A. Technical Field
The present invention relates to a secure device, and more particularly, to systems, devices and methods of reducing power consumption of the secure device by limiting the amount of secure volatile memory that needs to be supplied by a battery. This secure device is used in high security applications such as financial terminals.
B. Background of the Invention
Nowadays, nearly all financial transactions are implemented based on cash exchanges at bank or sales counters, automatic teller machine (ATM) transaction, credit card payments via a specialized card reader, or internet transactions based on a generic computer or mobile device. Secure devices have been applied in the ATMs and the specialized card readers to provide an enhanced security level to the financial transactions. As the mobile devices become widely accepted and used as convenient financial terminals, secure device technologies start to be adopted and will gradually become a must for mobile devices as well.
Secure devices in these financial terminals must use batteries in their idle state when an external power source is not available. Battery power is used to secure memory storage, monitor any tamper attempt, and sometimes, to maintain a real-time clock (RTC). FIG. 1 illustrates a battery-backed sub-system 100 in an existing secure device. Cryptographic keys and sensitive data are loaded to a secure memory 104 at the manufacturer's site, and part of the secure memory 104 has to be powered to avoid data loss. While it is powered by the external power source 110 under normal operation conditions, the part of the secure memory 104 has to switch to the battery 102 for power in the idle state via the switch 109. At the same time, a tamper detection circuit 106 has to be enabled to detect any tamper attempt to read or compromise the secure memory 104. Therefore, even when the secure device 100 does not actively process any transaction in the idle state, battery power must be sustained to drive the secure memory 104 and the corresponding tamper detection circuit 106.
A long battery life is required to accommodate storage, shipping and potentially harsh storage/shipping conditions. These financial terminals could spend a long period of time sitting on warehouse shelves prior to being deployed to an end customer. Some terminals are mainly provided in lease arrangements where the terminals have to be disconnected for an unspecified period of time and transferred among customers and warehouses at different locations. During the course of storage or transportation, the secure volatile memory 104 and the tamper detection circuit 106 actively drain the battery 102. Sometimes, storage conditions may be harsh at a high temperature, accelerating battery consumption even more. The battery may be depleted before the financial terminals are delivered to their customers and plugged in to an external power source (for example, mains or a larger rechargeable battery). To address these concerns, battery life has to be extended by increasing the battery capacity to accommodate the unpredictable shelf time and conditions.
In the idle state, the battery-backed secure memory 104 consumes much more power than the tamper detection circuit 106 or the RTC 108. The tamper detection circuit 106 is controlled to sample intermittently, reducing overall power consumption. Despite its large consumption, the RTC 108 may be disabled during storage or shipment. However, the battery-backed secure memory 104 has to be constantly sustained by the battery power. As the silicon process feature size shrinks and the processing speed increases, significant increases are overseen in dynamic power consumption and leakage current of the secure memory 104. The limited capacity of the battery may quickly be depleted by this secure memory 104.
Batteries used in financial terminals are typically coin cells, such as CR2450. Unfortunately, a rechargeable battery is not desirable for this application, because it cannot support a shelf life of several years. Once the battery is completely drained, a financial terminal has to be returned to the manufacturer to be reworked or scrapped. Therefore, a need exists to extend the battery life.