Patent Grant
9305190
1. Field of the Invention
The field of the present invention relates to an anti-tamper device for integrated circuits, particularly an anti-tamper device that physically alters and renders unreadable one or more integrated circuits.
2. Background
Often, one of the first steps taken by hackers, in their attempts to access embedded keys and data contained in integrated circuits, is hardware disassembly. Using readily available tools, techniques and information, many electronic devices and systems are easily disassembled. In most instances, however, hackers fail to encounter any type of anti-tamper device that prevents or deters hardware disassembly.
Although integrated circuits implement countermeasures designed to digitally or electronically destroy embedded keys and data, thwarting attacks with these types of countermeasures involves continued research and expense. In addition, due to external forces, such as reducing manufacturing costs and marketing timelines, designers of digital and electronic countermeasures are further disadvantaged. Therefore, using digital and electronic countermeasures alone often means hackers are able to access sensitive data stored within integrated circuits.
Despite being recognized as a better method of preventing access to integrated circuits, few, if any, systems use physical destruction methods as countermeasures. This is perhaps, in part, due to the potential harm to surrounding components and difficulties associated with commercially implementing known physical destruction methods.
Embedded keys and data contained within integrated circuits are not easily destroyed. Because even small fragments can contain sensitive data, scratching or cutting the surface of an integrated circuit is generally ineffective. Nonetheless, given the effectiveness of physical destruction methods in thwarting attacks and the ineffectiveness of digital and electronic countermeasures, there is a clear need for improved anti-tamper devices.
The present invention is directed toward an anti-tamper device for integrated circuits. The anti-tamper device includes a firing assembly having a contained energy source and an impact element. The device further includes a breach assembly having an integrated circuit and a propellant charge.
Upon an attempt to improperly remove or dislodge the integrated circuit from the anti-tamper device, the contained energy source is actuated. The energy source propels the impact element against the propellant charge, causing the charge to ignite. The resultant forces from the impact element and ignition of the charge imparts a shock wave through the anti-tamper device. This shock wave induces spalling of the integrated circuit such that the circuit is physically altered and rendered unreadable.
The drawings described herein are for illustrative purposes only and are not intended to limit the scope of the present disclosure. In the drawings:
Turning in detail to the drawings,
When actuated, the contained energy source 24 propels the impact element 26 such that it ignites the propellant charge 30. Upon ignition of the charge, a localized shock wave is imparted through the anti-tamper device, causing spalling of the integrated circuit 12. This spalling renders the integrated circuit unreadable. “Spalling,” as used herein, is broadly defined as breaking, shattering, disintegrating, splitting, chipping, or any other method that physically alters at least a portion of the integrated circuit such that the circuit is rendered unreadable.
The energy source 24 is considered “contained” because it is not dependent upon external sources of energy, which are typically connected by wires or cables. In preferred configurations, the contained energy source 24 is a spring, imparting sufficient force to crimp the rim of the propellant charge and cause its ignition. While other types of energy sources are contemplated, preferable energy sources are capable of converting potential energy to kinetic energy upon their release from a compressed state.
The impact element 26 includes a shaft section 56 having a through-hole 58 and a head section 60 having an annular groove 62. The head section 60 preferably has a raised edge or surface 64 (
Three primary Assembly States are reached during preparation of the anti-tamper device: (1) the Primed State; (2) the Loaded State; and (3) the Set State.
To reach the primed state assembly 14a (
When aligned, locking elements 46, 48 simultaneously rest on groove 62, located within the head section 60 of impact element 26, and in receiver locking hole 42. In this aligned position, priming pin 47 prevents movement of the impact element, while it is in a pressed position. Once assembled, the impact element may be turned approximately 90 degrees and the priming pin 47 removed, leaving the assembly in the Primed State. A Primed State Assembly 14a is shown in
Then, the impact element 26 is rotated to ensure that locking elements 46, 48 are contained within the assembly and the priming pin 47 is removed.
Next, to reach the Loaded State Assembly 92 (
Integrated circuits, as used herein, are broadly defined as memory devices, particularly devices based on integrated circuit technology, and including those with microprocessors or cryptographic processors. These devices may include any digital memory device having a small form factor, and specifically those that meet physical and electrical specifications for ISO/IEC 7810 ID-000 form factor (e.g. Subscriber Interface Modules (SIM) or Security Access Modules (SAM)) and ETSI TS 221 V9.0.0 (Mini-UIC). In addition, these devices may include generic secured or unsecured memory devices, such as MultiMediaCard (MMC), SecureDigital (SD), CompactFlash (CF), or other digital memory device formats with either standardized or proprietary form factors similar to those used in digital cameras and like devices.
The circuit interface 28 is preferably a frangible interface with physical and electrical interface connections, which are compatible with any of the aforementioned integrated circuit types. The circuit interface also includes a section 72 adapted for connection with a cable and/or wire 74. (See
Breach element 18 includes a recessed slot 73 or other suitable area configured for positioning of a cable and/or wire 74. (See
Preferably, the integrated circuit 12 and circuit interface 28 are connected and placed within the slot 70 or other suitable area within the breach element 18. These elements 12, 28 are specifically positioned in the breach element 18 adjacent to cross ports 76. (See
The breach element 18 further includes a propellant charge chamber 82 for housing a propellant charge 30. The gas port 78 and the propellant charge chamber 82, however, are both configured to receive propellant charge 30.
