High requirements are put on chips or ChipCards (ChipCard=chip card) as regards data security and their programmed operation. Examples of chip cards are the so-called “Pay TV” card (Pay TV card=pay-television card), the debit card or the credit card, which are however only examples for a plurality of further cards. In chip cards, on which high requirements are put as regards data security, it should be avoided that the data of such a card or its operation can be reproduced in any form, so as to prevent for example a counterfeiter from producing a chip card with similar or identical characteristics.
A reproduction of a card could cause with a final distributor of the card or chip card substantial losses, the extent of which cannot be calculated. For example, a counterfeiter or an aggressor could reproduce or re-process a phone card or change its design so that the phone card can be loaded automatically and thus cause incalculable damage to a telephone company, which sells the phone cards with this design.
In order to be able to successfully commercialize a chip card, an appropriate certifying of the card or the design of the chip on the chip card is necessary. An as high-valued certifying as possible of a card is, e.g. for a manufacturer of the card, a substantial distinctive characteristic to be distinguished from his competitors. It is of crucial importance for the manufacturers of the card that, despite the many technical possibilities or the multiple technical means, with which the card can be attacked, a design of a chip card is so implemented that the chip card is nevertheless protected to a maximal extent against attacks. The fact that the more protection mechanisms are implemented in a design of a chip card, the more competitively the chip card can be commercialized e.g. with the card operators is applicable here.
An important protection mechanism should be provided on a card against attacks on the hardware itself or so-called “Invasive attacks”. In the event of an invasive attack, a component or chip is opened, in order to obtain information on its construction, its architecture or the implemented circuits or the design. Furthermore, an invasive attack is carried out in order to obtain information on the functions of the chip, such as e.g. an implemented encrypting algorithm, or on data, which can e.g. be custom-specific and can be stored in a ROM (ROM=Read Only Memory). A series of companies have even specialized in so-called Reverse Engineering. By means of reverse engineering, e.g. a chip is reproduced by a foreign company based on the information, which has been obtained from an invasive attack.
In the case of the invasive attack, e.g. a component is systematically ground, a modification of the circuit implemented in a chip is carried out or a tension or signal measurement is performed. For an invasive attack can be used a series of tools, e.g. EBEAMs (EBEAM=elementary accelerator), which are used e.g. in electron-beam microscopes, FIBs (FIB=Focus Ion Beam) or AFMs (AFM=Atomic Force Microscope), the tools mentioned being only examples of a plurality of tools, which are used for carrying out an invasive attack.
In the framework of the invasive attack, pictures of a component are taken per surface of the complete chip surface, each metal plane and transistor plane being often contained in one picture. When the pictures thus taken are subsequently superimposed or the vertical structure of the component examined is reconstructed by means of the pictures of the different planes, a connection diagram of a chip can be extracted or established. By means of simple assumptions regarding the process and a subsequent determination of the dimensions of the individual components, such as e.g. the transistors, simulation models of the individual components can be made, by means of which the chip or the operation of the chip can be simulated or reproduced. Such a reproduction allows a counterfeiter to produce a copy or a modification of a chip providing data security and thus a chip card providing data security and thus to cause to a final distributor e.g. huge incalculable losses. Therefore, reproducing a chip by means of an invasive attack should be made more difficult, even better prevented or made impossible.