CN111738391A - Security chip and electronic device - Google Patents
Security chip and electronic device Download PDFInfo
- Publication number
- CN111738391A CN111738391A CN202010786765.8A CN202010786765A CN111738391A CN 111738391 A CN111738391 A CN 111738391A CN 202010786765 A CN202010786765 A CN 202010786765A CN 111738391 A CN111738391 A CN 111738391A
- Authority
- CN
- China
- Prior art keywords
- security chip
- circuit
- pad
- attack detection
- power supply
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
- G06K19/07309—Means for preventing undesired reading or writing from or onto record carriers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
- G06K19/07309—Means for preventing undesired reading or writing from or onto record carriers
- G06K19/07363—Means for preventing undesired reading or writing from or onto record carriers by preventing analysis of the circuit, e.g. dynamic or static power analysis or current analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Semiconductor Integrated Circuits (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a security chip and an electronic device, which can effectively improve the security performance of the security chip. The security chip includes: the safety chip comprises a safety chip body and a control circuit, wherein the safety chip body comprises an internal circuit and at least one first bonding pad, the internal circuit comprises an attack detection circuit and a power supply circuit, the first bonding pad is electrically connected with the attack detection circuit and/or the power supply circuit, the attack detection circuit is used for detecting whether the safety chip is attacked or not, and the power supply circuit is used for supplying power to the safety chip; the conductive part is arranged on the upper surface of the security chip, is electrically connected with the first bonding pad and is connected with the attack detection circuit and/or the power supply circuit through the first bonding pad; the plastic package is used for coating the safety chip body and the conductive component; the conductive part is made of a nonmetal conductive material and can be dissolved in acid liquor, the change of the conductive part triggers the protection of the attack detection circuit and/or the power supply circuit on the safety chip, and the change of the conductive part comprises the loss or the change of the shape of the conductive part.
Description
Technical Field
The embodiment of the application relates to the technical field of chips, and more particularly relates to a security chip and an electronic device.
Background
The safety chip is a special chip which can execute complex encryption and decryption algorithms, and a special storage area of the safety chip stores secret keys and secret information and can provide encryption and safety authentication services for a computer or a mobile terminal. In order to obtain the sensitive data stored in the security chip or perform reverse/reverse engineering on the security chip, an attacker often uses various attack means to attack the security chip.
In order to cope with these attacks, various detection circuits, such as photoelectric detection, voltage detection, temperature detection and frequency detection, may be disposed inside the security chip to monitor the working environment of the security chip. Once an anomaly is detected, the security chip can take protective measures.
The protection measures of such a security chip require a large amount of design resources in the design stage of the security chip, and add additional cost. In addition, with the progress of technology, various attack means are developed, and the existing detection circuit is difficult to protect all attack means.
Disclosure of Invention
The embodiment of the application provides a security chip and electronic equipment, and the security performance of the security chip can be effectively improved.
In a first aspect, a package structure of a security chip is provided, which includes: the security chip comprises a security chip body and a chip protection circuit, wherein the security chip body comprises an internal circuit and at least one first bonding pad, the internal circuit comprises an attack detection circuit and/or a power supply circuit, the first bonding pad is electrically connected with the attack detection circuit and the power supply circuit, the attack detection circuit is used for detecting whether the security chip is attacked or not, and the power supply circuit is used for supplying power to the security chip body; the conductive component is arranged on the upper surface of the security chip body, is electrically connected with the first bonding pad and is connected to the attack detection circuit and/or the power supply circuit through the first bonding pad; the plastic package is used for coating the security chip body and the conductive component; the conductive part is made of a nonmetal conductive material and can be dissolved in acid liquor, the attack detection circuit and/or the power supply circuit are/is triggered to protect the safety chip by the change of the conductive part, and the change of the conductive part comprises the absence of the conductive part or the change of the shape of the conductive part.