Propellant charge, as used herein, is broadly defined as any type propellant charge that can be contained within a pyrotechnic cartridge. Preferably, these charges are powder actuated and commercially available from building suppliers such as those used for driving nails and other types of fastening devices. These types of charges are provided in a variety of powder level and calibers. Contemplated charges include those using smokeless powder or other low explosive materials which burn rapidly such as those manufactured by Illinois Tool Works, Inc. and the Hilti Corporation. When a surface strikes the base of the cartridge, the charge is activated by an impact sensitive primer compound. After activation off the charge, the burning propellant builds pressure within the cartridge and thereafter releases gases, imparting a shock wave throughout the breach assembly.
After the breach assembly 16 is assembled, it is placed into inner containment chamber 20, as shown particularly in
As shown in
Optionally, the outer containment chamber 80 may also include a forensic identifying material 68 (
Under actual conditions, the outer containment chamber 80 is placed separately in an area (not shown), which is in proximity to a transit system, banking system, physical access system, a retail terminal, network, or any other type of system that uses integrated circuits. This area may be an opening, which is drilled into the ground or any type of building structure or furniture structure. Preferably, the outer containment chamber 80 is coupled to a predetermined area using methods such as grouting, gluing, or welding.
Alternatively, the outer containment chamber 80 may have an outer surface 83 that is configured to securely bite into or adhere to building structures or furniture structures made from plastic, concrete, metal, plaster, wood, foam, composite material or a building structure or furniture structure manufactured from a combination of these materials. Outer containment chamber 80 may also be integrally pre-molded into a building structure or furniture structure or a section thereof.
After positioning of the outer containment chamber 80 into the ground or the building structure, the Loaded State Assembly 92 is aligned with the outer containment chamber 80. Specifically, the tripping mechanism 90 is positioned within the receiver well 44 such that locking pin 50 is displaced, as shown in
The Set State Assembly 98 of anti-tamper device 10 is released or triggered when an attempt is made to remove or dislodge an integrated circuit 12 and/or the integrated circuit interface 28 from position within the breach assembly 16. Under these circumstances one or more forces 100 is/are applied to the Set State assembly 98, during an attempt to remove or dislodge the integrated circuit 12 and/or the circuit interface 28.
For example, when a hacker or unauthorized intruder pulls on the extending cable or otherwise attempts to remove or dislodge the circuit from its Set State, the following can occur: (1) the triggering mechanism is withdrawn from the receiver well; (2) the locking elements drop into the receiver well, (3) the energy source (spring) and the impact element are released; (4) the impact element accelerates, propelling toward the breaching assembly and contacting and igniting the propellant charge.
The impact element 26 contacts the propellant charge 30 and the breaching assembly with sufficient impact force such that a shock wave is transmitted through the anti-tamper device 10. The resultant forces from the impact element 26 and the released gases 102 (
A Fired State Assembly 104, showing the physically altered integrated circuit 12a and circuit interface 28a is shown in
Preferably, with the exception of the integrated circuit, circuit interface, the propellant charge and cables/wires, components of the anti-tamper device are manufactured from metallic materials. Preferable materials include steel, stainless steel, and various types of metallic alloys. However, such materials may include, but are not limited to, composites and plastics with sufficient impact resistance.
The anti-tamper device 10 may be configured to house additional integrated circuits and/or propellant charges. Further, one or more anti-tamper devices may be positioned in parallel or in series, depending upon the configuration of the system to which the device is coupled.
Thus, an anti-tamper device for one or more integrated circuits is disclosed. While embodiments of this invention have been shown and described, it will be apparent to those skilled in the art that many more modifications are possible without departing from the inventive concepts herein. The invention, therefore, is not to be restricted except in the spirit of the following claims.
This application is a national stage application under 35 U.S.C. §371, PCT/IB2011/002390, filed Jul. 15, 2011, which claims priority to U.S. Provisional Patent Application Ser. No. 61/365,349, filed on Jul. 18, 2010. The disclosures of the aforementioned priority applications are incorporated herein by reference in their entirety.
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/IB2011/002331 | 7/15/2011 | WO | 00 | 1/31/2013 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO2012/010971 | 1/26/2012 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 4236463 | Westcott | Dec 1980 | A |
| 4804826 | Hertzen et al. | Feb 1989 | A |
| 4812670 | Goulet | Mar 1989 | A |
| 4853676 | Kitts | Aug 1989 | A |
| 5736777 | Shield et al. | Apr 1998 | A |
| 5775235 | Lindskog et al. | Jul 1998 | A |
| 5877547 | Rhelimi | Mar 1999 | A |
| 6192802 | Baginski | Feb 2001 | B1 |
| 6259366 | Lindskog et al. | Jul 2001 | B1 |
| 6264108 | Baentsch | Jul 2001 | B1 |
| 6379988 | Peterson | Apr 2002 | B1 |
| 6421013 | Chung | Jul 2002 | B1 |
| 6926204 | Vacherand et al. | Aug 2005 | B2 |
| 7263190 | Moritz | Aug 2007 | B1 |
| 7532027 | Lazaravich et al. | May 2009 | B2 |
| 20020186131 | Fettis | Dec 2002 | A1 |
| 20060136752 | Miller | Jun 2006 | A1 |
| 20080307992 | Mohler | Dec 2008 | A1 |
| 20100064371 | Mostovych | Mar 2010 | A1 |
| 20110031982 | Leon et al. | Feb 2011 | A1 |
| 20120068326 | Das | Mar 2012 | A1 |
| Number | Date | Country |
|---|---|---|
| WO-9528542 | Oct 1995 | WO |
| WO-9838407 | Sep 1998 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20130125250 A1 | May 2013 | US |
| Number | Date | Country | |
|---|---|---|---|
| 61365349 | Jul 2010 | US |
