Systems, methods, and apparatuses are described for verifying the authenticity of an integrated circuit device. An integrated test apparatus may use quiescent current and/or conducted electromagnetic interference readings to determine if a device under test matches the characteristics of an authenticated device. Deviations from the characteristics of the authenticated device may be indicative of a counterfeit device.

An integrated circuit having a secure domain is disclosed. Circuitry within the integrated circuit is used to select one of a plurality of scan modes. The sequence used to select one of the scan modes also serves to reset all of the flip-flops in the secure domain. In this way, it is impossible for a hacker to use the test modes to shift data from the secure domain out of the integrated circuit. The reset is generated asynchronously upon assertion of a first signal and is terminated upon the assertion of a second signal. The assertion of the second signal also serves to select one of the scan modes. This system cannot be hacked by any method that enters scan mode since it is a hardware based solution.

A sensor system includes a sensor having a charge storage device controllably connected to a voltage source under control of a signal under test; and a readout circuit coupled to the charge storage device to determine whether the pulse width of the signal under test has changed greater than a threshold amount according to a voltage at the charge storage device. In some cases, the determination of whether the pulse width of the signal under test has changed includes determining whether the voltage satisfies a condition with respect to a comparison voltage. In some cases, the determination of whether the pulse width of the signal under test has changed is based on a propagation delay through a delay chain, where the propagation delay is dependent on the voltage.

The present disclosure describes exemplary methods and systems that are applicable for hardware authentication, counterfeit detection, and in-field tamper detection in both printed circuit board and/or integrated circuit levels by utilizing random variations in boundary-scan path delay and/or current in the industry-standard JTAG-based design-for-test structure to generate unique device identifiers.

A fully digital integrated circuit apparatus (200) and method (300) are provided for generating a test mode enable signal with a digital non-resettable state retention storage circuit (210) connected to store an authentication control pattern for authorizing test mode access to a secure circuit, a digital safety interlock gate circuit (220) connected to store a safety interlock gate setting that may be accessed independently from a test mode enable signal, and combinatorial logic circuitry (205) for generating the test mode enable signal only when the interlock safety gate setting is set to a first value and the digital non-resettable state retention storage circuit stores the authentication control code.

A dynamic secret key security system for test circuit and a method of the same are disclosed. The security architecture includes a scan chain set, a dynamic key generator, a secret key checking logic, a fake response generator, and a controller. Scan chains of the scan chain set receive a test vector while the dynamic key generator produces different secret keys according to the test vector received. The secret key checking logic is used for comparing the test vector with the secret key so as to know whether they are the same. Thus whether the test vector being input is legal can be learned. Thereby the present dynamic secret key generation technique provides higher security level. Moreover, the secret key will not be stored in the memory in advance so that attackers cannot get the secret key through attacks on the memory.

In one embodiment, a method includes: receiving, in a replica circuit associated with a first intellectual property (IP) circuit of a system on chip (SoC), a security policy; receiving, in the replica circuit, a test data register access message to identify an access to a first test data register of the first IP circuit; and preventing the access to the first test data register based at least in part on the security policy. Other embodiments are described and claimed.

A semiconductor chip device include device state fuses that may be used to configure various device states and corresponding security levels for the semiconductor chip as it transitions from wafer manufacturing to provisioned device. The device states and security levels prevent the semiconductor chip from being accessed and exploited, for example, during manufacturing testing. A secure boot flow process for a semiconductor chip over its lifecycle is also disclosed. The secure boot flow may start at the wafer manufacturing stage and continue on through the insertion of keys and firmware.

Embodiments of a method, an IC device, and a circuit board are disclosed. In an embodiment, the method involves at an IC device of the system, monitoring activity on a bus interface of the IC device, wherein the bus interface is connected to a bus on the system that communicatively couples the IC device to at least one other IC device on the system, applying machine learning to data corresponding to the monitored activity to generate an activity profile, monitoring subsequent activity on the bus interface of the IC device, comparing data corresponding to the to subsequently monitored activity to the machine learning generated activity profile to determine if a system-level Trojan is detected, and generating a notification when it is determined from the comparison that a system-level Trojan has been detected.

Certain aspects of the disclosure are directed to methods and apparatuses of intrusion detection for integrated circuits. An example apparatus can include a wired communications bus configured and arranged to carry data and a plurality of integrated circuits. The plurality of integrated circuits can include a first integrated circuit configured and arranged to operate in a scan mode during which the first integrated circuit performs a scan test to detect one or more faults in circuitry of the plurality of integrated circuits. The plurality of integrated circuits can further include a second integrated circuit configured and arranged to operate in a mission mode and supervise data traffic by monitoring communications including data patterns and accesses on the wired communications bus. In response to identifying a suspected illegitimate access, the second integrated circuit can perform a security action to mitigate a suspect illegitimate action in the plurality of integrated circuits.