Electronic digital logic circuitry – Signal sensitivity or transmission integrity
Reexamination Certificate
2003-02-19
2004-09-28
Le, Don (Department: 2819)
Electronic digital logic circuitry
Signal sensitivity or transmission integrity
C326S082000
Reexamination Certificate
active
06798234
ABSTRACT:
BACKGROUND OF THE INVENTION
Field of the Invention
The present invention relates to an apparatus for protecting an integrated circuit formed in a substrate and a method for protecting the integrated circuit against reverse engineering having a shield, which at least partially covers the integrated circuit and which includes a signal transmitter, a signal receiver, at least two conductor tracks running between the signal transmitter and the signal receiver, and a drive and evaluation device connected to the signal transmitter and the signal receiver and also having a covering applied on the substrate.
It is possible to subject an integrated circuit to an analysis, so-called “reverse engineering.” This analysis may serve merely to analyze the method of operation or else to influence the method of operation for the purpose of manipulating a data content or the functional sequence. For the purpose of analysis, in a first step, the material that covers the surface of the chip is resolved. This material may be either a plastic molding composition that forms the housing of the semiconductor component, or a so-called “globe top,” which merely serves to protect the chip surface and the electrical connections against mechanical damage. Such a “globe top” is used in smart card modules, for example. Moreover, a thin plastic layer (“imide”, “photoimide”) is usually applied on the passivation layer of the chip. The plastic layer is also removed during a reverse engineering method. After the removal of the material that surrounds or covers the semiconductor chip, the passivation layer of the semiconductor chip is, generally, accessible. The passivation layer can be selectively removed by etching methods, laser, or Focused Ion Beam (FIB) methods. Access to the signal lines is obtained as a result of this.
An analysis of the integrated circuit is undesirable, in principle. Particularly in the case of security-relevant circuits, for example, a microcontroller on a smart card that includes the function of an electrical purse or the like, reverse engineering should be prevented if possible. In practice, various methods already exist by which such an analysis can at least be made more difficult. To protect an integrated circuit, it is known to cover it with a so-called shield. In such a case, a shield includes at least two conductor tracks running above the integrated circuit. In the case of the passive shields, the supply potential of the semiconductor chip is present on at least one of the conductor tracks, and the ground potential is present on the other conductor track. An interruption or a short circuit of these conductor tracks is detected by an evaluation circuit that, then, cuts the integrated circuit into a secure state. This may be, by way of example, the triggering of a reset or the erasure of the memory contents. In the case of the so-called active shields, the signal present on the respective conductor tracks can be varied by a drive and evaluation apparatus. This increases the security against an analysis with respect to a passive shield because the shield cannot be rendered nonfunctional by a bypass or a rewiring. In such a case, the course of the conductor tracks can be realized in meandering form or in grid form in a plurality of planes.
International Application WO 97/36326, corresponding to U.S. Pat. No. 5,861,652 to Cole et al., discloses a method and an apparatus by which it is possible to detect the removal of a plastic housing including molding composition. In such a case, the changing capacitance between two conductor tracks upon the removal of the plastic molding composition is detected. For such a purpose, a plurality of sensors is provided in the plastic molding composition housing. However, the sensors can easily be ascertained before the plastic molding composition is actually removed, and can, therefore, be selectively omitted during the removal of the housing so that a change in the capacitance cannot be detected.
Furthermore, U.S. Pat. No. 4,868,489 to Kowalski discloses a method that detects the removal of the passivation layer over the chip surface. A plurality of detectors that are made comparatively large is provided for such a purpose. The size of the detectors means that they can easily be discerned and, thus, circumvented. Moreover, the configuration illustrated in Kowalski has the disadvantage that a shield that covers the integrated circuit has to have a cutout in each case at the locations at which the detectors are situated. This results in weak points at which an analysis is made possible.
SUMMARY OF THE INVENTION
It is accordingly an object of the invention to provide an apparatus for protecting an integrated circuit formed in a substrate and a method for protecting the integrated circuit against reverse engineering that overcome the hereinafore-mentioned disadvantages of the heretofore-known devices and methods of this general type and that enable an improved protection against an analysis.
With the foregoing and other objects in view, there is provided, in accordance with the invention, an apparatus for protecting an integrated circuit formed in a substrate, including a shield at least partially covering the integrated circuit, the shield having a signal transmitter, a signal receiver, at least two conductor tracks running between the signal transmitter and the signal receiver, a drive and evaluation device connected to the signal transmitter and to the signal receiver, a covering applied on the substrate, and a switching apparatus having a first switching state enabling a capacitive measurement and a second switching state enabling detection of damage to the shield.
The invention proposes an apparatus for protecting an integrated circuit formed in a substrate, having an active shield, in the case of which the shield has a switching apparatus. As a result, a capacitive measurement method can be carried out in a first switching state and damage to the shield can be detected in a second switching state.
Thus, according to the invention, the active shield can be changed over between two functions. If the switching apparatus is in the second switching state, then it is possible to identify short circuits between conductor tracks or interrupted conductor tracks. It is, thus, possible to identify a manipulation at the active shield, this functionality corresponding to the customary method of operation of an active shield.
If the switching apparatus is in the first switching state, then a capacitive test method is carried out between two signal lines. By way of example, one of the lines has applied to it a signal that can be detected on the second line by an evaluation circuit given a correspondingly high capacitance between the two lines. In such a case, the signal fed into the one conductor track may be constant or have a periodic or a random character.
The apparatus according to the invention has the particular advantage that the two measurement methods described above reciprocally protect one another. A capacitive measurement method can be circumvented, for example, by applying short-circuit links between two conductor tracks by FIB methods. However, such an attack would be detected by the “normal” operating mode if the switching apparatus is in the second switching state. On the other hand, the capacitive measurement method protects the conventional active shield method because an attack would necessitate a removal of the covering composition, which is detected by the capacitive measurement method.
The combination of two detection methods, which merely dictates the provision of a switching apparatus in an active shield, makes it possible to significantly increase the protection against an analysis of an integrated circuit. Because, in contrast to the prior art, the two measurement methods are not spatially separate, even locally limited attacks no longer achieve their aim.
In accordance with another feature of the invention, the switching apparatus is only provided in a portion of the conductor tracks. The switching apparatus, preferably, has a plurali
Laackmann Peter
Taddiken Hans
Greenberg Laurence A.
Infineon - Technologies AG
Le Don
Locher Ralph E.
Stemer Werner H.
LandOfFree
Apparatus for protecting an integrated circuit formed in a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Apparatus for protecting an integrated circuit formed in a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Apparatus for protecting an integrated circuit formed in a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3261507