Scribd Logo
Upload

Welcome to Scribd!

  • Patent 8966286

    Uploaded by

    jwrodgers
    10 views13 pages
    A patent

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    A patent

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    10 views13 pages

    Patent 8966286

    Uploaded by

    jwrodgers
    A patent

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    of 13
    US00896628682 uz United States Patent (10) Patent No. US 8,966,286 B2 Robertson et al. (4s) Date of Patent: Feb. 24, 2015 ‘iai93, 72672, 27 (6) METHOD, SYSTEM AND INTEGRATED CIRCUIT FOR ENABLING ACCESS TO. cach istry. eee 66) References Cited (15) notes: tsa Robertson, Glasgow (GB) cape es Derek Beate, ilfiock (G3), James Andrew Colle Sebi, Helensburgh 067601 A+ $2000 Yuet avin a Sisifoe Bi Marin cl Tabi eutoiptio Al i220 Ke” (7) Asignoe: Freetale Semiconductor Ine, Ansio, —— Slommeting At eae Sse Txs) logos Als Dome ma (2) Notice: Subjct any dselimer, the tm of this FOREIGN PATENT DOCUMENTS plon is exondad or adjust under 38, eee ae USC. 15805) by 241 das, ee ee (21 AppLNos 13033988 (OTHER PUBLICATIONS, Simson Gatinl, Gene Spf “Patel Unico Ire! Se A led | teeter "ig" [Onine| 1996, XPOUPSAR202 ISBN: 156592 18% Retoso ee ee from the Interet” URL tp docsore aku orally ceri ‘usin hn> [Reve on Sop 17,2009] Chapter 8, Seon 6, $371 (000), The Unis Enoryped Paeeword Stem (214) Date: Jum. 10,2011 cam (57) PCT Pub. Nox WOROLW/076666 PCP Pub Date: Jul 8 2010 Primary Evaminer — Anthony Browa, 7) ABSTRACT Data sytem comprises signal processing logic thats operably coupled to atleast one memory element and is arranged 10 ‘able aeeess tothe at least one memory element, The signal procosing logic is ananged wo ceive a socurity ko, pe 6) ror Publica us 20110258462. A1 Oct. 20,2011 Gn tm cose conn tea system key using the received security ey and asystem. beatles ead Spesific ses, perform a comparison ofthe generated system coe ae peters {ey toa reference ke stored in an azca of memory ofthe at one least one memory element. The signal processing logic salso io G06F 2031 2013.01); Go6e 21/79 BNR To configure a level of access To the at Test one veocony memory clement bese a east partly on the comparison of a 2013.01) te generated system Key to the reference Key sored in (58) Field of Classification Search = coc ‘GO6P 21/10; GIB 20100086 20Claims, 4 Drawing Sheets ] US 8,966,286 B2 Page? 66) References Cited Encryption: Sond Intational Workshop), Des. 16,194, pp COTTIER PUBLICATIONS, Tnveraiona Seach Report aed Wien Opinion olin to BCT Wheeler Davi Jt al “Ten Tiny Encryption goth’ Letre “ Notes in Computer Science (Leuven Belgian Fast Solviwe © cod by examiner US. Patent Feb. 24,2015 Sheet 1 of 4 US 8,966,286 B2 Ve 110 140 a0 130 5 145 R ans | / ‘AGGESS Gl ————t>| Censorship ‘CONTROL LOGIC 2 Logie 3 x Conch 125 oes ensorstip E) Password Conteot Word 120 FIG. 4 (PRIOR ART) US. Patent Feb. 24, 2015 Sheet 2 of 4 US 8,966,286 B2 ae é 250 260 235 T Encryption system ote ‘pectic Seed an 290 0 FEO | 55 THIS 259 ‘Generated ‘System Key Conse 7eDESS sesh fel aol See 228, 220 US. Patent Feb. 24,2015 Sheet 3 of 4 US 8,966,286 B2 300 310 fi a 330 Encryption tagie 360 Py / ; 40 B ‘System wo z pectic Sood 3 3 355 Generated 0 ee Systemkey 395 Censorship Logie | Stored Reteroce Key 4 fd 325 censorship Conta Word 320 US. Patent 410 420 Feb. 24, 2015 ‘START ‘SECURITY KEY RECEIVED? Yes 440 RETRIEVE SYSTEM SPECIFIC SEED 450 (GENERATE. SYSTEM KEY 460 RETRIEVE STORED REFERENCE KEY 470 480 490 MATCHING? ves Sheet 4 of 4 No No 430 US 8,966,286 B2 400 ENABLE FULL ACCESS VALUE RESTRICT ACCESS, US 8,966,286 B2 1 METHOD, SYSTEM AND INTEGRATED CIRCUIT FOR ENABLING ACCESS TO. ‘MEMORY ELEMENT. FIELD OF THE INVENTION The field ofthis invention relates a method, system and Integrated circuit comprising signal processing lege for cabling access toa memory clement. BACKGROUND OP THE INVENTION Inthe eld ofthis invention itis know for signal process- ing dovioes, such 8 mierconiroliers to be operably eoupled to momory elements, and for sich memory elemeats to have ore therein isirctons to be exceed bythe sign ro fesing devices. The memory elements also contin stored datato be used during the exceution of those