the controller 102 can read or write to the SRAM 106. In addition, the controller 102 may activate the SRAM or RNG 104. The controller 102 may also be coupled to the scrambler 108. Thus, the controller 102 may activate the scrambler 108, affect the function of the scrambler, read information from the scrambler 108, or perform other operations with the scrambler 108.
Controller 102 may also include NVM interface 204. The NVM interface 204 can interact with the nonvolatile memory 110. Thus, the controller 102 can read or write information to the NVM 110. In some configurations, the controller 102 may only be able to read certain portions of the NVM 110. For example, controller 102 may determine whether OTP110 has been programmed with a random number. In addition, the controller 102 may initiate the OTP110 or perform other operations including, for example, causing the OTP110 to send a key to the output register 118.
The initial write of the NVM function 206 can proceed to the NVM110 with a first initial store of the random number. This initial write of NVM functionality 206 may cause SRAM106 to provide data to scrambler 108, which may then be read or written into OTP 110. Thus, the initial write of the NVM functionality 206 controls the process used to store the random number into the NVM 110.
Verification of NVM functionality 208 may verify, by verification block 114, that the information being written to OTP110 is the same as the information provided in the register of scrambler 108. Thus, the controller 102 may interact with the verification block 114, with the random number generator 104, and with the OTP110 to determine whether correct data is written from the RNG 104 into the OTP 110.
In some configurations, controller 102 may act as a scrambler to scramble bits from SRAM106 using an optional scrambler of RNG bit function 210. In this manner, the controller 102 functions as the scrambler 108. Accordingly, the controller 102 may include bit folding circuit functionality, LFSR circuitry/functionality, or other types of scrambling techniques. The controller 102 may provide the necessary scrambling of the bits for the OTP 110.
After the NVM110 stores the random numbers scrambled from the scrambler 108, the powering down of the NVM functionality 212 can stop writing to the NVM 110. Thus, controller 102 may also cause OTP device 110 to set one or more bits indicating that OTP110 has been written and that the key has been stored. Further, when the PUF100 is enabled, the controller 102 may read these set bits from the OTP110 and then, based on the OTP110 state that has been programmed, may write bits such as 1's and 0's to the SRAM106 to prevent reading the SRAM's enabled state.
The key size determiner 214 may be an interface that may receive a signal 122 indicating the size of the key desired as output. The key size determiner 214 may then interact with the output register 118 to set the size of the register that stores and receives the bits associated with the key having the set key size. Hereinafter, the controller 102 may control the output register 118 to send the key to the output port 120.
The input/output interface 216 may interact with circuits, devices, functions, etc. external to the PUF 100. The input signal 122 may be sent to an input/output interface 216 of the controller 102 to implement certain functions. Furthermore, the input/output interface 216 may also send the signal 126 or other signals sent from the PUF 100. The input/output interface 216 may interact with the output register 118 and/or the output port 120 to send the output signals 126, 128. These output signals 126, 128 may include an indication that the output 128 is ready in the output register 118 and/or the output port 120. When a challenge (possibly with an address) is received to request a security key, the input/output interface 216 may also interact with the input address block 116, which the input address block 116 may receive and scramble the address to receive an indication at the controller that the address has been received. The input address block 116 can provide an address to the NVM110 to have a key readout placed into the output register 118. Thus, external communication may be controlled by the input/output interface 216 of the controller 102.
An example of a data structure 300 that may represent random bits stored as a key in OTP110 may be as shown in fig. 3. The data structure 300 may have different fields or portions as provided and shown in fig. 3. There may be more or fewer fields or portions as shown in fig. 3, as represented by the ellipse 310. The data structure 300 may include one or more addresses 304, one or more portions of reserved bits 302 associated with one or more random numbers 306. Reserved bits 302 may be one or more bits used to provide information to controller 102 or other components within PUF 100. For example, the reserved bits 302 may have one or more bits set to indicate that the OTP110 has been programmed with a key stored as the random number 306.
Address 304 is a set of Identifiers (IDs) or data that indicates or is associated with a set of random numbers in portion 306. The address 304 may be specified or targeted by the input address block 116. The random number 306 associated with the address 304 may be extracted by requesting a key from the data structure 300 using the address 304.
Random number 306 is a scrambled set of bits from SRAM106 stored within OTP 110. These random numbers 306 are keys that can be accessed or retrieved from or during the challenge/response. Random number 306 may be partially input into data structure 300, such as portion 308. In other configurations, portion 308 represents a set of random bits equal to the key. These portions 308 may include output bits that are sent to the output register 118 and then to the output port 120. Thus, there may be several keys 308 within the random number that may be accessed. The large number of random bits that can be packed into the security key allows flexibility in using the OTP110 to provide many different security keys.
Examples of the various signals that may occur in the PUF100 may be as shown in fig. 4A and 4B. The controller 102 may receive a reset signal 402 into the input/output interface 216. The reset signal 402 may be an external signal for resetting the PUF 100. In response to the reset signal 402, the controller 102 may send a reset or start signal 404 to the random number generator 104, e.g., to the SRAM106 and/or a signal 406 to the OTP 110.
