Test access mechanisms are critical components in digital systems. They affect not only production and operational economics, but also system security. We propose a security enhancement for system-on-chip (SoC) test access that addresses the threat posed by untrustworthy cores. The scheme maintains the economy of shared wiring (bus or daisy-chain) while achieving most of the security benefits of star-topology test access wiring. Using the proposed scheme, the tester is able to establish distinct cryptographic session keys with each of the cores, significantly reducing the exposure in cases where one or more of the cores contains malicious or otherwise untrustworthy logic. The proposed scheme is out of the functional path and does not affect functional timing or power consumption.