instructions. For ome applications, the dats sored within the memory el ‘ments may be a nood of protection fom being legitimately read or mes. For example, modem vehicles may eom- prise many ierocontllers, for example forming pare of ‘ectronic conta units (PCUs), arranged to manage various ‘eile subsystems. Typically de lanes ofthese mierocon- tellers is i the engine contol unit, whieh is operably 2 coupled a non-volatile memory clemeat comprising engine ‘mapping data and the like. Vehicle manuraeturers spend slot Of tie and flor calibrating and tuning the engines, the resulting calibration data being stored within these memory ‘ements, for example ina form of mul-imeasional bls. During runtime, the engine contr! unit uses these tables to look up engine calibration data to determine the desired engine behaviour fora given state ofthe engine for example Sark timing, Tie injection timing, ee. As will be apprec- tif this engine calibration dats were alee, dhe engine ould be retuned. Such re-tuing could not only aflet the performance of the engine, but also have significant safety Sd warrant implications. Tas, tis niportant that protection ‘s provided sich data stored in memory, in orderto protect the data fom egitimaw acess and manipulation. IG. 1ilustates an example ofa microcontroller system. 100 a s known inthe at, for example such s mig be used to implement an engine contol unit within a vehicle. The microcontroller system 100 comprises signal processing Jogic ina form ofa microcontroller 110. The microcontroller 110 ie operably coupled toa non-volatile memory clement 120 comprising instructions to be exeeted by the mierocon- troller 110, alongwith dita used during the execution of those Instuctons, such as engine mapping data inthe ease of an engine contol unit Fr the ilitated example the micro controller 110 is operably coupled to an acess por 130, for example atest acces port sich a¥ a TTAG (it Test Action Group) serial port used daring testing and fr diagnosis pu poses ete Access fo the memory element 120 may be made Svailable to extemal devices vi the aocess port 130 andthe ‘microcontroller 10, ‘As previously mentioned, for applications sch ay an engine contol unit its important tht protections provided to data store in the memory element 120 in one o protet the data from illegitimate acess, such as access fom an extemal device vi the acess port 130, Accordingly, fr the lysate example, the microcontroller 119 comprises cen sorship logic, rich forte strat example forms apart ‘fa Boot Assist Module (BAM) 140, The Boot Asis Module 140 spicy comprises ahard ended psee of software thats resident within the microcontroller 110, and. which is ‘xected upon exiting reset and whichprovides some initial 2 ‘configuration fo the microcontroller 110, In particu, the Boot Assist Module 140 provides a mechanism whereby an ‘exteaal device for examples diagnostic tol, isable input 4 passwd, oF security key, via the access port 130. Upon 5 roceptof sch password theBoot Assist Module 140sable to compare the eveived pass with passwd sored in memory 180. the possords match the censorship logic of the Boot Asist Module 140 permits acces 0 the memory apalor debug resources ofthe microcontlle system 100-1a pentcular fo the Mustated example, censorship contol "Word 160s used define dhecensoeshipscheme,andthsthe access permite. Subsequent accesso tbe memory element 120s implemented through access conto logic 170, which reccves an indication 148 from the Boot Assist Mole as ‘whether of not access is permitted, When access isto be ‘permitted the aeces contol loge 170 rea the censorship control Word 160 and enables or restrits access to the memory clemeat 120 accordingly. Notably, access to the memory andlor debug resources ofthe devices only tempo- rly permite by @ matching password, and folowing & subsequent reset ofthe mioeontoller system 100 is agin locked (or fest rsircted Conversely if no password is received, ora incor passvontisreeived, the censorship Ipgic of the Boot Assist Module 140 locks, or otherwise restricts, acces o the memory clement 120 via the access ‘port 130 In this manner, aves othe memory element 120, fd thetoby access to the sensitive data contained within the