WO2015000813A1 - Electronic hardware assembly - Google Patents

Electronic hardware assembly Download PDF

Info

Publication number
WO2015000813A1
WO2015000813A1 PCT/EP2014/063745 EP2014063745W WO2015000813A1 WO 2015000813 A1 WO2015000813 A1 WO 2015000813A1 EP 2014063745 W EP2014063745 W EP 2014063745W WO 2015000813 A1 WO2015000813 A1 WO 2015000813A1
Authority
WO
WIPO (PCT)
Prior art keywords
die
electronic hardware
assembly according
hardware assembly
laminar
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2014/063745
Other languages
French (fr)
Inventor
Nigel Clement DAVIES
David John Lees
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qinetiq Ltd
Original Assignee
Qinetiq Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qinetiq Ltd filed Critical Qinetiq Ltd
Priority to KR1020167002604A priority Critical patent/KR102067397B1/en
Priority to RU2016103116A priority patent/RU2016103116A/en
Priority to US14/899,406 priority patent/US10181430B2/en
Priority to ES14734458T priority patent/ES2811801T3/en
Priority to JP2016522544A priority patent/JP2016524339A/en
Priority to CN201480037813.6A priority patent/CN105474390B/en
Priority to EP14734458.4A priority patent/EP3017473B1/en
Publication of WO2015000813A1 publication Critical patent/WO2015000813A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H10SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
    • H10WGENERIC PACKAGES, INTERCONNECTIONS, CONNECTORS OR OTHER CONSTRUCTIONAL DETAILS OF DEVICES COVERED BY CLASS H10
    • H10W76/00Containers; Fillings or auxiliary members therefor; Seals
    • H10W76/10Containers or parts thereof
    • H10W76/12Containers or parts thereof characterised by their shape
    • H10W76/15Containers comprising an insulating or insulated base
    • H10W76/153Containers comprising an insulating or insulated base having interconnections in passages through the insulating or insulated base
    • HELECTRICITY
    • H10SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
    • H10WGENERIC PACKAGES, INTERCONNECTIONS, CONNECTORS OR OTHER CONSTRUCTIONAL DETAILS OF DEVICES COVERED BY CLASS H10
    • H10W42/00Arrangements for protection of devices
    • H10W42/40Arrangements for protection of devices protecting against tampering, e.g. unauthorised inspection or reverse engineering
    • HELECTRICITY
    • H10SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
    • H10WGENERIC PACKAGES, INTERCONNECTIONS, CONNECTORS OR OTHER CONSTRUCTIONAL DETAILS OF DEVICES COVERED BY CLASS H10
    • H10W42/00Arrangements for protection of devices
    • H10W42/40Arrangements for protection of devices protecting against tampering, e.g. unauthorised inspection or reverse engineering
    • H10W42/405Arrangements for protection of devices protecting against tampering, e.g. unauthorised inspection or reverse engineering using active circuits
    • HELECTRICITY
    • H10SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
    • H10WGENERIC PACKAGES, INTERCONNECTIONS, CONNECTORS OR OTHER CONSTRUCTIONAL DETAILS OF DEVICES COVERED BY CLASS H10
    • H10W90/00Package configurations
    • HELECTRICITY
    • H10SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
    • H10WGENERIC PACKAGES, INTERCONNECTIONS, CONNECTORS OR OTHER CONSTRUCTIONAL DETAILS OF DEVICES COVERED BY CLASS H10
    • H10W72/00Interconnections or connectors in packages
    • H10W72/01Manufacture or treatment
    • HELECTRICITY
    • H10SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
    • H10WGENERIC PACKAGES, INTERCONNECTIONS, CONNECTORS OR OTHER CONSTRUCTIONAL DETAILS OF DEVICES COVERED BY CLASS H10
    • H10W72/00Interconnections or connectors in packages
    • H10W72/823Interconnections through encapsulations, e.g. pillars through molded resin on a lateral side a chip
    • HELECTRICITY
    • H10SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
    • H10WGENERIC PACKAGES, INTERCONNECTIONS, CONNECTORS OR OTHER CONSTRUCTIONAL DETAILS OF DEVICES COVERED BY CLASS H10
    • H10W74/00Encapsulations, e.g. protective coatings
    • HELECTRICITY
    • H10SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
    • H10WGENERIC PACKAGES, INTERCONNECTIONS, CONNECTORS OR OTHER CONSTRUCTIONAL DETAILS OF DEVICES COVERED BY CLASS H10
    • H10W90/00Package configurations
    • H10W90/20Configurations of stacked chips
    • H10W90/271Configurations of stacked chips the chips having passive surfaces facing each other, i.e. in a back-to-back arrangement
    • HELECTRICITY
    • H10SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
    • H10WGENERIC PACKAGES, INTERCONNECTIONS, CONNECTORS OR OTHER CONSTRUCTIONAL DETAILS OF DEVICES COVERED BY CLASS H10
    • H10W90/00Package configurations
    • H10W90/20Configurations of stacked chips
    • H10W90/28Configurations of stacked chips the stacked chips having different sizes, e.g. chip stacks having a pyramidal shape
    • HELECTRICITY
    • H10SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
    • H10WGENERIC PACKAGES, INTERCONNECTIONS, CONNECTORS OR OTHER CONSTRUCTIONAL DETAILS OF DEVICES COVERED BY CLASS H10
    • H10W90/00Package configurations
    • H10W90/20Configurations of stacked chips
    • H10W90/291Configurations of stacked chips characterised by containers, encapsulations, or other housings for the stacked chips
    • HELECTRICITY
    • H10SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
    • H10WGENERIC PACKAGES, INTERCONNECTIONS, CONNECTORS OR OTHER CONSTRUCTIONAL DETAILS OF DEVICES COVERED BY CLASS H10
    • H10W90/00Package configurations
    • H10W90/20Configurations of stacked chips
    • H10W90/297Configurations of stacked chips characterised by the through-semiconductor vias [TSVs] in the stacked chips
    • HELECTRICITY
    • H10SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
    • H10WGENERIC PACKAGES, INTERCONNECTIONS, CONNECTORS OR OTHER CONSTRUCTIONAL DETAILS OF DEVICES COVERED BY CLASS H10
    • H10W90/00Package configurations
    • H10W90/701Package configurations characterised by the relative positions of pads or connectors relative to package parts
    • H10W90/721Package configurations characterised by the relative positions of pads or connectors relative to package parts of bump connectors
    • H10W90/722Package configurations characterised by the relative positions of pads or connectors relative to package parts of bump connectors between stacked chips
    • HELECTRICITY
    • H10SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
    • H10WGENERIC PACKAGES, INTERCONNECTIONS, CONNECTORS OR OTHER CONSTRUCTIONAL DETAILS OF DEVICES COVERED BY CLASS H10
    • H10W90/00Package configurations
    • H10W90/701Package configurations characterised by the relative positions of pads or connectors relative to package parts
    • H10W90/721Package configurations characterised by the relative positions of pads or connectors relative to package parts of bump connectors
    • H10W90/724Package configurations characterised by the relative positions of pads or connectors relative to package parts of bump connectors between a chip and a stacked insulating package substrate, interposer or RDL
    • HELECTRICITY
    • H10SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
    • H10WGENERIC PACKAGES, INTERCONNECTIONS, CONNECTORS OR OTHER CONSTRUCTIONAL DETAILS OF DEVICES COVERED BY CLASS H10
    • H10W90/00Package configurations
    • H10W90/701Package configurations characterised by the relative positions of pads or connectors relative to package parts
    • H10W90/751Package configurations characterised by the relative positions of pads or connectors relative to package parts of bond wires
    • H10W90/754Package configurations characterised by the relative positions of pads or connectors relative to package parts of bond wires between a chip and a stacked insulating package substrate, interposer or RDL