According to the embodiment of the application, an attacker needs to use acid liquor in the process of opening the cover of the security chip to attack the security chip body, the surface layer of the security chip body is provided with the conductive part which is conductive and can be dissolved in the acid liquor, and the conductive part is connected to the attack detection circuit and/or the power supply circuit of the security chip body through the first bonding pad. Therefore, when an attacker uncaps the safety chip, the conductive part can be dissolved in acid liquor used for uncapping, so that the change of the attack detection circuit and/or the power supply circuit can be caused, the protection mechanism of the safety chip is triggered, and the safety performance of the safety chip is improved.
Furthermore, the conductive part is made of a non-metal material, so that due to the characteristics of the used material, an attacker is difficult to accurately detect the position, the appearance and the like of the conductive part in the security chip through a nondestructive detection means, the attacker is difficult to reproduce or reproduce the conductive part after the security chip is uncovered, and the effective protection of the security chip can be further improved.
In one possible implementation, the electrically conductive component is soluble in nitric acid; or the conductive member may be dissolved in a mixed solution containing nitric acid.
In one possible implementation, the conductive component is a carbon-based conductive ink or doped zinc oxide.
In one possible implementation manner, the secure chip body further includes: the security chip comprises a passivation layer and an interconnection layer, wherein a window is arranged on the passivation layer, the first bonding pad is arranged below the window, the conductive part is arranged between the passivation layer and a top metal layer of the interconnection layer so as to be electrically connected with the first bonding pad, and the conductive part is exposed on the surface of the security chip body through the window.
In one possible implementation manner, the secure chip body further includes: the passivation layer is provided with a window, the first bonding pad is arranged below the window, and the conductive part is arranged above the passivation layer and covers the window to be electrically connected with the first bonding pad.
In one possible implementation, the conductive component overlaps a projection of a metal layer of an interconnection layer in the secure chip body, the metal layer being perpendicular to a surface of the secure chip body, the conductive component, the metal layer, and the passivation layer between the conductive component and the metal layer forming a capacitor in the attack detection circuit, the attack detection circuit protecting the secure chip when a change in capacitance of the capacitor is detected.
In a possible implementation manner, the at least one first pad includes a plurality of first pads, and the conductive component accesses the attack detection circuit through two first pads of the plurality of first pads to serve as a wire or a resistor in the attack detection circuit, and the attack detection circuit protects the security chip when the wire or the resistor is broken.
In a possible implementation manner, the security chip body further includes a second pad, the second pad is disposed on the upper surface of the security chip body, the internal circuit further includes a storage circuit, the storage circuit is configured to store data, the storage circuit is electrically connected to the second pad and the attack detection circuit, respectively, and the attack detection circuit protects the security chip, including: the attack detection circuitry performs at least one of the following actions: sending an alarm, erasing data stored in the storage circuit, restarting the security chip body and outputting an error result.
In a possible implementation manner, the conductive component is connected to the power circuit through the first pad to serve as a wire or a resistor in the power circuit, and the power circuit stops supplying power to the security chip body when the wire or the resistor is broken due to the loss of the conductive component or the change of the shape of the conductive component.
In a possible implementation manner, the internal circuit further includes a data processing circuit, the data processing circuit is configured to perform operation and processing on received data, the security chip body further includes a second pad, the second pad is disposed on the upper surface of the security chip body and electrically connected to the data processing circuit, the data processing circuit is further electrically connected to the attack detection circuit, and/or the data processing circuit is further electrically connected to the power supply circuit, and when the attack detection circuit and/or the power supply circuit protects the security chip, the data processing circuit does not perform operation on the data or perform error operation and error processing on the data.
In a possible implementation manner, the internal circuit further includes a storage circuit electrically connected to the second pad, the storage circuit is electrically connected to the data processing circuit and configured to receive the data after being operated and processed by the data processing circuit and store the data, the storage circuit is further electrically connected to the attack detection circuit, and/or the storage circuit is further electrically connected to the power supply circuit, and when the attack detection circuit and/or the power supply circuit protects the security chip, the storage circuit erases the stored data.
