Purchases are often made using an electronic device called a Point Of Sale (POS) terminal. The POS terminal is typically coupled to a financial institution via an electronic communication link. A customer in a store may, for example, present a debit card, credit card, cash card or smart card to the store's cashier for payment. Consider an example of a transaction with a smart card. The customer presents the smart card to the cashier of the store. The cashier pushes the smart card into a smart card reader port on the POS terminal and the POS terminal reads an account number stored in the smart card. The customer then, for identification purposes, typically enters a Personal Identification Number (PIN) into a keypad device coupled to the POS terminal. The customer may also enter other identification information. The customer may, for example, provide a signature on a signature capture device coupled to the POS terminal.
The POS terminal then uses an encryption key stored in the POS terminal to encrypt the account number (from the smart card), the identification number (for example, the PIN number), and other information about the transaction such as the amount of the transaction and the date of the transaction. The encrypted information is sent from the POS terminal to the financial institution via a modem or other electronic communication link.
The financial institution receives the encrypted information and uses an encryption key to decrypt the information and recover the account number, identification information, and information about the transaction. In the case where the transaction is a debit transaction, the bank account of the customer is debited. A confirmation of the transaction is then encrypted using the encryption key and the encrypted confirmation is communicated from the financial institution back to the POS terminal. The POS terminal uses the encryption key stored in the point of sale terminal to decrypt the confirmation. Typically, the confirmation is printed out as part of a transaction receipt and a copy of the receipt is provided to the customer.
Accordingly, it is seen that sensitive financial and identification information is entered into and passes through the POS terminal. Encryption keys are typically stored in the POS terminal so that the POS terminal can communicate with the financial institution in a secure manner. Moreover, as the POS terminal is used, information about customers is stored in and/or passes through the POS terminal. Such information may include account numbers and their associated PIN numbers.
Various methods are employed to prevent such sensitive information from falling into the hands of thieves. In one example, the integrated circuits within the POS terminal that contain the sensitive information are surrounded, encased or covered with a fine wire mesh. Certain of the conductors of the mesh are coupled to a first terminal of the integrated circuit, whereas others of the conductors of the mesh are coupled to a second terminal of the integrated. The integrated circuit monitors the first and second terminals. If a thief were to attempt to probe through the mesh to get access to the integrated circuit, then certain of the conductors would likely be cut or pushed together. This condition would be detected by the integrated circuit as a tamper condition. If the integrated circuit were to detect such a tamper condition, then the integrated circuit would quickly erase the sensitive information (for example, encryption keys) so that if the thief were to then gain access to the integrated circuit, the sensitive information would have already been erased.
In one exemplary prior art POS terminal, the POS terminal includes a processor integrated circuit, a Static Random Access Memory (SRAM) integrated circuit, and a non-volatile memory integrated circuit. The processor and SRAM integrated circuits are covered with an anti-tamper mesh. An application program is stored in the nonvolatile memory. Upon power up, an operating system executing on the processor transfers the application program from the nonvolatile memory to the SRAM. Encryption keys are stored in Read Only Memory (ROM) on the processor integrated circuit. If the processor validates the application program to be a valid image, then the processor executes the application program out of SRAM. Subsequent operation of the POS terminal may use the encryption keys and may temporarily place the encryption keys in the SRAM. Accordingly, upon detection of a tamper condition, the SRAM as well as other volatile storage locations in the processor are quickly erased before a thief can gain access to the sensitive information stored in volatile memory in the processor and SRAM integrated circuits.
Numerous techniques exist in the prior art for providing a security mesh. For example, U.S. Pat. No. 6,646,565 describes a POS terminal having a secure case. The case includes what is called a security fence module that is sandwiched between two printed circuit boards. Each of the printed circuit boards includes a serpentine trace layer so that the assembly of the two printed circuit boards and the security fence module together enclose a secured volume.
U.S. Pat. No. 7,054,162 describes a security module that includes a substrate and a cover. The substrate and cover include inter-digitated serpentine serial conductive paths. When the cover and substrate are abutted together through ball grid array interconnects, the serpentine conductive paths essentially surround the volume enclosed between the cover and substrate. The grid array of connections at the periphery of abutting cover and substrate have a staggered row or picket fence configuration that prevents intrusion from the side.
U.S. Patent Application Publication No. 2007/0038865 describes a cap that is adapted to mount to a printed circuit board such that tamper-proof tracks in the cover are linked with tamper-proof tracks in the printed circuit board. The tracks in the cap and printed circuit board together form a tamper-proof security shield that protects a chamber.
U.S. Pat. No. 7,065,656 describes a method of protecting a printed circuit board from tampering by applying flexible plastic polymer layers having embedded trip wires.
U.S. Patent Application Publication No. 2006/0231633 describes a tamper resistant ceramic multi-chip module (MCM) that includes a ceramic chip carrier and a ceramic cap. Each of the chip carrier and the cap includes what are called security meander lines. Solder balls or solder fillets couple the cap to the chip carrier so as to enclose an internal cavity.
U.S. Patent Application Publication No. 2006/0087883 describes an anti-tamper module involving a connection layer that connects the module to an external system using a ball-grid array of solder balls. In one example, a wire mesh encased in epoxy is a protective layer that encases the module.
U.S. Pat. No. 5,861,662 describes an anti-tamper shield for an integrated circuit. In one example, the conductors of the shield have a grid pattern and are made of conductive epoxy.
U.S. Patent Application Publication No. 2007/0018334 describes a cavity-down integrated circuit package that has an embedded security shield. A printed circuit board also has an embedded security shield. When the package is connected to the printed circuit board with ball connectors, the shield in the package and the shield in the printed circuit board together form a security envelope that shields the integrated circuit of the package from tampering.
Unfortunately, providing a security mesh for a point or sale terminal circuit is typically undesirably expensive and/or is inadequate. An alternative solution is sought.