In addition, controller 102 can send test signal 408 to BIST 112. BIST 112 may request the state of RNG 104 and/or OTP110 in signals 410a and 410 b. The RNG 104 may respond to the state in signal 412 and the non-volatile memory 110 may respond to the state in signal 414. This status information may be sent back from BIST 112 to controller 102 in signal 416. The controller 102 may then know the status of the different components within the PUF100 and report it externally, if required. These signals 402 to 416 thus represent signals for reset and/or self-test to determine that the internal circuitry of the PUF100 is functioning properly.
The controller 102 may then receive the status check signal 418. In response to signal 418, controller 102 may query non-volatile memory 110 for the state of OTP110 using signal 420. Signal 420 may represent controller 102 reading reserved bits 302 from data structure 300. These reserved bits 302 may indicate whether the OTP110 has been programmed. This information may be sent back to the controller 102 or read by the controller 102. The controller 102 may then receive the signal 422 in signal 424 and output a status. State 424 may indicate whether OTP110 has been programmed.
If the OTP110 has not been programmed, then the controller 102 may store the information into the OTP 110. In this sequence of signals, controller 102 may send signal 426 to RNG 104 to begin generating scrambled random numbers to be stored in OTP 110. The RNG 104 may then provide these scrambled random numbers to the OTP110 in signal 428. Although the SRAM106 may be read out in 16-bit blocks or other sized blocks, bits may be read into the OTP110 one bit at a time. Random bits can be stored into the NVM 110.
After reading a set of bits into OTP110, OTP110 and RNG 104 may each send the stored bits as signals 430a and 430b to verify block 114. The verification block 114 may determine whether the bits stored into the OTP110 are the same as the bits output from the RNG 104. If the bit is verified, the verification block 114 may send a signal 432 indicating verification back to the controller 102. If the verify block 114 indicates that the bits are not the same, then the controller 102 may receive a signal 432 indicating a write failure. Controller 102 may then cause SRAM106 to resend the scrambled bits to OTP 110. If the verification fails twice, the controller 102 may output an error as signal 122. However, if the verification is correct, controller 102 may indicate that the process of storing the random bits into OTP110 will continue, as indicated by arc 434.
In some instances, the controller 102 may continue the process represented by the arc 434. After all possible random bits are stored in the OTP110, the controller 102 may send a signal 436 to burn-in the OTP110 and prevent the OTP110 from receiving more bits. Thus, the OTP110 may then be unable to store more bits at that time, but may be used in a challenge and response process for generating or providing a key.
The controller 102 may also receive a key size signal 438 as shown in fig. 4B. The key size signal 438 may indicate the size of the key to be output by the PUF 100. In response to signal 438, controller 102 may then send signal 440 to output register 118 to set the key size according to the information in signal 438. Thus, the output register 118 may provide available storage capacity for all bits of the key requested as output.
The controller 102 may then receive the challenge signal 442 to request the key. This signal 442 may trigger the controller 102 to send a signal 444 to the OTP110 in preparation for receiving the address input as a challenge. The controller 102 may also be connected to an input address block 116 to determine when an input address is received and to control the output of that address to the OTP 110. The input address may be received at input address block 116 in signal 446. The input address may then be scrambled and the scrambled address may be sent to the OTP110 as signal 448. The OTP110 may access an address in the address data 304 and read out a random number 306 associated with the received address. The associated random number 306 represents a key that may then be sent as a signal 450 to the output register 118 and/or the verification block 114 (not shown). The output register 118 may then provide the key in a smaller portion in signal 452 to the output port 120. The controller 102 may also send a signal 454 to indicate that the output register 118 and/or the output port 120 are ready for output. When an indication is received that an output can be received, the output key may be sent out of the output port 120 in a continuous signal 456.
Fig. 5 is a process flow diagram generally illustrating aspects of an exemplary method 500 for generating random numbers and storing those random numbers into OTP110, in accordance with aspects of the present invention. The general sequence of the operations of method 500 is shown in fig. 5. The method 500 may include more or fewer operations or steps, or may arrange the operations or steps in a different order than those shown in fig. 5. The method 500 may be implemented as a set of computer executable instructions executed by a processor, such as the controller 102 of the PUF100, and encoded or stored on a computer readable medium. Further, the method 500 may be implemented by a gate or circuit associated with a processor, an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), a system on a chip (SOC), another IC, or other hardware device, such as the controller 102. The method 500 will be explained hereinafter with reference to the systems, components, devices, modules, circuits, firmware, software, signals, data structures, methods, etc., described in connection with fig. 1-4B and 6-8; however, those skilled in the art will appreciate that some or all of the operations of method 500 may be performed by, or using, different elements than those described below.
