Patent Grant
7671324
There is a threat to those who develop new technologies that others will reverse engineer their new technologies. The threat puts commercial businesses at risk that their competitors will reverse engineer their products to obtain proprietary technological or embedded information that is critical to maintaining the business's market share. Government system developers are at risk that enemy nations will use reverse engineering processes on government equipment, and use the stolen technology against them. For both, the economic costs can be substantial and, for governments, such reverse engineering can affect national security.
Hence, there is a need for a high reliability protection system at the card or board level to protect against the advanced techniques used to reverse engineer both software and electronic hardware systems.
The above mentioned problems and other problems are resolved by the present invention and will be understood by reading and studying the following specification.
In one embodiment, an anti-tamper enclosure system is provided. The anti-tamper enclosure system comprises an optical medium; at least one photosensitive sensor configured to measure at least one characteristic of a light wave transmitted in the optical medium; at least one logic circuit coupled to the at least one photosensitive sensor, the at least one logic circuit configured to initiate security measures when the at least one characteristic of the light wave changes; an enclosure coupled to the optical medium and configured to enclose the optical medium, the at least one photosensitive sensor, and the at least one logic circuit; and a plurality of attachment posts configured to be coupled to a printed circuit board, wherein at least one of the plurality of attachment posts is also coupled to the optical medium.
Features of the present invention will become apparent to those skilled in the art from the following description with reference to the drawings. Understanding that the drawings depict only typical embodiments of the invention and are not therefore to be considered limiting in scope, the invention will be described with additional specificity and detail through the use of the accompanying drawings, in which:
In accordance with common practice, the various described features are not drawn to scale but are drawn to emphasize specific features relevant to the present invention. Like reference numbers and designations in the various drawings indicate like elements.
In the following description, reference is made to the accompanying drawings that form a part hereof, and in which is shown by way of illustration specific illustrative embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention, and it is to be understood that other embodiments may be utilized and that logical, mechanical and electrical changes may be made without departing from the scope of the present invention. It should be understood that the exemplary method illustrated may include additional or fewer steps. Furthermore, the method presented in the drawing figures or the specification is not to be construed as limiting the order in which the individual steps may be performed. The following detailed description is, therefore, not to be taken in a limiting sense.
Embodiments of the present invention utilize an optical medium coupled to an enclosure that is sized to fit an electronic board or section of the board to be protected. Embodiments of the present invention enable detection of tamper events even if power is not available during the tamper event. In addition, embodiments of the present invention minimize damage to the board or components if protected components need to be accessed such as for repair or reworking. Notably, as used herein, the terms “light wave” and “optical signal” are interchangeable.
Enclosure system 104 also includes optical signal generator 116, optical medium 118, and sensor 120 shown in
Optical medium 118 is arranged such that an attempt to access components 114 enclosed by enclosure system 104 will cause optical medium 118 to bend, stretch or break. In particular, in this embodiment, optical medium 118 is attached to the interior surface of lid 106 and walls 108 in a mesh pattern. However, in other embodiments, other arrangements can be used. For example, in some embodiments optical medium 118 is embedded inside lid 106 and walls 108. In addition, in some embodiments, optical medium 118 is arranged in other patterns such as a checkered or coil pattern. Segments of exemplary checkered, mesh, and coil patterns are shown in
Returning to
Logic circuit 122 is configured to detect changes in the measured characteristics of the optical signal. Logic circuit 122 is implemented as a field-programmable gate array (FPGA) in some embodiments. In other embodiments, an application specific integrated circuit (ASIC) is used. Causes of changes to the measured characteristics include, but are not limited to, mechanical perturbations, thermal changes, and breaks or punctures in optical medium 118. Mechanical perturbations are small or large scale distortions of optical medium 118. Some small scale distortions may not be visible to the naked eye and can be caused by tensile stress, bending and squeezing, etc. which increase scattering. Thermal changes can also distort measured optical characteristics by affecting density/refractive index gradients which alter optical transmissions.
