UA70312C2 - Device for protection of an integrated circuit device for protection of an integrated circuit - Google Patents

Abstract

The invention relates to a protection circuit for an integrated circuit (1). The protection circuit is preferably arranged in several circuit planes (2, 3) below and/or above the integrated circuit (1) and has several printed conductors (10, 11) to which different signals of one or more signal generators are applied. After passing through the printed conductors (10, 11) the different signals are analysed by means of one or more detectors. The signals received by the detectors are compared with setpoint signals, also called reference signals, and if a significant difference is detected an alarm signal is sent to the integrated circuit. On the basis of this alarm signal the integrated circuit (I) is switched to a safety mode which makes it virtually impossible to analyse or manipulate said integrated circuit.

Description

damage to the track and reliable detection of a false signal. Such a hole can also lead to the formation of a short circuit between different tracks, which, due to the loss of the signal, is reliably recognized by the corresponding detector as a false signal. At the same time, the width of the tracks is chosen in such a way that it corresponds to the minimum width achievable with the applied technology. Thanks to this special design of the tracks - on the one hand in the form of very narrow strips, and on the other hand in the form of structures spread over different levels of the microcircuit with maximum surface coverage - an unexpectedly significant degree of protective action against mechanical interference in the protective circuit has been achieved. Such intervention can be carried out by drilling or planing.

According to the preferred embodiment of the invention, the detector or detectors of the protective circuit are placed under the upper level of the tracks of the protective circuit and are protected by these tracks from unwanted interference. Thanks to such a structure, cascade protection is provided by the tracks of the detectors of the protective circuit and the integrated microcircuit by the tracks with the detectors.

Thanks to such a design, inspection or manipulation of the detector or detectors is significantly difficult due to the protection of the tracks placed above them, which excludes the possibility of interference by feeding signals to the detectors.

In the case of generating different signals completely independently of each other, for example, with the help of independent generators, it is guaranteed that these signals are significantly different from each other, since they are systematically independent of each other, and therefore, in the general case, can only be modeled with large difficulties and with great costs. The task is complicated by the fact that several different signals must be purposefully routed to the correct tracks and at the same time to the correct detectors, which is almost impossible given the extremely limited dimensions of the integrated circuit. Thus, such a protective circuit proved to be particularly successful in protecting an integrated microcircuit.

In another version of the invention, several detectors are connected to one track, which remove the signal from the track, each at its own point, and monitor it. That is, in this form of execution, the track is divided into several sections, each of which is monitored by a separate detector. Thus, these sections of the track assume the function of a controlled track. At the same time, thanks to multiple monitoring of the entire track, divided into segments, it is guaranteed that if interference in the track is not detected in a certain way by one of the detectors, then another or part of the other detectors will detect a change in the controlled signal and generate an alarm signal. Due to the redundant placement of detectors along the track, the enhanced protective effect of the protective scheme is achieved.

In general, they try to use the maximum number of signal tracks and the maximum number of signal generators and detectors in order to make it difficult to intervene in the form of reconfiguration of the protection scheme by their very number. However, depending on the size of the integrated circuit, these possibilities are limited, since a large number of individual signals means high technological costs, which leads to a significant increase in the price of the microcircuit due to protective measures.

Therefore, in another variant of the invention, the above-described methods of forming protective signals are combined with a multiplexer and a demultiplexer. At the same time, by the time multiplexing method, different tracks of the protective screen are connected to the same generator outputs and detector inputs at different times.

Thus, the number of generators and detectors can be smaller than the number of segments of the protective screen.

The advantage of this option should also be considered that the number of tracks through which the reference signal from the corresponding generator is supplied to the detectors is also reduced, which leads to a significant saving of the chip area.

The multiplexer and demultiplexer can be managed either centrally, or their state depends only on the number of completed cycles of the entire synchronization system. It is especially advantageous to control the multiplexer channel using random or pseudo-random signals,

Control of truly random signals requires current synchronization of the multiplexer (and demultiplexer with a special control signal. Control of pseudo-random signals makes possible the local formation of identical control signals in the spatial proximity of the multiplexer and demultiplexer.

According to a particularly preferred form of implementation of the protective scheme, in the case of using several detectors, they are combined. Thanks to this, in the event that the detector detects improper operation, that is, unauthorized intervention in the integrated microcircuit, the integrated microcircuit is transferred to the safety mode. Thanks to the combination, it is also possible with the help of individual detectors to check the performance of other detectors or the presence of other detectors as part of the confirmation function or as part of the self-monitoring function and thus detect unwanted interference in the protective circuit or in the protected integrated circuit and initiate the safety mode of the integrated microcircuit.