Definitions

  • the present invention relates to electronic hardware assemblies, and to associated methods.
  • the invention relates to providing protective layers within electronic hardware assemblies.
  • a security module 100 housing a Stacked Chip 'System on Chip' package 101 is shown, comprising a Dynamic memory (DRAM) chip 104 mounted on top of an application- specific integrated circuit (ASIC) 106.
  • DRAM Dynamic memory
  • ASIC application- specific integrated circuit
  • the stacked chips 104, 106 are in turn mounted on an intermediate substrate 108, which in this example includes Vertical Interconnect Accesses (vias) 1 10 (only two of which are labelled for reasons of clarity), allowing data and power to pass through the intermediate substrate 108.
  • PCB 1 14 Printed Circuit Board
  • the PCB 1 14 will also comprise a connection, which passes through the tamper responsive mesh 102.
  • the whole package is also surrounded by encapsulating resin 1 16 to form the security module 100.
  • a chip or 'die' 150 is usually built up in layers on a substrate 152, which is often (but not always) made of silicon. Functional components are either added to or formed from the material of the substrate 152 in a lithographic process to form a portion of the die 150 termed herein a
  • a tamper shield 156 may comprise one or more metal track(s) arranged in coil (often a square or rectangular coil), or as a series of parallel tracks, or the like.
  • a tamper shield 156 may comprise one or more metal track(s) arranged in coil (often a square or rectangular coil), or as a series of parallel tracks, or the like.
  • the skilled person may wrap a die (and/or the package containing the die) with a separate mesh such as the Gore mesh described above but this adds complexity and cost to the manufacturing process.
  • an electronic hardware assembly comprising at least a first and second laminar component, wherein the first laminar component comprises a die, the die comprising a substrate, a functional region and a first protective layer, and the second laminar component comprises a second protective layer, wherein the first and second laminar components are arranged in a stack such that the functional region of the first laminar component is arranged within the assembly substantially between first and second protective layers.
  • the term 'functional region' is intended to refer to the region that allows the die to operate for intended purpose. Therefore, by way of example, if the die is arranged to provide a memory, the functional region provides data storage. If however the die is intended to provide a more complex Integrated Circuit (IC), it may comprise a plurality overlapping functional layers or units. Some functional layers/units may for example be diffused with dopants, while other may be implanted with ions, or formed of polysilicon or metal to provide conducting functional layers, or acting to define connections between functional layers or the like. As a further example, a capacitive structure will have functional layers which comprise parallel conducting plates and layers of insulating material between the plates. Other functional layer types and structures will be familiar to the skilled person.
  • IC Integrated Circuit
  • 'stack' as used herein may refer to a close stack or the layers of the stack may be spaced apart from one another. So long as the laminar components lie in substantially parallel planes, and one component at least partially overlies another, this constitutes a 'stack' for the purpose of this invention.
  • the stacks are fixed, i.e. in such stacks, the laminar components are fixed relative to one another in
  • the term 'protective layer' is intended to refer to any structure which resists or reacts to attempts to access the interior of the functional region of the die, including anti tamper layers, tamper resistant layers (which are difficult to physically penetrate), tamper evident layers, active tamper shield layers (which act to blank or destroy the content of the functional region of a die), and the like.
  • anti tamper layers tamper resistant layers (which are difficult to physically penetrate), tamper evident layers, active tamper shield layers (which act to blank or destroy the content of the functional region of a die), and the like.
  • active shields can act to ensure that sensitive data is electronically deleted or scrambled, and ideas for physically destroying structures have also been disclosed, for example in US2012/0068326, assigned to Endicott Interconnect Technologies. Such an arrangement is advantageous as the functional region may be largely surrounded by protective layers.
  • an assembly comprising two stacked dies, each of which comprises a substrate, a functional region and a protective layer, the functional regions (and preferably the substrates) being arranged within the assembly such they are between the two protective layers.
  • the dies may thus be arranged 'back-to-back' or 'substrate to substrate', providing the function of each die, and each providing a protective layer to shield the base of the substrate of the other die from possible attack.
  • the protective layer is a metallic layer, as this will provide heat conduction away from the functional regions.
  • any top-layer formed of metal for example an anti-tamper metal structure, would help to cool the compound die, the fact that the mesh is on two faces provides good heat transfer interface.
  • the main power dissipation is active components on the silicon surface.
  • the thermal resistivity between the silicon surface and top level metal may be be higher due to inter-metal dielectrics so this may not be as efficient as removing heat via the substrate. Therefore, further heat conduction structures (such as will be familiar to the skilled person) may be provided.
  • the dies may have the same (i.e. a common) design, which could limit manufacturing costs. However, the dies may be configured differently. In some examples, one of the dies may only have minimal functionality enabled. In cases where multiple reconfigurable elements are included (e.g. microprocessors) then each die could have specific functions allocated to it.
  • Such an assembly may be highly versatile.
  • an assembly comprising two stacked dies, each of which comprises a substrate and a protective layer, wherein one of the dies further comprises a functional region, and the other of the dies comprises a dummy region, and the functional region is arranged within the assembly such it is between the two protective layers.
  • the dummy region is arranged such that is outside the protective layers.
  • the dummy region may be a defective functional region; i.e. a functional region which fails to perform one or more of its intended function(s), but in which the protective layer is capable of providing protection. This is advantageous as it prevents defective dies from be wasted entirely, so long as they are capable of providing a protective function.
  • the dummy region may also be, in principle, functional but not used in the electronic hardware assembly. In such examples, it may be preferable to arrange the dummy region between the protective layers.
  • the second laminar component may comprise a die which has been processed simply to provide a protective layer.
  • a die may be relatively inexpensive to produce, in particular if the feature size can be made relatively large when compared to those typically seen on an ASIC or other die.
  • the second laminar component may be a lid of a hardware package.
  • the lid may for example be made of a ceramic material, a metal, or the like.
  • the protective layer may be provided by one or more metal tracks, for example screen printed onto the lid (in the case of a metal lid, there may be an insulating layer between the metal and the track(s)).
  • the lid may comprise one or more Printed Circuit Boards (PCBs) printed with one or more tracks.
  • PCBs Printed Circuit Boards
  • the shield could be simply printed onto the material of the lid.
  • the laminar components are interconnected, for example comprising vias (such as Through Silicon Vias (TSVs)) to inter-connect them.
  • the vias may, for example, be filled with a conductor, such as a tungsten connector.
  • Use of vias, in particular TSVs, in electronic hardware assemblies is advantageous when compared to alternative possibilities such as 'package-on-package' hardware assemblies as they can be made with more dense connections and because the length of the connections is generally shorter. This can improve connectivity at the same time as providing small assemblies. It also allows multiple dies, possibly performing multiple functions, to be provided with a small footprint.
  • the vias may also be inter-connected with one or both protective layers.
  • the protective layer is an anti-tamper layer (such as an anti- tamper grid or track or the like, which detects tamper events) the vias could therefore be functionally part of the anti-tamper protection and provide edge tamper detection.
  • the protective layer comprises one or more metallic layers or tracks. This is a known form of a protective layer.
  • the assembly comprises at least one monitor, arranged to monitor the status of the protective layers.
  • a single monitor is arranged to monitor the protective layer on at least two laminar components. This limits the functionality required on the other laminar component(s). Further, it may be preferable that the monitor is arranged between the protective layers, so that it benefits from the protection provided and does not itself present an avenue for attack.
  • the functional region of at least one die within the assembly comprises a monitoring unit, capable of monitoring the protective layer.
  • the monitoring unit may, for example, be fabricated lithographically in the functional region along with any other functional components of the functional region. This is a known way of providing a monitor for a protective layer, and in particular for monitoring active tamper shields.
  • the monitoring unit may, for example be arranged to detect one of a change in resistance (shorting, open circuit, change in resistance, resistive bridge) and/or a change in capacitance or electro-magnetic field properties (e.g. based on MEMs principles), or the like.
  • a change in resistance shorting, open circuit, change in resistance, resistive bridge
  • a change in capacitance or electro-magnetic field properties e.g. based on MEMs principles
  • an electronics hardware package which comprises an electronics hardware assembly according to the first aspect of the invention, wherein the second laminar component comprising a lid of the package.
  • the lid may comprise any suitable material. As will be familiar to the skilled person, known package lids comprise ceramic, glass, metal or the like.
  • the protective layer may comprise one or more tracks, for example screen-printed, on the lid in the manner of a PCB. In some examples, more than one layer may be provided. This allows, for example, separated tracks on a first layer to be overlaid by offset tracks on a second layer. Thus the whole surface may be readily protected.
  • the lid is electrically interconnected with the other laminar component. This allows for monitoring of both protective layers by a single monitor, which may be a monitoring unit within one of the laminar components, or may be a separate monitor (which is preferably housed within the package, so it is itself protected).
  • the lid may be interconnected with another laminar component using through-package vias, for example arranged through the side walls of the package. This is advantageous as it may extend the protection provided by the protective layer, for example providing edge protection for the package. However, it is also advantageous as it allows the lid to be connected to another power source, and/or to communicate with the die, without requiring the use of wire bonds or the like.
  • the package may have any of the features mentioned in the first aspect of the invention.
