阅读说明：本技术 集成电路以及授权访问由集成电路存储的内容的方法 (Integrated circuit and method of authorizing access to content stored by an integrated circuit ) 是由 吕士濂 沙曼·阿德汗 池育德 于 2021-06-28 设计创作，主要内容包括：本文公开了基于一次可编程(OTP)存储器件的具有增强的安全性的物理不可克隆功能(PUF)。一方面,可以采用间接过程、哈希或它们的组合来隐藏用于允许访问集成电路的密钥。每个间接过程可以包括：基于由OTP存储器件存储在地址处的内容来识别OTP存储器件的后续地址；以及获得由OTP存储器件在后续地址处存储的后续内容。通过多个间接过程,可以获得由OTP存储器件存储的隐藏内容。在一种方法中,可以将哈希应用于输入位以获得要应用的OTP存储器件的地址。在一种方法中,可以将哈希应用于由OTP存储器件存储的隐藏内容以生成密钥。本发明的实施例还涉及集成电路以及授权访问由集成电路存储的内容的方法。(Physically Unclonable Functions (PUFs) with enhanced security based on one-time programmable (OTP) memory devices are disclosed. In one aspect, an indirection procedure, hashing, or a combination thereof may be employed to hide the key used to allow access to the integrated circuit. Each indirection procedure may include: identifying a subsequent address of the OTP memory device based on the content stored at the address by the OTP memory device; and obtaining subsequent content stored by the OTP memory device at the subsequent address. Through a number of indirect processes, the hidden content stored by the OTP memory device can be obtained. In one approach, a hash may be applied to the input bits to obtain the address of the OTP memory device to be applied. In one approach, a hash may be applied to hidden content stored by the OTP memory device to generate a key. Embodiments of the invention also relate to an integrated circuit and a method of authorizing access to content stored by an integrated circuit.)

1. An integrated circuit, comprising:

a one-time programmable memory device; and

a controller coupled to the one-time programmable memory device, wherein the controller includes programmed instructions that, when executed, cause the controller to:

receiving a set of input bits indicating an input address of the one-time programmable memory device,

obtaining, based on the input address, hidden content stored by the one-time programmable memory device at a hidden address through a plurality of indirection procedures, wherein each indirection procedure comprises: i) identifying a subsequent address of the one-time programmable memory device based on the content stored by the one-time programmable memory device at an address, and ii) obtaining a subsequent content stored by the one-time programmable memory device at the subsequent address, and

generating a key based on the hidden content stored by the one-time programmable memory device at the hidden address.

2. The integrated circuit of claim 1, wherein the controller is to:

an input address of the one-time programmable memory device is obtained from a portion of the set of input bits,

obtaining a first content stored by the one-time programmable memory device at the input address, and

a second address of the one-time programmable memory device is obtained based on the first content.

3. The integrated circuit of claim 1, wherein the controller is to identify a subsequent address of the one-time programmable memory device based on the content stored by the one-time programmable memory device at the address by converting the content stored by the one-time programmable memory device at the address having a first number of bits to a subsequent address of the one-time programmable memory device having a second number of bits less than the first number of bits.

4. The integrated circuit of claim 3, wherein the controller comprises a set of XOR gates to convert, for each indirection procedure, content stored by the one time programmable memory device at an address having the first number of bits to a subsequent address of the one time programmable memory device having the second number of bits.

5. The integrated circuit of claim 3, wherein the set of input bits indicates a process to be applied to convert content stored by the one-time programmable memory device to a subsequent address of the one-time programmable memory device, wherein the controller is to:

selecting the process indicated by the set of input bits, and

for each indirection procedure, content stored by the one-time programmable memory device is converted to a subsequent address of the one-time programmable memory device by a selected procedure.

6. The integrated circuit of claim 1, wherein the set of input bits indicates a plurality of indirection procedures to be applied to generate the key, wherein the controller is to obtain hidden content stored by the one-time programmable memory device at the hidden address through the plurality of indirection procedures.

7. The integrated circuit of claim 1, wherein the controller is to:

an input address of the one-time programmable memory device is obtained by converting a portion of the set of input bits according to a hash function.

8. The integrated circuit of claim 7, wherein the controller comprises:

a shift register for shifting a portion of the set of input bits, an

Hash logic circuitry to apply i) a portion of the set of input bits and ii) a shifted portion of the set of input bits to the hash function to obtain the input address.

9. A method of authorizing access to content stored by an integrated circuit, comprising:

receiving, by a controller, a set of input bits indicating a first address of a one-time programmable memory device;

obtaining, by the controller, first content stored by the one-time programmable memory device at the first address;

obtaining, by the controller, a second address of the one-time programmable memory device based on the first content;

obtaining, by the controller, second content stored by the one-time programmable memory device at the second address; and

generating, by the controller, a key based on the second content.

10. A method of authorizing access to content stored by an integrated circuit, comprising:

receiving, by a controller, a set of input bits;

converting, by the controller, the set of input bits to an input address according to a hash function;

applying, by the controller, the input address to a first memory device; -by the controller, according to an input address of an application;

generating a key based on the hidden content stored by the first storage device; and

content stored by the second storage device is accessed based on the key.

Technical Field

Embodiments of the invention relate to an integrated circuit and a method of authorizing access to content stored by an integrated circuit.

Background

A Physical Unclonable Function (PUF) circuit is a circuit or physical structure, typically within an integrated circuit, that provides a number of corresponding outputs in response to different inputs (e.g., challenges) applied to the PUF circuit. Different PUF circuits in different integrated circuits may generate different outputs based on physical characteristics of the integrated circuits in response to the same input applied. Thus, the output of the PUF circuit may be implemented as a unique identification of the integrated circuit.

Disclosure of Invention

According to an embodiment of the present invention, there is provided an integrated circuit including: a one-time programmable (OTP) memory device; and a controller coupled to the OTP memory device, wherein the controller includes programmed instructions that, when executed, cause the controller to: receiving a set of input bits indicative of an input address of the OTP memory device, obtaining hidden content stored by the OTP memory device at the hidden address through a plurality of indirect processes based on the input address, wherein each indirect process includes: i) identifying a subsequent address of the OTP memory device based on the content stored by the OTP memory device at the one address, and ii) obtaining the subsequent content stored by the OTP memory device at the subsequent address, and generating the key from the hidden content stored by the OTP memory device at the hidden address.

There is also provided, according to an embodiment of the present invention, a method of generating a key, including: receiving, by a controller, a set of input bits indicating a first address of a one-time programmable (OTP) memory device; obtaining, by the controller, first content stored by the OTP memory device at a first address; obtaining, by the controller, a second address of the OTP memory device based on the first content; obtaining, by the controller, second content stored by the OTP memory device at the second address; and generating, by the controller, a key based on the second content.

