US2016301528A1PendingUtilityA1

Encryption device and method for defending a physical attack

51
Assignee: ICTK CO LTDPriority: Feb 15, 2011Filed: Jun 20, 2016Published: Oct 13, 2016
Est. expiryFeb 15, 2031(~4.6 yrs left)· nominal 20-yr term from priority
H04L 2209/12H04L 9/002H04L 2209/24G06F 21/72H04L 9/0816H04L 9/14G06F 12/14G06F 21/78
51
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Provided are a security device and a method for operating same. The security device may conceal an encryption key used for an encryption algorithm in an encryption module in correspondence to security attacks such as reading information on where the encryption key is stored in a memory by disassembling an IC chip, or extracting said information through microprobing. The encryption key may be included as a physical encryption key module in an encryption module, and a certain storage medium for storing the encryption key may be included in the encryption module. Accordingly, the encryption key is not transmitted via a bus in a security device for encryption.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . An encryption device for executing an encryption algorithm using an encryption key as receiving an input data to be encrypted, the encryption device comprising:
 an encryption module, comprising an encryption key module to provide an encryption key, to execute the encryption algorithm using the encryption key provided by the encryption key module.   
     
     
         2 . The encryption device of  claim 1 , wherein the encryption module comprises a plurality of encryption key modules to provide different encryption keys,
 wherein the encryption module comprises:   an encryption key module selector to select one of the plurality of encryption key modules; and   an encryption unit to execute the encryption algorithm using an encryption key provided by the selected encryption key module.   
     
     
         3 . The encryption device of  claim 2 , wherein the encryption key module selector selects an encryption key module corresponding to a pre-assigned identification index from among the plurality of encryption key modules. 
     
     
         4 . The encryption device of  claim 2 , wherein the encryption module comprises a plurality of standard cells, and the plurality of encryption key modules is disposed at random positions among layouts of the plurality of standard cells included in the encryption module. 
     
     
         5 . The encryption device of  claim 1 , wherein:
 the encryption module executes the encryption algorithm using the encryption key provided by the encryption key module included in the encryption module, and   the encryption key provided by the encryption key module does not leak out of the encryption module, and an additional encryption key for executing the encryption algorithm does not flow in the encryption module.   
     
     
         6 . The encryption device of  claim 1 , wherein the encryption key module comprises a non-volatile memory module to store a pre-generated encryption key. 
     
     
         7 . The encryption device of  claim 1 , wherein the encryption key module comprises a non-memory module to generate and provide the encryption key. 
     
     
         8 . The encryption device of  claim 7 , wherein whether nodes in the encryption key module are shorted is probabilistically determined by violating a design rule provided in a semiconductor manufacturing process, and the encryption key module generates and provides the encryption key based on a result of reading whether the nodes are shorted. 
     
     
         9 . The encryption device of  claim 8 , wherein:
 the nodes in the encryption key module comprise conductive layers of a semiconductor, and   the design rule is associated with a size of a via or a contact formed between the conductive layers of the semiconductor, and the encryption key module generates and provides the encryption key based on whether the via or the contact shorts the conductive layers.   
     
     
         10 . The encryption device of  claim 9 , wherein the via or the contact has a size by which a difference between a probability that the via or the contact shorts the conductive layers and a probability that the via or the contact does not short the conductive layers is within a predetermined error range by violating the design rule. 
     
     
         11 . The encryption device of  claim 8 , wherein the encryption key module comprises N unit structures, each one of which generates a 1-bit digital value using a single pair of conductive layers and a single via or a contact connecting the conductive layers, and generates an N-bit digital value generated through the N unit structures as the encryption key,
 wherein N denotes a natural number.   
     
     
         12 . The encryption device of  claim 11 , wherein the encryption key module generates an N/k-bit digital value as the encryption key, by dividing the generated N-bit digital value into k units, comparing a first group to a second group, among the plurality of groups, determining digital values representing the first group and the second group to be “1” when a value comprising k digital bits included in the first group is greater than a value comprising k digital bits included in the second group, and determining the digital values representing the first group and the second group to be “O” when the value comprising k digital bits included in the first group is less than or equal to the value comprising k digital bits included in the second group,
 wherein k denotes a natural number. 
 
     
     
         13 . The encryption device of  claim 8 , wherein:
 the nodes in the encryption key module comprise conductive layers of a semiconductor, and   the design rule is associated with a gap between the conductive layers of the semiconductor, and the encryption key module generates and provides the encryption key based on whether the conductive layers of the semiconductor are shorted.   
     
     
         14 . The encryption device of  claim 7 , wherein:
 the encryption key module comprises N unit cells, each to output a 1-bit digital value,   each of the N unit cells generates the 1-bit digital value based on a semiconductor manufacturing process variation, and   the encryption key module generates and provides an encryption key of N bits,   wherein N denotes a natural number.   
     
     
         15 . The encryption device of  claim 14 , wherein a first unit cell among the N unit cells comprises:
 a first inverter having a first logic threshold; and   a second inverter having a second logic threshold,   wherein the first inverter and the second inverter form a feedback structure in which an input terminal of the first inverter and an output terminal of the second inverter are connected to a first node, and an output terminal of the first inverter and an input terminal of the second inverter are connected to a second node, and   the first logic threshold is different from the second logic threshold based on the semiconductor manufacturing process variation, and a 1-bit digital value corresponding to the first unit cell is determined based on a logical level of the first node and a logical level of the second node.   
     
     
         16 . The encryption device of  claim 7 , wherein the encryption key module comprises N differential amplifiers,
 wherein, when two input terminals of a first differential amplifier, among the N differential amplifiers, are shorted, logical levels of two output terminals of the first differential amplifier differ from each other based on the semiconductor manufacturing process variation, and a 1-bit digital value corresponding to the first differential amplifier is determined based on the logical levels of the two output terminals, and   the encryption key module generates and provides an encryption key of N bits,   wherein N denotes a natural number.   
     
     
         17 . An encryption method comprising:
 receiving an input data to be encrypted into an encryption module comprising an encryption key module to provide an encryption key; and   encrypting the data by executing an encryption algorithm using the encryption key provided by the encryption key module.   
     
     
         18 . The encryption method of  claim 17 , further comprising:
 selecting one of a plurality of encryption key modules before the encrypting is performed, when the encryption module comprises the plurality of encryption key modules to provide different encryption keys,   wherein the encrypting comprises encrypting the data by executing the encryption algorithm using an encryption key provided by the selected encryption key module.   
     
     
         19 . An integrated circuit (IC) chip for executing an encryption algorithm using an encryption key by receiving data to be encrypted, the IC chip comprising:
 an encryption module, comprising an encryption key module to provide an encryption key, to execute the encryption algorithm using the encryption key provided by the encryption key module.   
     
     
         20 . The IC chip of  claim 19 , wherein the IC chip is disposed in a smart card to execute the encryption algorithm in applications of the smart card.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.