We make this world better one step at a time.
Joint us and develop this idea into product?
Ideas open for joint venture, contact us
|
A Random Access Memory that stops pirate copy for computer or embedded system.
Random Access Memory (RAM) is a memory array that can be accessed at any desired location without special sequence required (random
access)
Pirate copy: illegal duplicate hardware or software without proper authorization
Embedded system: A system that contains microprocessor, memory and other logic.
This invention combine an anti pirate function unit with RAM memory unit which is the most common device in an embedded system. The
anti-pirate function unit shares all existing memory pins except one therefore this addition function has very low cost and easy to fit in current
system design.
One of characters for these memories is reading a location where has never being written before since system reset will result an
undefined reading. (Read before any write) This invention utilizes memory’s undefined state and place authentication numbers in those
undefined area for central processor to read back.
This device only requires one extra pin other than existing RAM pins. A key-enter-memory-reset pin either take one spare pin from existing
memory or can be swapped out from one of RAM’s multiple VCC or Ground pins.
The authentication key that protects the system is pre-programmed at manufacture time by setting this pin active. Once the Key is program
into the device, there is no way it can be read back. And the keys should stay unchanged even system has been powered down. Although
authentication key can be programmed at field, it should be avoided so that these keys can’t be detected, Key programming should be kept
strictly at safety of manufacture site. Instead, a variety key can be programmed at field with different value every time system boots up to
further protect system from pirate copy. Variety key is optional while it has a default value 0 in case system decides not to use it.
At field, this pin is used as memory reset pin that put this memory to undefined state. When the embedded system just fresh out of reset
state. It’s a proper time to signal this pin and put this memory into undefined state (all unwritten area should be treated undefined) if we see
this device as ordinary RAM. This anti pirate RAM unit divides its memory into several sections and uses all unwritten area to provide
authentication numbers for read back, which are function of the manufacture’s keys (vendor, authentication and variety keys) and address
combined. Once an individual area being written, this area no longer provides authentication function and can be treated as ordinary RAM.
A stained bit in each section records if this section ever been written since reset. Stained bit clear at rest; set to 1 once a write issued to this
section. At read operation, this stained bit selects output enable for either RAM unit or authentication function unit output. When stained bit is
set (1), RAM unit’s output enable is selected; when this bit is cleared (0), output enable of authentication function unit is selected. (Fig 1)
Authenticate function is a combine result of Vender key, Authentication key, variety key and address. The function can be but not necessary
to be result of a serious bit swapping and exclusive-or among those numbers. The purpose is to scramble these numbers in order to get a
good variety of results. And the pattern must be hard to trace back for those keys.
System software must participate in order to stop illegal coping. After come out of reset state, system software must read back some
unwritten area to check authentication numbers to see if these numbers fits authentication key. If the number doesn’t fit the key, software
shall refuse to work and the system come to a halt. In order to gain more protection, system should read random location each time it boots
up.
This system cannot be copied. Ordinary RAM cannot provide those authentication numbers since they have undefined value when come out
of reset. Even pirate copy with exactly the same part, without preprogramming the authentication key correctly, this part won’t provide exactly
authentication key to pass the check. Therefore as long as this key is protected, so is the system.
Example:
An 8kx8 SRAM (Fig 2)
____________
M_Rst | | Vcc
A12 | | WE
A7 | | CS2
A6 | | A8
A5 | | A9
A4 | | A11
A3 | | OE
A2 | | A10
A1 | | CS1
A0 | | I/O7
I/O0 | | I/O6
I/O1 | | I/O5
I/O2 | | I/O4
GND | | I/O3
-------------------
*> Write Authentication key:
A sequence of SRAM write operations. WITH M_Rst pin high (active)
SRAM[0x40] = 0x80 // Authentication code write
SRAM[0x80-0x83] = Vendor key code (4bytes)
SRAM[0xB0-0xB3] = Authentication Key (4 bytes)
SRAM[0xB8] = Check sum for all 10 bytes
These key shall stay intact even power lost.
*> Verify Authentication key
Vendor key code and Authentication key cannot be verified, however, the checksum can be read back at SRAM[0x40] with M_Rst high (active)
*> Write variety key:
A sequence of SRAM write operations. WITH M_Rst pin high (active)
SRAM[0x40] = 0x81 // write varity key
SRAM[0x80] = Varity key (1 bytes)
Variety key can be read back at SRAM[0x80] with M_Rst high.
Variety key has default value 0 if system didn’t program this.
*> Memory Rest:
Active M_Rst pin to high for 1 us when power already applied stable. Then de-active this pin (low) for normal operation.
*> Authentication operation (M_Rst keep de-active (low) all the time)
This chip has 32 sections (each section 256 bytes). Once a section has been written with any of its memory location, it lost its ability to
provide authentication keys and become regular memory. Divide memory into sections allow system to have some useable memory but still
able to perform authentication operations on other area.
Read operation on memory location x gets:
SRAM[x] if this section has been written since reset.
F(x, vd-key, au-key, v-k) if this section has never been written since reset.
Where F( ) is authentication function, vd-key is the vendor key, au-key is the authentication key and v-k is variety key.
*> Memory operation (M_Rst keep de-active (low at all time)
For all memory location, if the section it resides has been written before, it can and only can perform these operation.
Memory write: Write a value Y to a memory location X.
SRAM[X] = Y;
Memory read: Read memory X to register A.
A = SRAM[X];
Appendix A:
An affordable “build your own ASIC” solution for small system design house who wish to collect royalty by counting copies.
The best way to ensure income on royalty per copy is to have your own ASIC, that way you can either put surcharge on it or get a correct
number of copy made by your manufactory client. Unfortunately make an ASIC can be expensive, and it can be a hassle and also costly to do
inventory control with foundry house.
With this anti-pirate RAM, you can stock on these common part through out different designs. And only write the needed secret keys before
you ship those RAM to your client. Since they can’t duplicate them, it’s like you have your own ASIC but you don’t need to deal with the hassle
of their manufacture/ inventory problems.