Within secure electronic devices, memories often store sensitive data such as bank account numbers and credit card numbers, associated PIN numbers, and encryption keys that make attractive targets for sophisticated thieves. Manufacturers of such secure electronic devices therefore often include security features that prevent thieves who wish to obtain stored sensitive data from tampering with memories.
FIG. 1 (Prior Art) is a simplified diagram of one such secure electronic device that is commercially available from Zilog, Inc. of San Jose, Calif. If tamper control logic 1 detects a tamper condition, then the tamper control logic 1 sends a bulk write signal via conductor 2 to a secure memory 3 thereby causing sensitive information stored in secure memory 3 to be erased before the thief can read the sensitive information out of the memory. Such memories, however, may exhibit what is sometimes referred to as data “remanence”. It has been recognized that when a static random access memory (SRAM) is maintained with the same value stored in a bit cell for a long period of time, and the bit cell is then erased (such as due to a tamper detect condition), that when power is restored to the SRAM the bit cell tends to return to the last programmed state of the cell or otherwise to exhibit the last programmed state of the cell. This tendency to retain residual data is a potential way for a thief to obtain sensitive information from a secure electronic device. A thief may, for example, retrieve a discarded electronic device that was used to store sensitive data. The thief may then power up the discarded electronic device, and inspect the memory or otherwise analyze the memory to learn information that was previously stored in memory.
To address this remanence problem, software executing on the processor of a secure device may be made to periodical write to the secure memory to flip the value of each bit in a process referred to as “bit-flipping”. A variable or amount of information such as an encryption key is periodically inverted, and then written back to the secure memory to overwrite the locations that stored the previous version of the variable or amount of information. By this mechanism, the amount of time the bits that store the variable or amount of information is equal to the amount of time that the bits store the inverse of the variable or amount of information.