Anti-pirate circuitry is provided for combating the theft of intellectual property contained with semiconductor integrated circuits. The anti-pirate circuit includes a unique number generator that provides a multi-bit die ID data string that is unique to the integrated circuit associated with the anti-pirate circuit. One time programmable (OTP) EPROM circuitry reads the die ID data string at wafer sort and writes the data content to nonvolatile memory. During a subsequent verification cycle, ID comparator circuitry compares the data string provided by the unique number generator to the stored contents of the nonvolatile memory. If the comparison results in a mismatch between more than a predefined number of bits, then the integrated circuit associated with the anti-pirate circuit is not enabled for operation.
|
0. 31. A method comprising:
generating a first multi-bit number in an IC, wherein the first multi-bit number is associated with the IC so as to operate as an identifier for the IC;
retrieving a second multi-bit number from an NVM;
in the IC, sequentially comparing corresponding bits from the first and second multi-bit numbers over a plurality of clock cycles, wherein at least one comparison is performed during each clock cycle;
incrementing a value with each mismatch between corresponding bits from each of the first and second multi-bit numbers; and
enabling functionality of at least a portion of the IC when the value reaches a predefined number.
0. 41. An IC comprising:
an NVM having a first identification number stored therein, wherein the first identification number is stored in the NVM during the manufacture of the IC;
a number generator that is configured to generate a second identification number;
an identification comparator having:
a first logic circuit that is coupled to the number generator and the NVM;
a ripple counter that is coupled to the first logic circuit, wherein the ripple counter is configured to count the number of mismatches between corresponding bits from each of the first and second identification numbers; and
a second logic circuit that is coupled to the ripple counter that is configured to generate an enable signal if there is a match between a predefined number of bits of the first and second identification numbers.
0. 21. An IC comprising:
an NVM, wherein a first multi-bit number is stored in the NVM;
a number generator that is configured to generate a second multi-bit number, wherein the second multi-bit number is associated with the IC so us to operate as an identifier for the IC;
a comparator that is configured to compare corresponding bits from each of the first and second multi-bit numbers and to increment a value with each mismatch between corresponding bits from each of the first and second multi-bit numbers, wherein the comparator is configured to generate a match indicator when there is a match between a predefined number of bits of the first and second multi-bit numbers; and
logic that is configured to output an enable signal that is configured to enable functionality of at least a portion of the IC upon receiving the match indicator.
0. 38. An IC comprising:
an NVM;
a number generator for generating multi-bit numbers;
a multi-bit number selectively stored in the NVM;
a comparator for comparing a generated multi-bit number to the multi-bit number stored in the NVM;
a first output from the comparator indicating whether there is a match between a first predefined number of bits of the generated multi-bit number and the stored multi-bit number;
logic configured for outputting a first signal enabling functionality of at least a first portion of the IC upon the first output indicating a match;
a ripple counter connected to the first output of the comparator; and
a clocking circuit that clocks the generated multi-bit number out of the number generator serially, and clocks the stored multi-bit number out of the NVM serially, wherein the comparator compares one bit from each of the multi-bit numbers at each clock, and wherein the ripple counter is incremented each time the first output of the comparator indicates a mismatch.
15. An on-chip system for enabling the initial operation of an integrated circuit IC that is formed as part of an integrated circuit IC die, the system comprising:
an on-chip unique number generator that is formed on the integrated circuit IC die and that generates a multi-bit die ID that is unique to the integrated circuit IC die;
a non-volatile memory (NVM) an NVM storage element that is formed on the integrated circuit IC die and that, prior to the initial operation of the integrated circuit IC structure, stores the unique multi-bit die ID as a stored multi-bit data string; and
an on-chip comparator that is formed on the integrated circuit IC die and that, prior to the initial operation of the integrated circuit IC structure, compares the unique multi-bit die ID that has been regenerated by the on-chip unique number generator and the stored multi-bit data string and that generates an enable signal required for the initial operation of the integrated circuit IC only in the event that the comparison results in a match of at least a predefined number of the bits of the regenerated unique multi-bit die ID and the stored multi-bit data string, the entire comparison being performed on the integrated circuit IC die.