It turned out to be beneficial to combine generators along with detectors, thanks to which failure or interference with the generator can be detected. In addition, thanks to the combination of generators with detectors, it is possible to transmit from generators to their corresponding detectors information about the signals produced by them, for example, in terms of changes in time, level, shape or other parameters. Due to this, the variability of different signals and, thus, the degree of freedom of the protective circuit are significantly increased, which makes it difficult to interfere and, therefore, significantly increases the effectiveness of the protective circuit against undetected interference in the integrated microcircuit.

Thus, the main idea of the invented protective scheme is not in the local concentration of the components of the protective scheme, but in their decentralization, dispersion over a large area, increasing their number and diversifying their implementation. This results in signal generation, routing, and control being distributed among multiple, redundant components, thereby achieving a higher degree of protection against unwanted inspection or manipulation of the protected circuit or integrated circuit to be protected.

Protection circuits for integrated circuits and their advantages are explained in more detail below with examples of implementation using drawings. They depict:

Fig. 1 is a functional diagram of the invented protective circuit with one signal generator and one signal detector for each conductive track,

Fig. 2 is a functional diagram of another example of a protective circuit,

Fig. 3 cross-section through an integrated microcircuit with a protective circuit,

Fig. 4 is a functional diagram of another example of the invented protective circuit with a demultiplexer and a multiplexer.

Figure 1 schematically shows the structure of a protective circuit for an integrated microcircuit. It contains three electrically conductive tracks 10, 11, 12, separated from each other, laid in parallel. These tracks 10, 11, 12 are made in the form of a meander and cover a certain area of the integrated microcircuit.

Tracks 10, 11, 12 are each connected to their signal generator 20, 21, 22. Signal generators 20, 21, 22 apply to tracks 10, 11, 12 independent of each other and therefore basically different signals. These signals pass along tracks 10, 11, 12 and are analyzed at their ends by separate detectors 30, 31, 32 attached to each track.

As part of this analysis, the signals received through the tracks 10, 11, 12 are compared with the reference signals supplied from the generators 20, 21, 22 to the detectors 30, 31, 32 through the connecting conductors 13, 14, 15. Reference signals are either directly the same signals passing through tracks 10, 11, 12, or add the necessary information to these primary signals in order to obtain the necessary information for the reference signals from them.

Processing in the detectors 30, 31, 32 is carried out by comparing the reference signals with the signals received through the tracks 10, 11, 12. If a difference is established between these signals, an alarm signal is formed as a control signal for the integrated microcircuit and through the connected to each detector 30, 31, 32 conductor 4 is fed to the integrated microcircuit.

This signal puts the integrated microcircuit into a state called the safety mode. In this mode, for example, the contents of the memory cells can no longer be read, because, for example, immediately after switching to the security mode, the information recorded in them is completely erased and irretrievably lost. Therefore, it is no longer possible to read or change the information recorded in the program or information areas of the memory, for example, code keys or terminal numbers or personal data of the user, by manipulation.

Due to the multiple, decentralized implementation of conductive paths 10, 11, 12, generators 20, 21, 22 and detectors 30, 31, 32, this protective circuit is very difficult to "deceive" by supplying external signals, for example, in order to obtain more detailed information about the protected integrated microcircuit by chip removal or drilling.

Due to the need to simulate not only one signal, but simultaneously to simulate a large number of different signals in different places for different detectors placed in a limited area, it is almost impossible to make an intervention in an integrated microcircuit without detecting a change in signals, that is, without interfering with the protective circuit. If the detector 30 detects a change in the signal of the track 10 supplied to it, then it, independently of other detectors 31, 32, generates an alarm signal and transmits it through the conductor 4 to the integrated microcircuit, putting it in the safety mode.

Thanks to the meander-like parallel configuration of tracks 10, 11, 12, a closed structure of electrically conductive tracks covering the surface is formed; it reliably protects the integrated microcircuit placed under it or at least its part from interference through these conductive tracks 10, 11, 12. If someone tries to reach the integrated microcircuit placed under the tracks 10, 11, 12 by mechanical means, then he will be forced to damage or even break one of the tracks 10, 11, 12, which leads to a significant change in the signal transmitted on this track. This significant signal change is identified by the detector connected to this track as a malfunction, resulting in an alarm signal.