In some embodiments, logic circuit 122 compares the measured characteristic to an expected value in order to detect changes. One exemplary characteristic is luminosity. Detecting changes in luminosity is accomplished, in some embodiments, by pre-programming logic circuit 122 with a reference value representing the expected luminosity level. In other embodiments, logic circuit 122 compares each measured luminosity value with the immediate previous measured luminosity value. It is to be understood that other values can be used as the expected values in other embodiments. For example, in some embodiments an average of the prior ten measured luminosity values is used as the expected value. As stated above, other exemplary characteristics include, but are not limited to, amplitude, frequency, and wavelength. In such cases, logic circuit 122 can be pre-programmed with the expected value or can compare a measured value to previous measured values as stated above.
If the measured characteristic does not match the expected value, logic circuit 122 determines that a tamper event has occurred and initiates security measures. Security measures include, but are not limited to, physically destroying components 114, erasing data on components 114, encrypting data on components 114, etc. In addition, logic circuit 122 does not signal an alarm or take any actions which would indicate to a reverse engineer that the tamper event has been detected in some embodiments. In some such cases, logic circuit 122 can be configured to provide false data to the reverse engineer to mislead the reverse engineer.
Furthermore, in some embodiments, logic circuit 122 is configured to wait until a certain number of tamper events are detected before initiating security measures in order to minimize the possibility of responding to a false positive. Similarly, logic circuit 122 is configured with hysteresis in comparing the measured luminosity to an expected value such that distortions due to normal operation do not cause logic circuit 122 to initiate security measures in some embodiments.
Other embodiments do not require logic circuit 122 to compare the measured characteristic to an expected value. For example, in one such embodiment, logic circuit 122 is configured to derive an access code based on one or more measured characteristics. The derived access code is then provided to one or more of components 114 enclosed by enclosure system 104. The access code is used to encrypt/decrypt data. Thus, logic circuit 122 provides a dynamic access code based on characteristics of optical signals in optical medium 118. When the characteristics change, the access code changes. Since logic circuit 122 does not need to store any values to derive the access code, it is difficult for a reverse engineer to determine what the original characteristics were in order to decrypt the data. In such embodiments, initiating security measures comprises deriving a new access code based on the changed characteristic(s) of the optical signal.
In this embodiment, an internal power supply 124, such as a battery, is enclosed within enclosure 105. Power supply 124 provides power to optical signal generator 116, sensor 120, and logic circuit 122. However, in other embodiments, power supply 124 is not included. In such embodiments, optical signal generator 116, sensor 120, and logic circuit 122 use power provided by an external power source. However, with or without an internal power supply 124, embodiments of the present invention do not require that power be supplied during a tamper event in order for the tamper event to be detected. As stated above, sensor 120 measures the characteristics of the optical signals in optical medium 118. The effects of tamper events on optical medium 118, such as mechanical perturbations, breaks or punctures, cause the characteristics to change. Therefore, even if power is not supplied when the tamper event occurs, the reverse engineer will move, bend, break, and/or puncture optical medium 118 in gaining access inside lid 106 and walls 108. In addition, at least one attachment post 112 is coupled to board 102 and to optical medium 118. In some embodiments, a high strength bonding material is used to couple attachment posts 112 to board 102 and optical medium 118. The high strength adhesive aids in breaking, bending, or otherwise damaging the optical medium when the optical medium is mechanically perturbed during a tamper event. Thus, any attempt to gain access inside enclosure system 104 will cause bending or breaking of optical medium 118. Once power is restored, logic circuit 122 will detect the change in characteristics indicating a tamper event has occurred and initiate security measures.
Attachment post 312 is coupled to circuit board 302 via screws and/or a bonding material such as epoxy. Insert post 326 is also coupled to optical medium 318 via loop 334. In particular, a section of optical medium 318 is passed through loop 334. If a reverse engineer attempts to remove enclosure 305, optical medium 318, which is coupled to enclosure 305 and insert post 326, will be bent, moved, or broken since insert post 326 can not be extracted from cavity 328. Thus, the attempt to remove enclosure 305 is detected since the characteristics of light in optical medium 318 changes as optical medium 318 is bent, moved, or broken.
In
Attachments posts 612, in
At 706, a logic circuit (e.g. logic circuit 122) is configured to initiate security measures when the characteristics of a light wave in the optical medium changes as described above. In particular, the logic circuit compares a measured value of the light wave to an expected value. In some embodiments, the expected value is a value programmed at the time of manufacture based on tests of the characteristics of light in the optical medium. In other embodiments, the logic circuit compares the current characteristics measurements to the immediately previous characteristics measurement to detect changes. In addition, in some embodiments, the logic circuit is configured with hysteresis to prevent the logic circuit from initiating security measures based on changes due to normal operation.