0. 37. An IC comprising:
an NVM;
a number generator for generating multi-bit numbers;
a multi-bit number selectively stored in the NVM;
a comparator for comparing in turn the bit value of each bit of a generated multi-bit number to the bit value of a corresponding bit of the multi-bit number stored in the NVM;
a first output from the comparator indicating whether there is a match between a first predefined number of bits of the generated multi-bit number and the stored multi-bit number;
logic configured for outputting a first signal enabling functionality of at least a first portion of the IC upon the first output indicating a match;
a second output from the comparator indicating whether there is a match between a second predefined number of bits of the generated multi-bit number and the stored multi-bit number, wherein the second predefined number of bits is greater than the first predefined number of bits; and
a second signal from the logic enabling functionality of at least a second portion of the IC upon the second output indicating a match.
1. A method of enabling initial operation of an integrated circuit (IC) structure that is formed on an integrated circuit IC die, the integrated circuit IC die having an on-chip unique number generator formed thereon, the method comprising:
prior to the initial operation of the integrated circuit IC structure, causing the on-chip unique number generator to generate a multi-bit die ID that is unique to the integrated circuit IC die;
storing the unique multi-bit die ID on the integrated circuit IC die as a multi-bit data string;
subsequent to storing the multi-bit data string on the integrated circuit IC die, causing the on-chip unique number generator to regenerate the unique multi-bit die ID;
comparing the regenerated unique multi-bit die ID and the stored multi-bit data string utilizing comparison circuitry that is formed on the integrated circuit IC die; and
generating an enable signal required for the initial operation of the integrated circuit IC structure only in the event that the comparison of the regenerated unique multi-bit die ID and the stored multi-bit data string results in match between at least a predefined number of the bits of the regenerated unique multi-bit die ID and the stored multi-bit data string, and
wherein the comparing step is performed entirely on the integrated circuit IC die.
9. A method of controlling initial operation of an integrated circuit IC that is formed on an integrated circuit IC die, the integrated circuit IC die have an on-chip unique number generator formed thereon, the method comprising:
prior to the initial operation of the integrated circuit IC, causing the on-chip unique number generator to generate a multi-bit die ID that is unique to the integrated circuit IC die;
storing the unique multi-bit die ID on the integrated circuit IC die as a multi-bit data string;
subsequent to storing the multi-bit data string on the integrated circuit IC die, and prior to the initial operation of the integrated circuit IC, causing the on-chip unique number generator to regenerate the unique multi-bit die ID;
utilizing on-chip comparator circuitry formed on the integrated circuit IC die to compare the regenerated unique multi-bit die ID and the stored multi-bit data string; and
in the event that the comparing step results in a match equal to or greater than a predefined number of bits of the regenerated unique multi-bit die ID and the stored multi-bit data string, providing an enable signal to the integrated circuit IC that is required for the initial operation of the integrated circuit IC; and
in the event that the comparing step results in a match of less than the predefined number of bits of the regenerated unique multi-bit die ID and the stored multi-bit data string, providing a disable signal to the integrated circuit IC to disable the initial operation of the integrated circuit IC, and
wherein the comparing step is performed entirely on the integrated circuit IC die.
2. A The method as in
3. A The method as in
4. A The method as in
5. A The method as in
6. A The method as in
8. A The method as in
10. A The method as in
11. A The method as in
12. A The method as in
13. A The method as in
14. A The method as in
16. A The system as in
17. A The system as in
18. A The system as in
19. A The system as in
20. A The system as in
0. 22. The IC of claim 21, wherein the first multi-bit number is generated and stored in the NVM at wafer sort.
0. 23. The IC of claim 22, wherein the first multi-bit number is stored in a portion of the NVM that is programmable only during wafer sort.
0. 24. The IC of claim 23, wherein the portion of the NVM is inaccessible outside the IC.