In operation 508, the registers, devices, components, and controller 102 may be reset. The input/output interface 216 of the controller 102 may receive the reset signal 402 as part of the signal 122. The reset signal 402 instructs the controller 102 to reset or start the PUF 100. RNG interface 202 can then send a reset or start signal 404 to SRAM 106. NVM interface 204 may send a reset or start signal 406 to OTP 110. Controller 102 may also send test signals 408 to BIST 112 to test the functionality of other components.
BIST 112 may then perform self-tests on RNG 104 and/or OTP110 at operation 512. NVM110 and RNG 104 may send responses back to BIST 112 that may indicate whether those components 104, 110 are working and functioning properly. This self-test information may then be sent back to the controller 102.
Then, in operation 516, the controller 102 may receive the optional status check signal 418 and then perform a status check on the OTP 110. The status check may be initiated by an input signal 418 received by the input/output interface 216 of the controller 102. In other cases, the controller 102 may check the status without an input signal. NVM interface 204 of controller 102 may send signal 420 to OTP110 to determine the status of OTP 110. Signal 420 reads reserved bit 302 in OTP110 to determine whether the reserved bit indicates that the OTP110 has been written with random bits and locked.
The reserved bit may have a single bit to indicate that the OTP110 has been written and/or locked. In another configuration, there may be two or more bits set to indicate that the OTP110 has been written and/or locked. For example, the reserved bits may be read and analyzed by majority voting of three or more bits to determine that the OTP110 has been written and/or locked. Controller 102 may then determine the state of OTP110 based on the reserved bit. This state may be sent by the input/output interface 216 as an output signal 424.
Then, in operation 520, an initial write of the NVM functionality 206 of the controller 102 can start the SRAM106 of the random number generator 104. Specifically, the initial write of the NVM function 206 begins or initializes the SRAM 106. Initialization may provide a first set of random bits in the SRAM106 based on the uniqueness of the SRAM 106. These unique random bits may be read from the SRAM106 by the initial write of the NVM function 206 in operation 524. The read bits may then be sent to the scrambler 108 in operation 528, where the random bits from the SRAM106 are scrambled. The bit folding circuit or linear feedback shift register may scramble the bits such that the bits in scrambler 108 are different from those read from SRAM 106. The scrambled random number bits may then be stored in a register or memory of scrambler 108 for storage in OTP 110.
In operation 536, RNG 104 may write the scrambling bits to OTP110 from a register with the scrambling bits. In some configurations, the OTP110 may receive only one bit per clock cycle. Thus, if the bit register in the scrambler 108 has more than one bit, the RNG 104 may send one bit from the RNG 104 to the OTP110 at a time during each clock cycle. This bit is written into the OTP110 until the block of bits has been written. At this point, a block of bits may be read out of OTP110 to verify block 114.
In operation 540, the verification block 114 may compare the block of bits sent from the OTP110 with the bits from the register of the scrambler 108. The verify block 114 determines whether the two bit blocks are the same. If the blocks are not the same, a message 432 may be sent to the verification of the NVM functionality 208 of the controller 102, and then the message 432 may restart the process to write the block of bits to the OTP110 again. If the blocks are the same, then a signal 432 indicating a positive comparison may be sent to the verification of the NVM functionality 208 of the controller 102, and the process continues.
At this point, in operation 544, the controller 102 may determine whether there are more random bits to store in the OTP 110. If the OTP is not full and there are more bits to store, the method 500 may continue with a YES return to operation 524 to store the next block of bits. However, if the OTP110 has a complete set of random bits stored within the OTP device 110, the method 500 may continue with "no" to operation 548 where the controller 102 may lock the OTP110 in operation 548.
In operation 548, the turning off of the NVM functionality 212 of the controller 102 may lock the OTP110 by setting the reserved bit 302 within the OTP device 110. Thus, the shutting down of the NVM functionality 212 of the controller 102 may prevent any further data storage within the OTP 110. At this point, the random number stored in OTP110 is stored as a set of possible keys 308 within field 306. Each of the random bits 306 may be associated with an address 304. To obtain the key, OTP110 may accept an address that matches the address in field 304. If the address messages match, the OTP110 can read the random bits associated with the received address and send the set of data as a key to the output register 118.
Fig. 6 is a process flow diagram generally illustrating aspects of an exemplary method 600 for generating a security key in accordance with aspects of the invention. The general sequence of the operations of method 600 is shown in fig. 6. The method 600 may include more or fewer operations or steps, or may arrange the operations or steps in a different order than those shown in fig. 6. The method 600 may be implemented as a set of computer executable instructions executed by a processor, such as the controller 102 of the PUF100, and encoded or stored on a computer readable medium. Further, the method 600 may be implemented by a gate or circuit associated with a processor, ASIC, FPGA, SOC, IC, or other hardware device, such as the controller 102. The method 600 will be explained hereinafter with reference to the systems, components, devices, modules, circuits, firmware, software, signals, data structures, methods, etc., described in connection with fig. 1-5 and 7-8; however, those skilled in the art will appreciate that some or all of the operations of method 600 may be performed by, or using, different elements than those described below.
