Claims:We Claim :
1. A systemto detect tamper and secure confidential data, said system comprises:
a lock out module (200) configured to detect tamper and initiate a plurality of actions to protect the confidential data, said lock out module (200) includes a detection module (202) and a data protection module (204);
wherein the detection module (202) includes a sampling module (202a) and a Efuse_Det (202b), said sampling module (202a) is connected to a dedicated IO which is configured to detect tamper at a product level and to an active mesh which is configured to detect tamper at a chip level; and
the data protection module (204) is configured to store a status of the tamper in a non-volatile memory.
2. The system as claimed in claim 1, wherein the detection module (202) and the data protection module (204)reside in two separate power domains.
3. The system as claimed in claim 2, wherein the detection module (202) residing in one of the two power domains is always an ON domain and the data protection module (204)residing in the other power domain is a switchable power domain.
4. The system as claimed in claim 1, wherein the lock out module (200) detects tamper in Application Specific Integrated Circuit (ASIC)basedSystem on Chip (SoC) designs.
5. The system as claimed in claim 4, wherein the lock out module (200) is configured to force the ASIC to lockout based on the plurality of actionsto securethe confidential data from illegal access.
6. The system as claimed in claim 1, wherein the sampling module (202a) is configured to sample a tamper signal which islocked internally by the Efuse_Det Efuse bit(202b), and thereby prohibit the system boot when the tamper is detected.
7. The system as claimed in claim 1, wherein the data protection module (204) is configured to erasethe confidential data present in internal execution memories, registers of critical Intellectual Properties(IP’s) and data present in external memories of ASIC based SoC designwhen the tamper is detected.
8. The system as claimed in claim 1, wherein the Efuse_Det (202b) is a One Time Programmable (OTP) memory and it is programmed to logic ‘1’ when the tamper is detected.
9. A method for detecting tamper and securing confidential data, said method comprises:
detecting, by a lock out module (200),the tamper;
initiating, by the lock out module (200), a plurality of actions for protectingthe confidential data, said lock out module (200) includes a detection module (202) and a data protection module (204), wherein the detection module (202) includes a sampling module (202a) and a Efuse_Det (202b),
detecting, by the sampling module (202a)tamper at a product level wherein the sampling module (202a) is connected to a dedicated IO;
detecting, by the sampling module (202a)tamper at a chip level wherein the sampling module (202a) is connected to an active mesh; and
storing, by the data protection module (204), a status of the tamper in a non-volatile memory.
10. The method as claimed in claim 9, wherein the detection module (202) and the data protection module (204)reside in two separate power domains.
11. The method as claimed in claim 10, wherein the detection module (202) residing in one of the two power domains is always an ON domain and the data protection module (204)residing in the other power domain is a switchable power domain.
12. The method as claimed in claim 9, wherein the tamper is detectedin Application Specific Integrated Circuit (ASIC)basedSystem on Chip (SoC) designs.
13. The method as claimed in claim 12, said method further includes forcing, by the lock out module (200),the ASIC to lockout based on the plurality of actionsforsecuringthe confidential data from illegal access.
14. The method as claimed in claim 9, said method further includes sampling, by the sampling module (202a), a tamper signal which islocked internally by the Efuse_Det (202b).
15. The method as claimed in claim 9, said method further includes erasing, by the data protection module (204), the confidential data present in internal execution memories, registers of critical Intellectual Properties(IP’s) and data present in external memories of ASIC based SoC design when the tamper is detected.
16. The method as claimed in claim 9, wherein the Efuse_Det (202b) is a One Time Programmable (OTP) memory and it is programmed to logic ‘1’ when the tamper is detected.