Conductive tracks 10, 11, 12 have such a small width that any hole made to achieve levels 2 and 3 of the protective circuit breaks the tracks. For this, the distance between individual tracks is chosen very small, and the tracks themselves are placed in the levels of the scheme in the form of a meander. At the same time, absolutely reliable breaking of the tracks is ensured when an inspection or manipulation is attempted, the signal at the end of the track 10, 11, 12 disappears, which is interpreted by the detectors as interference.

The signals produced by generators 20, 21, 22 are special, more often digital, but also analog signals, the parameters of which change when there are changes in the path of their passage through the tracks.

Another version of the protective circuit is schematically presented in Fig. 2. It contains one closely spaced track structure, to which the signal produced by the generator 20 is supplied at point 9.

On the track structure, there are four points of departure of the signal transmitted along it. Each signal point is connected to an amplifier 43, 44, 45, 46 to amplify the signal.

Amplified signals are fed to detectors 33, 34, 35, 36. Depending on the placement of the lead points, the track structure is formed by track 10a between point 9 of signal introduction and the connection point of the amplifier 43 for detector 33, track 106 between point 9 of signal introduction | the connection point of the amplifier 44 for the detector 34, the track 10c between the point 9 of the signal supply and the connection point of the amplifier 45 for the detector 35 and the track 104 between the point 9 of the signal supply and the connection point of the amplifier 46 for the detector 36.

Each of the detectors works independently of the other detectors and through its track 4 can transmit an alarm signal to the integrated circuit, which will put it in the safety mode.

The generator 20 through connecting conductors 16, 17, 18, 19 is connected to the detectors 33, 34, 35, 36 and transmits to them specific information about the reference signals for monitoring the tracks 10a, 10p, 10s, 10a. Under the control of the program, the generator randomly selects the type of signal supplied to the track structure, and through the connecting conductors 16, 17, 18, 19 transmits information about the form of the supplied signal to the detectors. Detectors 33, 34, 35, 36 evaluate the signal supplied to them through the connecting conductors 16, 17, 18, 19 by comparing it with the signals received at the points of signal removal from tracks 1b0a, 105, 10s, 104. In case of detection of a significant differences, that is, incorrect operation, each of the detectors 33, 34, 35, 36 independently generates an alarm signal and transmits it to the integrated microcircuit through the conductor 4, putting it in the safety mode.

Thanks to the placement of tracks 1b0a, 100, 10c, 104 densely, with overlap, the conditions are ensured under which interference with the track system leads to changes not only in one of the tracks 1Oa, 10r, 10s, 1049, but simultaneously to changes in several tracks 10a, 10B, 10c, 104. Therefore, when carrying out an unauthorized inspection or manipulation, the attacker must simulate and send a correct signal not only to one detector, but to several, or even all detectors. This signal in form and time parameters must correspond to the reference signal, which is directly or indirectly transmitted to the detectors 33, 34, 35, 36 from the generator 20 through the connecting conductors 16, 17, 18, 19. At the same time, taking into account the fact that generator 20 under the control of the program can dynamically change the signal supplied to point 9, it becomes obvious that inspection or manipulation of the protective circuit, and therefore the integrated microcircuit protected by such a protective circuit, is practically excluded.

Figure 3 shows the layered structure of the integrated microcircuit 1 and the protective circuit placed above it. Figure 3 does not show the corresponding protective circuit on the underside of the integrated circuit. Such a second protection circuit on the other side of the IC 1 has the same structure as the protection circuit shown here.

The protective circuit is placed on top of the integrated microcircuit 1. It contains two levels 2, C, placed one above the other, separated from each other and from the protected integrated microcircuit 1 by insulating layers 5. Thanks to the insulating layer 5, the danger of short circuits between tracks 10, 11 and the integrated scheme 1.

In the first level 2, the tracks 10 made in the form of strips are separated by insulating zones 6 made in the form of strips. The tracks 10 are placed parallel to each other. On top of level 2, a second level 3 is placed, containing tracks 11 made in the form of strips, parallel to each other. Tracks 11 are also separated and, thus, isolated from each other by isolation zones 6. Tracks 10 are placed in such a way that in interaction with tracks 11 they completely cover the protected integrated circuit 1. This complete coverage is achieved when, when viewed through the first and second levels of the protective circuit, every point of the protected circuit, that is, every protected point of the integrated circuit 1 is covered either by tracks 10 or tracks 11 or as tracks 10 and tracks 11.