In operation 608, the PUF100 may receive the address as a challenge. Address input signal 446 (part of signal 124) may be sent to input address block 116. The input address 446 may carry a challenge or other signal 442 that may be sent to the controller 102 as part of the signal 122. An address signal 442 may be received by the controller 102 and then another signal 444 may be sent to the OTP110 to initiate a response with the key by the OTP110 upon providing the address signal 448.
Optionally, in operation 612, the input address block 116 may scramble the input address 446. The input address block 116 may also include other types of scramblers for the LFSR. The input address block 116 may scramble the input address 446 to make the provided security key more random. The scrambled address may then be sent to the OTP110 as signal 448 to access the OTP110 in operation 616. Thus, the input address block 116 provides the scrambled address to the OTP110 to retrieve the desired security key.
In operation 620, the key size determiner 214 of the controller 102 may receive the key size indicator signal 438. The controller 102 may use the key size indicator message 438 to set the output key size in the output register 118 by sending a signal 440 to the output register 118. The key size information may also be stored in the controller 102. Thereafter, in operation 620, the controller 102 may determine a key size when obtaining the key. The controller 102 may access information stored regarding the key size and provide this information to the OTP110 and/or the output register 118.
Then, in operation 624, OTP110 may retrieve stored random bits 306 associated with received address 444 within data structure 300. Thus, OTP110 can scan for address 304 that matches or matches address 444. When a match is found, the OTP110 can retrieve the random number 306 associated with the address 304; the OTP110 retrieves digital bits associated with a key size 308 set by the controller 102.
The key information may then be sent as signal 450 to output register 118 in operation 628. The output register 118 may accept the full key size. The output register 118 may then output the bit stored in the output register 118 as a signal 452 to the output port 120 for transmission as a signal 456, which signal 456 may be part of the signal 128. In some cases, the output port 120 may accept a smaller portion of the data in the key 308 stored in the output register 118. Accordingly, the output register 118 may repeatedly send data to the output port 120. In operation 632, the output register 118 may read a portion of the keys in the register and send them out through the output port 120 until the entire key is sent as signal 456. In at least some cases, the input/output interface 216 of the controller 102 may send the output ready signal 126 when the key is ready to be sent out.
Fig. 7 is a process flow diagram generally illustrating aspects of an exemplary method 700 for generating random numbers stored in OTP110, in accordance with aspects of the invention. The general sequence of operations of method 700 is shown in fig. 7. The method 700 may include more or fewer operations or steps, or may arrange the operations or steps in a different order than those shown in fig. 7. The method 700 may be implemented as a set of computer executable instructions executed by a processor, such as the controller 102 of the PUF100, and encoded or stored on a computer readable medium. Further, the method 700 may be implemented by a gate or circuit associated with a processor, ASIC, FPGA, SOC, IC, or other hardware device, such as the controller 102. Method 700 will be explained hereinafter with reference to the systems, components, devices, modules, circuits, firmware, software, signals, data structures, methods, etc., described in connection with fig. 1-6 and 8; however, those skilled in the art will appreciate that some or all of the operations of method 700 may be performed by, or using, different elements than those described below.
In operation 708, the registers, devices, components, and controller 102 may be reset. The input/output interface 216 of the controller 102 may receive the reset signal 402 as part of the signal 122. The reset signal 402 instructs the controller 102 to reset or start the PUF 100. RNG interface 202 may then send a reset or start signal 404 to SRAM 106. NVM interface 204 may send a reset or start signal 406 to OTP 110. Controller 102 may also send test signals 408 to BIST 112 to test the functionality of other components.
BIST 112 may then perform self-tests on RNG 104 and/or OTP110 at operation 712. NVM110 and RNG 104 may send responses back to BIST 112 that may indicate whether those components 104, 110 are working and functioning properly. This self-test information may then be sent back to the controller 102.
Then, in operation 716, the controller 102 may receive the optional status check signal 418 and then perform a status check on the OTP 110. The status check may be initiated by an input signal 418 received by the input/output interface 216 of the controller 102. In other cases, the controller 102 may check the status without an input signal. NVM interface 204 of controller 102 may send signal 420 to OTP110 to determine the status of OTP 110. Signal 420 reads reserved bit 302 in OTP110 to determine whether the reserved bit indicates that the OTP110 has been written with random bits and locked.
The reserved bit may have a single bit to indicate that the OTP110 has been written and/or locked. In another configuration, there may be two or more bits set to indicate that the OTP110 has been written and/or locked. For example, the reserved bits may be read and analyzed by majority voting of three or more bits to determine that the OTP110 has been written and/or locked. Controller 102 may then determine the state of OTP110 based on the reserved bit. This state may be sent by the input/output interface 216 as an output signal 424.