Dated this 11th day of November, 2021

ForBHARAT ELECTRONICS LIMITED
(By their Agent)

D. MANOJ KUMAR (IN/PA-2110)
KRISHNA & SAURASTRI ASSOCIATES LLP
, Description:FORM – 2

THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENTS RULES, 2003

COMPLETE SPECIFICATION
(SEE SECTION 10, RULE 13)

A SYSTEM AND METHOD FOR DETECTING TAMPER AND MAINTAINING CONFIDENTIALITY OF DATA

BHARAT ELECTRONICS LIMITED

WITH ADDRESS:
OUTER RING ROAD, NAGAVARA, BANGALORE 560045, INDIA

THE FOLLOWING SPECIFICATION PARTICULARLY DESCRIBES THE INVENTION AND THE MANNER IN WHICH IT IS TO BE PERFORMED.

TECHNICAL FIELD
[0001] The present inventionrelates to tampering protection and more particularly to anASIC (Application Specific Integrated Circuit) based SoC (System on Chip) designs.
BACKGROUND

[0002] US2013/0104252A1 titled “Tamper detection counter measures to deter physical attack on a security asic” relates to an integrated circuit, and more particularly, to Systems, devices and methods of incorporating a tamper detection countermeasure into a security ASIC to deter physical attacks. The prior art architects an active mesh to cover a sensitive area in the security ASIC, and the active mesh is driven or configured by time-varying codes such that an adversary may not easily bypass the active mesh and attack the sensitive area. This conventional technique focuses on the detection of tamper at chip/IC-level using active mesh.
[0003] Therefore, there is still a need of a technical solution which provides a system and amethod for detecting tamper and maintaining confidentiality of data.
SUMMARY
[0004] This summary is provided to introduce concepts related to a novel system and a method for detecting tamper and maintaining confidentiality of data. This method proposes a design of a lock out module to detect tamper and initiate actions to protect the data from illegal access. This lock outmodule helps to detect the tamper attempt at product level and chip/IC level. It also helps SoC to take actions automatically, thereby securing the confidential data.
[0005] In one of the embodiments of the present invention, the system includesthe lock out module that has two sub-modules namelydetection module and data protection module. These modules are classified into two separate power domains.
[0006] In another embodiment of the present invention, the detection module which is always-on, consists of sampling module and an internal Efuse bit “Efuse_Det”. The detection module can be connected to a coin cell.The input of the sampling module can be connected to an active mesh, to detect tamper at a chip-level, and to dedicated IOs to detect temper at product level, thereby providing option to monitor tamper at both end product and chip-level.
[0007] In another embodiment of the present invention, the data protection module is capable of storing the tamper status in a non-volatile memory which is an Efuse memory. This data protection module provides dedicated hardware reset to critical IPs on tamper detection to erase confidential data and interrupt to the system to stop / halt the current execution in CPU. This module erases the data in the external memory and locks the SoC/ASIC.
[0008] In another embodiment of the present invention, the lock out module has a “Bypass flag” which is connected to the One time Programmable Efuse of SoC/ASIC. This flag facilitates testing lock-out functionality during the initial development phase.
[0009] The present invention is a combination of hardware and software that provides protection to the confidential information.
BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS
[0010] The detailed description is described with reference to the accompanying figures.
[0011] Figure 1 illustrates the SoC with the lock out module, in accordance with an exemplaryembodiment of the present invention.
[0012] Figure 2illustrates the lock out module with power domains, in accordance with an exemplaryembodiment of the present invention.
[0013] Figure3 illustrates the flowchartof a FSM (Finite State Machine) depicting actions taken by SoC from the detection of tampering, in accordance with an exemplaryembodiment of the present invention.
[0014] Figure 4illustrates flowchart of apower on sequence of SOC with the proposed lock out module, in accordance with an exemplaryembodiment of the present invention.
[0015] It should be appreciated by those skilled in the art that any block diagrams herein represent conceptual views of illustrative methods embodying the principles of the present invention. Similarly, it will be appreciated that any flow charts, flow diagrams, and the like represent various processes which may be substantially represented in computer readable medium and so executed by a computer or processor, whether or not such computer or processor is explicitly shown.
DETAILED DESCRIPTION
[0016] The various embodiments of the present inventiondescribe about a system and a method for detecting tamper and more particularly providing tampering protection to anASIC (Application Specific Integrated Circuit) based SoC (System on Chip) designs.
[0017] In the following description, for purpose of explanation, specific details are set forth in order to provide an understanding of the present invention. It will be apparent, however, to one skilled in the art that the present inventionmay be practiced without these details. One skilled in the art will recognize that embodiments of the present invention, some of which are described below, may be incorporated into a number of systems.