  • a stack as described in relation to the first aspect of the invention could be housed in a package, and, optionally, that package could have a lid comprises a protective layer.
  • the invention is also directed to methods by which the described apparatus operates and including method steps for assembling and for carrying out every function of the apparatus.
  • the preferred features may be combined as appropriate, as would be apparent to a skilled person, and may be combined with any of the aspects of the invention.
  • Figures 1A and 1 B show prior art examples of tamper-proof packaging and in-chip anti-tamper protection respectively;
  • Figure 2 shows an electronic hardware assembly according to one embodiment of the present invention
  • Figure 3 schematically shows a computing device incorporating the assembly of Figure 2
  • Figure 4 shows an electronic hardware assembly according to a second embodiment of the present invention
  • Figures 5 and 6 shows packages, each comprising an assembly as shown Figure 2.
  • Figure 1 A shows known system of protecting a package, in particular showing a package 100 comprising a Stacked Chip 'System on Chip' (SCS) electronics hardware assembly 101 enclosed in a tamper responsive mesh 102.
  • the assembly 101 comprises a DRAM chip 104 mounted on an ASIC 106.
  • the stacked chips 104, 106 are in turn mounted on a ceramic substrate 108, which includes vertical interconnect accesses (vias) 1 10.
  • These elements are then mounted, via a number of solder ball bonds 1 12, on a base substrate 1 14 (in this example a PCB), and the SCS 101 is also surrounded by encapsulating resin 1 16.
  • the substrate 108 could be replaced with a PCB in other known designs
  • Figure 1 B shows a known method for providing protection of a single chip or 'die' 150.
  • the die 150 is built up in layers on a substrate 152, in this example a silicon substrate.
  • Functional components are either added to or formed from the material of the substrate 152 in a lithographic process to form a functional region 154, which usually comprises a number of functional layers, which may overlap.
  • a tamper shield 156 in the form of a metal patterned layer is arranged on the functional region 154, and is topped with a silicon oxy-nitride passivation layer which is used to protect the die 150.
  • the functional region 154 also contains therein a monitoring unit 157, which is arranged to monitor the tamper shield 156.
  • the tamper shield 156 in this die 150, and the dies comprising a functional regions described hereinafter, is distal to the substrate 152, arranged such that substantially all the functional components, or at least any functional components which might perform sensitive processes, are between the protective layer 156 and the substrate 154.
  • the tamper shield 156 provides a protective layer.
  • FIG 2 shows an electronics hardware assembly 200 according to one embodiment of the present invention. Parts in common with those in Figures 1 A and 1 B are labelled with like reference numbers.
  • the assembly comprises two laminar components in the form of dies 150', 150" as shown in Figure 1 B which are arranged 'back-to-back', i.e. such that the substrates 152 are facing each other and the protective layers provided by the tamper shields 156 are arranged outermost in the stack.
  • the function regions 154 are both Application Specific integrated Circuits (ASICs), formed lithographically with a number of functional layers, the tamper shield 156 having been added, again lithographically, as one of the outer layers of the die 150', 150".
  • ASICs Application Specific integrated Circuits
  • One of the dies 150' also comprises a monitoring unit 157 in the functional region 154, but this is not present in the other of the dies 150". Instead, its tamper shield 156 is monitored by the monitoring unit 157 in the other die 150' as described below.
  • the dies 150', 150" further comprise vias 151 , which in this example are
  • TSVs Through Silicon Vias
  • the vias 151 are preferably arranged at closely spaced intervals along at least the perimeter of the assembly 200.
  • the dies 150', 150" are joined through use of solder ball bonds 1 12, which also connect the vias 151 .
  • the vias 151 provide a connection between the two protective layers 156, and allow both protective layers 156 to be monitored by a single monitoring unit 157. However, this need not be the case and the two protective layers 156 could be monitored separately (i.e.
  • the vias 151 mentioned above are arranged in an edge regions, they could be arranged across the whole die surface, for example in a regular pattern. This could be to sample the protective layer across its whole surface.
  • solder ball bonds 1 12 may be sufficient to join the dies 150', 150"
  • FIG. 3 A schematic representation of the assembly 200 of Figure 2 arranged in a device, in this example, a computing device 300, is shown in Figure 3.
  • the computing device 300 further comprises a main power source 302, a back-up power source 304, arranged to provide power to the tamper shields 156 even when the main power source 302 is switched off, a memory 308, capable of receiving data from, and sending data to the assembly 200 (which, in this example, is arranged to act as the central processing unit of the computing device 300) and an
  • input/output device 310 arranged to allow communication with the assembly 200.
  • FIG. 4 An electronics hardware assembly 400 according to an alternative embodiment of the present invention is shown in Figure 4 and parts in common with those in Figures 1A and 1 B are labelled with like reference numbers.
  • the assembly 400 comprises laminar components in the form of two dies, one of which is a functional die 150' such as shown in Figure 1 B, and the other die is a defective die 402.
  • the defective die 402 comprises, in the functional region, a dummy layer 404 and a tamper shield 156.
  • the defective die 402 comprises a die which has been lithographically processed, including the incorporation of the tamper shield 156, but has failed to meet tests with respect to its functionality.
  • the die 402 need not be disposed of, and use can be made of at least the tamper shield 156. This is attractive given the 'yield' of viable dies following lithographic processes can be relatively low (for example, 30%), so this provides a use for otherwise useless dies. It will be noted that the defective die 402 does not comprise vias (the tamper shield 156 thereof being exposed to the surface of the die, allowing the protective layers 156 and the monitoring unit 157 to be interconnected via the solder ball bonds 1 12), and is therefore simpler to make compared to the 'back-to-back' embodiment of Figure 2.
  • the dies 150', 402 are both arranged with their substrates 152 uppermost. As the stack of two dies has only one true functional region 154 and the protective layers provided by the tamper shields 156 are arranged either side of the function layer 154, it is protected on both major faces.
  • the function of the functional region 154 is to provide Random Access Memory (RAM), and it is formed lithographically, the tamper shield 156 and the monitoring unit 157 having been added, again lithographically.
  • the assembly 400 comprises vias 151 through the die 150', in an edge region thereof, which are filled with a conductor and are arranged at closely spaced intervals along the perimeter of the stack.
  • the dies 150', 402 are again joined through use of solder ball bonds 1 12, possibly with the addition of glue.
  • the dies 150', 402 are arranged with their substrates 152 uppermost, it may be desirable to stack the dies 150', 402 as shown in Figure 2. While this would require more complicated connections between the protective layers (for example, vias could be used), it may be desirable if the structure of even a defective die is to be protected. This may be the case, for example, if the defective die 402 has the same topology as the functional die 150', in which case, an attacker could gain useful knowledge from review of the defective die 402.
  • the dummy region 404 could also, in principle, comprise a functional, but not utilised, functional region, in which case protection thereof could be beneficial for the same reason.
  • the dummy region 404 may only have been lithographically processed simply to add a tamper shield 156, in all other senses effectively comprising a continuation of the substrate.
  • the defective die 402 could be replaced with a die with only 1 or 2 metal layers forming the protective layer 156 or shield. There would be no active components on such a die and it could be manufactured with a larger minimum feature size process than a functional die, and therefore manufactured at a lower cost.
  • the assembly 400 could be used in a similar manner to that described in relation to Figure 3 above.
  • FIGS 5 and 6 give further examples of assemblies 500, 600 according to embodiments of the invention.
  • FIG 5 a stack of two laminar components arranged in the form of 'back to back' (or 'substrate to substrate') dies 150" similar to that shown in Figure 2 is illustrated.
  • the dies 150" in this example are different sizes, and the assembly also comprises wire bonds 502.
  • the two dies 150" are also mounted on a separate substrate 504, which comprises vias 1 10 and therefore facilitates 'package on package' designs. It would also be possible to replace the ball bonds 1 12 between the dies 150" with wire bonds, such the substrates of the dies were substantially in contact.
  • the whole assembly in this example is encapsulated in a plastic material 506.
  • wire bonds 502 can remove the need for vias in the dies 150" themselves.
  • At least one die may also comprise a monitoring unit 157, or else a separate monitor could be provided in between the dies 150".
  • a die 150 similar to that shown in Figure 1 B is mounted within a package 600 comprising a lid 602.
  • the die 150 has a functional region 154 on which is arranged a tamper shield 156 providing a protective layer, and in which is provided a monitoring unit 157 and is arranged such that the substrate 152 faces the lid 602.
  • the lid 602 is a laminar component comprising a substrate 604 on which is mounted a multilayer PCB 606, wherein at least one of the layers is an anti-tamper layer 608 (for example as described in US6853093B2, which is incorporated herein by reference to the fullest extent possible).
  • more than one layer is an anti- tamper layer 608.
  • a first anti-tamper layer may comprise a number of screen printed lines with spaces there between, and second similar layer may be provided with an offset pattern, so that the lines thereon lies between the lines on the other layer when stacked thereon.
  • the die 150 is arranged within a package 600, which comprises a number of through-package vias 610 connecting the package base 612 to the lid 602 through the sidewalls 614.
  • the anti-tamper PCB layer 608 of the lid 602 provides a shield for the interior of the package 600, and the shielding is extended to cover the sides of the package 600 through use of vias 1 10, 610 as described above.
  • the die 150 in this example is connected to the vias by a track printed on the top side of the base 612 (not shown), although there are alternatives such as providing wire bonds.
  • die 150' in the assembly shown in Figure 5 could be replaced by a die as shown in Figure 4, i.e. a die 400 comprising a dummy region, in which case, the dies 150 need not be arranged 'back to back'.
  • the lid 602 in Figure 6 could be the other way up, and provided with vias.
  • the protective shield is itself protected by the material of the lid, and therefore unlikely to suffer casual damage.
  • a monitor for the protective layers could be provided within the package 600, but outside the die 150 itself.
  • Wire bonds could replace some or all vias, and vice versa. There may be more than two laminar components in a stack providing an assembly or a package.