Then, in operation 720, an initial write of the NVM functionality 206 of the controller 102 can start the SRAM106 of the random number generator 104. Specifically, the initial write of the NVM function 206 begins or initializes the SRAM 106. Initialization may provide a first set of random bits in the SRAM106 based on the uniqueness of the SRAM 106. In operation 724, these unique random bits may be read from the SRAM106 by the initial write of the NVM function 206. The read bits may then be sent to the scrambler 108 in operation 728, where the random bits from the SRAM106 are scrambled. The bit folding circuit or linear feedback shift register may scramble the bits such that the bits in scrambler 108 are different from those read from SRAM 106. The scrambled random number bits may then be stored in a register or memory of the scrambler 108 for storage in the OTP110 in operation 732.
In operation 736, RNG 104 may write the scrambling bits to OTP110 from a register with the scrambling bits. In some configurations, the OTP110 may receive only one bit per clock cycle. Thus, if the bit register in the scrambler 108 has more than one bit, the RNG 104 may send one bit from the RNG 104 to the OTP110 at a time during each clock cycle. This bit is written into the OTP110 until the block of bits has been written. At this point, a block of bits may be read out of OTP110 to verify block 114.
In operation 740, the verification block 114 may compare the block of bits sent from the OTP110 with bits from a register of the scrambler 108. The verify block 114 determines whether the two bit blocks are the same. If the blocks are not the same, a message 432 may be sent to the verification of the NVM functionality 208 of the controller 102, and then the message 432 may restart the process to write the block of bits to the OTP110 again. If the blocks are the same, then a signal 432 indicating a positive comparison is sent to the verification of the NVM functionality 208 of the controller 102, and the process continues.
At this point, in operation 744, the controller 102 may determine whether there are more random bits to store in the OTP 110. If the OTP is not full and there are more bits to store, the method 700 may continue with a YES return to operation 720 to store the next block of bits. However, if the OTP110 has a complete set of random bits stored within the OTP device 110, the method 700 may continue with "no" to operation 748, where the controller 102 may lock the OTP 110. In operation 744, there may be more random bits to store in OTP 110. However, SRAM106 may be smaller in size than OTP110, e.g., OTP110 may be 16kbit in size, and SRAM106 may be 1kbit in size. In these cases, the SRAM106 can be reinitialized by the controller 102 to resume the process of reading out the random bits. In this way, several iterations of initializing and reading bits from the SRAM106 may be used to write the larger OTP 110. Thus, rather than returning to operation 724, the method 700 continues back to operation 720 for several iterations, as shown in FIG. 5.
In operation 748, the turning off of NVM functionality 212 of controller 102 may lock OTP110 by setting reserved bit 302 within OTP device 110. Thus, the shutting down of the NVM functionality 212 of the controller 102 may prevent any further data storage within the OTP 110. At this point, the random number stored in OTP110 is stored as a set of possible keys 308 within field 306. Each of the random bits 306 may be associated with an address 304. To obtain the key, OTP110 may accept an address that matches the address in field 304. If the address messages match, the OTP110 can read the random bits associated with the received address and send the set of data as a key to the output register 118.
Figure 8 is a process flow diagram generally illustrating aspects of an exemplary method 800 of starting a process with a PUF100 in accordance with aspects of the present invention. The general sequence of the operations of method 800 is shown in FIG. 8. The method 800 may include more or fewer operations or steps, or may arrange the operations or steps in a different order than those shown in fig. 8. The method 800 may be implemented as a set of computer executable instructions executed by a processor, such as the controller 102 of the PUF100, and encoded or stored on a computer readable medium. Further, the method 800 may be implemented by a gate or circuit associated with a processor, ASIC, FPGA, SOC, IC, or other hardware device, such as the controller 102. The method 800 will be explained hereinafter with reference to the systems, components, devices, modules, circuits, firmware, software, signals, data structures, methods, etc., described in connection with fig. 1-7; however, those skilled in the art will appreciate that some or all of the operations of method 800 may be performed by, or using, different elements than those described below.
In operation 808, registers, devices, components, and controller 102 may be reset. The input/output interface 216 of the controller 102 may receive the reset signal 402 as part of the signal 122. The reset signal 402 instructs the controller 102 to reset or start the PUF 100. RNG interface 202 may then send a reset or start signal 404 to SRAM 106. NVM interface 204 may send a reset or start signal 406 to OTP 110. Controller 102 may also send test signals 408 to BIST 112 to test the functionality of other components.
BIST 112 may then perform self-tests on RNG 104 and/or OTP110 at operation 812. NVM110 and RNG 104 may send responses back to BIST 112 that may indicate whether those components 104, 110 are working and functioning properly. This self-test information may then be sent back to the controller 102.
The controller 102 may then receive the optional status check signal 418 and then perform a status check on the OTP110 in operation 816. The status check may be initiated by an input signal 418 received by the input/output interface 216 of the controller 102. In other cases, the controller 102 may check the status without an input signal. NVM interface 204 of controller 102 may send signal 420 to OTP110 to determine the status of OTP 110. Signal 420 reads reserved bit 302 in OTP110 to determine whether the reserved bit indicates that the OTP110 has been written with random bits and locked.