There is also provided, according to an embodiment of the present invention, a method of generating a key, including: receiving, by a controller, a set of input bits; converting, by the controller, the set of input bits to an input address according to a hash function; applying, by the controller, the input address to the first memory device; inputting, by the controller, an address according to the application; generating a key based on the hidden content stored by the first storage device; and accessing content stored by the second storage device based on the key.

Drawings

The various aspects of the invention are best understood from the following detailed description when read with the accompanying drawing figures. It should be noted that, according to standard practice in the industry, the various components are not drawn to scale. In fact, the dimensions of the various elements may be arbitrarily increased or reduced for clarity of discussion.

FIG. 1 is a diagram of a system including an integrated circuit and a server for accessing content stored by the integrated circuit, according to one embodiment.

Figure 2 is a diagram of a Physical Unclonable Function (PUF) device including a storage device to store content and a PUF controller to hide the content stored by the storage device, according to one embodiment.

FIG. 3 is a diagram of a set of input bits applied to an integrated circuit, according to one embodiment.

FIG. 4A is a diagram illustrating an example indirection (indirection) process, according to one embodiment.

FIG. 4B is a diagram illustrating an example indirection procedure, according to one embodiment.

Fig. 5 is a flow diagram illustrating an example process of generating a key through an indirect process, in accordance with some embodiments.

FIG. 6 is a flow diagram illustrating an example process for obtaining hidden content through an indirection process in accordance with some embodiments.

FIG. 7 is a diagram illustrating an address generator for obtaining an address to apply based on a hash function, according to some embodiments.

Fig. 8 is a diagram illustrating a key generator that generates a key based on a hash function, according to some embodiments.

FIG. 9 is a diagram illustrating an example shift register, according to some embodiments.

FIG. 10 is a diagram illustrating an example shift register, according to some embodiments.

FIG. 11 is a diagram illustrating an example key generator, according to some embodiments.

Fig. 12 is an example block diagram of a computing system according to some embodiments.

Detailed Description

The following disclosure provides many different embodiments, or examples, for implementing different features of the provided subject matter. Specific examples of components and arrangements are described below to simplify the present disclosure. These are, of course, merely examples and are not intended to limit the invention. For example, in the description that follows, forming a first feature over or on a second feature may include embodiments in which the first and second features are in direct contact, as well as embodiments in which additional features may be formed between the first and second features such that the first and second features are not in direct contact. Moreover, the present disclosure may repeat reference numerals and/or letters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed. Furthermore, spatial relationship terms such as "below …," "below …," "lower," "above …," "upper," and the like may be used herein to describe the illustrated relationship of one element or component to another element or component for ease of description. Spatial relationship terms are intended to encompass different orientations of the device in use or operation in addition to the orientation depicted in the figures. The device may be otherwise oriented (rotated 90 degrees or at other orientations) and the spatial relationship descriptors used herein interpreted accordingly as such.

According to some embodiments, an integrated circuit is authenticated with a PUF device. The PUF device may comprise a one-time programmable (OTP) memory device for storing hidden content, based on which a cryptographic key may be generated. Based on the key, content stored by a storage device (e.g., Static Random Access Memory (SRAM)) may be accessed. In one aspect, indirection procedures, hashing, or a combination thereof may be employed to hide the content used to generate the key. Each indirection procedure may include: identifying a subsequent address of the OTP memory device based on the content stored at the address by the OTP memory device; and obtaining subsequent content stored by the OTP memory device at the subsequent address. The hidden content stored by the OTP memory device can be obtained through a number of indirect processes. In one approach, a hash may be applied to the input bits to obtain an input address of the OTP memory device to be applied, and the hidden content may be obtained by applying the input address to the OTP memory device via an indirect process. In one approach, a hash may be applied to hidden content stored by the OTP memory device to generate a key.

Advantageously, access to the integrated circuit may be ensured by hiding content stored by the OTP memory device for generating the key. In one aspect, different OTP memory devices in different integrated circuits can store different contents due to physical characteristics of the integrated circuits, such that the contents stored by each OTP memory device can be used to identify the integrated circuit. However, the content stored by the OTP memory device can be discovered by reverse engineering. By hiding the content stored by the OTP memory device via an indirect process and by applying a hash, the hidden content may not be easily discovered by reverse engineering. Furthermore, a key for allowing access to the integrated circuit may be generated in a secure manner based on the hidden content stored by the OTP memory device.

FIG. 1 is a diagram of a system 100 including an integrated circuit 120 and a device 110 for accessing content stored by the integrated circuit 120, according to one embodiment. In some embodiments, device 110 is communicatively coupled to integrated circuit 120 by a communication link (e.g., a wired communication link or a wireless network communication link). The appliance 110 may be any computing device (e.g., a server, a personal computer, a desktop PC, a mobile device, etc.). Integrated circuit 120 may be embodied as a field programmable gate logic (FPGA), an Application Specific Integrated Circuit (ASIC), or any combination thereof. In one approach, device 110 sends a set of input bits 115 to integrated circuit 120 over a communication link to access content stored by integrated circuit 120. Integrated circuit 120 may receive the set of input bits 115. In response to the set of input bits 115, integrated circuit 120 may or may not allow device 110 to access content stored by integrated circuit 120.

In some embodiments, integrated circuit 120 includes PUF device 130 and SRAM 160. SRAM 160 may store data or content. In some embodiments, SRAM 160 is replaced by another memory device that stores data. In one aspect, SRAM 160 is encrypted to protect the contents stored by SRAM 160. In response to valid key 125, SRAM 160 may be enabled or accessed. PUF device 130 may receive the set of input bits 115 from device 110 and generate a key 125 from the set of input bits 115. The PUF device 130 may send a key 125 to the SRAM 160 to enable access to the content stored by the SRAM 160. In one aspect, key 125 is generated and provided within integrated circuit 120 such that key 125 may be secured from an external device.

In some embodiments, PUF device 130 includes a PUF controller 140 and an OTP memory device 135. PUF controller 140 may be embodied as a processor, state machine, digital logic circuit, or any combination thereof. PUF controller 140 may include programmed instructions that, when executed, cause PUF controller 140 to perform the various functions described herein. The OTP memory device 135 may be implemented as a non-volatile memory device (e.g., a flash memory device, a resistive random access memory (ReRAM), a Magnetoresistive Random Access Memory (MRAM), a Phase Change Random Access Memory (PCRAM), etc.). In one aspect, the OTP memory device 135 can store hidden content. PUF controller 140 may obtain hidden content from OTP memory device 135 based on the set of input bits 115 and generate a key 125 for enabling access to SRAM 160 based on the hidden content.