memory clement 120, may be prevented via the acess por 130 unless a vad pss is inp ‘Manufactures often donot wat to have to miata data tess that contain Inge numbers of swords for accessing the memory elements of large aombers of microcontroller sytem I stherefore koawn tose common pasrword o Sceuriy hey to contol acess os large mb of micron troller systems, In this manner, tf not nocessary to keep trsek of lange number of individual passwords, However, 8 problem withthe ppoach is thai “hacker manages t ‘obtain the password, and in paricular ifthe hacker manages to “open” the microcontroller syste 100 and ain access 10 ‘heeopy ofthe password 150 stored in memory that hackers thenabletouse that password toaocess the memory elements ‘ofall other microcontroller systems that use the same pas ‘word va their aoces ports, Clearly thi isan uanccepable security risk SUMMARY OF THE INVENTION The invention roves a system, an integrated circuit and amethod for enabling sees oa east one memory element ‘described inthe accompanying clans, Specie examples of the invention are set forth in the dependent cain “These and other aspects ofthe invention willbe apparent feomand elucidated with reference tothe examples deverbad renter, BRIE DESCRIPTION OF THE DRAWINGS Funher dts, aspects and examples ofthe invention will be Geserbed, by way of example only with reference to the sawing. Elements te figures restate fr simplicity la clarity and have nt nesesaily been drown to sae FIG. 1 illustrates an example ofa known microcontler FIG. 2illastatesan examplcof signal processing syst, FIG. ilhnteatesan exampleot a signal processing stem, US 8,966,286 B2 3 FIG. 4illesintes an example of simplified Nowehar ofa method for enabling acess toa memory clement DETAILED DESCRIPTION Referring frst to FIG, 2, there i ilostated an example of a signal processing system 200, For example, the signal pao {essing system 200 may comprise a microcontroller system. ‘uch san eleegonic contol unit (ECU) within vehicle for texample the engine contr un, The signal processing sys- tem 200 comprises signal procesing logic 210 operably coupled oat least ene memory elemen 220 and arranged to able access to thea lest ne memory element 220. The at Teast ome mony element 220 may comprise nonvolatile ‘memory. with instructions to be exseuted bythe signal p= cessing logic 210 stored therein, The at last one memory ‘ement 220 may further have stoned therein dat tobe sed during the execution of thove instructions, such as engine ‘mapping data, et. the ease of an engine contol unit AS previously mentioned, for applications such a5 an engine contol unit spplieation is portant tha protection 5s provid to data, et that i stored ia memory i order to prec the daa frm legitimate cee, sochas acess fom an exteral deviee, Avordingly, the signal processing logic 4210s anangod to receive 235 a security key and w generate 2 Sync hey 258 ning he rece scanty Key 28 on 9 {ye specif esd 260 Thee the sgl prossng itpc 21 omg opr omarion the sen tssoysten Key 55 oon key 27 Ut oso nen are of manor. and 0 coafigt eve of ass ote at icone morey clement 20 bred test aly othe Inn manne ts at stone memory lene 220 (and trey dt sre hry may be raed with tcc gaunt for example, ait aes em ah txtemal vee Ava eu in or cbt, for exmp Unread ascent, the apport ssc hey Be regu to be provid oe tl procsing ale 210 However ncot cumple cui ky wot ed hina arene) tesa procsing mse 200, Aso nly een ck n bl topo the inl procenng {Sstin200and gnscewsto erence bay 227 edn tory 220, thn referee key 227 may te ted 0 Gicly scm memory samen of thr inl processing SSuome ta os th some soca Ths 2 comnon scene may Be aed fr ase unberot smi pecoing mn, ious hake eng thle ob he common scr ey hy sin opening One inal processing sya ainng ase ts Kay Stein nemer. Fathermore by using ate specie {Sd 260 in combination withthe sed sear by to fener syste ky ech sgl processing ye iy omen ss unig sem key aed releence Key, cven ifs common secur ey sl th for Inpoving te kvelopteton oda. eth varios xan ei describ nist inthe ding ony angle memory clanen 220 fered {ands fr snp However tl be ape St tht the sgl prosning lg 210 may Be opebly soupld i's pluntty of memory clei’ and ay Be Strang