Pursuant to the current state of the technology, electronic packages which are employed or intended for use in applications that are to be certified pursuant to the United States Federal Information Processing Standards (FIPS PUB 140-2) which are published by the National Institute of Standards and Technology (NIST), the Department of Commerce has classified all of the information contained therein into essentially four increasingly stringent qualitative levels of security; which, in effect, for purposes of uniformity and standardization are designated as respectively, Level 1 through Level 4. These security levels are normally intended to extend over and resultingly cover a wide range of potential applications and diverse environments in which there may be or are currently employed various cryptographic modules which must be adequately protected so as to be secure from any tampering and/or unauthorized access to the information which is supplied to and contained in the respective modules.
In order to attain an adequate degree of protection against any potential tampering with the internal cryptographic keys and codes that are contained in computers and/or telecommunication systems, for instance, such as telephones or the like, it is intended to attain the implementing of at least a Level 4 electronic cryptographic protection, wherein the scope of protection must be imbued with important functions and attributes beyond that of a classical or, in effect, a so-called normal or basic degree of mechanical protection for the electronic packages that contain semiconductor devices. Ultimately, the electronic packages must be capable of maintaining the security from tampering with or unauthorized access to the cryptographic keys and algorithms which are stored within the modules containing the semiconductor devices, and wherein the functions and capabilities of the tamperproof arrangements or layers reside in avoiding or inhibiting any penetration thereof by unauthorized microprobes which would enable information to be retrieved and read from the exterior of the secure boundaries or confines of the module.
Hereby, to be able to achieve satisfactory levels of protection for electronic packages against any tampering therewith emanating from unauthorized external sources which, conceivably, could potentially compromise electronic cryptographic keys and codes contained therein, a basic concept resides in creating a succession of superimposed or stacked-through combination of layers enabling the application of different techniques, and that possess physical properties which facilitate the detection, preferably by the employment of an electronic monitoring system, of any attempts at tampering, whereby a sensing or detection of the tampering attempts will enable a security system to disable the module by clearing therefrom all sensitive information stored in a volatile memory which is contained therein.
From the standpoint of providing the necessary security, the tamper attempts are generally able to be detected when circuits contained in the module change their electrical properties from a previously calibrated and characterized level. Protection layers which are employed in the module are capable of preventing the creation of holes, such as are intended to introduce unauthorized electrical microprobes that are produced through several different techniques, for instance, by micro-drilling with ceramic drills, selective layer ablation, or the use of lasers. Moreover, the circuits are also difficult to work with due to their intrinsic fragility when tampered with, in effect, having a very low thickness, comprising brittle layers, and not being solderable, so as to prevent any shunting of the electrical circuit. In order to preserve the service life of employed battery back-ups, these circuits are preferably constituted of highly resistive conductive materials that draw a low electrical current, in contrast with the utilization of low-ohmic conductive lines.
The engineering of such a module can result in being able to devise solutions in which various manufacturing steps can be technologically updated to include features that, from a standpoint of providing an adequate level of security, are relevant in meeting specific anti-tampering or tamper-resistant requirements. The definition of a secure module, in effect, the structure of the implemented modular layers, resides in taking advantage of different possible combinations in the stacking of these layers so as to meet different criteria in attaining levels of security for more broad-based and generic commercial applications beyond those set forth by current FIPS requirements and standards.
The present invention is intended to replace a current temper-resistant security product that is basically difficult to manufacture, and resultingly is very expensive in nature.
For example, the present technology uses a PCB card (full card) that is positioned between a pair of Cu covers which are then riveted together so as to form a box. Thereafter, the resultant package with the two Cu covers is wrapped with a polymer film which, on the two opposite sides thereof has a pattern imprinted with a carbon ink defining a resistive network. Once the film encompasses the Cu box, the package is then placed into an aluminum box which is open on one side thereof, and the entire assembly is then potted with a resin in order to form a brick. Extending from the newly formed brick is only a flat cable in order to establish an external electrical connection with the electronics of the system contained therein.
False or erroneous calls encountered during manufacturing operations and in the field, pursuant to current solutions are the identified limit of the ascertained problems due to tampering attempts, whereby erasing of the cryptographic code drives the replacement of the units or packages at customer sites. Similarly, major impacts encountered on the manufacturing floor have been identified during assembly operations with an erroneous fall-out or failure that is only detected at test stations.
Described hereinbelow is a brief description of some of the limiting factors that are experienced in the detection of the problems as are presently encountered in the technology.
(A) a bowing or similar deformation of the electronic package (once potted) due to the expansion of air and moisture which is entrapped within the package (PCB card and Cu box), that causes the formation of tears and breaks (i.e., discontinuities or ruptures) in the imprinted ink network of the envelope which is added externally at the overall assembly of the part;
(B) bubbles of air or moisture that are formed during potting may also be responsible for similar defects that are encountered in the electronic packages;
(C) the wrapping of the polymer film about the copper covers may also cause defects in the corners of the package wrapping, such as a pinching of the polymer and breaking or rupture of the envelope imprinted resistive network thereon; and
(D) the exiting cable, which is normally connected to the polymer resistive matrix with an electrically conductive adhesive, may evidence temperatures, dependencies and susceptibility to impermissible manufactured batch-to-batch performance changes resulting in an adverse reliability.