Landscapes

  • Semiconductor Integrated Circuits (AREA)
  • Semiconductor Memories (AREA)
  • Storage Device Security (AREA)
  • Casings For Electric Apparatus (AREA)

Abstract

The present invention relates to an electronic hardware assembly comprising at least a first and second laminar component, wherein the first laminar components comprises a die, the die comprising a substrate, a functional region and a first protective layer, and the second laminar component comprises a second protective layer, wherein the first and second laminar components are arranged in a stack such that the functional region of the first laminar component is arranged within the assembly substantially between first and second protective layers.

Description

ELECTRONIC HARDWARE ASSEMBLY
FIELD OF THE INVENTION
The present invention relates to electronic hardware assemblies, and to associated methods. In particular, but not exclusively, the invention relates to providing protective layers within electronic hardware assemblies.
BACKGROUND TO THE INVENTION
In some circumstances, it is desirable to provide physical security for electronic hardware. For example, it may be desirable to protect data stored in a memory or processing device. Such data may include cryptographic keys or any other sensitive information. It is therefore known to package such hardware in a coating, which in some cases is arranged such that, if the enclosing material is tampered with, data is blanked, or otherwise made unusable.
One known technique, as illustrated in Figure 1A, is to wrap hardware in a tamper responsive mesh 102 (e.g. products from W.L. Gore and Associates) which consists of an electrical matrix that can detect an attempt at penetration due to a change in resistance. In the example of Figure 1A, a security module 100 housing a Stacked Chip 'System on Chip' package 101 is shown, comprising a Dynamic memory (DRAM) chip 104 mounted on top of an application- specific integrated circuit (ASIC) 106. The stacked chips 104, 106, are in turn mounted on an intermediate substrate 108, which in this example includes Vertical Interconnect Accesses (vias) 1 10 (only two of which are labelled for reasons of clarity), allowing data and power to pass through the intermediate substrate 108. These elements are then mounted, via a number of solder ball bonds 1 12, on a Printed Circuit Board (PCB) 1 14. As will be appreciated by the skilled person, the PCB 1 14 will also comprise a connection, which passes through the tamper responsive mesh 102. For additional security, the whole package is also surrounded by encapsulating resin 1 16 to form the security module 100.
The skilled person will also be familiar with methods for providing such protection at chip level, as is illustrated schematically in Figure 1 B. As will be familiar to the skilled person, a chip or 'die' 150 is usually built up in layers on a substrate 152, which is often (but not always) made of silicon. Functional components are either added to or formed from the material of the substrate 152 in a lithographic process to form a portion of the die 150 termed herein a
'functional region' 154, and which is designed to allow the die 150 to perform its intended function. As will be familiar to the skilled person, the functionality of the die 150 is defined by forming layers (which are layers within of the function region 154) of treated silicon, deposited material or the like. One known anti-tamper option is to include upper metal layer(s) in the die 150 to provide a tamper shield 156 (active and/or passive) to mitigate against such attacks. For example, a tamper shield 156 may comprise one or more metal track(s) arranged in coil (often a square or rectangular coil), or as a series of parallel tracks, or the like. However, such an approach has an important residual vulnerability - an attack can be made from the base of the die 150 through the substrate 152.
To address this, the skilled person may wrap a die (and/or the package containing the die) with a separate mesh such as the Gore mesh described above but this adds complexity and cost to the manufacturing process.
SUMMARY OF THE INVENTION
According to a first aspect of the invention, there is provided an electronic hardware assembly, the assembly comprising at least a first and second laminar component, wherein the first laminar component comprises a die, the die comprising a substrate, a functional region and a first protective layer, and the second laminar component comprises a second protective layer, wherein the first and second laminar components are arranged in a stack such that the functional region of the first laminar component is arranged within the assembly substantially between first and second protective layers.
It will be appreciated that the term 'functional region' is intended to refer to the region that allows the die to operate for intended purpose. Therefore, by way of example, if the die is arranged to provide a memory, the functional region provides data storage. If however the die is intended to provide a more complex Integrated Circuit (IC), it may comprise a plurality overlapping functional layers or units. Some functional layers/units may for example be diffused with dopants, while other may be implanted with ions, or formed of polysilicon or metal to provide conducting functional layers, or acting to define connections between functional layers or the like. As a further example, a capacitive structure will have functional layers which comprise parallel conducting plates and layers of insulating material between the plates. Other functional layer types and structures will be familiar to the skilled person. The term 'stack' as used herein may refer to a close stack or the layers of the stack may be spaced apart from one another. So long as the laminar components lie in substantially parallel planes, and one component at least partially overlies another, this constitutes a 'stack' for the purpose of this invention. In the examples herein, it will be further noted that the stacks are fixed, i.e. in such stacks, the laminar components are fixed relative to one another in
substantially parallel planes, and one component at least partially overlies another.
Further, the term 'protective layer' is intended to refer to any structure which resists or reacts to attempts to access the interior of the functional region of the die, including anti tamper layers, tamper resistant layers (which are difficult to physically penetrate), tamper evident layers, active tamper shield layers (which act to blank or destroy the content of the functional region of a die), and the like. As will be familiar to the skilled person, known active shields can act to ensure that sensitive data is electronically deleted or scrambled, and ideas for physically destroying structures have also been disclosed, for example in US2012/0068326, assigned to Endicott Interconnect Technologies. Such an arrangement is advantageous as the functional region may be largely surrounded by protective layers.
In one example of an electronic hardware assembly according to the invention, there is provided an assembly comprising two stacked dies, each of which comprises a substrate, a functional region and a protective layer, the functional regions (and preferably the substrates) being arranged within the assembly such they are between the two protective layers. The dies may thus be arranged 'back-to-back' or 'substrate to substrate', providing the function of each die, and each providing a protective layer to shield the base of the substrate of the other die from possible attack. There is a further advantage in some circumstances where the protective layer is a metallic layer, as this will provide heat conduction away from the functional regions. Although it will be noted that any top-layer formed of metal, for example an anti-tamper metal structure, would help to cool the compound die, the fact that the mesh is on two faces provides good heat transfer interface. However, as will be appreciated by the skilled person, the main power dissipation is active components on the silicon surface. The thermal resistivity between the silicon surface and top level metal may be be higher due to inter-metal dielectrics so this may not be as efficient as removing heat via the substrate. Therefore, further heat conduction structures (such as will be familiar to the skilled person) may be provided.
The dies may have the same (i.e. a common) design, which could limit manufacturing costs. However, the dies may be configured differently. In some examples, one of the dies may only have minimal functionality enabled. In cases where multiple reconfigurable elements are included (e.g. microprocessors) then each die could have specific functions allocated to it.
Such an assembly may be highly versatile.
In another example of an electronic hardware assembly according to the invention, there is provided an assembly comprising two stacked dies, each of which comprises a substrate and a protective layer, wherein one of the dies further comprises a functional region, and the other of the dies comprises a dummy region, and the functional region is arranged within the assembly such it is between the two protective layers. In some examples, the dummy region is arranged such that is outside the protective layers.
The dummy region may be a defective functional region; i.e. a functional region which fails to perform one or more of its intended function(s), but in which the protective layer is capable of providing protection. This is advantageous as it prevents defective dies from be wasted entirely, so long as they are capable of providing a protective function. However, the dummy region may also be, in principle, functional but not used in the electronic hardware assembly. In such examples, it may be preferable to arrange the dummy region between the protective layers. As an alternative to providing a laminar component with a dummy region, the second laminar component may comprise a die which has been processed simply to provide a protective layer. This may be advantageous as such a die may be relatively inexpensive to produce, in particular if the feature size can be made relatively large when compared to those typically seen on an ASIC or other die. Of course, there may be more than two dies, and in such examples, preferably all functional regions are between the two protective layers.
