Loading...
Please wait, while we are loading the content...
Similar Documents
Non-intrusive Monitoring
| Content Provider | The Lens |
|---|---|
| Abstract | A technique for detecting unauthorized manipulation of a circuit. In one embodiment, a test data channel of a boundary scan system of a circuit is monitored while the circuit is in operation. By monitoring the test data channel, a monitoring module determines the presence of a signal on the test data channel. During operation, activity on this channel may represent a potential unauthorized manipulation attempt. An alarm condition may therefore be created if a signal is detected. |
| Related Links | https://www.lens.org/lens/patent/013-199-056-502-572/frontpage |
| Language | English |
| Publisher Date | 2017-08-08 |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Patent |
| Jurisdiction | United States of America |
| Date Applied | 2015-02-23 |
| Agent | Edell, Shapiro & Finnan, Llc |
| Applicant | Cisco Tech Inc |
| Application No. | 201514628854 |
| Claim | A method comprising: monitoring a test data channel of a boundary scan system of a circuit while the circuit is in operation; determining presence of a signal on the test data channel; and creating an alarm condition if the signal is present, wherein the monitoring, determining, and creating are performed by a monitoring module according to trusted logic, wherein trust for the trusted logic is derived from a trust anchor that is a component of a processor that is in communication with the test data channel and that is booted in a trusted state, the method further comprising: expecting a strobe signal at a predetermined time from a strobe source connected to the test data channel; and sending a response to the strobe signal to the trust anchor, the response including a unique secret value that is generated in response to the strobe signal and that is generated for respective responses to subsequent strobe signals to confirm that the response and the respective responses are authentic. The method of claim 1 , further comprising: if the strobe signal is not received at the predetermined time, asserting an alarm condition. The method of claim 1 , wherein the boundary scan system operates in accordance with the IEEE 1149.1 Standard Test Access Port and Boundary-Scan Architecture. The method of claim 1 , wherein the circuit comprises a circuit board, and the monitoring module is on the circuit board and connected to the test data channe The method of claim 4 , wherein the monitoring module comprises a field programmable gate array. The method of claim 1 , further comprising: evaluating the signal; and creating the alarm condition if the evaluation shows that the signal is unauthorized. The method of claim 6 , wherein the evaluating comprises: comparing the signal to a set of known benign signals, wherein the signal is determined to be unauthorized when the signal does not correspond to any of the known benign signals. The method of claim 6 , wherein the evaluating comprises: comparing the signal to a set of known unauthorized signals, wherein the signal is determined to be unauthorized when the signal corresponds to one or more of the known unauthorized signals. An apparatus comprising: one or more integrated circuits; a monitoring module; and a test data channel connecting the integrated circuits and the monitoring module in a boundary scan system; wherein the monitoring module comprises trusted logic that is configured to: monitor the test data channel while the apparatus is in operation; determine presence of a signal on the test data channel; and create an alarm condition if the signal is present, wherein trust for the trusted logic is derived from a trust anchor that is a component of a processor that is in communication with the test data channel and that is booted in a trusted state, and wherein the trusted logic is further configured to: expect a strobe signal at a predetermined time from a strobe source connected to the test data channel; and send a response to the strobe signal to the trust anchor, the response including a unique secret value that is generated in response to the strobe signal and that is generated for respective responses to subsequent strobe signals to confirm that the response and the respective responses are authentic. The apparatus of claim 9 , wherein the monitoring module is further configured to: if the strobe signal is not received at the predetermined time, assert an alarm condition. The apparatus of claim 9 , wherein the wherein the boundary scan system is configured in accordance with the IEEE 1149.1 Standard Test Access Port and Boundary-Scan Architecture. The apparatus of claim 9 , wherein the apparatus comprises a circuit board on which the monitoring module and integrated circuits are mounted. The apparatus of claim 12 , wherein the monitoring module comprises a field programmable gate array. The apparatus of claim 9 , wherein the monitoring module is further configured to: evaluate the signal; and create the alarm condition if, upon evaluation, the signal is unauthorized. The apparatus of claim 14 , wherein the monitoring module is further configured to: compare the signal to a set of known benign signals; and determine the signal to be unauthorized when the signal does not correspond to any of the known benign signals. The apparatus of claim 14 , wherein the monitoring module is further configured to: compare the signal to a set of known unauthorized signals; and determine the signal to be unauthorized when the signal corresponds to one or more of the known unauthorized signals. A method, comprising: in a circuit, sending a strobe signal from a trusted strobe source at a predetermined time on a test data channel that connects a monitoring module to one or more integrated circuits in a boundary scan system; and if the strobe signal is not received at the predetermined time at the monitoring module, asserting an alarm condition, wherein trust for the trusted strobe source is derived from a trust anchor that is a component of a processor that is in communication with the test data channel and that is booted in a trusted state, and the method further comprising: receiving a response to the strobe signal, the response including a unique secret value that is generated in response to the strobe signal and that is generated for respective responses to subsequent strobe signals to confirm that the response and the respective responses are authentic. The method of claim 17 , wherein the alarm condition is asserted if the response is not authentic. One or more non-transitory computer readable storage media encoded with software comprising computer executable instructions that, when executed on a programmable processor, are operable to: send a strobe signal on test data channel that connects a monitoring module to one or more integrated circuits in a boundary scan system; and if the strobe signal is not received at the predetermined time at the monitoring module, assert an alarm condition, wherein the software is trusted, and the computer executable instructions that, when executed on a programmable processor, are operable to: receive a response to the strobe signal, the response including a unique secret value that is generated in response to the strobe signal and that is generated for respective responses to subsequent strobe signals to confirm that the response and the respective responses are authentic. The computer readable storage media of claim 19 , wherein the software further comprise instructions that, when executed on the processor, are operable to: assert the alarm condition is of the response is not authentic. |
| CPC Classification | Measuring Electric Variables;Measuring Magnetic Variables ELECTRIC DIGITAL DATA PROCESSING |
| Examiner | Jacob Lipman |
| Extended Family | 055-677-924-075-812 013-199-056-502-572 |
| Patent ID | 9727722 |
| Inventor/Author | Grieco Anthony H Shroff Chirag |
| IPC | G06F21/45 G01R31/3185 |
| Status | Active |
| Owner | Cisco Technology Inc |
| Simple Family | 055-677-924-075-812 013-199-056-502-572 |
| CPC (with Group) | G01R31/318588 G06F21/554 G06F21/575 G06F2221/034 G06F21/45 |
| Issuing Authority | United States Patent and Trademark Office (USPTO) |
| Kind | Patent/New European patent specification (amended specification after opposition procedure) |