0. 25. The IC of claim 21, wherein the predefined number further comprises a first predefined number, and wherein the portion comprise a first portion, and wherein the match indicator further comprises a first match indicator, wherein the enable signal further comprises a first enable signal, and wherein the comparator is configured to generate a second match indicator when there is a match between a second predefined number of bits of the first and second multi-bit numbers, and wherein the second predefined number of bits is greater than the first predefined number of bits, and wherein the logic is configured to generate a second enable signal that enables functionality of at least a second portion of the IC upon receiving the second match indicator.
0. 26. The IC of claim 21, and wherein the output of the comparator further comprises a first output of the comparator, wherein the comparator further comprises:
a ripple counter that is coupled to the comparator; and
a clocking circuit that is configured to clock the second multi-bit number out of the number generator serially and to clock the first multi-bit number out of the NVM serially, wherein the comparator compares one bit from each of the first and second multi-bit numbers at each clock cycle, and wherein the ripple counter is configured to be incremented each time the comparator first output indicates a mismatch.
0. 27. The IC of claim 26, wherein, when the number of mismatches exceeds a predefined maximum count, the comparator is disabled.
0. 28. The IC of claim 26, wherein the logic outputs the signal after the number of mismatches exceeds a predefined minimum count.
0. 29. The IC of claim 21, wherein the first multi-bit number that is stored in the NVM is generated by the number generator, encrypted, and then programmed into the NVM.
0. 30. The IC of claim 29, wherein the IC further comprises a decrypting circuit that is configured to selectively decrypt the first multi-bit number before the comparator performs the comparison.
0. 32. The method of claim 31, wherein the method further comprises, at wafer sort:
generating the second multi-bit number; and
programming the second multi-bit number into the NVM.
0. 33. The method of claim 32, wherein the step of programming further comprises programming the second multi-bit number into a portion of the NVM during wafer sort, wherein the portion of the NVM has read-only accessibility following packaging.
0. 34. The method of claim 31, wherein the method further comprises halting the step of sequentially comparing when the value exceeds a predefined maximum count.
0. 35. The method of claim 31, wherein the method further comprises allowing the step of enabling to be performed when the value exceeds a predefined minimum count.
0. 36. The method of claim 31, wherein the method further comprises:
generating the second multi-bit number;
encrypting the second multi-bit number; and
programming the encrypted second multi-bit number into the NVM.
0. 39. The IC of claim 38, wherein when the number of mismatches exceeds a predefined maximum count, the comparator is disabled so that the logic does not output the first signal.
0. 40. The IC of claim 38, wherein the logic outputs the first signal only after the number of mismatches exceeds a predefined minimum count.
0. 42. The IC of claim 41, wherein the first logic circuit further comprises:
a first logic gate that is coupled to the number generator and the NVM; and
a second logic gate that is coupled to the first logic gate and the ripple counter.
0. 43. The IC of claim 42, wherein the enable signal further comprises a plurality of enable signals, and wherein the second logic circuit further comprises:
a plurality of flip-flops, wherein each flip-flop is coupled to the ripple counter; and
a set of logic gates that each output at least one of the enable signals, wherein each logic gate from the set of logic gates is coupled to at least one of the flip-flops.
0. 44. The IC of claim 43, wherein the first identification number is encrypted wherein the identification comparator further comprises a decryption circuit that is coupled between the NVM and the first logic gate.
0. 45. The IC of claim 44, wherein the first logic gate, the second logic gate, and each logic gate from the set of logic gates further comprises an XOR gate, a NAND gate, and a NAND gate, respectively.
0. 46. The IC of claim 45, wherein each flip-flop further comprises an RS flip-flop.
|
This is a reissue application of U.S. patent application Ser. No. 10/383,416 that was filed on Mar. 6, 2003 (which issued as U.S. Pat. No. 7,558,969 that issued on Jul. 7, 2009).
The present invention relates to semiconductor integrated circuits and, in particular, to circuitry that combats the theft of intellectual property contained within integrated circuits.
