Protecting a company’s intellectual property or IP is one of the highest priorities in a competitive market place. Let’s examine some of the questions listed here. If you are an embedded design house of or a software services provider, you may identify with the second question. Do you need to share IP or proprietary firmware with your customers? So, how do you provide this to your customers today?
In some cases you may be providing your customer the algorithm on a code protected chip and so you feel safe that your IP is secure. In other cases you may be providing a bear object file to your customer, while the customer may be able to decipher the source behind the object you may feel somewhat safe, because reclaiming source code from object code is a tedious process.
There are several other reasons why IP may be important to you, and we’ll see some of these. In embedded applications OEM’s, design houses, and software algorithm vendors face some critical issues in trying to protect their IP while collaborating on system designs.
Some issues may be; IP protection measures increase system cost for OEM’s and value added resellers. Software vendors and design houses risk losing IP to unqualified partners. Sometimes there is insufficient on chip support for secure firmware distribution and flash memory updates. We well examine a genetic system design model, parts which may be applicable to your application.
Designing any electronic part of reasonable complexity involves many hardware and software components. In recent years many system components have been designed and sometimes manufactured by different entities or parties.
Each party owns certain intellectual property that provides them a competitive edge in the market place. A general model for product design is shown here with the emphasis placed on the various parties involved in designing elements of a product. You may belong to one of the organizations shown here.
In a typical product two parties may be involved and sometimes three, a software design house and one or more original equipment manufacturers. Each party resorts to using the code protection features available on their micro platform to protect their IP.
The final or end product may comprise of multiple micro controllers communicating to each other via serial protocols or communication protocols. Even though micro controller or digital signal controller products are available today that could integrate the functions for profound by the individual micro controllers, such system integration is not performed, because each MCU stores some IP belonging to a different party.
In the end the final product leaves some scope for cost reduction and system integration. Later in this webinar, we’ll describe one example of such scenario.
Let us see how CodeGuard Security can help solve the challenges cost by system integration, cost reduction, and IP protection that we saw on the previous slide. The CodeGuard Security features on microchip 16 bit controllers, allows multiple parties to securely share resources on a single chip without compromising their respective intellectual property.
In the advanced implementation of CodeGuard Security an on-chip flash memory may be segmented into as many as three segments. Each segment may be code protected. Each party involved in a component of system design may store their code in a segment of flash memory as shown in this picture. Further, any one party may program a higher privilege segment of memory on the micro controller and provide to the other party for further application development and testing.
In the DS big DSC, flash may be segmented into a boot segment, a secure segment, and a general segment. The boot segment has the highest privileges and may be ideal to store a secure boot loader or some authentication and encryption algorithms that provide a secure flash update service.
Software algorithm vendors and original equipment manufacturers with propriety algorithms may store their programs in a secure segment which has the next highest privilege and is of larger size. Finally, and end customer may store his powerful device drivers, lookup tables, and other pieces of driver code in the general segment.
The code in the three segments may interact as in any normal application which consists of multiple functions. However, each of the three segments well be oblivious of the exact firmware in the other segment. Remember, each segment can be configured for a variety of memory sizes.
But wait, CodeGuard security is a lot more than just segmenting on-chip flash memory. In order to truly enable up to three parties to share resources on the same chip. Requires some very critical changes in a chips architecture.
Here are some are some high level features available on devices that feature CodeGuard Security. Perhaps the ability to respond securely to powerful interrupts while executing code in a secure segment of flash would be the most important feature in an embedded application.
Typically, this is one of the backdoor entries Trojan Horse programs are trying to take when they break your security. Some of the other features of CodeGuard Security include security for on-chip as well as ram. You will see some of these features in a few slides.