The present invention relates, in general to integrated circuits, and more particularly relates to computing modules that are physically highly secure against reverse engineering.
Prevention of reverse engineering and data theft is an important consideration at all levels of computer architecture design. To protect their IP investments, designers currently utilize two main approaches to achieve a physically highly secure computing module. Such a “Highly Secure” computing module is suitable for NIST's FIPS 140-2 level 4 certification for cryptographic modules. The first approach to achieve a physically highly secure computing module is to embody the entirety of a function into a single semiconductor chip whose dimensions are so small that it makes physically probing or optically determining secret information infeasible. The second approach to achieve security is to enclose a set of semiconductor devices (such as a CPU, ASIC, FPGA, DRAM, and SRAM) inside a tamper detecting envelope which fully encloses those devices, and which causes all sensitive information in the system to be destroyed upon penetration.
A common problem with building a single chip solution is that often a single chip is too small to fit an entire complex system design in an economic fashion. Additionally, because of the limits of semiconductor process technologies, all of the semiconductor devices that may be needed in the system may not be able to be fabricated in a single semiconductor manufacturing process.
While an enclosed multi-chip solution alleviates some of the problems of the single chip solution, the use of a fully-enclosed envelope introduces a new set of challenges. Often these envelopes (and their associated packaging materials) are highly thermally insulative, and thus limit the amount of power that can be consumed inside the device and transmitted through the envelope as heat. The strict power budget required for such designs often detrimentally impacts the overall performance of the device. Additionally, because the envelope materials must be as sensitive as possible to potential probing attempts, the reliability problems associated with false positive tampers is significant.
One embodiment of the present invention provides a physically secure substrate assembly that includes a substrate, electrical conductors located on and/or in the substrate, at least one conductive pathway connecting at least two of the electrical conductors, and at least one set of electrical contacts for detecting a break in continuity of at least one of the electrical conductors.
Another embodiment of the present invention provides a secure processing assembly that includes a substrate having a first planar surface and a second planar surface, a first die having electrical contacts on a first surface, a second die having electrical contacts on a first surface, a first conductive pathway connected to at least one of the electrical contacts of the first die, a second conductive pathway connected to at least one of the electrical contacts of the second die, electrical conductors surrounding at least part of the first and second conductive pathways, and a monitoring circuit coupled to the electrical conductors. The first die is mounted on the first planar surface of the substrate such that the electrical contacts of the first die are located between the first surface of the first die and the first planar surface of the substrate. The second die is mounted on the first planar surface of the substrate such that the electrical contacts of the second die are located between the first surface of the second die and the first planar surface of the substrate. At least a portion of the first conductive pathway is located within the substrate, at least a portion of the second conductive pathway is located within the substrate. The monitoring circuit detects a break in continuity of one or more of the electrical conductors.
The accompanying figures, where like reference numerals refer to identical or functionally similar elements throughout the separate views and which together with the detailed description below are incorporated in and form part of the specification, serve to further illustrate various embodiments and to explain various principles and advantages all in accordance with the present invention.
As required, detailed embodiments of the present invention are disclosed herein; however, it is to be understood that the disclosed embodiments are merely exemplary of the invention, which can be embodied in various forms. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present invention in virtually any appropriately detailed structure. Further, the terms and phrases used herein are not intended to be limiting; but rather, to provide an understandable description of the invention.
The present invention, according to a preferred embodiment, provides a physically highly secure multi-chip module without the limitations, such as high temperatures, limited power budgets, and temperamental tamper countermeasures, associated with a conventional secure envelope.
In accordance with the principles of the present invention, one embodiment provides a physically-highly-secure multi-chip module that makes use of silicon on silicon technology. Specifically, in the context of multi-chip solutions to IP security, flip-chip silicon dies are mounted directly on a silicon substrate in a way that renders reverse engineering and data theft virtually impossible.
Cryptography is used to provide data security for sensitive data. Cryptography embodies principles, means and methods for the transformation of data to hide its information content, prevent its undetected modification, and prevent its unauthorized use. Cryptography pertains to the transformation of ordinary text into a coded form (ciphertext) by encryption and transformation of ciphertext back into the plaintext by decryption.