In a further example, the second laminar component may be a lid of a hardware package. The lid may for example be made of a ceramic material, a metal, or the like. In such examples, the protective layer may be provided by one or more metal tracks, for example screen printed onto the lid (in the case of a metal lid, there may be an insulating layer between the metal and the track(s)). The lid may comprise one or more Printed Circuit Boards (PCBs) printed with one or more tracks. As a further example, the shield could be simply printed onto the material of the lid. In such embodiments, there may be an electrical connection between the protective layer in or on the lid and the functional region of the die. This electrical connection could be provided using a 'through package vias'.
In some embodiments, the laminar components are interconnected, for example comprising vias (such as Through Silicon Vias (TSVs)) to inter-connect them. The vias may, for example, be filled with a conductor, such as a tungsten connector. Use of vias, in particular TSVs, in electronic hardware assemblies is advantageous when compared to alternative possibilities such as 'package-on-package' hardware assemblies as they can be made with more dense connections and because the length of the connections is generally shorter. This can improve connectivity at the same time as providing small assemblies. It also allows multiple dies, possibly performing multiple functions, to be provided with a small footprint.
In such examples, the vias may also be inter-connected with one or both protective layers. In such examples, in particular where the protective layer is an anti-tamper layer (such as an anti- tamper grid or track or the like, which detects tamper events) the vias could therefore be functionally part of the anti-tamper protection and provide edge tamper detection. In some examples, the protective layer comprises one or more metallic layers or tracks. This is a known form of a protective layer.
In some embodiments, the assembly comprises at least one monitor, arranged to monitor the status of the protective layers. In some examples, a single monitor is arranged to monitor the protective layer on at least two laminar components. This limits the functionality required on the other laminar component(s). Further, it may be preferable that the monitor is arranged between the protective layers, so that it benefits from the protection provided and does not itself present an avenue for attack.
In a preferred embodiment, the functional region of at least one die within the assembly comprises a monitoring unit, capable of monitoring the protective layer. The monitoring unit may, for example, be fabricated lithographically in the functional region along with any other functional components of the functional region. This is a known way of providing a monitor for a protective layer, and in particular for monitoring active tamper shields.
The monitoring unit may, for example be arranged to detect one of a change in resistance (shorting, open circuit, change in resistance, resistive bridge) and/or a change in capacitance or electro-magnetic field properties (e.g. based on MEMs principles), or the like. As will be appreciated by the skilled person, new techniques are being developed in this area, and any tamper detection technique could be used in conjunction with the inventions described herein.
According to a second aspect of the invention, there is provided an electronics hardware package which comprises an electronics hardware assembly according to the first aspect of the invention, wherein the second laminar component comprising a lid of the package.
The lid may comprise any suitable material. As will be familiar to the skilled person, known package lids comprise ceramic, glass, metal or the like. The protective layer may comprise one or more tracks, for example screen-printed, on the lid in the manner of a PCB. In some examples, more than one layer may be provided. This allows, for example, separated tracks on a first layer to be overlaid by offset tracks on a second layer. Thus the whole surface may be readily protected. In a preferred example, the lid is electrically interconnected with the other laminar component. This allows for monitoring of both protective layers by a single monitor, which may be a monitoring unit within one of the laminar components, or may be a separate monitor (which is preferably housed within the package, so it is itself protected).
The lid may be interconnected with another laminar component using through-package vias, for example arranged through the side walls of the package. This is advantageous as it may extend the protection provided by the protective layer, for example providing edge protection for the package. However, it is also advantageous as it allows the lid to be connected to another power source, and/or to communicate with the die, without requiring the use of wire bonds or the like. The package may have any of the features mentioned in the first aspect of the invention.
Indeed, a stack as described in relation to the first aspect of the invention could be housed in a package, and, optionally, that package could have a lid comprises a protective layer.
The invention is also directed to methods by which the described apparatus operates and including method steps for assembling and for carrying out every function of the apparatus. The preferred features may be combined as appropriate, as would be apparent to a skilled person, and may be combined with any of the aspects of the invention.
BRIEF DESCRIPTION OF THE DRAWINGS
In order to show how the invention may be carried into effect, embodiments of the invention are now described below by way of example only and with reference to the accompanying figures in which:
Figures 1A and 1 B show prior art examples of tamper-proof packaging and in-chip anti-tamper protection respectively;
Figure 2 shows an electronic hardware assembly according to one embodiment of the present invention; Figure 3 schematically shows a computing device incorporating the assembly of Figure 2; Figure 4 shows an electronic hardware assembly according to a second embodiment of the present invention; and
Figures 5 and 6 shows packages, each comprising an assembly as shown Figure 2. DETAILED DESCRIPTION OF INVENTION As described above, Figure 1 A shows known system of protecting a package, in particular showing a package 100 comprising a Stacked Chip 'System on Chip' (SCS) electronics hardware assembly 101 enclosed in a tamper responsive mesh 102. The assembly 101 comprises a DRAM chip 104 mounted on an ASIC 106. The stacked chips 104, 106, are in turn mounted on a ceramic substrate 108, which includes vertical interconnect accesses (vias) 1 10. These elements are then mounted, via a number of solder ball bonds 1 12, on a base substrate 1 14 (in this example a PCB), and the SCS 101 is also surrounded by encapsulating resin 1 16. As will be familiar to the skilled person, the substrate 108 could be replaced with a PCB in other known designs
Figure 1 B shows a known method for providing protection of a single chip or 'die' 150. The die 150 is built up in layers on a substrate 152, in this example a silicon substrate. Functional components are either added to or formed from the material of the substrate 152 in a lithographic process to form a functional region 154, which usually comprises a number of functional layers, which may overlap. A tamper shield 156 in the form of a metal patterned layer is arranged on the functional region 154, and is topped with a silicon oxy-nitride passivation layer which is used to protect the die 150. The functional region 154 also contains therein a monitoring unit 157, which is arranged to monitor the tamper shield 156.
The tamper shield 156 in this die 150, and the dies comprising a functional regions described hereinafter, is distal to the substrate 152, arranged such that substantially all the functional components, or at least any functional components which might perform sensitive processes, are between the protective layer 156 and the substrate 154. The tamper shield 156 provides a protective layer.
Figure 2 shows an electronics hardware assembly 200 according to one embodiment of the present invention. Parts in common with those in Figures 1 A and 1 B are labelled with like reference numbers. The assembly comprises two laminar components in the form of dies 150', 150" as shown in Figure 1 B which are arranged 'back-to-back', i.e. such that the substrates 152 are facing each other and the protective layers provided by the tamper shields 156 are arranged outermost in the stack. In this example, the function regions 154 are both Application Specific integrated Circuits (ASICs), formed lithographically with a number of functional layers, the tamper shield 156 having been added, again lithographically, as one of the outer layers of the die 150', 150". One of the dies 150' also comprises a monitoring unit 157 in the functional region 154, but this is not present in the other of the dies 150". Instead, its tamper shield 156 is monitored by the monitoring unit 157 in the other die 150' as described below. In this example, the dies 150', 150" further comprise vias 151 , which in this example are