[0018] However, the methodsand systemsare not limited to the specific embodiments described herein. Further, structures and devices shown in the figures are illustrative of exemplary embodiments of the presently inventionand are meant to avoid obscuring of the present invention.
[0019] Furthermore, connections between components and/or modules within the figures are not intended to be limited to direct connections. Rather, these components and modules may be modified, re-formatted or otherwise changed by intermediary components and modules.
[0020] The appearances of the phrase “in an embodiment” in various places in the specification are not necessarily all referring to the same embodiment.
[0021] It should be noted that the description merely illustrates the principles of the present invention. It will thus be appreciated that those skilled in the art will be able to devise various arrangements that, although not explicitly described herein, embody the principles of the present invention. Furthermore, all examples recited herein are principally intended expressly to be only for explanatory purposes to help the reader in understanding the principles of the inventionand the concepts contributed by the inventor to furthering the art and are to be construed as being without limitation to such specifically recited examples and conditions. Moreover, all statements herein reciting principles, aspects, and embodiments of the invention, as well as specific examples thereof, are intended to encompass equivalents thereof.
[0022] In an embodiment of the present invention, a system and a methodfor detecting tamper and securing confidential data is disclosed.
[0023] In another embodiment, the present invention discloses SoC which is designed using IPs (Intellectual Properties) which can be Analog and Digital to meet the desired functionality of the end Application. The ASIC based SoC typically consists of modules like CPU (Central Processing Unit), co-processors, memory controllers, internal memories and User Interface logic. These modules communicate with each other using an on-chip Bus InterConnect (BIC). The protection against illegal access to confidential information used by SoC, calls for adoption of countermeasure mechanism. The security and countermeasure strategy adopted to secure the confidential information is dependent on the target Application.
[0024] Figure 1 illustrates the SoC with the lock out module, in accordance with an exemplary embodiment of the present invention. The SoC (100) system according to the first exemplary embodiment of the present invention includes masters (104) connected to various slaves (105) through a BIC (103). The masters and slaves communicate with each other through the BIC using AMBA (Advanced Microcontroller Bus Architecture) protocol. The high speed masters and slaves in SoC are connected using high speed Bus (101). The slow peripherals/ slaves are connected to the BIC (103) using low speed APB (Advanced Peripheral Bus)interface (102).
[0025] The lock out module is an IP inside in an ASIC based SoC which is connected to the BIC (103). The APB interface (102) is configured to control and view the status of the lock out module and the AXI interface is configured to access a random number from a True Random Number Generator(TRNG).
[0026] Figure 2illustrates the lock out module (200)with power domains, in accordance with an exemplary embodiment of the present invention. The block diagram of the proposed lock out module(200) has two sub-modules namely a detection module (202)and a data protection module (204). The detection module (202) has in-built Efuse_Det Efuse bit(202b)and a sampling module (202a),is configured to samplethe input signals from the dedicated IO and/or active mesh. The data protection module (204) has internal non-volatile memory which is a Efuse_DPEfuse bit(204a) and a data protection logic (204b). A similar structure can be used by any IC manufacturer for tamper detection.
[0027] Typically ASICs adopt various power saving strategies by grouping the internal modules into multiple power domains/islands. These power domains can be activated which is a powered on/ On state and deactivated which is a powered off/ Off state independently based on end application, which facilitates power saving in ASICs.In the lock out module(200), the detection module (202)and the data protection module(204)are strategically placed in two separate power domains.
[0028] In the present embodiment of the present invention, the detection module (202) is configured to detect any attempt of illegal access (activity). The detection module (202)is configured to sample the activity on the input signals and notifies the same to the data protection module (204). The nature of the activity can be defined based on the end application.
[0029] In an exemplary embodiment of the present invention, a tamper activity in a typical end application can be defined as removal of enclosure of the product. In this case, if the enclosure of the product is removed, the activity is detected by the input signal connected to dedicated IOs which triggers the detection module (202).