One current standard for the protection of sensitive data is the National Institute of Standards and Technology's (NIST) Federal Information Processing Standard (FIPS) 140-2 Security Requirements for Cryptographic Modules. The standard is applicable to all Federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems (including voice systems) as defined in Section 5131 of the Information Technology Management Reform Act of 1996, Public Law 104-106. This standard must be followed in designing and implementing cryptographic modules that Federal departments and agencies operate, or are operated for them, under contract. The standard is also followed by some private and commercial organizations.
One of the key requirements of the FIPS 140-2 standard is physical security. In multi-chip devices, one major physical security weakness resides in the ability to reverse engineer (i.e., discover the inner-workings of the device or capture data) by probing the interconnections between chips. Preferred embodiments of the present invention render the interconnections un-probable by mounting flip-chip silicon dies directly on a silicon substrate. In this configuration, the connections are sandwiched between the die and substrate so as to be hidden. Preferred embodiments of the present invention utilize materials and techniques to ensure that the multi-chip device cannot be disassembled without rendering it useless.
Referring now to
The mesh-type grid of
The monitoring circuit 228 can be implemented in a variety of ways. In one embodiment, the substrate is provided with contacts 224 and 226 that allow continuity testing of one or more of the conductors by an external circuit 228. There can be a set of contacts for each conductor, one set of contacts coupled to all conductors, or a subset of the conductors coupled to each contact.
The monitoring circuit is provided within one or more of the dies, the substrate 102, the chip carrier 110, external to the assembly, or a combination thereof. A discontinuity can be detected by any of a set of well-known established electrical tests. These tests include resistance measurements, current measurements, voltage measurements, and combinations thereof.
Exemplary vias 400 are shown in
A metallic substance 406, which serves as the conductive material, is placed in the channels. In one embodiment, the metallic substance 406 is copper and is placed utilizing physical vapor deposition. Electroplating can alternatively be utilized to fill the channels with the metallic substance. As in conventional electroplating, excess material is deposited on the surface of the wafer and is polished off utilizing chemical mechanical polishing (CMP).
Those of ordinary skill in the art are familiar with the processes involved in the deposition of conductive material into channels in the silicon substrate. Any fabrication methods can be used in accordance with the present invention.
A via 214 is shown in
In further embodiments of the present invention, the silicon substrate 102 is used to provide other electrical components and functionalities, such as built-in decoupling capacitors, resistor bridges, and other active and passive circuits.
The substrate 102, with vias 208 and 214 and mesh 204, is produced by a well-defined and simplified manufacturing process, and, therefore, results in few manufacturing defects. This architecture is economically advantageous because it is possible to produce a substrate which is larger than typical chips at a price that is less than, or equal to, a smaller conventional chip. More specifically, on a normal chip that includes transistors, the bulk of chip defects are caused in the smallest structures on the device (i.e., transistors and the smallest wires). Because a silicon substrate only includes relatively larger metal structures, it is much less likely to have defects. Thus, its yield should be high and manufacturing costs low.
Referring now back to
Small amounts of the electrically conductive material 108 (i.e., the microballs) are disposed between the electrical contact pads of the chip and the pads on the substrate such that there is electrical communication there between. The multi-chip computing module 100 is thereupon subjected to elevated temperature and pressure to convert the conductive material 108 to a composite to make the attachment permanent. Ideally, the materials are chosen so that the components can never be separated without destroying a functional portion of the module. Preferably, this material will be a transient liquid, such as tin and lead. The tin has a low melting point and combines with the lead. After the combination occurs, the materials must be subjected to very high temperatures to reach the melting point of the lead in order to separate the two.
In one embodiment, the electrically conductive material 108 is not necessary. In this embodiment, the bonding between the dies and the substrate is a direct bonding between metals, such as copper-to-copper bonding. In this embodiment, each of the contact terminals is made at least partially from copper. The components are subjected to temperatures of about 400° C. and pressures of about 100 psi. The copper surfaces experience “grain growth” where the outer electrons in their valence shells combine to form a permanent bond. The single copper junction can then not be separated without subjecting the junction to temperatures of about 1,083° C. (the melting point of copper). At this temperature, the components will be destroyed before the copper contacts separate.
