A technique for detecting unauthorized manipulation of a circuit. In one embodiment, a test data channel of a boundary scan system of a circuit is monitored while the circuit is in operation. By monitoring the test data channel, a monitoring module determines the presence of a signal on the test data channel. During operation, activity on this channel may represent a potential unauthorized manipulation attempt. An alarm condition may therefore be created if a signal is detected.

Various integrated circuits protect hidden content e.g., embedded instruments, keys, data, etc.) using scan cell circuit(s). For example, a first scan cell circuit is connected to the hidden content, and a second scan cell circuit is connected to the first scan cell circuit forming all or part of a serial data path. The first scan cell circuit provides access to the hidden content whenever the first scan cell circuit is in a first specified state and prevents access whenever the first scan cell circuit is in a different state. The first scan cell circuit does not interrupt the serial data path when the first scan cell circuit is in the different state. The second scan cell circuit changes an operational characteristic of the first scan cell circuit whenever the second scan cell circuit is in a second specified state. In some cases, the second scan cell circuit can be eliminated.

A network of storage units has a data path, which is at least a portion of the network. The network also has a dynamic time-varying or cycle-varying code generation unit and a code comparator unit that together make up an unlock signal generation unit; and a gateway storage unit. If the gateway storage unit does not store an unlock signal or the unlock signal generation unit does not generate and transmit an unlock signal, the gateway storage unit does not insert a data path segment in the data path. If the unlock signal generation unit is operated such that it generates an unlock signal, and it transmits that unlock signal to a gateway storage unit, and the gateway storage unit stores the unlock signal value, then the gateway storage unit inserts a data path segment into the data path.

An integrated circuit having a secure domain is disclosed. Circuitry within the integrated circuit is used to select one of a plurality of scan modes. The sequence used to select one of the scan modes also serves to reset all of the flip-flops in the secure domain. In this way, it is impossible for a hacker to use the test modes to shift data from the secure domain out of the integrated circuit. The reset is generated asynchronously upon assertion of a first signal and is terminated upon the assertion of a second signal. The assertion of the second signal also serves to select one of the scan modes. This system cannot be hacked by any method that enters scan mode since it is a hardware based solution.

The present disclosure relates to a method wherein a state of an integrated circuit between a first state (e.g., CLOSED), allowing a reading access to the first area of fuse-type non-volatile memory by a processor, and a second state (e.g., OPEN), forbidding the reading access to the memory to the processor, is conditioned to a verification, by a finite state machine, of values of a first fuse word of the memory, representative of a number of transitions to the first state and of a second fuse word of the memory, representative of a number of transitions to the second state.

A network of storage units has a data path, which is at least a portion of the network. The network also has a dynamic time-varying or cycle-varying code generation unit and a code comparator unit that together make up an unlock signal generation unit; and a gateway storage unit. If the gateway storage unit does not store an unlock signal or the unlock signal generation unit does not generate and transmit an unlock signal, the gateway storage unit does not insert a data path segment in the data path. If the unlock signal generation unit is operated such that it generates an unlock signal, and it transmits that unlock signal to a gateway storage unit, and the gateway storage unit stores the unlock signal value, then the gateway storage unit inserts a data path segment into the data path.

An automotive control system includes a safety processor and a system-on-a-chip. The SoC includes a primary processor, a safety monitor, first and second GPIO banks, and a debug interface. The safety monitor is configured to detect a fault condition of the primary processor and to provide an indication of the fault condition to the safety processor. The first GPIO bank is coupled to the primary processor to provide input/output operations to a non-critical function of an automobile, while the second GPIO bank is coupled for a critical function of the automobile. The debug interface is coupled to the second GPIO bank to form a scan chain with input and output registers of the second GPIO bank, and is coupled to the safety processor to receive control information for the scan chain to provide input/output operations to the critical function of the automobile when the safety monitor provides the indication.

A fully digital integrated circuit apparatus (200) and method (300) are provided for generating a test mode enable signal with a digital non-resettable state retention storage circuit (210) connected to store an authentication control pattern for authorizing test mode access to a secure circuit, a digital safety interlock gate circuit (220) connected to store a safety interlock gate setting that may be accessed independently from a test mode enable signal, and combinatorial logic circuitry (205) for generating the test mode enable signal only when the interlock safety gate setting is set to a first value and the digital non-resettable state retention storage circuit stores the authentication control code.

Systems, methods, and apparatuses are described for verifying the authenticity of an integrated circuit device. An integrated test apparatus may use quiescent current and/or conducted electromagnetic interference readings to determine if a device under test matches the characteristics of an authenticated device. Deviations from the characteristics of the authenticated device may be indicative of a counterfeit device.

Various examples of a circuit and a technique for testing the circuit are disclosed herein. In an example, the circuit includes a data input coupled to a scan multiplexer and a path select multiplexer. The circuit further includes a scan-in input coupled to the scan multiplexer and to receive a value of a scan pattern. The circuit further includes a scan latch to store the value that has an input coupled to the scan multiplexer and an output coupled to the path select multiplexer. The scan multiplexer selects a first signal from the data input and the scan-in input and provides the first signal to the input of the scan latch. The path select multiplexer selects a second signal from the data input and the output of the scan latch and provides the second signal to a data output of the circuit.