In one aspect, the OTP memory device 135 stores unique data based on physical characteristics of the OTP memory device 135. In one example, a high voltage may be applied to the OTP memory device 135 such that oxide breakdown may occur. Oxide breakdown is highly variable across different cells in OTP memory device 135 due to the random nature of the thickness of the oxide and the shape and quality of the oxide. Based on the oxide breakdown, the OTP memory device 135 can store content that is unique or specific to the integrated circuit 120. The different contents stored by the OTP memory device 135 can be located or identified by corresponding addresses.

In one aspect, PUF controller 140 receives the set of input bits 115 from device 110 and obtains hidden content stored by OTP memory device 135 from the set of input bits 115. PUF controller 140 may generate key 125 from the set of input bits 115. In one aspect, the content stored by OTP memory device 135 can be discovered through reverse engineering. The content stored by the OTP memory device 135 may be identified or inferred by, for example, Atomic Force Microscopy (AFM) or Electron Beam Induced Current (EBIC). To protect the content stored by the OTP memory device 135 from reverse engineering, an indirection procedure, a hash, or a combination thereof may be applied.

In one approach, the PUF controller 140 receives the set of input bits 115 and obtains an input address for application to the OTP memory device 135 from the set of input bits 115. PUF controller 140 may obtain a portion of the set of input bits 115 and obtain an input address based on the portion of the set of input bits 115. In one approach, PUF controller 140 may apply a portion of the bits to a hash function to generate an input address. PUF controller 140 may apply an input address to OTP memory device 135 to obtain hidden content stored by OTP memory device 135 through an indirect process. For each indirect process, PUF controller 140 may apply an address to OTP memory device 135 and obtain the content stored by OTP memory device 135 at that address. PUF controller 140 may convert the obtained content to a subsequent address and apply the subsequent address to OTP memory device 135. PUF controller 140 may select a conversion process based on the set of input bits 115 and convert the content to a subsequent address via the selected conversion process. PUF controller 140 may iteratively obtain subsequent content through an indirect process to obtain hidden content stored by OTP memory device 135. The PUF controller 140 may perform an iterative process for a predetermined number or numbers indicated by the set of input bits 115. PUF controller 140 may generate key 125 from hidden content from PUF device 130. For example, PUF controller 140 may apply the hidden content to a hash function to generate key 125. The PUF controller 140 may transmit the key 125 to the SRAM 160 to enable access to the content stored by the SRAM 160. Detailed descriptions regarding example operations and implementations of PUF controller 140 are provided below with respect to fig. 2-11.

Fig. 2 is a diagram of a PUF device 130 that includes an OTP memory device 135 to store content and a PUF controller 140 to hide the content stored by the OTP memory device 135, according to one embodiment. In some embodiments, the OTP memory device 135 may store different content associated with different addresses C1, C2.. In some embodiments, PUF controller 140 includes interface circuitry 220, content processor 230, and key generator 270. These components of PUF controller 140 may operate together to receive a set of input bits 115 and obtain hidden content 245 stored by OTP memory device 135 based on the set of input bits 115 through an indirect process. Furthermore, these components of PUF controller 140 may operate together to generate key 125 from hidden content 245. In some embodiments, PUF controller 140 includes more, fewer, or different components than those shown in fig. 2.

In some embodiments, interface circuit 220 is a component that receives the set of input bits 115 and extracts the information used to generate key 125. In one aspect, the set of input bits 115 includes a first portion corresponding to a challenge or input address, a second portion indicating a number of bits to shift to obtain the input address, a third portion indicating a number of indirect processes to apply, a fourth portion indicating a conversion process to apply to convert content stored by the OTP memory device 135 to a subsequent address, a fifth portion indicating a number of bits to shift to generate the key 125, and so on. An example of the set of input bits 115 is provided below with reference to fig. 3. In one embodiment, the interface circuit 220 includes: a serial-to-parallel converter that converts serial bits into parallel bits; and a register that stores the corresponding portion in parallel bits. Interface circuit 220 may provide different portions of the set of input bits 115 to content processor 230.

In some embodiments, the content processor 230 is a component that applies the address 240 to the OTP memory device 135 and obtains the hidden content 245 from the OTP memory device 135 through an indirect process. In some embodiments, content processor 230 includes an address generator 232, a content decoder 234, ECC logic 236, and an indirection controller 238. Based on the information received, these components may operate together to receive information from interface circuitry 220 and perform indirect processes. In some embodiments, content processor 230 includes more, fewer, or different components than those shown in FIG. 2.

In some embodiments, address generator 232 is a component that obtains or generates an input address 240 to be applied to OTP memory device 135 from the set of input bits 115. In one example, the address generator 232 applies a first portion of the set of input bits to a hash function to generate the input address 240. The address generator 232 may shift a first portion of the input bits 115 by the number of bits indicated by a second portion of the set of input bits 115 and apply the shifted portion to a hash function. An example hash function includes an XOR operation between the first portion of the set of input bits 115 and the shifted portion. An example implementation of address generator 232 is provided below with respect to fig. 7. The address generator 232 may apply the input address 240 to the OTP memory device 135. By generating the input address 240 according to a hash function, the input address 240 applied to the OTP memory device 135 can be hidden from external devices.

In some embodiments, the content decoder 234 is a component that receives the content 245 from the OTP memory device 135 and converts the content 245 to a subsequent address 240. In one aspect, the content decoder 234 converts the content 245 having a first number of bits (e.g., 64 bits) to a subsequent address having a second number of bits (e.g., 5 bits) less than the first number of bits. The content decoder 234 may receive a fourth portion of the set of input bits 115 indicating a conversion process to perform and select a conversion process as indicated by the fourth portion of the set of bits 115. The content decoder 234 may convert the content 245 received from the OTP memory device 135 to the subsequent address 240 through a selective process. For example, a first conversion process may convert the received content 245 without the ECC bits of the OTP memory device 135 to the subsequent address 240 and a second conversion process may convert the received content 245 with the ECC bits of the OTP memory device 135 to the subsequent address 240. Converting the content 245 without the ECC bits may simplify the conversion process, while converting the content 245 with the ECC bits may increase complexity to ensure the content stored by the OTP memory device 135. In one embodiment, the content decoder 234 includes an XOR gate that performs an XOR operation between different portions of the received content 245 to reduce the number of bits. Example implementations and operations of the content decoder 234 are provided below with respect to fig. 4A and 4B.

