Circuit design implementations in secure partitions of an integrated circuit
US-9946826-B1 · Apr 17, 2018 · US
Techniques to protect fuses against non-destructive attacks
US10318748B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10318748-B2 |
| Application number | US-201615283087-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 30, 2016 |
| Priority date | Sep 30, 2016 |
| Publication date | Jun 11, 2019 |
| Grant date | Jun 11, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments may be generally directed to techniques to encrypt and decrypt data in a first fuse block array using an encryption key of a second fuse block array, the second fuse block array having the encryption key comprising a plurality of segments of bits, an inverse encryption key comprising a second plurality of segments of bits, each segment of the inverse encryption key to correspond with a particular segment of the encryption key, and a random pattern having equally distributed bit values, the random pattern to enable detection of voltage attacks on the second fuse block array.
First claim
Opening claim text (preview).
What is claimed is: 1. An apparatus, comprising: a first fuse block array comprising: an encryption key comprising a plurality of segments of bits, the encryption key to encrypt data for a second fuse block array; an inverse encryption key comprising a second plurality of segments of bits, each segment of the inverse encryption key to correspond with a particular segment of the encryption key; and a random pattern having equally distributed bit values, the random pattern to enable detection of voltage attacks on the first fuse block array. 2. The apparatus of claim 1 , the first fuse block array comprising a plurality of hash values to validate data stored in the second fuse block array. 3. The apparatus of claim 1 , the first fuse block array comprising an encryption protection enable segment and an integrity protection enable segment, the encryption protection enable segment to enable encryption for the second fuse block array and the integrity protection enable segment to enable hash value validation. 4. The apparatus of claim 1 , comprising fuse controller logic, at least a portion of which is implemented in circuitry, the fuse controller logic to encrypt and decrypt data in the second fuse block array using the encryption key of the first fuse block array. 5. The apparatus of claim 4 , the fuse controller logic to: generate a hash value for decrypted data of the second fuse array; and compare the hash value of the decrypted data with a second hash value stored in the first fuse block array to validate the decrypted data. 6. The apparatus of claim 5 , the fuse controller logic to: validate the decrypted data when the hash value matches the second hash value; and invalidate the decrypted data when the hash value does not match the second hash value. 7. The apparatus of claim 4 , the fuse controller logic to: compare the random pattern with a random pattern value of a fuse controller, in response to determining the random pattern and the random pattern value match, determine a voltage attack is not occurring; and in response to determining the random pattern and the random pattern value do not match, determine the voltage attack is occurring. 8. The apparatus of claim 1 , the first fuse block array comprising a duplicate encryption key having duplicate bits of the encryption key, and a duplicate inverse encryption key having duplicate bits of the inverse encryption key. 9. The apparatus of claim 1 , the first fuse block array and the second fuse block array comprising programmable read-only memory (PROM). 10. The apparatus of claim 1 , comprising a processor unit having the first fuse block array, the second fuse block array, and fuse controller logic. 11. A non-transitory computer-readable storage medium comprising a plurality of instructions that, when executed by circuitry, enable circuitry to: encrypt and decrypt data in a first fuse block array using an encryption key of a second fuse block array, the second fuse block array comprising: the encryption key comprising a plurality of segments of bits; an inverse encryption key comprising a second plurality of segments of bits, each segment of the inverse encryption key to correspond with a particular segment of the encryption key; and a random pattern having equally distributed bit values, the random pattern to enable detection of voltage attacks on the second fuse block array. 12. The non-transitory computer-readable storage medium of claim 11 , comprising a plurality of instructions, that when executed, enable circuitry to: generate a hash value for decrypted data of the first fuse block array; and compare the hash value of the decrypted data with a second hash value stored in the second fuse block array to validate the decrypted data. 13. The non-transitory computer-readable storage medium of claim 12 , comprising a plurality of instructions, that when executed, enable circuitry to: validate the decrypted data when the hash value matches the second hash value; and invalidate the decrypted data when the hash value does not match the second hash value. 14. The non-transitory computer-readable storage medium of claim 11 , comprising a plurality of instructions, that when executed, enable circuitry to: compare the random pattern with a random pattern value of a fuse controller, determine a voltage attack is not occurring in response to determining the random pattern and the random pattern value match; and determine the voltage attack is occurring in response to determining the random pattern and the random pattern value do not match. 15. The non-transitory computer-readable storage medium of claim 11 , the second fuse block array comprising a plurality of hash values to validate data stored in the second fuse block array. 16. The non-transitory computer-readable storage medium of claim 11 , the second fuse block array comprising an encryption protection enable segment and an integrity protection enable segment, the encryption protection enable segment to enable encryption for the second fuse block array and the integrity protection enable segment to enable hash value validation. 17. The non-transitory computer-readable storage medium of claim 16 , comprising a plurality of instructions, that when executed, enable circuitry to: perform encryption and decryption of the data when the encryption protection enable segment is enabled; and validate the data when the integrity protection enable segment is enabled. 18. A computer-implemented method, comprising: encrypting data in a first fuse block array using an encryption key of a second fuse block array, the second fuse block array comprising: the encryption key comprising a plurality of segments of bits; an inverse encryption key comprising a second plurality of segments of bits, each segment of the inverse encryption key to correspond with a particular segment of the encryption key; and a random pattern having equally distributed bit values, the random pattern to enable detection of voltage attacks on the second fuse block array. 19. The computer-implemented method of claim 18 , comprising decrypting data in a second fuse block array using the encryption key of the first fuse block array. 20. The computer-implemented method of claim 18 , comprising: generating a hash value for decrypted data of the first fuse block array; and comparing the hash value of the decrypted data with a second hash value stored in the second fuse block array to validate the decrypted data. 21. The computer-implemented method of claim 20 , comprising: validating the decrypted data when the hash value matches the second hash value; and invalidating the decrypted data when the hash value does not match the second hash value. 22. The computer-implemented method of claim 18 , comprising: comparing the random pattern with a random pattern value of a fuse controller, determining a voltage attack is not occurring in response to determining the random pattern and the random pattern value match; and determining the voltage attack is occurring in response to determining the random pattern and the random pattern value do not match. 23. The computer-implemented method of claim 18 , the second fuse block array comprising a plurality of hash values to validate data stored in the second fuse block array. 24. The computer-implemented method of claim 18 , the second fuse block array comprising an encryption protection ena
Assignees
Inventors
Classifications
Auxiliary circuits, e.g. for writing into memory · CPC title
Data managing, e.g. manipulating data before writing or reading out, data bus switches or control circuits therefor · CPC title
using a fuse hierarchy · CPC title
File encryption · CPC title
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10318748B2 cover?
- Embodiments may be generally directed to techniques to encrypt and decrypt data in a first fuse block array using an encryption key of a second fuse block array, the second fuse block array having the encryption key comprising a plurality of segments of bits, an inverse encryption key comprising a second plurality of segments of bits, each segment of the inverse encryption key to correspond wit…
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 11 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).