The invention relates to a circuit configuration having a number of function blocks each connected to at least another one of the function blocks. At least one sub-set of the connections is in the form of an interlocking element which can be switched through an activation line from a normal mode to a test mode and which has a further data input and data output. The further data inputs and outputs are connected to one another by data line sections in such a manner that the interlocking elements form a shift register which provides a scan path.
Such a circuit configuration is known from U.S. Pat. No. 4,534,028. A scan path which is described therein and is provided in the circuit configuration is used to simplify the testing of the function blocks in the circuit configuration.
The interlocking elements, which can be interconnected to form a shift register and are in the form of flipflops, allow defined input states to be applied to the individual function blocks at defined times, and also allow the intermediate results, which are stored in the interlocking elements, to be read once again through the shift register. In that case, one function block is intended to be a circuit unit which carries out a specific function that can itself be tested.
Specific forms of electronic circuits, such as circuits for smart cards, require a high level of secrecy of circuit information and chip-internal data, such as keys for cryptological procedures. That security-relevant information must be protected not only against analysis by third parties, but also against manipulation. At the same time, the circuit design requires a minimum level of transparency and access to such security-relevant circuit blocks and data, in order to ensure adequate reliability through the use of testing. In order to ensure a high level of test coverage during and after production, test components such as the scan path described above are frequently additionally integrated in the electronic circuit and allow a function block to be placed in virtually all of the desired states in order to test its functionality in that way.
The components which are introduced for testing in that case are often activated and deactivated by central test controllers. Those test controllers are activated either by software or through the use of external signals through specific test pins. Both versions are relatively simple to manipulate, and thus represent a potential security risk. The previously used procedures for improving the capability to analyze integrated circuits are thus not consistent with the high level of security now required of specific electronic components.
It is already known for specific function blocks in a circuit configuration to be irreversibly disconnected from the rest of the circuit after a test or after initially being brought into use.
For example, German Published, Non-Prosecuted Patent Application DE 197 11 478 A1, corresponding to U.S. application Ser. No. 09/398,694, filed Sep. 20, 1999, now abandoned has already described the capability to read a test ROM only through a multiplexer which can be selected irreversibly, in order to prevent access to the test ROM after the test.
German Published, Non-Prosecuted Patent Application DE 27 38 113 A1 has already disclosed irreversible prevention of access to memories with security-relevant and/or function relevant contents through the use of destructible gates.
However, the disadvantage of those known configurations is that the circuit components which can be selected or destroyed irreversibly are disposed at points that can be found easily, and which can be xe2x80x9crepairedxe2x80x9d relatively easily, thus allowing extensive analysis, and therefore manipulation.
It is accordingly an object of the invention to provide a circuit configuration with a deactivatable scan path, which overcomes the hereinafore-mentioned disadvantages of the heretofore-known devices of this general type in such a way that it is virtually impossible to use the scan path for unauthorized analysis.
With the foregoing and other objects in view there is provided, in accordance with the invention, a circuit configuration, comprising a number of function blocks having inputs and outputs. Connections connect the inputs and outputs of each of the function blocks to at least one other of the function blocks. The connections include at least one subset in the form of a respective interlocking element having a normal mode, a test mode, a further data input and a further data output. An activation line (Scan Enable) is provided for switching the interlocking element from the normal mode to the test mode. Data line sections connect the further data inputs and outputs to one another forming a shift register from the interlocking elements to provide a scan path. At least one electrically programmable protection element is disposed along the activation line (Scan Enable) and/or the data line sections for selectively interrupting and connecting a given one of the lines to a defined potential.
The interlocking elements of a scan path are distributed over the entire chip area. The activation line and a data line, which is composed of the data line sections, thus also run over the entire chip area. However, the protection elements are thus also distributed in a decentralized manner over the area of the chip, so that the security against xe2x80x9cattacksxe2x80x9d is very high. Furthermore, a suitable choice of technology allows a very high security level to be achieved against reprogramming of the protection elements. Examples of such protection elements are specified in German Published, Non-Prosecuted Patent Application DE 196 04 776 A1.
The choice of different protection elements as line sections which can be produced or disconnected, that is to say as xe2x80x9cfusesxe2x80x9d or as xe2x80x9canti-fusesxe2x80x9d enhances security since an xe2x80x9cattackerxe2x80x9d does not know immediately what type of element is being used. The use of both types is also highly advantageous. The protection elements can also be used in conjunction with logic gates, in order to define the function of those gates as open or closed switches by definition of the potential.
Other features which are considered as characteristic for the invention are set forth in the appended claims.
Although the invention is illustrated and described herein as embodied in a circuit configuration with a deactivatable scan path, it is nevertheless not intended to be limited to the details shown, since various modifications and structural changes may be made therein without departing from the spirit of the invention and within the scope and range of equivalents of the claims.
The construction and method of operation of the invention, however, together with additional objects and advantages thereof will be best understood from the following description of specific embodiments when read in connection with the accompanying drawings.