There are several applications in which in an electronic device it is required to wait for a pre-set time, which may even have a long duration (minutes or hours). It may further be required for this wait time to be measured also when the electronic device is in a state where it is turned off, de-activated, or blocked.
For example, in applications for secure microcontrollers (the so-called secure MCUs), e.g., for operations of authentication, communication, or secure storage of information, if an attack is detected aimed at stealing sensitive information, the electronic device in which the secure microcontroller is used is set in a disabled state.
Typically, in the case of repeated attacks, the electronic device is set in a definitive disabled state for protecting the sensitive information. However, this behavior of defense entails subsequent impossibility for the user to operate the electronic device.
It is thus preferable to set the electronic device in a blocking state for a time sufficiently long (minutes or hours) for preventing the attack from being successful (it is difficult to violate the device if, after an attack, it is necessary to wait for a long period of time to unblock the same electronic device), at the same time preserving the possibility for the user to continue to operate the device.
For this purpose, a long-time-constant circuit stage (in what follows “LTC stage”) is used, basically constituted by a charge-retention electronic circuit, which defines an extremely long RC time constant for discharge of a previously stored electric charge (this time constant determines the wait time interval prior to restoring functionality of the electronic device). The resistance defining the RC time constant may have, for example, values of the order of PΩ (1015Ω) for defining a discharge time of the order of minutes or even hours.
The LTC stage may be further set (programmed), or reset (erased), by applying appropriate biasing signals.
An LTC stage is described, for example, in US 2015/0043269 A1. This LTC stage is illustrated in FIG. 1, where it is designated by 1, and is basically a charge-retention electronic circuit for time measurement, which includes a capacitive charge-storage element in which discharge occurs by a slow process of leakage through the dielectric space of the same capacitive element.
In particular, the LTC stage 1 comprises: a storage capacitor 2, connected between a first biasing terminal 3a, set in use at a first biasing voltage V1, and a floating node 4; a transfer capacitor 5, connected between a second biasing terminal 3b, set in use at a second biasing voltage V2, and the floating node 4; and a discharge element 6, connected between the same floating node 4 and a reference terminal 7, set in use at a reference voltage, or ground (gnd).
In particular, the discharge element 6 is formed by a plurality of elementary discharge units 8, which are connected together in series between the aforesaid floating node 4 and the aforesaid reference terminal 7 and define between them a plurality of intermediate nodes Ni (where i is an integer corresponding to the number of elementary discharge units 8 minus one).
As described in detail in the aforesaid US 2015/0043269 A1, each elementary discharge unit 8 comprises a capacitive element formed by a first electrode and a second electrode (made, for example, of polysilicon), arranged between which is a thin dielectric layer, through which a transfer of charges occurs by the tunnel effect. The connection in series between the various elementary discharge units 8 is implemented by coupling between the first electrode or the second electrode of consecutive elementary discharge units 8 in the series.
The floating node 4 is kept isolated, separated by a dielectric space, from the terminals where the voltage is applied and is not directly connected to any non-isolated region of the substrate of semiconductor material in which the LTC stage 1 is provided.
The capacitance C1 of the storage capacitor 2 (for example, comprised between 1 and 100 pF) is much higher than the capacitance C2 of the transfer capacitor 5 (for example, comprised between 0.01 and 50 pF); moreover, the thickness of the dielectric layer of the storage capacitor 2 (for example, comprised between 150 and 200 Å), made, for example, of oxide-nitride-oxide (ONO) dielectric, is greater than the respective thickness of the transfer capacitor 5 (for example, comprised between 70 and 100 Å), made of tunnel oxide.
Basically, the function of the storage capacitor 2 is that of retention of electric charges, whereas the function of the transfer capacitor 5 is that of enabling injection, or extraction, of charges in, or from, the storage capacitor 2, in particular by the tunnel effect, in a way altogether similar to what occurs for the floating-gate terminal of a nonvolatile memory.
Each of the elementary discharge units 8 has characteristics, for example in terms of thickness of the corresponding dielectric layer, such as to have a non-negligible charge leakage over time, through the corresponding dielectric space. Furthermore, the overall resistance of the discharge element 6, defined jointly by the various elementary discharge units 8, is extremely high, for example of the order of TΩ or TΩ.
The function of the discharge element 6 is to discharge in a controlled way, in a sufficiently long time interval (of the order of minutes or hours), the charge stored in the storage capacitor 2.
In use, the following operations may be envisaged in the LTC stage 1.