Through Silicon Vias (TSVs) in an edge region thereof, which are filled with a conductor, in this case tungsten. Although not visible in the cross sectional view shown in the Figures, the vias 151 are preferably arranged at closely spaced intervals along at least the perimeter of the assembly 200. The dies 150', 150" are joined through use of solder ball bonds 1 12, which also connect the vias 151 . The vias 151 provide a connection between the two protective layers 156, and allow both protective layers 156 to be monitored by a single monitoring unit 157. However, this need not be the case and the two protective layers 156 could be monitored separately (i.e. isolated from one another but both providing an input to the same monitoring unit 157, or else more than one monitoring unit could be provided) Although the vias 151 mentioned above are arranged in an edge regions, they could be arranged across the whole die surface, for example in a regular pattern. This could be to sample the protective layer across its whole surface. In addition, while the use of solder ball bonds 1 12 may be sufficient to join the dies 150', 150", it may be desirable to flow glue between the two dies 150', 150" for mechanical robustness, as will be familiar to the skilled person. This has the additional benefit that it will also make it harder for an attacker to gain access to the ball bonds 1 12.
A schematic representation of the assembly 200 of Figure 2 arranged in a device, in this example, a computing device 300, is shown in Figure 3. The computing device 300 further comprises a main power source 302, a back-up power source 304, arranged to provide power to the tamper shields 156 even when the main power source 302 is switched off, a memory 308, capable of receiving data from, and sending data to the assembly 200 (which, in this example, is arranged to act as the central processing unit of the computing device 300) and an
input/output device 310, arranged to allow communication with the assembly 200.
In use of the computing device 300, if an attempt is made to access the interior of the assembly 200, this will result in a change in the resistivity of the pattern providing the tamper shield 156, which will be detected by the monitoring unit 157. Note that, because the vias 151 are arranged about the perimeter of the assembly 200 and are connected to the tamper shields 156, an attempt to gain access through the side of the assembly 200 will, in all likelihood, break at least one of the connections provided by the vias 151 , thus resulting in a change of resistivity, which will be detected by the monitoring unit 157.
An electronics hardware assembly 400 according to an alternative embodiment of the present invention is shown in Figure 4 and parts in common with those in Figures 1A and 1 B are labelled with like reference numbers. The assembly 400 comprises laminar components in the form of two dies, one of which is a functional die 150' such as shown in Figure 1 B, and the other die is a defective die 402. The defective die 402 comprises, in the functional region, a dummy layer 404 and a tamper shield 156. In this example, the defective die 402 comprises a die which has been lithographically processed, including the incorporation of the tamper shield 156, but has failed to meet tests with respect to its functionality. However so long as the tamper shield 156 is capable of operation, the die 402 need not be disposed of, and use can be made of at least the tamper shield 156. This is attractive given the 'yield' of viable dies following lithographic processes can be relatively low (for example, 30%), so this provides a use for otherwise useless dies. It will be noted that the defective die 402 does not comprise vias (the tamper shield 156 thereof being exposed to the surface of the die, allowing the protective layers 156 and the monitoring unit 157 to be interconnected via the solder ball bonds 1 12), and is therefore simpler to make compared to the 'back-to-back' embodiment of Figure 2.
In this example, the dies 150', 402 are both arranged with their substrates 152 uppermost. As the stack of two dies has only one true functional region 154 and the protective layers provided by the tamper shields 156 are arranged either side of the function layer 154, it is protected on both major faces. In this example, the function of the functional region 154 is to provide Random Access Memory (RAM), and it is formed lithographically, the tamper shield 156 and the monitoring unit 157 having been added, again lithographically. Again, the assembly 400 comprises vias 151 through the die 150', in an edge region thereof, which are filled with a conductor and are arranged at closely spaced intervals along the perimeter of the stack. The dies 150', 402 are again joined through use of solder ball bonds 1 12, possibly with the addition of glue.
Although the dies 150', 402 are arranged with their substrates 152 uppermost, it may be desirable to stack the dies 150', 402 as shown in Figure 2. While this would require more complicated connections between the protective layers (for example, vias could be used), it may be desirable if the structure of even a defective die is to be protected. This may be the case, for example, if the defective die 402 has the same topology as the functional die 150', in which case, an attacker could gain useful knowledge from review of the defective die 402. The dummy region 404 could also, in principle, comprise a functional, but not utilised, functional region, in which case protection thereof could be beneficial for the same reason.
However, in other examples, the dummy region 404 may only have been lithographically processed simply to add a tamper shield 156, in all other senses effectively comprising a continuation of the substrate. In other words, the defective die 402 could be replaced with a die with only 1 or 2 metal layers forming the protective layer 156 or shield. There would be no active components on such a die and it could be manufactured with a larger minimum feature size process than a functional die, and therefore manufactured at a lower cost.
The assembly 400 could be used in a similar manner to that described in relation to Figure 3 above.
Figures 5 and 6 give further examples of assemblies 500, 600 according to embodiments of the invention.
In Figure 5, a stack of two laminar components arranged in the form of 'back to back' (or 'substrate to substrate') dies 150" similar to that shown in Figure 2 is illustrated. The dies 150" in this example are different sizes, and the assembly also comprises wire bonds 502. The two dies 150" are also mounted on a separate substrate 504, which comprises vias 1 10 and therefore facilitates 'package on package' designs. It would also be possible to replace the ball bonds 1 12 between the dies 150" with wire bonds, such the substrates of the dies were substantially in contact. The whole assembly in this example is encapsulated in a plastic material 506.
It will be noted that the use of wire bonds 502 can remove the need for vias in the dies 150" themselves.
Although not shown in Figure 5, if the protective layers are active layers, at least one die may also comprise a monitoring unit 157, or else a separate monitor could be provided in between the dies 150".
In Figure 6, package-level protection is illustrated. A die 150 similar to that shown in Figure 1 B is mounted within a package 600 comprising a lid 602. As described in relation to Figure 1 B, the die 150 has a functional region 154 on which is arranged a tamper shield 156 providing a protective layer, and in which is provided a monitoring unit 157 and is arranged such that the substrate 152 faces the lid 602. The lid 602 is a laminar component comprising a substrate 604 on which is mounted a multilayer PCB 606, wherein at least one of the layers is an anti-tamper layer 608 (for example as described in US6853093B2, which is incorporated herein by reference to the fullest extent possible). In preferred examples, more than one layer is an anti- tamper layer 608. For example, a first anti-tamper layer may comprise a number of screen printed lines with spaces there between, and second similar layer may be provided with an offset pattern, so that the lines thereon lies between the lines on the other layer when stacked thereon.
In this example, the die 150 is arranged within a package 600, which comprises a number of through-package vias 610 connecting the package base 612 to the lid 602 through the sidewalls 614. The anti-tamper PCB layer 608 of the lid 602 provides a shield for the interior of the package 600, and the shielding is extended to cover the sides of the package 600 through use of vias 1 10, 610 as described above. The die 150 in this example is connected to the vias by a track printed on the top side of the base 612 (not shown), although there are alternatives such as providing wire bonds.
Various combinations or alternatives to the above described embodiments will occur to the skilled person and are within the scope of the invention. For example either die 150' in the assembly shown in Figure 5 could be replaced by a die as shown in Figure 4, i.e. a die 400 comprising a dummy region, in which case, the dies 150 need not be arranged 'back to back'. In addition, the lid 602 in Figure 6 could be the other way up, and provided with vias. However, it will be noted that, arranged as shown, the protective shield is itself protected by the material of the lid, and therefore unlikely to suffer casual damage. In particular, in the example of Figure 6 it can readily be appreciated that a monitor for the protective layers could be provided within the package 600, but outside the die 150 itself.
Wire bonds could replace some or all vias, and vice versa. There may be more than two laminar components in a stack providing an assembly or a package.
Any range or device value given herein may be extended or altered without losing the effect sought, as will be apparent to the skilled person for an understanding of the teachings herein.