[0030] In the present embodiment of the present invention, if the tamper trigger is connected to single IO, there is a chance of escaping the detection. To avoid this, the trigger is connected to dedicated IOs in multiple locations and ORed to tamper input signal of the detection module (202). The number of locations can be defined based on end application and the type of confidential information. The tamper input signal of the detection module (202) can be ORed with the active mesh signal. This facilitates SoC to self-protect from physical tamper attempt both outside SoC (detection using IOs) and on the SoC (detection using active mesh). The tamper signal once triggered will remain high even if the trigger is deactivated. The detection module(202) operates using low speed clock.
[0031] In the present embodiment of the present invention, the detection module (202)has a sampling module and internal Efuse. The sampling module (202a)is configured to continuously samplethe activity in tamper signals using 32.768KHz clock. This sampling module(202a)avoids false trigger by filtering pulses less than two clock cycles. The internal Efusewhich is“Efuse_Det”(202b), is configured to store the status of tamper activity. This Efuse can be updated by tamper signal only and cannot be updated by any other means. The Efuse can only be read by Secure OS. The Efuse_Det (202b)is aOne Time Programmable (OTP)memory, once it is programmed to logic ‘1’due to Tamper, the fuse cannot be programmed to logic ‘0’.
[0032] In the present embodiment of the present invention, the detection module (202) can be connected to external coin cell/ super capacitor. The module apart from sampling module (202a)of the detection module (202) is a clock gated until valid tamper signal is detected. This helps to reduce the power consumption. The detection module (202) uses main power supply of the SoC whenever it is available and uses supply from coin cell when main power supply is not available. This switchable feature helps to increase the durability of coin cell. The end user has to replace the coin cell periodically as a pre-emptive measure.
[0033] In the present embodiment of the present invention, the data protection module (204) is configured to initiatethe measures/actions to secure the confidential information stored in SoC. The strategy adopted in the lock out module (200)is a combination of underlying hardware and software. The sampled tamper status in the detection module (202)initiates the data protection measures.
[0034] In the present embodiment of the present invention, a dedicated internal hardware reset signal which is present inside SoC is issued immediately once tamper is detected. This erases/resets the confidential information in the internal execution memories of critical IPs like crypto. The hardware reset is also brought out of ASIC as output Pin, and can be used to reset external memories connected to the ASIC. Further, the data protection module (204) is configured to providea high priority non-maskable interrupt to the processor. The interrupt forces the processor to stop the on-going process. The software residing in the boot memory initiates corruption of confidential data present in external memories connected to SoC by writing random data. The random data is generated using TRNG inside the SoC.If bypass flag is high, tamper status is updated in a dedicated internal Efuse “Efuse_DP(204a)”, thereby forbidding subsequent initialization/booting of SoC. If bypass flag is low, it signifies that the ASIC/SoC is in initial development phase and lock-out module allows testing of lock-out functionality. The updation of tamper status in internal Efuse i.e. both Efuse_DP (204a) and Efuse_Det (202b) is bypassed.The system is held in lock state till next power cycle. In the next power cycle, the lock-out module again starts fresh sampling of input signals. The bypass flag is a Efuse bit which is one time programmable. After testing, this is blown to permanent highwhen the SoC based ASIC is shipped to end customer. Further, the data protection module (204) operates using the main supply of SoC.
[0035] In the present embodiment of the present invention, the sampled tamper detection signal is stored internally in the detection module (202) using the Efuse_Det (202b). It is also provided to the data protectionmodule (204) through a dedicated signal. The counter measure checks status of this dedicated signal and forces the SoC/ASIC to permanent lock out and the SoC/ASIC will not be able to further wake up/boot. The SoC lock out forces complete SoC to be in permanent reset i.e., continuous low. If the main power supply is turned off and again turned on, the ROM Code checks the status of tamper in Efuse and ensures that the SoC remains in reset state without loading from external boot memory. Even if the external boot memory is changed, the SoC does not take the new code since the ROM code does not allow the execution from external boot source memory. The hardcoded ROM Code present inside SoC makes sure that the SoC is in reset state once tamper is detected.
[0036] In the present embodiment of the present invention, the action taken by the data protection module (204) of SoC based on the Efuse_DP (204a) and Efuse_Det (202b) is as shown below in Table 1.
Sr .No Efuse_DP Efuse bit Efuse_Det Efuse bit Action taken by data protectionmodule
1 0 0 Normal boot/operation
2 0 1 “Initiate DP” signal enabled by hardcoded in-built boot ROM, erase internal memory, reset internal IPs, update Efuse_DP module, corrupt external boot memory, external memories, and force device to lock out
3 1 0/1 SoC held inlock out