The reserved bit may have a single bit to indicate that the OTP110 has been written and/or locked. In another configuration, there may be two or more bits set to indicate that the OTP110 has been written and/or locked. For example, the reserved bits may be read and analyzed by majority voting of three or more bits to determine that the OTP110 has been written and/or locked. Then, in operation 820, the controller 102 may determine the state of the OTP110 based on the reserved bits. This state may be sent by the input/output interface 216 as an output signal 424.
If the lock bit is set, the method 800 continues with YES to operation 824, where the controller 102 may write a bit to the SRAM 106. Here, after initialization, SRAM106 may contain the same or similar set of bits as those written or provided to the scrambler and then written to OTP 110. To prevent those bits from being read out and possibly allow an external device or function to determine the contents of OTP110, controller 102 may write those bits (e.g., ones and/or zeros) into SRAM106 to change the contents stored in SRAM 106. In this way, if SRAM106 is read, the contents in SRAM106 will be different from the contents used to create the key in OTP 110.
In operation 828, if it is determined that the lock bit is not set, process 800 may continue with "no" to store the random bit in OTP 110. The storage of the random bits in operation 828 may be similar to the process described in connection with fig. 5 and 7.
Furthermore, the disclosed embodiments provide, among other things, a PUF that can generate a unique signature from an SRAM or random number generator. These signatures may be stored in NVM, where they do not change due to changes in the thermal or lifetime of the integrated circuit. In previous SRAM-based devices, the signature in the SRAM may change with time and heat. In other past OTP-type PUFs, those previous PUFs required an external port to store these bits in the OTP. This external port of the PUF is a weak point of PUF security, as this port can be used to write to or read from the OTP. In aspects herein, SRAM internal to the PUF does not use an external port, and thus reduces or eliminates the risk of reprogramming. Furthermore, with components internal to the PUF, aspects herein need not provide foundry information about the PUF. Even with the above differences, a PUF device may have many challenge/response pairs because of the large number of bits stored in the OTP.
Thus, the PUF device herein provides a reliable way to generate multiple signatures as challenge and response pairs for security functions. The PUFs herein have sufficient entropy (randomness) between each PUF to guarantee uniqueness. Finally, the PUF can protect against reprogramming attacks and "cold start" attacks.
Aspects of the invention include a method of generating a security key for an integrated circuit device, comprising: generating a plurality of key bits with a random number generator; storing a plurality of key bits in a non-volatile memory; and generating a security key from the stored plurality of key bits.
In some embodiments, the random number generator comprises a Static Random Access Memory (SRAM), wherein the plurality of key bits are read from the SRAM after the SRAM is initialized. In some embodiments, the random number generator further comprises: a scrambler that scrambles the plurality of key bits read from the static random access memory. In some embodiments, the scrambler is one of a bit folding circuit or a linear feedback shift register. In some embodiments, the non-volatile memory comprises a one-time programmable (OTP) device. In some embodiments, the plurality of key bits are stored into the one-time programmable device, and wherein the plurality of key bits represent two or more security keys.
In some embodiments, the one time programmable device receives an address and retrieves a security key associated with the address. In some embodiments, the address is scrambled before being provided to the one time programmable device. In some embodiments, the method further comprises: receiving a key size indicator; and setting a key size for the security key according to the key size indicator. In some embodiments, the method further comprises: outputting the security key in response to receiving the address.
In some embodiments, the method further comprises: locking the one-time programmable device after storing the plurality of key bits, wherein a locking bit is set in the one-time programmable device to indicate that the one-time programmable device is locked, wherein the one-time programmable device does not store additional bits after the locking bit is set. In some embodiments, the method further comprises: it is determined whether the lock bit is set. In some embodiments, the random number generator comprises a static random access memory and the non-volatile memory comprises a one-time programmable device, wherein the static random access memory stores fewer bits than the one-time programmable device and the static random access memory is initialized two or more times to provide the plurality of key bits to the one-time programmable device.
Another aspect of the invention includes an integrated circuit device having a PUF generator configured to output two or more security keys, each security key comprising a plurality of key bits, wherein the PUF generator comprises: a Static Random Access Memory (SRAM) to be read after initialization to provide one or more of a plurality of key bits; a one-time programmable (OTP) device for: storing a plurality of key bits read from the SRAM; and providing one of two or more security keys from the plurality of key bits when the address is received.
In some embodiments, the physically unclonable function generator further comprises: a scrambler to scramble the key bits read from the SRAM. In some embodiments, the scrambler is one of a bit folding circuit or a linear feedback shift register. In some embodiments, the physically unclonable function generator further comprises: an input address scrambler to receive an input address and scramble the input address to generate an address provided to the one time programmable device. In some embodiments, the physically unclonable function generator further comprises: a controller for controlling the functions of the SRAM and the OTP device; and an output register, wherein the controller further receives a key size indicator signal and sets the output register to store some bits according to the key size indicator signal for the security key.