In some embodiments, the ECC logic 236 is a circuit that performs ECC correction on the content 245 received from the OTP memory device 135. In one aspect, the ECC logic 236 may receive ECC bits stored by the OTP memory device 135 and perform corrections on the received content 245 by ECC based on the ECC bits. By performing the correction on the received content, erroneous bits in the content 245 from the OTP memory device 135 can be corrected.

In some embodiments, the indirection controller 238 is a circuit that performs an indirection procedure to obtain the hidden content 245. The indirection controller 238 may include a counter that stores the number of indirection procedures remaining to be applied. The indirection controller 238 may receive a third portion of the input bits 115 indicating a number of indirection procedures to apply to obtain the hidden content 245, and set a counter to store or hold the number indicated by the third portion of the input bits 115. For the indirect process, the indirect controller 238 may configure the content decoder 234 to convert the content 245 received from the OTP memory device 135 to a subsequent address 240 and apply the subsequent address 240 to the OTP memory device 135 to obtain the subsequent content. When the subsequent address 240 is applied to the OTP memory device 135, the indirect controller 238 may decrement the counter storage by, for example, one. The indirection controller 238 may determine whether there are remaining indirection procedures to apply based on the number stored by the counter. For example, the indirect controller 238 compares the number stored by the counter with a predetermined number (e.g., "1" or "0") to determine whether there are remaining processes to be applied. In response to indirection controller 238 determining that the number stored by the counter is different than the predetermined number, indirection controller 238 may determine that there are remaining indirection procedures to apply and may cause or configure content decoder 234 to perform additional indirection procedures. In response to the indirection controller 238 determining that the number stored by the counter equals the predetermined number, the indirection controller 238 may determine that there are no more indirection procedures to apply and provide the last content 245 received from the OTP memory device 135 to the key generator 270 as hidden content 245.

In one aspect, key generator 270 is a component that receives hidden content and generates key 125 from the received hidden content. In one aspect, key generator 270 generates key 125 by applying the hidden content to a hash function. For example, key generator 270 may shift a first portion of input bits 115 indicating an input address by a number of bits indicated by a fifth portion of the set of input bits 115 and apply the shifted portion to a hash function. An example hash function includes an XOR operation between the address and shifted portions corresponding to the hidden content 245 from the OTP memory device 135. An example implementation of key generator 270 is provided below with respect to fig. 8. The key generator 270 may transmit the key 125 to the SRAM device 160 to enable access to the content stored by the SRAM device 160. By generating the key 125 from a hash function based on the hidden content 245, the hidden content 245 stored by the OTP memory device 135 can be hidden from external devices and the key 125 can be generated in a secure manner.

FIG. 3 is a diagram of an example set of input bits 115 applied to an integrated circuit 120, according to one embodiment. As described above with respect to FIG. 2, the set of input bits 115 may include a first portion 310 corresponding to the challenge or input address 240, a second portion 320 indicating a number of bits to shift to obtain the input address 240, a third portion 330 indicating a number of indirect processes to apply, a fourth portion 340 indicating a conversion process to apply to convert the content 245 stored by the OTP memory device 135 to a subsequent address 240, and a fifth portion 350 indicating a number of bits to shift to generate the key 125. Interface circuit 220 may receive the set of input bits 115 from device 110 and obtain different information from the set of input bits 115. Further, the interface circuit 220 may provide the obtained information to the content processor 230, whereby an indirect process may be performed based on the obtained information.

FIG. 4A is a diagram illustrating an example indirection procedure, according to one embodiment. In one example, the indirection controller 238 causes or configures the content decoder 234A to convert the content 410A, 410b.. 410E to a subsequent address. In the example shown in FIG. 4A, OTP memory device 135 may store 1024 rows of contents, where each row includes 16 bits. Each row may be identified by a corresponding 5-bit address. In one approach, the OTP memory device 135 can output the contents 410A, 410B, 410C, 410D, 410E in five rows in response to an address applied to the OTP memory device 135. In one example, the content 410A, 410B, 410C, 410D may collectively represent 64 bits of information for the subsequent address or key 125. In one example, content 410E includes ECC bits. ECC logic 236 may perform ECC correction on content 410A-410D based on the ECC bits in content 410E to generate ECC corrected content 420A-420D. The content decoder 234A may receive the ECC corrected content 420A-420D from the ECC logic 236 and convert the ECC corrected content 420A-420D to a 5-bit address.

In one embodiment, content decoder 234A includes a set of XOR gates. In one example, the content decoder 234A includes four levels of XOR gates, where a first level includes 32 2-bit XOR gates, a second level includes 16 2-bit XOR gates, a third level includes 8 2-bit XOR gates, and a fourth level includes 4 2-bit XOR gates. In the first level, an XOR operation may be performed on each of the 32 bits of the ECC corrected content (e.g., 420A, 420B) and a corresponding bit of the remaining 32 bits of the ECC corrected content (e.g., 420C, 420D). Similarly, in the second level, an XOR operation may be performed on each of the 16 bits output from the first level and the corresponding bit of the remaining 16 bits output from the first level. Similarly, in the third level, an XOR operation may be performed on each of the 8 bits output from the second level and the corresponding bit of the remaining 8 bits output from the second level. In the fourth level, an XOR operation may be performed on each of the 4 bits output from the third level and corresponding bits of the other 4 bits output from the third level. The 4 bits output from the fourth level and the 1 bit output from the third level that is not applied as an input of the fourth level may be output as a 5-bit address 240. The 5-bit address 240 may be applied to the OTP memory device 135 to obtain subsequent content 245.

FIG. 4B is a diagram illustrating an example indirection procedure, according to one embodiment. The example shown in FIG. 4B is similar to the example shown in FIG. 4A, except that content 410E including ECC bits and ECC-corrected content 420A-420D are applied as inputs to content decoder 234B. Thus, content decoder 234B may receive 80-bit input bits. In one example, the content decoder 234B includes four levels of XOR gates, where the first level includes 40 2-bit XOR gates, the second level includes 20 2-bit XOR gates, the third level includes 10 2-bit XOR gates, and the fourth level includes 5 2-bit XOR gates. In the first level, an XOR operation may be performed on each of the 40 bits of the ECC corrected content (e.g., 420A, 420B) and a corresponding bit of the remaining 40 bits of the ECC corrected content (e.g., 420C, 420D). Similarly, in the second level, an XOR operation may be performed on each of the 20 bits output from the first level and the corresponding bit of the remaining 20 bits output from the first level. Similarly, in the third level, an XOR operation may be performed on each bit of the 10 bits output from the second level and the corresponding bit of the remaining 10 bits output from the second level. In the fourth level, an XOR operation may be performed on each of the 5 bits output from the third level and a corresponding bit of the remaining 5 bits output from the third level. The 5 bits output from the fourth level may be output as a 5-bit address 240. The 5-bit address 240 may be applied to the OTP memory device 135 to obtain subsequent content 245.