The anti-pirate circuitry disclosed herein is intended to combat the theft of intellectual property contained within integrated circuits (IC), such as patent protected circuits, copyrighted works, mask works and computer software.
Unfortunately, the theft of integrated circuit technology is not always prevented by the existence of legal barriers to its use. While a new circuit design may have significant commercial value, it may not be possible or practical to obtain or enforce patent rights in all countries of the world in which the circuit will be made, sold or used. While mask work and copyright protection may be available even if patent protection is not, the pirating and unauthorized copying of integrated circuit designs continues to cause serious economic harm to the original developers and owners of IC intellectual property.
It would, therefore, be highly desirable to have available a low cost, but effective technique for combating IC pirates.
An anti-pirate circuit in accordance with the present invention includes unique number generator circuitry, one time programmable (OTP) EPROM circuitry and ID comparator circuitry. The unique number generator circuitry provides a multi-bit die ID data string that is unique to the integrated circuit associated with the anti-pirate circuit. The OTP EPROM circuitry reads the die ID data string from the unique number generator at wafer sort and stores the die ID data string in a nonvolatile memory. During a subsequent verification cycle, the ID comparator circuitry compares the die ID data string provided by the unique number generator to the data content stored by the OTP EPROM. If the comparison results in a mismatch between more than a predefined number of bits, then the IC associated with the anti-pirate circuit is not enabled for operation.
The disclosed anti-pirate circuit does not make the pirating or copying of the IC mask set any more difficult. Rather, it forces the pirate to not only duplicate the IC mask set, but also duplicate a large portion of the product manufacturing flow, including hardware (fabrication and test equipment) and software (wafer sort test software). Although there is no perfect hardware/software anti-piracy circuit, the circuit of the present invention forces the pirate to invest so much time and money to “crack” the product that it renders the theft economically non-viable. The protection provided by this circuit is nearly absolute for most commercial IC pirates.
The features and advantages of the present invention will be more fully understood and appreciated upon consideration of the following detailed description and the accompanying drawings which set forth an illustrative embodiment in which the principles of the invention are utilized.
An anti-pirate circuit in accordance with the present invention, when added to an integrated circuit chip, requires that the manufacturer add steps to the product development and test flow. These extra steps are not expensive to the manufacturer because the circuitry itself is small and, in most cases, the manufacturer must already test the chip before packaging (i.e., wafer sort tests).
As discussed in greater detail below, the anti-pirate circuit is interrogated at wafer sort to determine the chip's die ID and then the die ID is programmed into the anti-pirate circuit's nonvolatile memory. Not until this Read/Program cycle is completed, and a subsequent verification cycle is also successfully completed, is the chip's original operational circuitry allowed to function correctly. In other words, the anti-pirate circuit is a type of “chip enabler” that is activated at wafer sort.
These extra steps require the IC pirate to not only duplicate the IC mask set, but the pirate must also duplicate the wafer sort equipment and at least a portion of the wafer sort test program before the pirated mask set can be used to produce activated (working) chips.
An embodiment of an anti-pirate circuit in accordance with the present invention will now be described twice: first at the block level so that the concepts employed will be understood, and second, at the gate level.
As shown in
The unique number generator circuitry 102 provides a 256-bit data string referred to herein as the “die ID.” The die ID is unique to each and every IC die, i.e., no two IC dice have the same die ID. Those skilled in the art will appreciate that the die ID data string is not required to be 256 bits, but may be longer or shorter depending upon the desired level of security.
The 256 bit OTP EPROM circuitry 104 is a non-volatile memory that is only programmable at wafer sort. The OTP EPROM 104 contains all the logic necessary to read the data contents, i.e., the die ID, provided by the unique number generator 102 and to transfer this data to the non-volatile memory (i.e., READ/WRITE logic.) If the general logic of the chip already includes a non-volatile memory, then the OTP EPROM 104 can be instantiated as a portion of that memory; as stated above, the OTP EPROM portion of the non-volatile memory is, preferably, only programmable at wafer sort. Note that “imbedding” the OTP EPROM 104 within the general logic of the chip serves to “hide” it's location and purpose, making it more difficult to reverse engineer and defeat.