to cub aces nor more te py of tremor cloner: Fohennors a ecordonsha fit Cramp the one ome may cements sich mo slomsnt 228 nay compra wre ofmon-woite emery ‘jp toch Fas mumory wri he orth rattan hig prosesing e210 sone tpleoam access po 230 hich the a 4 processing logic 210 is arranges to recive the security key 236, The secur key 238 may comprise any suitable form. such asa 64-bit er 128-it inary string. The access port 230 may comprisea es port, forexample ina form ofa Joint Test ‘ction Group (TAG) port Alleratvely the acess pot 230, ‘nay comprise network nterfve or example in fom of (Controller Area Network (CAN) interlace, commonly used ‘within the sutomotive industry. or ina form of amore generic Serial Communication Interface (SC, “The signal processing logic 240 may be arranged w ‘eeeute progam coe, forexampleinthe formofinsictions Stored within a computer-readable storage element, stich ss ‘memory clement 220. In prtcuar, the signal processing Iogic 210 of FIG. 2 may bedrranged to execute program eode comprising memory access configuration logic 240, The memory access configuration logie 240 may for pat of @ hoot assist module (not showin, for example comprising & ‘hard-coded item of softwar that i resident within he signal ‘processing system 200, and which may be executed poo ‘xing «reset and which aay provide some initial config ration othe signal processing system 200, The memory aeeess confignation logic 240 comprises ‘vention logic 280. The encryption logic 280 may be mal to eeeve the security key 238, for example via the access pot 230, along with stem specific sed 260, ano ‘Bencateasyteatkey 288 using the received security key 238, fad system specif sod 260. For example, the encryption Hogic 280 may be aranzed to generate the system key 288 using ablock cipher eneryption algorithm sochasan Advance ny plion Standard (AES) encrypio sgt (a Federal Information Processing Standard FPS) of the United States Government) ora TINY Eneryption Algorithm (TEA) well known block cipher developed by David Whocler and Roger [Newham of the Cambridge Computer Laboratory. fis p= sented atthe Fas Sofware Encryption workshop in Leuven in 1994, and fist published inthe procectngs ofthat work= shop. Wheeler Davi 1; Neadham, RogerM, (1994-12-15. TEA, a tiny enceyption algritm’. Lecure Notes in Com- puter Science (Leuven, Belgium: Past Software Encryption: Second International Workshop) 1008: 363-366). However, the encryption logic 280 may he arranged wo use any suitable ltemative encryption algorithm or the ike, in order to gen fre the systems key 285 from the security key 238 andthe System spevific seed 260, “The system specific seed 260 may comprise any suitable system specific valve, such as a 64-bit or 12-bit binary sting. For example, the system speci so 260 may cone pice a dove identifier and in particular 2 non-memory Iapped device identifier For example, the sytem specific Sd 260 may comprise -y wafer coordinates anda wafer lot ‘number forthe signal processing loge 210 In this manner, the lcaion ofthe device identifier may not beaddessed by sofiwareexccuted on thesignal processing loge 210. sca the value o the device identifier may be provided to sofware executing on the signal processing loge 210 by means of Ianivare foie “The signal processing loge 20 comprises validation logic 270, which for the ilsstrated example forms pat ofthe memory aeces configration loge 240, The vaisaton loge 270s arranged to compare the system key 258 generate by the encryption lopie 280 to the reference key 227 stored in memory, and cups 275 the result ofthe comparison. The system key 288 and reference key 227 may comprise any Shitable Format, sch asa 64-bit or 12-bit hiery sing, The Signal processing logie 210 firtber comprises censorship Inge 280, which forthe illustrated example also forms pat ‘ofthememory aeees configuration logie240, Theoutput 275. US 8,966,286 B2 5 ofthe validation logic 270 may be provided othe censorship Jogic 280, which may be avanged to configure a level of sccessto the memory element 220 based at est partly on the result of the comparison ofthe generated systern key 285 to the ference key 227 stored in memory. ln particular forthe ilustrated example, the