In one aspect, content decoder 234A of fig. 4A includes a smaller number of XOR gates than content decoder 234B of fig. 4B, such that content decoder 234A may consume less area and power. Meanwhile, the content decoder 234B may generate the 5-bit address 240 based on the ECC bits, such that the content decoder 234B may generate the 5-bit address 240 with additional complexity.

Fig. 5 is a flow diagram illustrating an example process 500 of generating a key 125 through an indirect process, according to some embodiments. In one example, process 500 is performed by PUF controller 140. In some embodiments, process 500 is performed by other entities. In some embodiments, process 500 includes more, fewer, or different operations than those illustrated in FIG. 5.

In operation 510, PUF controller 140 receives a set of input bits 115. PUF controller 140 may receive an input bit string from device 110 over a communication link (e.g., a wired communication link or a wireless communication link).

In operation 520, the PUF controller 140 obtains an input address to be applied to the OTP memory device 135. In one approach, the set of input bits 115 includes different portions. For example, the set of input bits 115 includes a first portion 310 corresponding to the challenge or input address 240, a second portion 320 indicating a number of bits to shift to obtain the input address 240, a third portion 330 indicating a number of indirect processes to apply, a fourth portion 340 indicating a conversion process to apply to convert the content 245 stored by the OTP memory device 135 to a subsequent address 240, and a fifth portion 350 indicating a number of bits to shift to generate the key 125. In one example, PUF controller 140 applies a first portion 310 of the set of input bits to a hash function to generate input address 240. PUF control 140 may shift a first portion 310 of input bits 115 by a number of bits indicated by a second portion 320 of the set of input bits 115 and apply the shifted portion to a hash function. The example hash function includes an XOR operation between the first portion 310 of the set of input bits 115 and the shifted portion. PUF controller 140 may also obtain different information from the set of input bits 115 for other operations (e.g., operations 530, 540).

In operation 530, the PUF controller 140 obtains the hidden content 245 stored by the OTP memory device 135 through an indirect process. In one approach, the PUF controller 140 applies an input address 240 to the OTP memory device 135 and obtains hidden content 245 stored by the OTP memory device 135 at a hidden address that is different from the input address 240. PUF controller 140 may perform an indirect process based on the number indicated by third portion 330 of the set of input bits 115 and may perform a conversion process indicated by fourth portion 340 of the set of input bits 115.

In operation 540, the PUF controller 140 generates the key 125 from the hidden content 245. In one approach, PUF controller 140 generates key 125 by applying hidden content 245 to a hash function. For example, the key generator 270 may shift the first portion 310 of the input bits 115 that indicates the input address by the number of bits indicated by the fifth portion 350 of the set of input bits 115 and apply the shifted portion to a hash function. An example hash function includes an XOR operation between i) an address corresponding to the hidden content 245 from the OTP memory device 135 and ii) a shifted portion. By hiding the content 245 stored by the OTP memory device 135 via an indirect process and by applying a hash, the hidden content 245 may not be easily discovered by reverse engineering. Further, the key 125 for accessing the SRAM 160 may be generated in a secure manner.

FIG. 6 is a flowchart illustrating example operations 530 for obtaining hidden content 245 through an indirection process, in accordance with some embodiments. In one example, operation 530 is performed by PUF controller 140. In some embodiments, operation 530 is performed by another entity. In some embodiments, operation 530 includes more, fewer, or different operations than those illustrated in FIG. 6.

In operation 610, the PUF controller 140 obtains content stored by the OTP memory device 135 at an address. The address may be an input address obtained from operation 520 based on the set of input bits 115. PUF controller 140 may apply the address to OTP memory device 135 and receive the content stored by OTP memory device 135 at the address.

In operation 620, the PUF controller 140 determines whether there are remaining indirect processes to be performed. PUF controller 140 may include a counter that stores the number of indirect processes remaining to be applied. PUF controller 140 may receive a third portion of input bits 115 that indicates a number of indirect processes to apply and set a counter to store or hold the number indicated by the third portion of input bits 115. PUF controller 140 may determine from the number stored by the counter whether there are remaining indirect processes to apply. For example, the PUF controller 140 compares the number stored by the counter with a predetermined number (e.g., "1" or "0"). In response to the counter storing a number different from or greater than the predetermined number, PUF controller 140 may determine that there are remaining indirect processes to apply and proceed to operation 630. In response to the counter storing a number equal to the predetermined number, the PUF controller 140 may determine that there are no remaining indirect processes to apply and proceeds to operation 650.

In operation 630, the PUF controller 140 obtains a subsequent address 240 to apply from the content 245 obtained in operation 610. PUF controller 140 may select the conversion process indicated by fourth portion 340 of the set of input bits 115 and apply the selected conversion process to content 245 to obtain subsequent address 240. PUF controller 140 may apply ECC correction to content 245 and perform an XOR operation on the ECC corrected bits of the content to obtain subsequent addresses 240 having a lower number of bits than content 245 as described above with respect to fig. 4A and 4B.

In operation 640, after obtaining the subsequent address 240, the PUF controller 140 may decrement the number or value stored by the counter by, for example, one. PUF controller 140 may apply subsequent addresses 240 to OTP memory device 135 and proceed to operation 610.

In operation 650, responsive to the counter storing a number equal to the number indicated by the third portion 330 of the set of input bits 115, the PUF controller 140 may provide the last content 245 received from the OTP memory device 135 to the key generator 270 as hidden content 245.

Fig. 7 is a diagram illustrating an address generator 232 for obtaining an address to apply based on a hash function, according to some embodiments. In some embodiments, address generator 232 includes a shift register 720 and hash logic 730. These components may operate together to receive the set of input bits 115 (or the first portion 310 of the set of input bits 115) and obtain an address 240 to apply to the OTP memory device 135. In some embodiments, address generator 232 includes more, fewer, or different components than those shown in FIG. 7.

In some embodiments, shift register 720 is a component that shifts input bits 115 (or first portion 310 of the set of input bits 115) by a certain number of bits. The number of bits to shift may be indicated by the second portion 320 of the set of input bits 115. Example implementations of shift register 720 are provided below with respect to fig. 8 and 9. Shift register 720 may shift input bits 115 (or first portion 310 of the set of input bits 115) to obtain shifted bits 725, and provide shifted bits 725 to hash logic 730.