A programming operation, the so-called set, is used for initialization of the charge in the storage capacitor 2, by applying a high potential difference, for example positive, between the first and second biasing terminals 3a, 3b, for a consequent injection of electric charges through the transfer capacitor 5. For example, a high positive voltage +HV (boosted with respect to a logic supply voltage, for instance, via a charge-pump stage) is applied on the first biasing terminal 3a, and a high negative voltage −HV is applied on the second biasing terminal 3b. 
An operation of reset, or erasure, of the charge stored in the storage capacitor 2, is implemented by applying a high potential difference, for example negative, between the first and second biasing terminals 3a, 3b, for a consequent extraction of charges through the transfer capacitor 5. For example, the high negative voltage −HV is applied on the first biasing terminal 3a, and the high positive voltage +HV is applied on the second biasing terminal 3b; and
An operation of reading of the residual charge present in the storage capacitor 2 is implemented by detecting the voltage on the floating node 4, or on one or more of the intermediate nodes Ni, during discharge of the charge in the storage capacitor 2 (stored in a previous programming operation). This discharge occurs through the discharge element 6, with the first and second biasing terminals 3a, 3b set at ground, the discharge time constant RC being the product of the resistance of the discharge element 6 and of the overall capacitance of the storage capacitor 2 and transfer capacitor 5 (which are connected in parallel together and in parallel to the discharge element 6).
As shown in greater detail in FIG. 2, a reading circuit 9 of the LTC stage 1 comprises an operational amplifier 10 (in particular, an operational transconductance amplifier—OTA), operating as a comparator, having a first input terminal boa, for example the negative input terminal, connected to the floating node 4, a second input terminal 10b, in the example the positive input terminal, which receives a comparison reference voltage Vx, of an appropriate value, and an output 10c, which supplies an output voltage Vout, the value of which is indicative of the residual charge in the storage capacitor 2.
In particular, if the reading voltage VL on the floating node 4 has a given relation with the comparison reference voltage Vx (for example, being lower or higher than the same comparison reference voltage Vx), the discharge step of the storage capacitor 2 may be considered completed (for example, for the purpose of unblocking the electronic device that had previously been blocked due to detection of an attack attempt).
The value of the comparison reference voltage Vx is thus defined at the design stage for setting the desired duration of the discharge interval.
Likewise, as shown schematically in the aforesaid FIG. 1, further comparator stages (designated by 10i) may be provided, connected to one or more of the intermediate nodes Ni, in order to detect the voltage on the same intermediate nodes Ni and compare it with a respective reference voltage.
The present Applicant has realized that the solution described previously has a problem associated to a high spread of the duration of the discharge interval.
In particular, the value of the resistance of the discharge element 6, which in the integrated embodiment is made of semiconductor material (for example, silicon), may have a spread that may reach +/−40% of a nominal design value. This variability has repercussions on the value of the discharge RC time constant and, likewise, on the duration of the discharge interval.
This problem is illustrated in FIG. 3, which shows the plot of the reading voltage VL on the floating node 4 (in the example, with opposite sign) during discharge of the charge stored in the storage element 2; in particular, represented with a dashed line is the ideal plot, on the hypothesis of the resistance of the discharge element 6 having the nominal design value RL, whereas represented with a solid line is the actual plot, due to the effective value RL′ of the same resistance, due to the process spread.
As illustrated, an ideal duration TS of the discharge interval would be associated to the selected design value, designated by Vx1, of the comparison reference voltage Vx, whereas the effective duration TS′ of the same discharge interval is sensibly different, in the example shorter.
Likewise, to obtain the ideal duration TS of the discharge interval, it would be required use of a comparison reference voltage Vx having a value Vx2 that in the example is lower than the design value Vx1.
Basically, the actual performance of the LTC stage 1 is different from the desired design performance, with consequent problems of reliability in the operation of the electronic device in which the LTC stage 1 is used (e.g., causing a reduction in the security performance).
For example, in a wide range of applications it is not always possible to accept a spread in the duration of the discharge interval greater than +/−20% of the declared value.
A possible solution to this problem may consist in the measurement, at a testing step subsequent to the integrated manufacturing process (coinciding with the so-called electrical wafer sorting—EWS), of the effective duration of the discharge interval, in order to implement, as a function of the detected duration, a calibration of the comparison reference voltage Vx such as to compensate the variation of the value of resistance of the discharge element 6.
With reference once again to FIG. 3, in fact, by regulating the comparison reference voltage Vx at a compensation value Vx2, an effective duration TS′ of the discharge interval substantially equivalent to the desired design one could be obtained.
As mentioned previously, however, this discharge interval may have a duration of minutes or even hours so that its measurement may be incompatible with the times required for the testing operations at the end of the manufacturing process, which typically must not be longer than a few minutes for each electronic device produced (a longer duration would in fact entail an unacceptable reduction in the throughput of the manufacturing process).