The present invention relates to securing electronic components and data in integrated circuits from unauthorized access and, more particularly, to securing electronic components and data using tamper-detection systems, devices, and techniques.
A packaged integrated circuit (IC) device incorporating a wire-mesh protection system may be used in automated teller machines (ATMs) or electronic point-of-sale (ePOS) terminals to process credit and/or debit card information. The packaged IC device also may be used to store and utilize cryptographic keys for applications requiring cryptographic operations (e.g., set-top converter boxes).
FIG. 1 is a simplified, exploded, isometric view of a packaged IC device 100 having a passive wire-mesh protection system. The device 100 includes a ground plane 102, an upper wire mesh 104, one or more layers 106 of protected integrated circuitry, a lower wire mesh 110, and a substrate 112. Although not explicitly shown in FIG. 1, in addition to conventional logic and memory to be protected, the layers 106 may include detection circuitry for detecting incidents of tampering and control circuitry for responding to the detection of such incidents.
The upper wire mesh 104 enables detection of an attempt to physically breach the device 100 from the top to access the protected layers 106. Similarly, the lower wire mesh 110 enables detection of an attempt to physically breach the device 100 from the bottom to access the protected layers 106.
Wire-mesh protection systems, such as that used in the packaged IC device 100 of FIG. 1, operate by detecting open-circuit or short-circuit conditions in wire meshes, such as the wire meshes 104 and 110 that are created when a hacker drills into a packaged IC device. Upon detection of an open or shorted line in the wire mesh, control logic clears the memory of the packaged IC device and/or causes the device to power down and stop processing data. For example, if the packaged IC device stores credit card numbers or cryptographic keys in memory, then this data may be deleted to ensure that sensitive data is not divulged. It is to be appreciated by persons skilled in the art that protection systems described herein may be used to protect any type of control logic, integrated circuit, or device storing secure or sensitive data.
FIG. 2 is a component-level diagram of a passive wire-mesh tamper-detection system 200 that may be used in the tamper protection system of the package IC device 100 of FIG. 1, as is typified, by way of hypothetical example. The wire-mesh tamper-detection system 200 comprises a wire mesh 210, such as the upper wire mesh 104 or the lower wire mesh 110 of FIG. 1, and tamper-detection circuitry 220, which may be implemented in the protected layers 106 of FIG. 1.
The wire mesh 210 has two wire leads 212a and 212b, illustrated in a rectangular serpentine pattern. Lead 212a is connected in series with a pull-down resistor 214a between a ground node 216 and an input port 222a of the tamper-detection circuitry 220. Similarly, the lead 212b is connected in series with a pull-up resistor 214b between a DC voltage source 218 (such as a battery) having a DC voltage level VBAT and an input port 222b of the tamper-detection circuitry 220. In one implementation, the serpentine leads 212a and 212b are electrically isolated from one another in two adjacent mesh layers.
Within the tamper-detection circuitry 220, the input port 222a is connected via the node 224a to both a de-glitch circuit 226a and a DC voltage source 228 (also having DC voltage level VBAT) via a pull-up resistor 230a. Similarly, the input port 222b is connected via the node 224b to both a de-glitch circuit 226b and a ground node 232 via a pull-down resistor 230b. 
This arrangement effectively establishes two constant direct currents flowing through the wire mesh 210 that travel in opposite directions through the leads 212a and 212b, respectively. During normal operation, the two respective constant currents establish two predictable, ideal voltage levels at the nodes 224a and 224b based on the voltage level VBAT and the resistance levels of the resistors 214a, 214b, 230a, and 230b. 
The signals at the nodes 224a and 224b are processed by the de-glitch circuits 226a and 226b, respectively, and applied to the comparator circuits 234a and 234b, respectively. The de-glitch circuits 226a and 226b filter out spurious voltage levels in the analog signals 224a and 224b. 
Each comparator circuit 234a, 234b compares its corresponding voltage level 224a, 224b with an appropriate reference voltage level (not shown) that is equal to the ideal voltage level at the corresponding node 224a, 224b. As long as both of the voltage levels 224a, 224b are within the designed tolerances of the ideal voltage levels, the comparator circuits 234a, 234b generate the digital output signals 236a, 236b having logic values that indicate that there are no short-circuit or open-circuit conditions in the mesh 210. Otherwise, one or both of the comparator circuits 234a, 234b will generate one or both of the output signals 236a, 236b having logic values that indicate that a short or open circuit condition exists in the mesh 210.
When detectable tampering occurs, the wire mesh 210 will have either a short-circuit condition (i.e., the lead 212a is shorted with the lead 212b) or an open-circuit condition (i.e., one or both of the leads 212a, 212b are broken). Under either scenario, voltages at one or both of the nodes 224a and 224b will be sufficiently altered from their desired levels such that one or both of the comparators 234a and 234b will detect the short/open-circuit condition. Shut-down or even destruction procedures may then be implemented by the control circuitry.
For example, if an open-circuit condition exists in the lead 212a, then the voltage at the node 224a will be pulled high towards the voltage level VBAT. Similarly, if an open-circuit condition exists in the lead 212b, then the voltage at the node 224b will be pulled low towards ground. If a short-circuit condition exists between the leads 212a and 212b, then the voltages at the nodes 224a and 224b will both be a level determined by the voltage level VBAT and the resistances of the resistors 230a and 230b. By selecting appropriate values for the voltage level VBAT and the resistances of the resistors 214a, 214b, 230a, and 230b, the tamper-detection system 200 can be designed to detect each of these different situations resulting from tampering.
Although the resistors 230a and 230b may be implemented within the integrated circuitry that is protected by the tamper-detection system 200, the resistors 214a and 214b are implemented off chip.
The wire-mesh tamper-detection system 200 of FIG. 2 suffers in that the signals used to determine whether a tamper condition has occurred in the wire mesh 210 are always present and therefore require a constant draw of power from the voltage sources 218 and 228. This power draw limits applications of wire-mesh tamper-detection systems, and requires higher cost for powering the system 200, but also higher manufacturing costs, for example, when large resistors are employed, which demand greater area for implementation.