In some embodiments, hash logic 730 is to receive input bits 115 (or first portion 310 of the set of input bits 115) and shifted bits 725 and to generate input address 240 to be applied from input bits 115 (or first portion 310 of the set of input bits 115) and shifted bits 725. In one approach, the hash logic 730 applies the input bits 115 (or the first portion 310 of the set of input bits 115) and the shifted bits 725 to a hash function to generate the input address 240. Example hash operations include XOR operations. In one example, hash logic 730 includes a set of XOR gates that perform an XOR operation on each of input bits 115 (or first portion 310 of the set of input bits 115) with a corresponding bit of shifted bits 725 to generate input address 240. The hash logic 730 may provide the input address 240 to the OTP memory device 135. By generating the input address 240 based on the input bits 115 via the shift register 720 and the hash logic 730, the input address 240 applied to the OTP memory device 135 to generate the key 125 may not be exposed to external devices.

Fig. 8 is a diagram illustrating a key generator 270 that generates a key 125 based on a hash function, according to some embodiments. In some embodiments, key generator 270 includes a shift register 820 and a hash logic 830. The components may operate together to receive an input address 240 and an address 845 corresponding to the hidden content 245 from the content decoder 234, and generate the key 125 from the input address 240 and the address 845 for application to the OTP memory device 135. In some embodiments, key generator 270 includes more, fewer, or different components than those shown in FIG. 8.

In some embodiments, shift register 820 is a component that receives address 240, e.g., from address generator 232, and shifts bits (e.g., 5 bits) in address 240 by a certain number of bits. The number of bits to shift may be indicated by a fifth portion 350 of the set of input bits 115. Shift register 820 may shift bits of address 240 to obtain shifted bits 825 and provide shifted bits 825 to hash logic 830.

In some embodiments, hash logic 830 is a component that receives shifted bit 825 from shift register 820 and address 845 from content decoder 234 and generates key 125 from shifted bit 825 and address 845. In one approach, hash logic 830 applies shifted bit 825 and address 845 to a hash function to generate key 125. Example hash operations include XOR operations. In one example, hash logic circuit 830 includes a set of XOR gates that perform an XOR operation on each bit of shifted bits 825 with a corresponding bit of address 845 to generate key 125. Hash logic 830 may provide key 125 to SRAM 160 to enable access to SRAM 160. By generating the key 125 based on the hidden content 245 and the input address 240 via the shift register 820 and the hash logic 830, the hidden content 245 used to generate the key 125 may not be exposed to external devices. Moreover, the key 125 may be generated in a secure manner.

FIG. 9 is a diagram illustrating an example shift register 900 according to some embodiments. The shift register 900 may be the shift register 720 of fig. 7. In some embodiments, shift register 900 includes a set of flip-flops DFFs₀、DFF₁...DFF₁₅A set of multiplexers MUX₀、MUX₁...MUX₁₅And XNOR gates 910A, 910B, 910C. In one configuration, a multiplexer MUX₀Receives the input bit IN₀And a multiplexer MUX₀Is connected to the output of XNOR gate 910A. In one configuration, the flip-flop DFF₀Is connected to the multiplexer MUX₀To output of (c). MUX for each multiplexer_iThe method comprises the following steps: a first input receiving an input IN_iThe corresponding bit of (a); and a second input coupled to the pre-flip-flop DFF_i-1To output of (c). Each flip-flop DFF_iComprising connection to a corresponding multiplexer MUX_iInput D to the output of (a). In one configuration, the flip-flop DFF₁₅Is connected to the input of XNOR gate 910C. In one configuration, the flip-flop DFF₁₁Is connected to the other input of XNOR gate 910C. In one configuration, the output of XNOR gate 910C is connected to the input of XNOR gate 910B. In one configuration, the flip-flop DFF₂Is connected to the other input of XNOR gate 910B. In one configuration, the output of XNOR gate 910B is connectedTo the input of XNOR gate 910A. In this configuration, the multiplexer MUX₀...MUX₁₅Can be configured to input a bit In₀...In₁₅Provided to a flip-flop DFF₀...DFF₁₅Is input. At the input bit In₀...In₁₅Provided to a flip-flop DFF₀...DFF₁₅After input of (2), the shift register 900 may be operated according to a function X₁₆+X₁₂+X₃+X₁+1 to shift the input bit.

FIG. 10 is a diagram illustrating an example shift register 1000 according to some embodiments. The shift register 1000 may be the shift register 720 of fig. 7. In one aspect, shift register 1000 is similar to shift register 900 of FIG. 9, except that shift register 1000 includes an additional multiplexer MUX₁₆...MUX₃₁Additional flip-flop DFF₁₆...DFF₃₁And XNOR gates 910D, 910E, but not XNOR gates 910C, 910B. Therefore, a repetitive description thereof will be omitted herein for the sake of brevity. In one aspect, the flip-flop DFF₃₁Is connected to the input of XNOR gate 910D. In one aspect, the flip-flop DFF₂₁Is connected to the other input of XNOR gate 910D. In one aspect, the output of XNOR gate 910D is connected to the input of XNOR gate 910E. In one aspect, the flip-flop DFF₁Is connected to the other input of XNOR gate 910E. In one aspect, the output of XNOR gate 910E is connected to the input of XNOR gate 910A. In this configuration, the multiplexer MUX₀...MUX₃₁Can be configured to input a bit In₀...In₃₁Provided to a flip-flop DFF₀...DFF₃₁Is input. At the input bit In₀...In₃₁Provided to a flip-flop DFF₀...DFF₃₁After input of (c), shift register 1000 may be operated according to function X₃₂+X₂₂+X₂+X₁+1 to shift the input bit.

Fig. 11 is a diagram illustrating an example key generator 270 according to some embodiments. In some embodiments, key generator 270 includes multiplexers 1110, 1170, 1190, 1195, multiplier 1120, adders 1150, 1180, and registers 1130, 1140, 1160. The components may operate together to receive hidden content 245 stored at the hidden address 240, for example, from the OTP memory device 135, and to generate an output 1198 based on the hidden content 245. In some embodiments, key generator 270 includes more, fewer, or different components than those shown in FIG. 11.