During the verification cycle, described in greater detail below, the ID comparator 106 compares the die ID data string from the unique number generator 102 to the stored data contents of the OTP EPROM 104. Note that, in the disclosed embodiment of the invention, the stored data can vary by as much as 31 bits and still be considered a “match” with the die ID data string; if the stored data vary by more than 31 bits, then a “mismatch” is declared. As with the OTP EPROM 104, preferably, the ID comparator 106 is “imbedded” within the general logic of the chip, thereby “hiding” its location and purpose, making it more difficult to reverse engineer and defeat. Furthermore, for maximum protection, portions of the ID comparator 106 circuitry can be made to have a dual purpose (i.e., part of the anti-pirate circuit 100 and also a fundamental part of the general logic of the chip). If this is the case, then disabling the anti-pirate function of the ID comparator 106 also disables the general logic of the chip.
At wafer sort, the die ID data string is read from the unique number generator 102 and programmed into the OTP EPROM 104. Since the OTP EPROM 104 can only be programmed at wafer sort, this operation must be performed and verified before packaging of the IC chip. Before correct operation of the chip can begin, the ID comparator 106 must compare the die ID contents of the unique number generator 102 to the stored data content of the OTP EPROM 104. If the ID's are declared a “match”, then the output 108 of the ID comparator 106 is driven “active”, shown in
In the disclosed embodiment of the invention, the unique number generator 102 is a serial 256-bit read only memory. The data contents of the memory is unique to each and every die and is determined by the electrical “mismatch” of MOS transistors. As stated above, the 256-bit data string is referred to as the die ID. The die ID is very stable, but statistically as many 24 bits can change from one read cycle to another. In the disclosed embodiment of the invention, a die ID “match” is declared when the number of mismatched bits is less than 32.
Referring to the
The OTP EPROM 104 is a 256-bit serial access non-volatile memory. In the well known manner, it contains all the circuitry required to write a data pattern into the memory and to read the pattern from the memory. Referring to the programming waveforms of
Referring to
As stated above, the ID comparator 106 compares and counts the number of mismatched bits presented by the unique number generator 102 and the OTP EPROM 104. As shown in
Another feature of the ID comparator 106 is the requirement that the ID comparator circuit 106 count a minimum of two mismatched bits. This is achieved by using an RS Latch 112, which is reset when ENABLE_N is “high” and set when Counter Output Q1, is toggled “high”. Therefore, counter output Q1 must toggle to a “1” in order for the ID_Match output to go “high”. This feature is added to the logic of the ID comparator 106 in order to make defeating the circuit more difficult. The pirate cannot simply defeat the circuit by forcing both data streams to all “0” or all “1”, nor can the pirate force the comparator output “low”, nor can the pirate disable the clock. The manufacturer will choose the last nibble of data (ID bits 251-255) to purposely invert before copying into the OTP EPROM 104.
The level of security can be increased by utilizing conventional encryption circuitry to encrypt the die ID pattern generated by the unique number generator 102 before programming it into the OTP-EPROM 104. This action will force the IC pirate to decipher the encoding algorithm before the pirate can properly program the OTP EPROM 104 at wafer sort. The downside is that the manufacturer must also include the decryption hardware/software “on chip” to decipher the data pattern produced by the OTP EPROM 104 and reconstruct the original die ID pattern 102 before presenting it to the ID comparator 106. As shown in
As shown in
TABLE 1
Multiple levels of Security/Access
ID_Match Bits
Number of
Level of
Match_0
March_1
Match_2
“Error” bits
Security/Access
0
0
0
>127
No Access Allowed,
chip NOT functional
0
0
1
<128
Lowest level of
security/access
0
1
1
<64
Medium Level of
security/access
1
1
1
<32
Highest Level of
security/access
It should be understood that various alternatives to the embodiments of the invention described herein may be employed in practicing the invention. It is intended that the following claims define the scope of the invention and that circuits and methods within the scope of these claims and their equivalents be covered thereby.