Claims

An electronic hardware assembly comprising at least a first and second laminar component, wherein the first laminar components comprises a die, the die comprising a substrate, a functional region and a first protective layer, and the second laminar component comprises a second protective layer, wherein the first and second laminar components are arranged in a stack such that the functional region of the first laminar component is arranged within the assembly substantially between first and second protective layers.
An electronic hardware assembly according to claim 1 in which the protective layer comprises a structure which resists or reacts to attempts to access the functional region of the die.
An electronic hardware assembly according to claim 1 or claim 2 in which the second laminar component comprises a second die, and the second die comprises a substrate, a functional region, and a protective layer, the assembly being arranged such that the functional regions of both the first and second dies lie within the assembly such they are substantially between the two protective layers.
An electronic hardware assembly according to claim 3 in which (i) the dies have the same design or (ii) the dies are configured differently, such that one of the dies has minimal functionality.
An electronic hardware assembly according to claim 3 in which each die is arranged, in use, to have specific functions allocated thereto.
An electronic hardware assembly according to claim 1 or claim 2 in which the second laminar component comprises a second die, and the second die comprises a substrate, a dummy region and a protective layer.
An electronic hardware assembly according to claim 6 wherein the functional layer is arranged between the two protective layers, and the dummy region is arranged such that is outside the protective layers.
An electronic hardware assembly according to claim 6 or claim 7 in which the dummy region comprises (i) a defective functional region or (ii) a functional region which is not used in the electronic hardware assembly.
9. An electronic hardware assembly according to claim 1 or claim 2 in which there in which the second laminar component comprises a second die, and the second die comprises a substrate and a protective layer.
10. An electronic hardware assembly according to claim 1 or claim 2 in which the second
laminar component comprises a lid of a hardware package.
1 1 . An electronic hardware assembly according to claim 10 in which the protective layer
comprises one or more printed circuit boards.
12. An electronic hardware assembly according to claim 10 or 1 1 in which there is an electrical connection between the protective layer in the lid and the functional region of the die.
13. An electronic hardware assembly according to any preceding claim in which the laminar components are electrically interconnected.
14. An electronic hardware assembly according to claim 13 in which the laminar components are electrically interconnected through Vertical Interconnect Accesses (vias).
15. An electronic hardware assembly according to claim 14 in which the vias are interconnected with the protective layer.
16. An electronic hardware assembly according to any preceding claim which further comprises at least one monitor, arranged between the protective layers and provided to monitor the protective layers.
17. An electronic hardware assembly according to claim 16 in which a single monitor is provided to monitor the protective layers of the first and the second laminar components.
18. An electronic hardware assembly according to claim 16 or 17 in which the monitor is
provided within the functional region of a laminar component.
19. An electronics hardware package which comprises an electronics hardware assembly
according to claim 1 , wherein the second laminar component comprises a lid of the package.
20. An electronics hardware package according to claim 19, wherein the lid is interconnected with the die using through-package vias.
21 . An electronic hardware assembly substantially as described herein and as illustrated in the accompanying figures.
2. An electronics hardware package substantially as described herein and as illustrated in the accompanying figures.
PCT/EP2014/063745 2013-07-02 2014-06-27 Electronic hardware assembly Ceased WO2015000813A1 (en)

Priority Applications (7)

Application Number Priority Date Filing Date Title
KR1020167002604A KR102067397B1 (en) 2013-07-02 2014-06-27 Electronic hardware assembly
RU2016103116A RU2016103116A (en) 2013-07-02 2014-06-27 ELECTRONIC EQUIPMENT ASSEMBLY
US14/899,406 US10181430B2 (en) 2013-07-02 2014-06-27 Tamper resistant electronic hardware assembly with a non-functional die used as a protective layer
ES14734458T ES2811801T3 (en) 2013-07-02 2014-06-27 Electronic hardware mounting
JP2016522544A JP2016524339A (en) 2013-07-02 2014-06-27 Electronic hardware assembly
CN201480037813.6A CN105474390B (en) 2013-07-02 2014-06-27 Electronic Hardware Components
EP14734458.4A EP3017473B1 (en) 2013-07-02 2014-06-27 Electronic hardware assembly

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1311834.4 2013-07-02
GBGB1311834.4A GB201311834D0 (en) 2013-07-02 2013-07-02 Electronic hardware assembly

Publications (1)

Publication Number Publication Date
WO2015000813A1 true WO2015000813A1 (en) 2015-01-08

Family

ID=48999377

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2014/063745 Ceased WO2015000813A1 (en) 2013-07-02 2014-06-27 Electronic hardware assembly

Country Status (9)

Country Link
US (1) US10181430B2 (en)
EP (1) EP3017473B1 (en)
JP (1) JP2016524339A (en)
KR (1) KR102067397B1 (en)
CN (1) CN105474390B (en)
ES (1) ES2811801T3 (en)
GB (1) GB201311834D0 (en)
RU (1) RU2016103116A (en)
WO (1) WO2015000813A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3316295A1 (en) * 2016-10-31 2018-05-02 Stmicroelectronics (Rousset) Sas Device comprising a stack of electronic chips
EP3454368A1 (en) * 2017-09-11 2019-03-13 Stmicroelectronics (Rousset) Sas Chip stack protected against data hacking