At 708, the at least one attachment post is coupled to the circuit board. In some embodiments, the at least one attachment post is coupled using screws. In another embodiment, a bonding material such as epoxy is used to couple the attachment post to the circuit board. At 710, the enclosure is coupled to the circuit board. In some embodiments, coupling the enclosure to the circuit board comprises coupling the walls of the enclosure to the circuit board. In other embodiments, coupling the enclosure to the circuit board includes coupling the lid of the enclosure to the at least one attachment post which is coupled to the circuit board. Thus any attempt to remove the enclosure will change the characteristics of light in the optical medium as described above. The logic circuit will then initiate security measures upon detecting the change in characteristics.
Although specific embodiments have been illustrated and described herein, it will be appreciated by those of ordinary skill in the art that any arrangement, which is calculated to achieve the same purpose, may be substituted for the specific embodiment shown. This application is intended to cover any adaptations or variations of the present invention. Therefore, it is manifestly intended that this invention be limited only by the claims and the equivalents thereof.
This application is related to the following commonly assigned co-pending applications, each of which is hereby incorporated herein by reference: U.S. Provisional Patent Application Ser. No. 60/827,190, filed Sep. 27, 2006 entitled “Anti-Tamper Enclosure System”. The present application hereby claims priority, under 35 U.S.C. § 119(e), to U.S. Provisional Patent Application No. 60/827,190.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4161348 | Ulrich | Jul 1979 | A |
| 4447123 | Page et al. | May 1984 | A |
| 4523186 | Fiarman | Jun 1985 | A |
| 5026141 | Griffiths | Jun 1991 | A |
| 5117457 | Comerford et al. | May 1992 | A |
| 5468990 | Daum | Nov 1995 | A |
| 5506566 | Oldfield et al. | Apr 1996 | A |
| 5568124 | Joyce et al. | Oct 1996 | A |
| 5675319 | Rivenberg et al. | Oct 1997 | A |
| 5677769 | Bendett | Oct 1997 | A |
| 5821582 | Daum | Oct 1998 | A |
| 6215397 | Lindskog | Apr 2001 | B1 |
| 6396400 | Epstein, III et al. | May 2002 | B1 |
| 6400268 | Lindskog | Jun 2002 | B1 |
| 6692031 | McGrew | Feb 2004 | B2 |
| 6838619 | Soyfertis | Jan 2005 | B1 |
| 6853093 | Cohen et al. | Feb 2005 | B2 |
| 6970360 | Sinha | Nov 2005 | B2 |
| 7005733 | Kommerling et al. | Feb 2006 | B2 |
| 7015823 | Gillen et al. | Mar 2006 | B1 |
| 7021146 | Nash et al. | Apr 2006 | B2 |
| 7030974 | Spirin et al. | Apr 2006 | B2 |
| 7045730 | Hollar et al. | May 2006 | B2 |
| 20010033012 | Kommerling et al. | Oct 2001 | A1 |
| 20010056542 | Cesana et al. | Dec 2001 | A1 |
| 20020191788 | Inchalik et al. | Dec 2002 | A1 |
| 20020199111 | Clark et al. | Dec 2002 | A1 |
| 20030014643 | Asami et al. | Jan 2003 | A1 |
| 20060051036 | Treado et al. | Mar 2006 | A1 |
| 20060214069 | Schiebler | Sep 2006 | A1 |
| 20060261259 | Beinhocker | Nov 2006 | A1 |
| 20070038865 | Oggioni et al. | Feb 2007 | A1 |
| Number | Date | Country |
|---|---|---|
| 10065747 | Dec 2000 | DE |
| 0142013 | May 1985 | EP |
| 0509567 | Oct 1992 | EP |
| 0972632 | Jan 2000 | EP |
| 1045352 | Oct 2000 | EP |
| 1273997 | Jan 2003 | EP |
| 9502742 | Jan 1995 | WO |
| 9738364 | Oct 1997 | WO |
| 0123980 | Apr 2001 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20080073491 A1 | Mar 2008 | US |
| Number | Date | Country | |
|---|---|---|---|
| 60827190 | Sep 2006 | US |
