Intellectual property is increasingly licensed between companies as part of the globalization of the world economy. This intellectual property (IP) is most often embodied in computer files and exchanged electronically between companies. In certain technology areas, such as semiconductors, there is an explosion of licensing between a burgeoning number of 3rd-party IP companies and semiconductor companies who incorporate that IP into their products. The systems and methods for managing and tracking the large amount of semiconductor IP being used today is largely ad hoc and relies on manual processes to insure compliance. As a result, corporations are exposed to significant risk and liability through either intentional or accidental use of the technology as the legal and finance operations of the companies who are familiar with the licensing aspects of the technology are not connected to the actual use of the technology by the engineering operations of the company.
As a specific example, a company may have acquired the legal rights to a piece of IP for (re)use in one specific application, but the engineering operations may not be aware of which rights were secured and may have used the IP in additional applications for which rights were not secured. As a result, the company may be liable to litigation by the IP owner as well as injunction against selling the products that contained that IP.
Another problem in the industry is that with the advent of outsourcing, there are a number of contract workers that have access to the source code of designs and may introduce “back doors”, “Trojan horses”, or other malware to 3rd-party IP that is difficult for the company to detect.
As a specific example within the semiconductor industry, such malicious modifications would be buried deep in the semiconductor device. An “infected” device could be placed into production (aircraft, satellite, consumer device) and not detected until the malware was activated, possibly many years after the malware was introduced to the device. Since the malware exists in hardware, it is not possible to remove the malware through a software update and instead would require a complete recall of all infected products. Tracking the whereabouts of infected products may be impossible due to the many levels of the semiconductor supply chain.
Increasing and massive IP reuse brings with it, its own set of challenges. Further, with a large number of suppliers and an even larger number of IP titles in the marketplace, every contract drafted is different, and there is no benchmark or industry standard. With contract terms, use rights and restrictions being varied, access is largely uncontrolled. This leads to both accidental and deliberate reuse. Further, today's IP reuse is “manually” tracked, mostly through spreadsheets, so updating becomes extremely laborious, error prone, and inefficient. This also results in dangerous exposure on legal liability. While there have been attempts in the market to solve this problem, only partial solutions have been provided by electronic design automation (EDA) and design management (DM) companies resulting in significant gaps. Embodiments of the disclosed invention, recited methods and systems to fingerprint IP substantially fill these gaps and improve the efficacy of those partial solutions.
There remains a need for “Fingerprinting” IP, i.e. a tool that can scan IP and chip databases resulting in generation of a unique “fingerprint” for both IP and chips.
There remains a further need for an IP Repository of fingerprinted IP, i.e. a public place for a reference library of IP fingerprints from IP companies.
There remains yet another need for “DNA” Analysis of IP, i.e. a tool to analyze chip fingerprints comparing them to a reference library of IP fingerprints to produce a report on which IP is contained in the chip.