Designing the mask layout for an integrated circuit (“IC”) is a time consuming and costly process, which is considered to IC designers to be a “non-recoverable expense,” or “NRE,” which must be recovered by increases to the per-unit cost of the ICs above their actual cost per unit of manufacture. Accordingly, it is important for IC designers to ensure that competitors are not able to duplicate their designs without incurring the NRE expense, so as to market them at unfairly reduced costs.
In general, a “mask work” is a two or three-dimensional layout or topography of an integrated circuit, i.e. the arrangement on a chip of semiconductor devices such as transistors and passive electronic components such as resistors and interconnections. Because of the functional nature of a mask layout, the functionality cannot be effectively protected under copyright law. Similarly, because a mask layout is not clearly protectable subject matter under patent law, mask works also cannot be effectively protected by patents. Some national governments have been granting copyright-like exclusive rights conferring time-limited exclusivity to reproduction of mask works. However, current legal protections are insufficient, such that a strong need exists for IC designers to find practical methods of protecting their IC intellectual property (“ICIP”).
Changes to the chip fabrication industry that have led to a flattening of the once-vertical integrated circuit (“IC”) supply chain have made it much more difficult to protect ICIP. In the past, IC design and fabrication were typically handled by the same entity, because the cost to build a foundry, though expensive, was a reasonable investment. This enabled IC designers to maintain their ICIP as a trade secret. However, decreasing feature sizes and times to market, coupled with demands for lower power, high-performance ICs, as well as for specialized, lower production run ICs, have made it prohibitively expensive for most IC designers to establish a full-scale foundry. Instead, nearly all IC designers outsource their IC production to third-party IC manufacturers or “foundries.”
These contract IC foundries, originally driven by inexpensive labor, have established themselves throughout the world, and especially in Asia. This paradigm shift has created new opportunities for smaller and more specialized organizations to design IC solutions, and even to design partial IC solutions that can be licensed for incorporation into third party IC designs. However, this shift to fabrication outsourcing, especially to offshore foundries, has given rise to a serious threat that ICIP will be abused by potentially untrusted foundries, especially due to overproduction, whereby the cost per additional unit is very low, and the sale of the overproduced items is in direct competition with the designer. A recent survey on the semiconductor industry by Semiconductor Equipment and Materials International (SEMI) reports that 90% of IC designers have experienced IP infringement, with 54% reporting it as serious or extremely serious.
Several solutions for counterfeit protection and Trojan detection have been developed for digital ICIP. An example is presented in FIGS. 1A and 1B. In FIG. 1A, a complex digital integrated circuit 100 is conceptually represented as including a large number of logical units that are interconnected to form a functioning circuit. For simplicity, only two of the interconnections 102, 104 are shown. One method of preventing ICIP piracy is to include additional elements such as the “OR” gates 108, 110 included in modified circuit 106 of FIG. 1B. According to this approach, the additional components 108, 110 re-route or, in the case of FIG. 1B, enable or disable, certain interconnections 102, 104 that are necessary for the circuit 106 to operate. Accordingly, additional inputs 112, 114 are provided, and the chip 106 will not function unless the required digital signals are applied to the inputs 112, 114. Functionally, this means that an enabling code or “key” must be applied to these additional inputs 112, 114 so as to allow the chip 106 to be used. By arranging for a first foundry to manufacture the ICs, and a second foundry to manufacture separate chips, such as PROMs, that contain the (possibly encrypted) key, a designer can inhibit piracy by ensuring that only authorized users receive both.
Note that while FIG. 1B illustrates the use of OR gates to enable signal paths, in general the protection scheme can be designed such that it is necessary to disable certain extraneously added signal paths so as to allow the circuit to function. Of course, other types of logic units can be added, and in some cases additional functionality of circuits that are already present may be utilized in the same way.
Another approach for protecting digital ICIP is to include additional circuitry in the IC design that results in a large number of possible initial states for the IC, and then to use a physically unclonable function (“PUF”) of the chip, which will differ between chips due to manufacturing fluctuations, to cause each chip to be initiated in an unpredictable state. According to this approach, the authorized user initiates the chip and reports the initial state to the IC designer, who then uses proprietary knowledge of the IC circuit to determine what inputs are needed to transition the chip to the correct initial state. This “key” is then provided to the authorized user, which may be implemented in software, by fusing appropriate circuits in the IC, and/or by implementing the key in a separate chip.
These and other approaches to protecting ICIP depend upon creating a large number of configurations for the IC, of which only one, or only a very few, of the configurations will allow the circuit to operate. As such, these solutions are sometimes described in terms of creating a “finite state engine” (“FSE”), for which the degree of protection depends on the number of states of the FSE.
Approaches for protecting digital ICIP generally depend on adding transistors and gates to the IC in sufficient numbers to provide a large enough number of FSE states to provide adequate protection. These approaches are made practical by the large number of transistors and digital logic gates that are included in the IC circuit itself, such that the additional transistors and/or gates that are needed to implement the protection scheme will not unduly increase the complexity and cost of the IC. Furthermore, these solutions benefit from “obfuscation,” whereby it is prohibitively difficult for a competitor to determine which of the very large number of logic gates and transistors are extraneous to the functioning of the IC circuit, and are provided only for IC protection. This obfuscation helps to prevent a competitor from making small modifications to the mask layout that might otherwise disable the protection while maintaining the functionality of the circuit.
While existing approaches can be effective in preventing piracy of digital ICIP, they are not readily adapted to protecting analog and mixed signal ICIP. Because of the large NRE for many analog and mixed-signal ICs, they are highly tempting targets for piracy if the manufacturing is implemented by an untrusted foundry or otherwise misappropriated. Accordingly, there is considerable incentive both for adversaries to steal analog and mixed signal ICIP, and for designers to protect their analog and mixed signal ICIP. Unfortunately, in contrast to digital ICIP, analog and mixed signal ICIP circuits comprise several orders of magnitude fewer transistors and logic gates. As a result, the approaches for preventing unauthorized use that work well for digital ICIP are not readily adapted to analog and mixed signal ICIP, because the addition of sufficient transistors and gates to provide enough FSE states, i.e. a large enough “key,” would result in an unacceptable increase in the complexity and cost of the IC, and also because the circuit includes too few transistors and gates to provide adequate obfuscation for the additional transistors and gates that would be needed.
What is needed, therefore, is a method for preventing unauthorized use of analog and mixed signal ICIP.