A memory device comprises an array of memory cells, a physically unclonable function PUF circuit in the memory device to generate a PUF code, a data path connecting a first circuit to a second circuit in the memory device coupled to the array of memory cells, and logic circuitry to encode data on the data path from the first circuit using the PUF code to produce encoded data, and to provide the encoded data to the second circuit.

The application discloses a memory controller coupled between a memory module and a host controller to control access of the host controller to the memory module, comprising a central buffer coupled between the host controller and the memory module. The central buffer is configured to receive a command/address signal from the host controller via a command/address channel and selectively provide the command/address signal to the memory module. The command/address signal has an identity authentication message for identifying a source. The central buffer comprises: a verification module coupled to the command/address channel to receive the command/address signal and the identity authentication message, and configured to determine whether the command/address signal conforms to an authority management rule based on the identity authentication message; and an access control module coupled to the command/address channel to receive the command/address signal and coupled to the verification module to receive the determination result, and configured to process the command/address signal based on the determination result to selectively provide the command/address signal to the memory module.

The application discloses a memory controller coupled between a memory module and a host controller to control access of the host controller to the memory module, comprising a central buffer coupled between the host controller and the memory module. The central buffer is configured to receive a command/address signal from the host controller via a command/address channel and selectively provide the command/address signal to the memory module. The command/address signal has an identity authentication message for identifying a source. The central buffer comprises: a verification module coupled to the command/address channel to receive the command/address signal and the identity authentication message, and configured to determine whether the command/address signal conforms to an authority management rule based on the identity authentication message; and an access control module coupled to the command/address channel to receive the command/address signal and coupled to the verification module to receive the determination result, and configured to process the command/address signal based on the determination result to selectively provide the command/address signal to the memory module.

Memory devices, systems including memory devices, and methods of operating memory devices are described, in which security measures may be implemented to control access to a fuse array (or other secure features) of the memory devices based on a secure access key. In some cases, a customer may define and store a user-defined access key in the fuse array. In other cases, a manufacturer of the memory device may define a manufacturer-defined access key (e.g., an access key based on fuse identification (FID), a secret access key), where a host device coupled with the memory device may obtain the manufacturer-defined access key according to certain protocols. The memory device may compare an access key included in a command directed to the memory device with either the user-defined access key or the manufacturer-defined access key to determine whether to permit or prohibit execution of the command based on the comparison.

A physically unclonable function (PUF) circuit includes a at least a PUF bit storage transistor. The at least a PUF bit storage transistor has a gate-to-source/drain breakdown voltage lower than a gate-to-channel breakdown voltage and a gated source/drain junction breakdown voltage.

Devices are disclosed. A device may include a source configured to couple to a number of memory cells. The device may also include at least one transistor coupled between the source and a ground voltage. Further, the device may include an antifuse coupled between the at least one transistor and the ground voltage. Methods and systems are also disclosed.

Devices are disclosed. A device may include a source configured to couple to a number of memory cells. The device may also include at least one transistor coupled between the source and a ground voltage. Further, the device may include an antifuse coupled between the at least one transistor and the ground voltage. Methods and systems are also disclosed.

A device which can be implemented on a single packaged integrated circuit or a multichip module comprises a plurality of non-volatile memory cells, and logic to use a physical unclonable function to produce a key and to store the key in a set of non-volatile memory cells in the plurality of non-volatile memory cells. The physical unclonable function can use entropy derived from non-volatile memory cells in the plurality of non-volatile memory cells to produce a key. Logic is described to disable changes to data in the set of non-volatile memory cells, and thereby freeze the key after it is stored in the set.

Systems, apparatuses, and methods related to a computer system having a page table entry containing permission bits for predefined types of memory accesses made by executions of routines in predefined domains are described. The page table entry can be used to map a virtual memory address to a physical memory address. In response to a routine accessing the virtual memory address, a permission bit corresponding to the execution domain of the routine and a type of the memory access can be extracted from the page table entry to determine whether the memory access is to be rejected.

Systems, apparatuses, and methods related to a computer system having a page table entry containing permission bits for predefined types of memory accesses made by executions of routines in predefined domains are described. The page table entry can be used to map a virtual memory address to a physical memory address. In response to a routine accessing the virtual memory address, a permission bit corresponding to the execution domain of the routine and a type of the memory access can be extracted from the page table entry to determine whether the memory access is to be rejected.