There are well-known ways of testing for the proper operation of the functional elements of an integrated circuit. This is done by the imposition and/or determination at predefined instants of the values of data present at certain internal points of the integrated circuit. A technique of this kind for testing the internal paths of an integrated circuit, known as a scanpath or an internal scan method, is described for example in “Enhancing Testability of LSI Circuits Via Test Points and Additional Logic,” M. Williams and J. Angel, IEEE Transactions on Computers, Vol. C-22, No. 1, January 1973.
In this technique, each of the flip-flop circuits of the logic circuit, for which it is necessary to know the state and/or impose the content during the standard operation of the integrated circuit, is provided with a multiplexer at its input. The different flip-flop circuits and the multiplexers that are associated with them thus constitute an equivalent number of configurable cells whose access points are controlled by the multiplexers.
The multiplexers are collectively controlled by a TAP (test access port) controller which, depending on a command signal defining a selected mode of operation, uses the set of configurable cells either as a standard functional circuit integrated with the logic circuit that it forms with the logic cells, or as a test circuit.
To do this, the TAP controller receives command signals on different command conductors and/or address conductors by which it is connected to the different configurable cells. The command signals are for example a mode command signal, a chaining command signal or a data-propagation command signal that permit the modification of and/or modify the data circulation paths within the integrated circuit. The command signals also permit the controller to capture data for subsequent analysis.
In a standard operating mode, the TAP controller therefore drives the multiplexers of the configurable cells so that the flip-flop circuits of these cells are connected to surrounding logic cells to define one or more functional sub-units of the integrated circuit.
In the test mode, which is normally activated upon reception by the TAP controller of a command signal commanding passage into the test mode, the controller produces a chaining command signal to set up a series connection of the flip-flop circuits of the configurable cells so as to form a shift register. This register has a series input and a series output respectively connected to one output and to one input of the TAP controller, as well as a clock input receiving a clock signal to set the rate of the data stream flowing in the shift register.
Initially, the TAP controller serially loads data into the flip-flop circuits of the configurable cells through the input of the shift register formed by these configurable cells. Then, the TAP controller changes the switching of the multiplexers to form the functional circuit, and commands execution of one or more clock cycles by the functional circuit. In this phase, the data loaded into the flip-flop circuits of the configurable cells are processed by the functional circuit.
The controller then changes switching of the multiplexers once again to form the shift register once again and serially retrieves, at an output of the shift register, the data stored in the flip-flop circuits of the configurable cells during the last clock cycle. Despite the confirmed value of this testing technique, its practical application can be a problem in certain circumstances, especially in integrated circuits that process secret data.
Inasmuch as the activation of the test mode may enable a fraudulent individual to read the contents of the flip-flop circuits of the configurable cells, this test technique has the drawback of making such circuits very vulnerable to fraudulent use. For example, by stopping a process of internal loading of secret data into the integrated circuit at various points in time, and by unloading the contents of the shift register, a fraudulent individual could obtain information on secret data or even reconstruct the secret data.
By activating the test mode, a fraudulent individual could also obtain write access to the flip-flop circuits of the configurable cells to insert fraudulent data or to place the integrated circuit in an unauthorized configuration. The fraudulent individual could thus, for example, access a register controlling a security element such as a sensor to deactivate it. False data could be injected in order to obtain information on secret data.
The fraudulent individual may actually adopt two different strategies. The first strategy includes taking control of the TAP controller and observing the contents of the cells of the shift register at the external pads. The second strategy includes taking control of the configurable cells by exciting them by micro-probing so as to simulate the driving of the cells by the command signals emitted by the TAP controller.
A prior art electronic circuit, described in the European patent application no. 1,560,031, is designed to thwart an attempt at fraud using the second strategy. In this application, the electronic circuit comprises a connection control module appropriate to carrying out the following as a function of an identification key. The configurable cells are chained in a predetermined order to form the test shift register if the identification key is valid, or if not, then chaining the configurable cells in a random order to form a diversion circuit. The diversion circuit is formed by the same configurable cells connected together in an order different from the predetermined order, and chosen randomly at each formation of a diversion circuit.
Thus, in the circuit in the '031 patent application, the shift register records or writes data fraudulently (i.e., without accurate self-identification), and the data are actually written or read in a diversion circuit. Thus, the data will either not have the expected effect on the logic circuit or will have no meaning during the reading. Thus, it becomes difficult to fraudulently retrieve a secret key that might be stored in the logic circuit.
A drawback of the circuit in the '031 patent application is the fact that, to be truly efficient, it is necessary in the connection control module to use very large-sized multiplexers having a very large number of inputs in order to be able to set up a large number of different diversion circuits. The security of the circuit is indeed proportional to the number of diversion circuits that can be made randomly. The use of large-sized multiplexers first implies difficulty in making the circuit, and secondly, high consumption for the circuit including the standard mode of operation.
Also, the efficiency of the circuit in the '031 patent application increases with the frequency of reconnection of the diversion circuits, but increasing this frequency also significantly increases the consumption of the circuit. Finally, the data contained in a diversion circuit are the data initially contained in the test shift register. So, even if the data are mixed up during the formation of the diversion circuit, there is always a risk that the data may be read and exploited by a fraudulent individual.