censorship logic 280 may be arranged to output an indication 298 as to the level of socess to the memory element based atleast pany on the result othe comparison ofthe generated ystem key 285 tothe reference key 227 stored in: memory. For example, ifthe genrated sytem key 258 andthe rlerence hey 227 stor in memory ‘atch, thoveby indicating that a valid security key 238 has bea rxeived, the censrship logic 280 may output an ind «ston 298 incating that sess othe memory element 220 ‘Stobe enabled. Conversely. ifthe goncrate sysiom key 258 tnx! the reference key 227 sored in memory do not math, thereby indicating that an incorret or inal (or no) secuty kay 235 has boen received, the censorship logie 280 may ‘tpt indiestion 298 indicating that acces the menory ‘lement 220s not to be enabled, ora east restricted Puntermore forthe ilistrated example, a censorship con trol wort 288 may be used to define a censorship scheme for the memory element 220, and thus the access permite thereto, Subsequent acess to the memory element 220 may be enabled vis aocess contol Iogie 299, which receives the Indication 298 out by the censorship log 280, where the Indication 298 indicates the level of access perited. When access 19 the memory clement 220 isto be pemited, the scoes contol Ingle 298 read the censorship oat word 288 andoccordingly enables or reset acces tthe memory ‘ement 220, Conversely if accesso the memory element 220 snot w be permitted, the acess conta logic 290 locks drathenvis restric acces fo the memory element 220, In this manner acces othe memory element 220, and thereby scooss to the sensitive data conined within the memory clement 220, may be prevent, or example va the sccest port 230, unless valid senriy Key is np ‘Access tothe memory element 220 may’ be only tempo- rarly pennitted by « matching password, and following a susayent reset ofthe signal procesing system 200 sgn Jocked (or a least resivicted). For example, as previously ‘mentioned, the memory access contiguaton logic 240 may ‘orm part of aboot assist module (ot shown) tht may com prise hard coded piece of software that may be resident Irthin the signa pooessing system 200, acd which may be excouted upon exting a reset, and which may provide some Inia configuration to the signal processing system 200, In this manner, acees othe memory element 220 ay be con- figured during this initial configuration by way ofthe access contol loge 290 outputing the appropiate indication 298, and by way ofthe censorship contol word 288, a described shove, Once the oot asist modblehas completed its tasks, it tay be able w load one of more dealt applications to be ‘executed by the signal processing logic 210 bere ening. As previously mentioned, thesignal processing system 200 my Ture comprise memory access contr logic 290, via which nplicitons running. the signal processing Togic 210 scc0ss the memory elomeat 220, The memory acess contol Jogi 290 is arrange ed the censorship anil word 288 sMored in an area of memory and enable or disableretict sccess to the memory element based om the valve of the easonship contol word 285. Ths, for applications subse quently executed by the signal processing logic 210, inclod- ing epplicatons enabling acess for an extemal device via coos port 230, access 10 the memory device 220 may be routed thmugh the memory access contol lic 29, In this ‘manner, thememery acces contol logic 290 may be ale to 6 control the acess to memory element 220 proved to appli- ‘ations based on the censorship contol word 288. The ce Sorship conto word may comprisca predetermined masking ‘ale, preconfigured during the initial eoniuration ofthe Signal procesing system 200 The signal processing logic 210 may be arranged to exuse access tothe memory element 22010 be partially ostitod sf the comparison of the generated system Key 258 tothe refer fence key 227 store in memory results int mismatch there ‘berwoos. In this manor, applications exscuted on the signal processing logic 210 may be provided with partial acces, for ‘ample read acess, when a ina or no) security Key is recived. ‘Altenativels the signa) processing logic 240 may be anand to ease acces to the memory clement 220 0 be

    You might also like