1. Field of the Invention:
The present invention relates generally to electronic circuits and systems, and more particularly relates to security systems used to prevent unauthorized use of particular segments of such electronic circuits and systems.
2. Art Background:
Computers and other electronic systems are frequently configured to permit future upgrades and enhancement according to the needs of the purchaser. Depending on the needs of a computer user, a computer system may be initially configured to meet the customer's base needs, and then subsequently expanded or enhanced to meet the customer's increased computation, or performance needs. In the past, system upgrades and enhancements have been effected by adding circuit components and elements providing the enhancement feature. For example, in a computer system having a base configuration of a central processing unit (CPU), memory, and input/output (I/O) devices, enhanced arithmetic performance may be added by supplementing the base system chip set with additional "off-chip" computing capability, for example an arithmetic "co-processor". Although additional off-chip functionality can be added by providing additional circuit elements and chips, the external and distributed nature of the added elements may, in certain cases, substantially degrade overall system performance. The foregoing is especially true in high performance computation or instrumentation systems, wherein computation or signal transmission times occur in the nanosecond domain.
To avoid degradation of performance whilst permitting field upgradability for computation systems, enhanced or optional features are increasingly being integrated into the CPU chip, which features are enabled by externally added "key" chips. Thus, although the enabling of the advanced or optional feature is external to the CPU, the functional circuitry implementing the feature remains onboard the CPU, thereby avoiding the degradation in performance. However, when CPU chips incorporate such integrated enhanced features and options, it is tempting to enable the advance feature with an unauthorized key and thereby avoid the additional cost of paying for an authorized legitimate key. Depending on the demand and popularity for particular CPU chips, fabrication of unauthorized key chips may reach epidemic proportions, and may cost the manufacturer of the CPU the loss of considerable revenues. Some CPU manufacturers fabricating advanced feature integrated devices may choose to prevent unauthorized use of the integrated feature by restricting dissemination of the interface protocols between the CPU and key chips. For example, a CPU manufacturer may reveal details of the interface only to specific licensees giving assurances of non-disclosure. However, many computer makers are adhering to the "open systems" philosophy and demand unrestricted access to the interface protocols used between chips. Once the restricted information is released, it is a relatively easy matter for a potential "function pirate" to learn the particular protocol used by chip manufacturer. A potential "function pirate" may successfully learn the interface protocol used by opening the integrated circuit and analyzing the circuitry directly using any of several known visual and electrical tests. "Black box" reverse engineering techniques may also successfully yield information regarding the protocols used between a particular set of devices.
Accordingly, inasmuch as system performance may be improved by integrating previously distributed advance or optional features into a main chip, e.g. a CPU, it would be desirable to provide a secure key chip from which it is not possible to extract or determine how to enable the integrated feature. Alternatively, some chip manufacturers may opt to incorporate some sort of on-board encryption scheme into the operation of their chips, wherein a code is passed between the main chip and the key chip to enable the integrated feature. However, all encryption schemes depend upon one or more so-called "key numbers" which are used by the encryption algorithm during the encryption or decryption process. As suggested previously, physical and electrical inspection of the key chip could enable a clever function pirate to ascertain the key numbers contained therein, and thus have access to the entire encryption scheme. Accordingly, it becomes desirable to provide security for the encryption scheme used.
As will be more fully explained in the following detailed description, the present invention provides both methods and hardware apparatus for simply invoking an encryption scheme to eliminate the economic incentive to function pirates attempting to unlawfully utilize integrated advanced features in highly integrated multiple function devices. Providing that the invoked encryption scheme is secure to satisfy the manufacturer's security requirement, any encryption scheme will function in the present invention. In addition, the present invention provides security measures to ensure the key number used in the encryption/decryption process cannot be determined and used to manufacture unauthorized key chips.