Another aspect of the invention includes a system for generating a security key for an integrated circuit device, which may have a random number generator, comprising: a Static Random Access Memory (SRAM) to be read to provide a plurality of bits after initialization; a Linear Feedback Shift Register (LFSR) for scrambling a plurality of bits read from the SRAM; an input address scrambler to: receiving an input address; scrambling an input address to a scrambled address; providing a scrambled address; a one-time programmable (OTP) device in communication with the LFSR and the input address scrambler to: storing the scrambled key bits provided from the LFSR; associating the scrambled key bits with an address; receiving a scrambled address from an input address scrambler; determining an address associated with the scrambled key bit, the address matching the scrambled address; reading the scrambled bits having an address matching the scrambled address; providing the scrambled key bits as a security key; an output register in communication with the OTP device, the output register to: receiving a security key from the OTP device; and outputting the security key.
In some embodiments, the system further comprises: a controller to: controlling the functions of the SRAM and the OTP device; receiving a key size indicator signal; and setting the output register to store a number of bits in accordance with the key size indicator signal for the secure key.
The foregoing has outlined features of several examples so that those skilled in the art may better understand aspects of the present invention. Those skilled in the art should appreciate that they may readily use the present disclosure as a basis for designing or modifying other processes and structures for carrying out the same purposes and/or achieving the same advantages of the examples introduced herein. Those skilled in the art should also realize that such equivalent constructions do not depart from the spirit and scope of the present disclosure, and that they may make various changes, substitutions, and alterations herein without departing from the spirit and scope of the present disclosure.

Claims (10)

1. A method of generating a security key for an integrated circuit device, comprising:
generating a plurality of key bits with a random number generator;
storing the plurality of key bits in a non-volatile memory; and
generating the security key from the plurality of key bits stored in the non-volatile memory.
2. The method of claim 1, wherein the random number generator comprises a Static Random Access Memory (SRAM), wherein the plurality of key bits are read from the SRAM after the SRAM is initialized.
3. The method of claim 2, wherein the random number generator further comprises: a scrambler that scrambles the plurality of key bits read from the static random access memory.
4. The method of claim 3, wherein the scrambler is one of a bit folding circuit or a linear feedback shift register.
5. The method of claim 1, wherein the non-volatile memory comprises a one-time programmable (OTP) device.
6. The method of claim 5, wherein the plurality of key bits are stored into the one-time programmable device, and wherein the plurality of key bits represent two or more security keys.
7. The method of claim 5, wherein the one time programmable device receives an address and retrieves a security key associated with the address.
8. The method of claim 7, wherein the address is scrambled prior to providing the address to the one time programmable device.
9. An integrated circuit device, comprising:
a physical unclonable function generator to output two or more security keys, each security key comprising a plurality of key bits, wherein the physical unclonable function generator comprises:
a Static Random Access Memory (SRAM) to be read after initialization to provide one or more of the plurality of key bits;
a one-time programmable (OTP) device for:
storing the plurality of key bits read from the SRAM; and
providing one of the two or more security keys from the plurality of key bits when the address is received.
10. A system for generating a security key for an integrated circuit device, the system comprising:
a random number generator, comprising:
a Static Random Access Memory (SRAM) to be read to provide a plurality of bits after initialization;
a Linear Feedback Shift Register (LFSR) to scramble the plurality of bits read from the SRAM into scrambled key bits;
an input address scrambler to:
receiving an input address;
scrambling the input address to a scrambled address;
providing the scrambled address;
a one-time programmable (OTP) device in communication with the linear feedback shift register and the input address scrambler to:
storing the scrambled key bits provided from the linear feedback shift register;
associating the scrambled key bits with an address;
receiving the scrambled address from the input address scrambler;
determining the address associated with the scrambled key bit, the address matching the scrambled address;
reading the scrambled key bits having the address matching the scrambled address;
providing the scrambled key bits as the security key;
an output register in communication with the one time programmable device, the output register to:
receiving the security key from the one-time programmable device; and
and outputting the security key.
