The present invention generally pertains to integrated circuit chips for electronic data processing systems and is particularly directed to preventing inspection and/or modification of secure data that is stored or processed within a secure area of an integrated circuit chip.
Integrated circuit chips that process and store secure data include a secure area containing circuit elements for processing and storing the secure data, and a nonsecure area containing circuit elements for processing and storing nonsecure data and control signals. An integrated circuit chip contains a semiconductive layer containing diffusions defining circuit element components; and a first conductive layer coupled to the semiconductive layer to interconnect the components to thereby define the circuit elements. All modern integrated circuit chips include one or more conductive layers, typically for interconnecting circuit elements and components thereof. Generally these layers are used for both control signal and power signal distribution in a way that is intended to maximize signal interconnection density and reduce the area required for such interconnections.
The secure area further contains circuit elements for transferring nonsecure data and control signals to a data bus within the secure area for processing with the secure data by data processing circuit elements within the secure area. Logic circuit elements within the secure area enable the nonsecure data and the control signals to be transferred between the nonsecure area and the data bus within the secure area in response to control signals generated by the data processing circuit elements within the secure area.
Nevertheless, even though the secure data cannot be readily transferred in such an integrated circuit chip from the secure area to the nonsecure area, it is possible to gain access to secure data stored or being processed within the secure area by inspecting the secure area with such diagnostic tools as a scanning electron microscope (SEM) or a probe that couples an oscilloscope to a given node within the secure area from which the secure data can be accessed. Also, by delivering appropriate control signals to the logic circuit elements within the secure area by such means as a probe, it may be possible to cause the logic circuit to enable transfer of secure data to the nonsecure area from a data bus within the secure area that carries both nonsecure and secure data for processing by the data processing circuit elements within the secure area or to enable the secure data stored within the secure area to be replaced by clandestine data that would enable the intended security of the chip to be compromised.