Looking now to
When the dies 104 and 106 are rotated (“flipped”) and placed on top of the substrate 102, electrical contact 501 is aligned with via 510, electrical contact 502 aligned with via 512, electrical contact 505 aligned with a second side of via 512, and electrical contact 506 aligned with via 514. Solder microballs 520 or other types of electrically conductive paste are disposed between the electrical contacts of the dies and the pads on the substrate such that there is electrical communication there between. The assembly is then subjected to elevated temperature and pressure to convert the microballs 520 to a composite to make the attachment permanent.
In this embodiment, as can be seen from the bottom view of the dies 104 and 106 in
Referring now back to
Further security is achieved in this embodiment by making the dies sufficiently thin so that that separation from the other components will result in fracturing of the thin pieces. For instance, the substrate 102 is, in one embodiment, between about 50-150 microns thick. Typically, the dies are about 730 microns thick, but in some embodiments, are only about 350 microns thick.
The above-described structure is effectively as physically secure as a single chip because all of the structures in the device are on the scale of those of a single chip, and disassembly of the system without destroying it is effectively impossible. Probing the microbumps which connect the chips to the substrate will be very difficult because of the sheer size of the microbumps, the opportunity to use area array interconnection, adjacent placement of the chips, and the opportunity to stack or use 3-D silicon.
In the embodiment shown in
It is also possible to add further protection by placing the electrical contacts in rows, as shown in
Referring now to
Accordingly, the present invention allows manufacturers to build physically highly secure modules with multiple chips, which may be custom designed or commodity and built on standard logic, DRAM, Flash, analog or another process technology, without having to submit to the limitations associated with using a secure envelope such as high temperatures, limited power budgets, and temperamental tamper countermeasures.
The terms “a” or “an”, as used herein, are defined as one, or more than one. The term “plurality”, as used herein, is defined as two, or more than two. The term “another”, as used herein, is defined as at least a second or more. The terms “including” and “having”, as used herein, are defined as comprising (i.e., open language). The term “coupled”, as used herein, is defined as connected, although not necessarily directly, and not necessarily mechanically.
Although specific embodiments of the invention have been disclosed, those having ordinary skill in the art will understand that changes can be made to the specific embodiments without departing from the spirit and scope of the invention. The scope of the invention is not to be restricted, therefore, to the specific embodiments, and it is intended that the appended claims cover any and all such applications, modifications, and embodiments within the scope of the present invention.
Number | Name | Date | Kind |
---|---|---|---|
4407007 | Desai et al. | Sep 1983 | A |
4764804 | Sahara et al. | Aug 1988 | A |
4994735 | Leedy | Feb 1991 | A |
5010389 | Gansauge et al. | Apr 1991 | A |
5110664 | Nakanishi et al. | May 1992 | A |
5306866 | Gruber et al. | Apr 1994 | A |
5424573 | Kato et al. | Jun 1995 | A |
5608262 | Degani et al. | Mar 1997 | A |
5717229 | Zhu | Feb 1998 | A |
5804004 | Tuckerman et al. | Sep 1998 | A |
5953213 | Napierala | Sep 1999 | A |
6026221 | Ellison et al. | Feb 2000 | A |
6150124 | Riedel | Nov 2000 | A |
6268660 | Dhong et al. | Jul 2001 | B1 |
6301121 | Lin | Oct 2001 | B1 |
6369444 | Degani et al. | Apr 2002 | B1 |
6500699 | Birdsley et al. | Dec 2002 | B1 |
6579743 | Clevenger et al. | Jun 2003 | B2 |
6620647 | Kroner | Sep 2003 | B2 |
6844631 | Yong et al. | Jan 2005 | B2 |
6861858 | Chen et al. | Mar 2005 | B2 |
6992896 | Fraley et al. | Jan 2006 | B2 |
7105933 | Haza et al. | Sep 2006 | B2 |
20030015709 | Emrick et al. | Jan 2003 | A1 |
20040075170 | Degani et al. | Apr 2004 | A1 |
Number | Date | Country |
---|---|---|
095900 | Nov 1999 | EP |
05-090559 | Sep 1991 | JP |
6045514 | Feb 1994 | JP |
11345932 | Nov 1999 | JP |
11067919 | Jul 2001 | JP |
Number | Date | Country | |
---|---|---|---|
20070138657 A1 | Jun 2007 | US |