[0037] Figure 3 illustrates the flowchart of a FSM (Finite State Machine) depicting actions taken by SoC from the detection of tampering, in accordance with an exemplary embodiment of the present invention. The system detects for any attempt of tamper. If no tamper is detected then normal operations are continued and if tamper is detected then Efuse_Det module updates the status of the tamper activity.If the main power supply is turned off and again turned on, the ROM Code checks the status of tamper in Efuse and ensures that the SoC remains in reset state without loading from external boot memory. A dedicated internal hardware reset signal is issued immediately once tamper is detected. This erases/resets the confidential information in the internal execution memories of critical IPs like crypto. The hardware reset is also brought out of ASIC as output Pin, and can be used reset external memories connected to the ASIC. Further, the data protection module (204) is configured to provide a high priority non-maskable interrupt to the processor. The interrupt forces the processor to stop the on-going process. The software residing in the boot memory initiates corruption of confidential data present in external memories connected to SoC by writing random data. The random data is generated using TRNG inside the SoC. If bypass flag is high, tamper status is updated in a dedicated internal Efuse “Efuse_DP”, thereby forbidding subsequent initialization/booting of SoC. If bypass flag is low, it signifies that the ASIC/SoC is in initial development phase and lock-out module allows testing of lock-out functionality.
[0038] Figure 4illustrates flowchart of apower on sequence of SOC with the proposed lock out module, in accordance with an exemplary embodiment of the present invention.The main power supply is turned on and the system checks whether the Efuse_Det is set, if it is not set then the system checks whether the Efuse_DP is set, if it is not set then normal boot is initiated. Status of tamper in Efuse ensures that the SoC remains in reset state without loading from external boot memory. If bypass flag is high, tamper status is updated in a dedicated internal Efuse “Efuse_DP”, thereby forbidding subsequent initialization/booting of SoC. If bypass flag is low, it signifies that the ASIC/SoC is in initial development phase and lock-out module allows testing of lock-out functionality. The updation of tamper status in internal Efuse i.e. both Efuse_DP and Efuse_Det is bypassed. The system is held in lock state till next power cycle. In the next power cycle, the lock-out module again starts fresh sampling of input signals. The bypass flag is a Efuse bit which is one time programmable. After testing, this is blown to permanent high when the SoC based ASIC is shipped to end customer. Further, the data protection module operates using the main supply of SoC.
[0039] The foregoing description of the invention has been set merely to illustrate the invention and is not intended to be limiting. Since modifications of the disclosed embodiments incorporating the spirit and substance of the invention may occur to person skilled in the art, the invention should be construed to include everything within the scope of the invention.