The present invention relates to a tamper resistant module for resisting against a tamper contemplating to decode confidential data confined within the module.
In order to prove reliability of security of an electronic computer system, a mechanism needs to be provided which does not permit an unauthorized person to physically access a specific portion of the computer system. Particularly, such a mechanism is needed to prohibit the unauthorized person from making a copy of the contents contained in a certain location of the system or from altering codes contained therein. To this end, a confidential portion of the system is confined within a module to preserve confidence. In case there is a tamper against the module contemplating to decode the confidential data confined therein, e.g. in case there is an activity to bore a hole in the module, such a tamper has conventionally been defended by erasing the confidential data.
Such a tamper resistant module is disclosed in "Physical Security for the .mu. ABYSS System" by Steve H. Weingart of IBM Thomas J. Watson Research Center, Proceedings, 1987 IEEE Symposium on Security and Privacy, Oakland, Calif., Apr. 27-29, 1987, p.p. 55-58. In this module, a thin wire such as a nichrome wire is wound about the module confining the confidential data therein. In case that the wire is cut, short-circuited or connection of the wire is changed, the tamper against the module is detected from the change in resistance of the wire, whereupon the confidential data is erased.
However, winding of the module is not suitable for mass production. Further, the resistance of the wire changes due to aging or in accordance with change in temperature or other ambient changes. For such reasons, notwithstanding the fact that the tamper is not existing, the confidential data tends to be erroneously erased. In contrast, despite the fact that the tamper is existing, the existing tamper cannot be detected with the result that the module fails to erase the confidential data.