Manufacturers of various devices, such as semiconductor manufacturers, for example, sell their devices, such as integrated circuit components, for example, to different customers. Specialized suppliers provide embedded code or data for the respective devices to configure and/or customize the respective devices according to the demands and requests of the customers. The customers may then program the devices bought from the manufacturer at their location with the embedded code or data obtained from the suppliers.
This transfer of embedded code or data involves a number of piracy risks. The embedded code or data could leak through grey channels to a pirate production plant which could then program clone hardware using available loader tools from the Internet. The customer could also try to pay less license fees to the software producer by under-declaring the number of produced devices containing the embedded code or data since this information is transparent to the software producer.
One approach for protecting embedded code or data is to provide the devices to be sold with unique identification numbers so that the software producers can include trap routines in the embedded code. These trap routines freeze the operation of the device if the embedded code is used illegally. However, besides increasing the code size, this scheme can still be reasonably hacked by replacing the trap routines with dummy code.
Therefore, there exists a need for a method and system for securely transferring embedded code and/or data designed for a device to a customer in order to prevent the embedded code or data from being used on unauthorized devices.