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9806884B2 (en) * 2014-01-10 2017-10-31 Robert Bosch Gmbh System and method for cryptographic key identification
US10417459B2 (en) 2015-04-29 2019-09-17 Utimaco, Inc. Physical barrier to inhibit a penetration attack
US10678958B2 (en) 2015-12-28 2020-06-09 Intelligent Technologies International, Inc. Intrusion-protected memory component
US11113428B1 (en) * 2018-03-22 2021-09-07 Amazon Technologies, Inc. Shippable data transfer device with anti-tamper casing
US11329010B2 (en) * 2019-04-11 2022-05-10 Cryptography Research, Inc. Integrated circuit shield
US11748524B2 (en) * 2020-07-20 2023-09-05 International Business Machines Corporation Tamper resistant obfuscation circuit

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997022990A1 (en) * 1995-12-20 1997-06-26 Intel Corporation Secure semiconductor device
EP1508917A2 (en) * 2003-08-20 2005-02-23 Sharp Kabushiki Kaisha Semiconductor integrated circuit
FR2910708A1 (en) * 2006-12-20 2008-06-27 Commissariat Energie Atomique Electronic component for protecting confidential data in e.g. chip card, has integrated circuit chip comprising internal detection circuit for detecting impedance variation of inductor and providing signal indicating separation of chips
US7898090B1 (en) * 2007-09-28 2011-03-01 Ixys Ch Gmbh General purpose ball grid array security cap
US20130037942A1 (en) * 2011-08-08 2013-02-14 SK Hynix Inc. Semiconductor chips having a dual-layered structure, packages having the same, and methods of fabricating the semiconductor chips and the packages

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002543621A (en) * 1999-05-03 2002-12-17 インフィネオン テクノロジース アクチエンゲゼルシャフト Method and apparatus for securing multi-dimensionally stacked chip staples
DE10058078C1 (en) 2000-11-23 2002-04-11 Infineon Technologies Ag Integrated circuit with analyzer protection has gaps left by first group of conducting tracks in wiring plane and filled by second group of conducting tracks provided for protection of IC
US6853093B2 (en) 2002-12-20 2005-02-08 Lipman Electronic Engineering Ltd. Anti-tampering enclosure for electronic circuitry
US7191516B2 (en) * 2003-07-16 2007-03-20 Maxwell Technologies, Inc. Method for shielding integrated circuit devices
FR2864667B1 (en) 2003-12-29 2006-02-24 Commissariat Energie Atomique PROTECTING AN INTEGRATED CIRCUIT CHIP CONTAINING CONFIDENTIAL DATA
US7281667B2 (en) 2005-04-14 2007-10-16 International Business Machines Corporation Method and structure for implementing secure multichip modules for encryption applications
EP2615641B1 (en) * 2006-01-24 2015-07-01 Nds Limited Chip attack protection
KR101299602B1 (en) * 2007-03-27 2013-08-26 삼성전자주식회사 Integrated circuit protecting reverse engineering
US7868441B2 (en) 2007-04-13 2011-01-11 Maxim Integrated Products, Inc. Package on-package secure module having BGA mesh cap
CN102194769A (en) * 2010-03-11 2011-09-21 国碁电子(中山)有限公司 Chip packaging structure and method
US8288857B2 (en) 2010-09-17 2012-10-16 Endicott Interconnect Technologies, Inc. Anti-tamper microchip package based on thermal nanofluids or fluids
CN103022011B (en) * 2011-09-23 2015-10-07 讯芯电子科技(中山)有限公司 Semiconductor package and manufacture method thereof
DE102012215606A1 (en) * 2012-09-03 2014-03-06 Ihp Gmbh - Innovations For High Performance Microelectronics / Leibniz-Institut Für Innovative Mikroelektronik Layered structure for semiconductor component, has diffusion barrier arranged between protective layer and substrate and indirectly bordered on protective layer, where part of structure is arranged between barrier and component layer

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997022990A1 (en) * 1995-12-20 1997-06-26 Intel Corporation Secure semiconductor device
EP1508917A2 (en) * 2003-08-20 2005-02-23 Sharp Kabushiki Kaisha Semiconductor integrated circuit
FR2910708A1 (en) * 2006-12-20 2008-06-27 Commissariat Energie Atomique Electronic component for protecting confidential data in e.g. chip card, has integrated circuit chip comprising internal detection circuit for detecting impedance variation of inductor and providing signal indicating separation of chips
US7898090B1 (en) * 2007-09-28 2011-03-01 Ixys Ch Gmbh General purpose ball grid array security cap
US20130037942A1 (en) * 2011-08-08 2013-02-14 SK Hynix Inc. Semiconductor chips having a dual-layered structure, packages having the same, and methods of fabricating the semiconductor chips and the packages

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3316295A1 (en) * 2016-10-31 2018-05-02 Stmicroelectronics (Rousset) Sas Device comprising a stack of electronic chips
FR3058246A1 (en) * 2016-10-31 2018-05-04 Stmicroelectronics (Rousset) Sas DEVICE COMPRISING A STACK OF ELECTRONIC CHIPS
US10347595B2 (en) 2016-10-31 2019-07-09 Stmicroelectronics (Rousset) Sas Device comprising a stack of electronic chips
US10770411B2 (en) 2016-10-31 2020-09-08 Stmicroelectronics (Rousset) Sas Device comprising a stack of electronic chips
EP3454368A1 (en) * 2017-09-11 2019-03-13 Stmicroelectronics (Rousset) Sas Chip stack protected against data hacking
FR3071101A1 (en) * 2017-09-11 2019-03-15 Stmicroelectronics (Rousset) Sas STACK OF CHIPS
US10473709B2 (en) 2017-09-11 2019-11-12 Stmicroelectronics (Rousset) Sas Integrated circuit chip stack

Also Published As

Publication number Publication date
ES2811801T3 (en) 2021-03-15
GB201311834D0 (en) 2013-08-14
US20160155679A1 (en) 2016-06-02
CN105474390B (en) 2019-04-19
EP3017473A1 (en) 2016-05-11
JP2016524339A (en) 2016-08-12
EP3017473B1 (en) 2020-08-05
RU2016103116A3 (en) 2018-03-27
KR102067397B1 (en) 2020-01-20
US10181430B2 (en) 2019-01-15
CN105474390A (en) 2016-04-06
KR20160027109A (en) 2016-03-09
RU2016103116A (en) 2017-08-07

Similar Documents

Publication Publication Date Title
EP3017473B1 (en) Electronic hardware assembly
JP5647681B2 (en) Multi-layer secure structure
US7180008B2 (en) Tamper barrier for electronic device
US8502396B2 (en) Embedded package security tamper mesh
CN101904002B (en) Package-on-package secure module having BGA mesh cap
US8581251B2 (en) Device for protecting an electronic integrated circuit housing against physical or chemical ingression
US7054162B2 (en) Security module system, apparatus and process
US20180365945A1 (en) Multi-layer stack with embedded tamper-detect protection
US20120256305A1 (en) Integrated Circuit Package Security Fence
CN108141978A (en) Circuit boards and electronic packages with embedded tamper-responsive sensors
US9947609B2 (en) Integrated circuit stack
US8270174B2 (en) Hardware protection system for sensitive electronic-data modules protecting against external manipulations
US8258405B2 (en) Sensor for a hardware protection system for sensitive electronic-data modules protecting against external manipulations
US8552566B1 (en) Integrated circuit package having surface-mount blocking elements
CN101316479B (en) Circuit board and manufacturing method thereof
US7436072B2 (en) Protected chip stack

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201480037813.6

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14734458

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 14899406

Country of ref document: US

ENP Entry into the national phase

Ref document number: 2016522544

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2014734458

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 20167002604

Country of ref document: KR

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2016103116

Country of ref document: RU

Kind code of ref document: A