Poplevine, Pavel, Franklin, Andrew J., Lin, Hengyang (James), Lucero, Elroy M., Lucero, Daniel J.
Patent | Priority | Assignee | Title |
9196549, | Dec 04 2013 | United Microelectronics Corp. | Method for generating die identification by measuring whether circuit is established in a package structure |
Patent | Priority | Assignee | Title |
5034980, | Oct 02 1987 | Intel Corporation | Microprocessor for providing copy protection |
5208447, | May 30 1989 | Siemens Nixdorf Informationssysteme AG | Method for testing a terminal communicating with chip cards |
5467396, | Oct 27 1993 | The Titan Corporation; TITAN CORPORATION, THE | Tamper-proof data storage |
6240517, | Jan 31 1997 | Kabushiki Kaisha Toshiba | Integrated circuit card, integrated circuit card processing system, and integrated circuit card authentication method |
6384713, | Apr 21 2000 | CAVIUM INTERNATIONAL; MARVELL ASIA PTE, LTD | Serial comparator |
6802447, | Aug 26 2002 | ICID, LLC | Method of authenticating an object or entity using a random binary ID code subject to bit drift |
6941536, | Dec 01 2000 | Hitachi, LTD; HATACHI ULSI SYSTENS CO , LTD | Method for identifying semiconductor integrated circuit device, method for manufacturing semiconductor integrated circuit device, semiconductor integrated circuit device and semiconductor chip |
6973570, | Dec 31 1999 | WESTERN DIGITAL VENTURES, INC | Integrated circuit comprising encryption circuitry selectively enabled by verifying a device |
7143294, | Oct 29 1999 | AVAGO TECHNOLOGIES GENERAL IP SINGAPORE PTE LTD | Apparatus and method for secure field upgradability with unpredictable ciphertext |
7282377, | Dec 01 2000 | Hitachi, Ltd.; Hitachi ULSI Systems Co., Ltd. | Method for identifying semiconductor integrated circuit device, method for manufacturing semiconductor integrated circuit device, semiconductor integrated circuit device and semiconductor chip |
7681103, | Apr 16 2002 | Massachusetts Institute of Technology | Reliable generation of a device-specific value |
7757083, | Apr 16 2002 | Massachusetts Institute of Technology | Integrated circuit that uses a dynamic characteristic of the circuit |
7818569, | Apr 16 2002 | Massachusetts Institute of Technology | Data protection and cryptographic functions using a device-specific value |
7840803, | Apr 16 2002 | INTRINSIC ID B V | Authentication of integrated circuits |
20040170068, | |||
RE40188, | Feb 17 1999 | UPF INNOVATIONS, LLC | System and method for providing an integrated circuit with a unique identification |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Jan 21 2011 | National Semiconductor Corporation | (assignment on the face of the patent) | / |
Date | Maintenance Fee Events |
Dec 28 2016 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
Dec 17 2020 | M1553: Payment of Maintenance Fee, 12th Year, Large Entity. |
Date | Maintenance Schedule |
Apr 02 2016 | 4 years fee payment window open |
Oct 02 2016 | 6 months grace period start (w surcharge) |
Apr 02 2017 | patent expiry (for year 4) |
Apr 02 2019 | 2 years to revive unintentionally abandoned end. (for year 4) |
Apr 02 2020 | 8 years fee payment window open |
Oct 02 2020 | 6 months grace period start (w surcharge) |
Apr 02 2021 | patent expiry (for year 8) |
Apr 02 2023 | 2 years to revive unintentionally abandoned end. (for year 8) |
Apr 02 2024 | 12 years fee payment window open |
Oct 02 2024 | 6 months grace period start (w surcharge) |
Apr 02 2025 | patent expiry (for year 12) |
Apr 02 2027 | 2 years to revive unintentionally abandoned end. (for year 12) |