CN202110337813.XA 2020-03-31 2021-03-30 Integrated circuit device and method and system for generating security key thereof Active CN113079019B (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US202063002670P 2020-03-31 2020-03-31
US63/002,670 2020-03-31
US17/106,856 2020-11-30
US17/106,856 US11528135B2 (en) 2020-03-31 2020-11-30 Integrated circuit (IC) signatures with random number generator and one-time programmable device

Publications (2)

Publication Number Publication Date
CN113079019A true CN113079019A (en) 2021-07-06
CN113079019B CN113079019B (en) 2024-04-30

Family

ID=76611437

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110337813.XA Active CN113079019B (en) 2020-03-31 2021-03-30 Integrated circuit device and method and system for generating security key thereof

Country Status (2)

Country Link
CN (1) CN113079019B (en)
TW (1) TWI781544B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115237831A (en) * 2022-09-22 2022-10-25 瀚博半导体(上海)有限公司 Data transmission method, device, chip, electronic equipment and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080025506A1 (en) * 2006-07-25 2008-01-31 Sony Corporation Memory access control apparatus and method, and communication apparatus
US20100189262A1 (en) * 2008-09-05 2010-07-29 Vixs Systems, Inc. Secure key access with one-time programmable memory and applications thereof
US20160154744A1 (en) * 2008-09-05 2016-06-02 Vixs Systems Inc. Provisioning of secure storage for both static and dynamic rules for cryptographic key information
CN107924448A (en) * 2015-09-29 2018-04-17 英特尔公司 The one-way cipher art that hardware is implemented
US20190147967A1 (en) * 2016-05-09 2019-05-16 Intrinsic Id B.V. Programming device arranged to obtain and store a random bit string in a memory device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6961852B2 (en) * 2003-06-19 2005-11-01 International Business Machines Corporation System and method for authenticating software using hidden intermediate keys
US8160244B2 (en) * 2004-10-01 2012-04-17 Broadcom Corporation Stateless hardware security module
US7822207B2 (en) * 2006-12-22 2010-10-26 Atmel Rousset S.A.S. Key protection mechanism
KR102461042B1 (en) * 2015-02-12 2022-11-01 삼성전자주식회사 Payment processing method and electronic device supporting the same
CN106845975A (en) * 2015-12-05 2017-06-13 上海阿艾依智控***有限公司 The embedded devices and methods therefor that continues to pay dues is interlocked based on radio-frequency identification card and smart mobile phone

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080025506A1 (en) * 2006-07-25 2008-01-31 Sony Corporation Memory access control apparatus and method, and communication apparatus
US20100189262A1 (en) * 2008-09-05 2010-07-29 Vixs Systems, Inc. Secure key access with one-time programmable memory and applications thereof
US20160154744A1 (en) * 2008-09-05 2016-06-02 Vixs Systems Inc. Provisioning of secure storage for both static and dynamic rules for cryptographic key information
CN107924448A (en) * 2015-09-29 2018-04-17 英特尔公司 The one-way cipher art that hardware is implemented
US20190147967A1 (en) * 2016-05-09 2019-05-16 Intrinsic Id B.V. Programming device arranged to obtain and store a random bit string in a memory device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115237831A (en) * 2022-09-22 2022-10-25 瀚博半导体(上海)有限公司 Data transmission method, device, chip, electronic equipment and medium
CN115237831B (en) * 2022-09-22 2023-02-07 瀚博半导体(上海)有限公司 Data transmission method, device, chip, electronic equipment and medium

Also Published As

Publication number Publication date
CN113079019B (en) 2024-04-30
TWI781544B (en) 2022-10-21
TW202139041A (en) 2021-10-16

Similar Documents

Publication Publication Date Title
Tehranipoor et al. DRAM-based intrinsic physically unclonable functions for system-level security and authentication
US10769309B2 (en) Apparatus and method for generating identification key
EP2191410B1 (en) Identification of devices using physically unclonable functions
US11528135B2 (en) Integrated circuit (IC) signatures with random number generator and one-time programmable device
US11880468B2 (en) Autonomous, self-authenticating and self-contained secure boot-up system and methods
US8699714B2 (en) Distributed PUF
US9129671B2 (en) Semiconductor device identifier generation method and semiconductor device
EP3542261B1 (en) Method for performing a trustworthiness test on a random number generator
Talukder et al. PreLatPUF: Exploiting DRAM latency variations for generating robust device signatures
US8990578B2 (en) Password authentication circuit and method
Jia et al. Extracting robust keys from NAND flash physical unclonable functions
US20210051010A1 (en) Memory Device Providing Data Security
Zalivaka et al. Design and implementation of high-quality physical unclonable functions for hardware-oriented cryptography
US11962693B2 (en) Integrated circuit (IC) signatures with random number generator and one-time programmable device
CN113079019B (en) Integrated circuit device and method and system for generating security key thereof
TWI716685B (en) Electronic system and operation method thereof
US8781118B1 (en) Digital fingerprints for integrated circuits
Lee et al. Samsung physically unclonable function (SAMPUF™) and its integration with Samsung security system
US11329834B2 (en) System and method for generating and authenticating a physically unclonable function
Mandadi Remote Integrity Checking using Multiple PUF based Component Identifiers
Li et al. Enhancing tpm security by integrating sram pufs technology
US20200401690A1 (en) Techniques for authenticating and sanitizing semiconductor devices
US20220300624A1 (en) Hardware storage unique key
Zalivaka et al. NAND Flash Memory Devices Security Enhancement Based on Physical Unclonable Functions
Che Model Building and Security Analysis of PUF-Based Authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant