The present disclosure relates to semiconductor integrated circuits. More specifically, the present disclosure is concerned with a semiconductor integrated circuit equipped with a secure function capable of protecting the circuit from information leakage, destruction, or modulation by an unauthorized user.
Since the advent of credit cards in the 1920s, nowadays many kinds of plastic cards are widely used in the form of cash cards, security cards, personal identification cards, stock cards, or shopping cards. In recent years, there has been a lot of activity concerning integrated circuit cards (or IC cards), which may be called ‘small computers’, because of their convenience, stability, and multi-usability for users.
Such IC cards are generally made in structures in which thin semiconductor chips are fixed to plastic cards of a size as large as credit cards. IC cards are rapidly rising on their usefulness for new-generation information media, owing to higher data stability than traditional cards to which magnetic tapes or magnetic stripes are attached, and high security, as well as good preservability that provides data without anxiety of data loss. A generic IC card is configured in a chip-on-board (COB) type in which a semiconductor chip of 0.5 mm is fixed onto a plastic sheet made with the same size and thickness as a credit card.
IC cards are generally shaped and sized like typical magnetic stripe cards, usually being classified into contact and contactless types. The contactless types include contactless IC cards (CICCs) and remote coupling communication cards (RCCCs). CICCs are developed by American Telephone and Telegraph (AT&T) in the USA, which are sensible within the range of ½ inch. RCCCs are identifiable in a distance about 700 cm and follow the standard of ISO DIS 10536.
On the other hand, IC cards may be sorted into smart cards, contactless cards, and memory cards. The smart cards embed microprocessors (or central processing units) therein. The contactless and memory cards are formed without microprocessors. The smart card is generally organized of a central processing unit (CPU), an electrically erasable and programmable read-only memory (EEPROM) or ROM, and a random access memory (RAM). The most general advantage of the smart card is the facility that enables it to be equipped with various applications, as well as high reliability and security, large data capacity, and usability for E-purses. Smart cards are capable of inputting and outputting information, adaptable to bilateral communication, distributed processing, and protection of information. With those capabilities, smart cards are making great strides in many service applications, such as finance, distributions, factory automation, office automation, medical services, social securities, mobile communications, pay telephones, cable television networks, electric power, gas, water supply, education, credit cards, debit cards, prepaid cards, utility gas management, information security, home banking, and so forth. Nowadays, those services are inclined to consolidate their channels into a single smart card. To accomplish such ends, it is necessary to provide systems and service methods therefor that render the smart cards able to be more conveniently used, for example, as a means for financial settlement, or associated with various application forms.
As aforementioned, data stored in smart cards are needed to be conserved in safety. Data being leaked externally from the smart cards may cause serious results even to system managers. Furthermore, occasionally internal data of smart cards can be fatally damaged from actions that directly monitor the insides of semiconductor chips for the purpose of finding internal signals or data thereof. There is a way of monitoring chips, which removes a silicon oxide (SiO2) film, used as a passivation layer, from the surface of a semiconductor chip and monitors the metal signal lines, exposed on the chip surface, by mean of an oscilloscope. The technique of removing a passivation layer of silicon oxide film from a chip surface is called ‘decapsulation’. To protect such an invasion that monitors the internal signals of a chip, it is necessary to provide a detection device for providing an alarm upon an attempted decapsulation. Such detection devices are known to include, for example, light exposure detectors, passivation removal detectors, and so on
Another way for monitoring a semiconductor chip of the smart card is to check on the data transceived through a data line by lowering a frequency of a main clock signal. In this way, a frequency detector is used for sensing whether the frequency of the main clock signal is within a predetermined range.
It is necessary for a smart card to be equipped with units for preventing damage thereto due to abnormal operation environments, as well as for protecting the card from an invasion by an unauthorized user. For example, a voltage detector may be employed to prevent the smart card chip from electrical damage when a voltage supplied from a card reader is out of a normal range. Furthermore, a temperature detector may be used for preventing the smart card chip from an abnormal operation due to a too high or too low ambient temperature.
Usually, a smart card operates to reset all circuits, including a microprocessor, when there is a detection signal from at least one of the aforementioned detectors, such as a light exposure detector, passivation removal detector, frequency detector, voltage detector, and temperature detector, as well as protecting itself from an information leak, destruction, or modulation by external attacks, and damage caused by abnormal operation environments.
Because such structural supplementaries with those detectors for smart cards have been generally known by others, however, it is possible for hackers to attack the smart card chip in the manner of interrupting signal paths to internal circuits (logic circuits or a microprocessor) from the detectors and providing an arbitrary detection signal into the internal circuits. In this case, since there is no input of a detection signal from the detectors to the internal circuit, it is unaware of an invasion by an unauthorized user or damage by an environmental abnormality.