In one configuration, multiplexer 1110 includes a first input connected to OTP memory device 135 to receive a 64-bit input and a second input connected to the 64-bit output of multiplexer 1190. In one configuration, the multiplexer 1110 includes a 64-bit output connected to a first input of the multiplier 1120 and a first input of the adder 1150. In one configuration, the multiplier 1120 includes a second input connected to the 64-bit output of the multiplexer 1195. Multiplier 1120 also includes a 64-bit output connected to an input of register 1130 and an input of register 1140. In one configuration, the 64-bit output of register 1130 is connected to a first input of adder 1180 and a first input of multiplexer 1190. In one configuration, the 64-bit output of register 1140 is connected to a first input of multiplexer 1170 and a second input of adder 1150. In one configuration, adder 1150 includes a 64-bit output connected to an input of register 1160, which register 1160 includes a 64-bit output connected to a second input of multiplexer 1170. In one aspect, multiplexer 1170 includes a 64-bit output connected to a second input of adder 1180. In one configuration, adder 1180 includes a 64-bit output connected to a second input of multiplexer 1190. In one aspect, the 32-bit output of adder 1180 is swapped with another 32-bit output of adder 1180, or the swapped output of adder 1180 is provided to a second input of multiplexer 1190. Output 1198 of adder 1180 may be provided as key 125. In one configuration, the multiplexer 1190 includes an output connected to a first input of the multiplexer 1195 and a second input of the multiplexer 1110. In one configuration, the multiplexer 1195 includes a second input to receive the control value CTR.

In this configuration, key generator 270 may generate output 1198 based on hidden content (hidden content) 245. In one aspect, the multiplexers 1110, 1170, 1190, 1195 may be configured to perform the following operations:

y＝x＝ctr*hidden content；z＝y+hidden content；

x + y; x ═ 32 | (x < < 32); v round (round)1 +

x + z; x ═ 32 | (x < < 32); /round 2 ×. + -./

x + y; x ═ 32 | (x < < 32); v. round 3

return (x + z) > > 32; 4X rounds

In one aspect, the key generator 270 functions as a pseudo-random number generator to generate an output 1198 from the hidden content 245 that is different from the hidden content in a pseudo-random manner. Output 1198 may be provided as key 125 for enabling access to SRAM 160. Therefore, the hidden contents 245 for enabling access to the SRAM 160 can be hidden from an external device.

Referring now to fig. 12, an example block diagram of a computing system 1200 is shown, in accordance with some embodiments of the present disclosure. A circuit or layout designer may use computing system 1200 for integrated circuit design. As used herein, a "circuit" is an interconnection of electrical components, such as resistors, transistors, switches, batteries, inductors, or other types of semiconductor devices configured to achieve a desired function. Computing system 1200 includes a host device 1205 associated with a storage device 1210. Host device 1205 may be configured to receive input from one or more input devices 1215 and to provide output to one or more output devices 1220. Host device 1205 may be configured to communicate with storage device 1210, input devices 1215, and output devices 1220 via appropriate interfaces 1225A, 1225B, and 1225C, respectively. Computing system 1200 may be implemented in various computing devices such as a computer (e.g., desktop, laptop, server, data center, etc.), tablet, personal digital assistant, mobile device, other handheld or portable device, or any other computing unit suitable for performing schematic design and/or layout design using host device 1205.

The input devices 1215 can include any of a number of input technologies such as a keyboard, stylus, touch screen, mouse, trackball, keypad, microphone, voice recognition, motion recognition, remote control, input port, one or more buttons, dials, joysticks, and any other input peripheral devices associated with the host device 1205 and that allow an external source, such as a user (e.g., a circuit or layout designer), to input information (e.g., data) into and send instructions to the host device. Similarly, output devices 1220 may include various output technologies such as external memory, printers, speakers, displays, microphones, light emitting diodes, headphones, video devices, and any other output peripheral devices configured to receive information (e.g., data) from host device 1205. "data" input to and/or output from host device 1205 may include any of a variety of textual data, circuit data, signal data, semiconductor device data, graphics data, combinations thereof, or other types of analog and/or digital data suitable for processing using computing system 1200.

Host device 1205 includes or is associated with one or more processing units/processors, such as central processing unit ("CPU") cores 1230A-1230N. The CPU cores 1230A-1230N may be implemented as application specific integrated circuits ("ASICs"), field programmable gate arrays ("FPGAs"), or any other type of processing unit. Each CPU core 1230A-1230N may be configured to execute instructions for running one or more applications of the host device 1205. In some embodiments, instructions and data for running one or more applications may be stored within storage device 1210. Host device 1205 may also be configured to store results of running one or more applications within storage device 1210. Thus, host device 1205 may be configured to request storage device 1210 to perform various operations. For example, host device 1205 may request storage device 1210 to read data, write data, update or delete data, and/or perform administrative or other operations. The host device 1205 may be configured to run a standard cell application 1235. The standard cell application 1235 may be part of a computer-aided design or electronic design automation software suite where a user of the host device 1205 may use, create, or modify standard cells of a circuit. In some embodiments, instructions to execute or run the standard cell application 1235 may be stored within the memory device 1210. The standard cell application 1235 may be executed by one or more of the CPU cores 1230A-1230N using instructions associated with the standard cell application from the memory device 1210. In one example, standard cell application 1235 allows a user to assist in integrated circuit design with a pre-generated schematic and/or layout design of integrated circuit 120 or a portion of integrated circuit 120. After completing the layout design of the integrated circuit, a plurality of integrated circuits, including, for example, integrated circuit 120 or a portion of integrated circuit 120, may be manufactured by a fabrication facility according to the layout design.

Still referring to fig. 12, memory device 1210 includes a memory controller 1240 configured to read data from or write data to a memory array 1245. The memory array 1245 may include various volatile and/or nonvolatile memory. For example, in some embodiments, memory array 1245 may include NAND flash memory cores. In other embodiments, memory array 1245 may include NOR flash memory cores, SRAM cores, Dynamic Random Access Memory (DRAM) cores, Magnetoresistive Random Access Memory (MRAM) cores, Phase Change Memory (PCM) cores, resistive random access memory (ReRAM) cores, 3D XPoint memory cores, ferroelectric random access memory (FeRAM) cores, and other types of memory cores suitable for use within the memory array. Memory within memory array 1245 may be controlled individually and independently by memory controller 1240. In other words, memory controller 1240 may be configured to communicate with each memory within memory array 1245 separately and independently. By communicating with memory array 1245, memory controller 1240 may be configured to read data from, or write data to, the memory array in response to instructions received from host device 1205. Although shown as part of storage device 1210, in some embodiments memory controller 1240 may be part of host device 1205 or part of another component of computing system 1200 and associated with a storage device. Memory controller 1240 may be implemented as logic circuitry in software, hardware, firmware, or a combination thereof to perform the functions described herein. For example, in some embodiments, memory controller 1240 may be configured to retrieve instructions associated with standard cell applications 1235 stored in memory array 1245 of storage device 1210 after receiving a request from host device 1205.