When trying to gain access to the protected integrated circuit 1, the attacker will first have to penetrate through the protective circuit, that is, through levels 2, C and, taking into account the full coverage, damage at least one of the tracks 10, 11. Such damage, which can be, for example, complete breaking tracks or short circuiting between tracks in level 2 or between tracks of levels 2, 3, or partial damage to tracks 10, 11, leads to a clear change in the signal transmitted through these tracks, which, compared to the expected reference signal, is interpreted by the corresponding detector as a false signal and intervention in the protective circuit or the protected integrated microcircuit, which leads to the supply of an alarm signal to the integrated microcircuit 1. This alarm puts IC 1 into safety mode.

In the first level 2, generators 20, 21, 22 and corresponding detectors 30-36 are placed, protected by level C placed above it with tracks 11, not shown in Fig. 3. This structure is spread over the entire first level 2, which significantly limits the ability to overcome the protective scheme.

Figure 4 shows an example of an improved embodiment of the invention with eight electrically conductive tracks 40-47. These eight tracks 40-47 are divided into two groups of four tracks: 40-43 and 44-47. Only one generator 60 and, respectively, 62 and one detector 61 and 63 are assigned to each of the groups of tracks. The signals of the generators 60 and 62 are fed to the groups of tracks 40-43 and 44-47 through demultiplexers 50 and 52, and the signals transmitted through the tracks are fed to detectors 61 and 63 through multiplexers 51 and 53.

In this embodiment of the invention, only one connecting conductor 48 and, respectively, 49 is needed for each group of tracks to supply the reference signals to the detectors 61, 63. The detectors 61, 63 each have one conductor 4, through which an alarm signal is transmitted if the signal, obtained through multiplexers 51, 53, does not coincide with the expected one.

In the depicted example of execution with two groups of tracks 40-43 and 43-47, two different possibilities of controlling demultiplexers 50, 52 and multiplexers 51, 53 are shown. In the upper part of Fig. A4, control of demultiplexer 50 and multiplexer 51 in order to select one of the tracks 40 43 is carried out jointly from one generator of 70 random signals. In the case of the group of tracks 43-47 depicted in the lower part of Fig. 4, the control of the demultiplexer 52 and the multiplexer 53 for the purpose of selecting tracks is carried out from two separate, but identically designed pseudo-random signal generators 71, 72, which, due to the same structure, are under the action of a common synchronization signal produce the same random numbers at the same time.

In principle, it is also possible to control demultiplexers and multiplexers by the synchronization signal itself, which, although schematically simpler, is more critical from the point of view of security.

Depending on the available area of the chip, on the basis of this improved version of the protective scheme, a good compromise can be found between the maximum complete coverage of the chip surface with the narrowest and most densely placed tracks and the desire to achieve the lowest possible circuit costs.

Fig. in : MM on en ! ve МЖЖ MKM BUM UM

EM and VK "M

From "but I

FMG. - that 3 Her and ; NN; and U,

Villa and house;

Don foni - -б-и ии

Con tives M Nd in ininny TB nH-

KE IZ KZ set 1 X і U detetetetetetitititikniky no E N ДН і

Adler ortyuu y metro and M krOJM ro ren,

SU na V KAN MA MY ZO Z V NE Z PI va i

Kzrzni TT EI Zhe

CARRIE ERRRERERIS

WE ARE NOT ME

RR: ANA o o

NO EE NO KK

25 Zyade -nN nnn penmshn-ya et t

Biennnnkos same sn

KR dennu rinnnyau 0 roti tetu 11 18th EN GE: And embroider fi ROK O Borders; zt NI NN ti u, gentlemen shk WRITE SHE NO

Ed pi PI TI Z schu

N N me N n u Ya N vB5EŽy Z scha had the same thing as the same game N PI N fund i nndtni nyannia ie na i

We are not M KT gy U she is NOT WE ny y

Khornuzh "rZh pt riv K y V o SOS sita ladan in Diche le BM U MA

EE or nn kash i s B ni V nn

ASK aa ee I shi and ko OT 1; In ut otu wa ; 2 WRITE the solution in V shN Z . I am a daughter of the Ascension Day

N KU N

F: -- N

N ZM nia OM, i

But here I am:

N romom ovo WE N i r omooooviooo viv oo ooo in M

With BEK ki Meringue

On BE V shi memes ooo ME Z nach edges and U i uko N ih hornovy. in; taken in AASOE and kh

N ! 1 of them

N t mae Dootnogech что

Mn KU pi with: N

N Ko i

N KON: Nya BOSH SYPYTSITS OI o feya o vy i MN VN -r ky

Es opo WE and

NO KIY 3 dyan DK at shnn - 1.20 p.m

Korea vi ryn and : and seti splzhny