It should be understood that only some of the components of computing system 1200 are shown and described in FIG. 12. However, the computing system 1200 may include other components, such as various batteries and power supplies, networking interfaces, routers, switches, external storage systems, controllers, and so forth. In general, computing system 1200 may include any of a variety of hardware, software, and/or firmware components as may be needed or deemed desirable in performing the functions herein. Similarly, host device 1205, input devices 1215, output devices 1220 and storage device 1210, including memory controller 1240 and memory array 1245, may include other hardware, software and/or firmware components that are deemed necessary or desirable in performing the functions herein.

One aspect of the present description relates to an integrated circuit. In some embodiments, the integrated circuit includes a one-time programmable (OTP) memory device. In some embodiments, an integrated circuit includes a controller coupled to an OTP memory device. In some embodiments, the controller is configured to receive a set of input bits indicative of an input address of the OTP memory device, and to obtain the hidden content stored by the OTP memory device at the hidden address through a plurality of indirect processes based on the input address. In some embodiments, each indirect process comprises: i) identifying a subsequent address of the OTP memory device based on the content stored at the address by the OTP memory device; and ii) obtaining subsequent content stored by the OTP memory device at the subsequent address. In some embodiments, the controller is configured to generate the key based on hidden content stored by the OTP memory device at the hidden address.

In the integrated circuit described above, the controller is configured to: an input address of the OTP memory device is obtained based on a portion of the set of input bits, first content stored by the OTP memory device at the input address is obtained, and a second address of the OTP memory device is obtained based on the first content.

In the integrated circuit described above, the controller is to identify a subsequent address of the OTP memory device based on the content stored by the OTP memory device at the address by converting the content stored by the OTP memory device at the address having the first number of bits to the subsequent address of the OTP memory device having the second number of bits less than the first number of bits.

In the integrated circuit described above, the controller comprises a set of XOR gates to convert, for each indirect process, content stored by the OTP memory device at an address having the first number of bits to a subsequent address of the OTP memory device having the second number of bits.

In the integrated circuit described above, the set of input bits indicates a process to be applied to convert content stored by the OTP memory device to a subsequent address of the OTP memory device, wherein the controller is to: the process indicated by the set of input bits is selected and, for each indirect process, the content stored by the OTP memory device is converted to a subsequent address of the OTP memory device by the selected process.

In the integrated circuit described above, the set of input bits indicates a plurality of indirect processes to be applied to generate the key, wherein the controller is to obtain the hidden content stored by the OTP memory device at the hidden address through the plurality of indirect processes.

In the integrated circuit described above, the controller is configured to: an input address of the OTP memory device is obtained by converting a portion of the set of input bits according to a hash function.

In the above integrated circuit, the controller includes: a shift register to shift a portion of the set of input bits, and hash logic to apply i) the portion of the set of input bits and ii) the shifted portion of the set of input bits to a hash function to obtain an input address.

In the integrated circuit described above, the controller is configured to: hidden content stored by the OTP memory device at the hidden address is converted to a key according to a hash function.

In the above integrated circuit, the controller includes: a shift register to shift a portion of the set of input bits, and hash logic to apply i) hidden content stored by the OTP memory device at a hidden address and ii) the shifted portion of the set of input bits to a hash function to generate a key.

One aspect of the present description relates to a method of authorizing access to content stored by an integrated circuit. In some embodiments, the method includes receiving, by a controller, a set of input bits indicating a first address of a one-time programmable (OTP) memory device. In some embodiments, the method includes obtaining, by the controller, first content stored by the OTP memory device at a first address. In some embodiments, the method includes obtaining, by the controller, a second address of the OTP memory device based on the first content. In some embodiments, the method includes obtaining, by the controller, second content stored by the OTP memory device at the second address. In some embodiments, the method includes generating, by the controller, a key based on the second content.

In the above method, obtaining, by the controller, the second address of the OTP memory device based on the first content includes: converting, by the controller, first content having a first number of bits to a second address having a second number of bits less than the first number of bits.

In the above method, the set of input bits additionally indicates a plurality of indirect processes to be applied to generate the key, wherein each indirect process comprises: i) identifying a subsequent address of the OTP memory device based on the content stored by the OTP memory device at the one address, and ii) obtaining the subsequent content stored by the OTP memory device at the subsequent address, the method further comprising: the hidden content stored by the OTP memory device at the hidden address is obtained by the controller through a plurality of indirect processes indicated by the set of input bits.

In the above method, generating the key includes converting the hidden content according to a hash function to obtain the key.

In the above method, the set of input bits indicating a process to be applied to convert first content stored by the OTP memory device to a second address of the OTP memory device, the method further comprising: selecting, by the controller, a process to be applied indicated by the set of input bits; and converting, by the process, the first content stored by the OTP memory device to a second address of the OTP memory device.

In the above method, further comprising: a first address of the OTP memory device is obtained by the controller by converting a portion of the set of input bits according to a hash function.

One aspect of the present description relates to a method of authorizing access to content stored by an integrated circuit. In some embodiments, the method includes receiving, by a controller, a set of input bits. In some embodiments, the method includes converting, by the controller, the set of input bits to the input address according to a hash function. In some embodiments, the method includes applying, by a controller, an input address to a one-time programmable (OTP) memory device. In some embodiments, the method includes generating, by the controller, a key for the set of input bits based on hidden content stored by the OTP memory device according to the input address of the application.

In the above method, converting, by the controller, the set of input bits to the input address comprises: shifting a portion of the set of input bits through a shift register, and applying, by a hash generator, i) the portion of the set of input bits and ii) the shifted portion of the set of input bits to a hash function to generate an input address.

In the above method, the shift register shifts the portion of the set of input bits according to the number of bits to be shifted indicated by the set of input bits.

In the above method, further comprising: obtaining, by the controller, the hidden content stored by the first storage device through a plurality of indirection procedures based on the input address, each indirection procedure comprising: i) based on the content stored by the first storage device at the address, identifying a subsequent address of the first storage device, and ii) obtaining subsequent content stored by the first storage device at the subsequent address.

The components of several embodiments are discussed above so that those skilled in the art may better understand the various embodiments of the present invention. Those skilled in the art should appreciate that they may readily use the present disclosure as a basis for designing or modifying other processes and structures for carrying out the same purposes and/or achieving the same advantages of the embodiments introduced herein. Those skilled in the art should also realize that such equivalent constructions do not depart from the spirit and scope of the present disclosure, and that they may make various changes, substitutions and alterations herein without departing from the spirit and scope of the present disclosure.