In a possible implementation manner, the security chip further includes a lead frame disposed below the security chip body, a third pad is formed on the lead frame, and the third pad is exposed below the security chip after the plastic package covers the security chip body and the conductive component; the second pad includes at least one of the following pads: the testing device comprises a testing pad, an input/output pad, a power supply pad and a grounding pad, wherein the input/output pad, the power supply pad and the grounding pad are electrically connected with a third pad, and the testing pad is not electrically connected with the third pad.
In a second aspect, an electronic device is provided, which includes a data transmission chip for transmitting data; the secure chip described in the first aspect and any one of the possible embodiments of the first aspect, the secure chip is connected to the data transmission chip.
Drawings
Fig. 1 is a schematic diagram of a security chip of an embodiment of the present application.
Fig. 2 is a schematic diagram of a security chip of an embodiment of the present application.
Fig. 3 is a schematic diagram of the security chip according to the embodiment of the present application after being opened.
Fig. 4-6 are schematic diagrams of the location of the first pad in the security chip of an embodiment of the application.
Fig. 7 is a specific schematic diagram of a security chip according to an embodiment of the present application.
Fig. 8 is an attack detection circuit according to an embodiment of the present application.
Fig. 9 is another specific schematic diagram of a security chip of an embodiment of the present application.
Fig. 10 is a further detailed schematic diagram of a security chip of an embodiment of the present application.
Fig. 11 is a schematic block diagram of an electronic device of an embodiment of the present application.
Detailed Description
The technical solution in the present application will be described below with reference to the accompanying drawings.
The embodiment of the application is applicable to various chips, and is not limited to specific sizes, processes, realized functions and the like of the chips. The embodiment of the application is particularly suitable for special chips or security chips which can execute complex encryption and decryption algorithms. For example, the Security chip may be an embedded Security chip (eSE), a biochip (e.g., a fingerprint sensor chip), a chip provided with various functional circuits (e.g., a processor chip), various chips in the field of internet of things, and the like. For example, the secure chip may be used in conjunction with a Near Field Communication (NFC) chip to implement NFC card payment, authentication, and other functions, and the secure chip may include elements such as a transistor, a resistor, a capacitor, and an inductor, and wired devices. For example, the security chip may be a microelectronic device or component carrying an Integrated Circuit (IC). This is not a particular limitation of the present application.
As a common application scenario, the chip provided by the embodiment of the application can be applied to mobile terminals such as smart phones, tablet computers, wearable devices, smart homes and smart vehicles, or other electronic devices such as servers, supercomputing devices and security devices.
In order to prevent an attacker from acquiring and tampering sensitive data in the storage area of the secure chip, the secure chip may be generally designed to store the sensitive data in the secure chip only in a specific manner by an authenticated user, so as to ensure validity and reliability of the sensitive data.
However, in order to obtain the sensitive data stored inside the security chip or perform reverse/reverse engineering on the security chip, an attacker often uses various invasive, semi-invasive, non-invasive and other attack means to attack the security chip, which may include laser attack, bypass attack, electromagnetic attack, Focused Ion Beam (FIB), microprobe attack, and the like. The non-invasive attack is carried out on the security chip without removing the packaging structure of the security chip, so that the non-invasive attack is non-destructive, and the attacked security chip has high probability of continuing normal work.
The semi-invasive attack refers to an attack means, such as laser attack, for analyzing data and operation state in the security chip in a reversed phase mode by means of collected information such as image signals and optical signals after a packaging structure of the security chip is opened. The semi-invasive attack does not require removal of the passivation layer of the security chip and does not require modification of the internal circuitry of the security chip.
The invasive attack refers to a mode of opening a packaging structure of the security chip through violence, and directly modifying the security chip through means such as a microprobe and an FIB to acquire information of the security chip.
It can be seen that the semi-invasive attack and the invasive attack are premised on uncovering, that is, the specific attack can be implemented only by removing the packaging material on the surface of the secure chip to expose the bare chip of the secure chip. If an effective uncovering detection protection structure is added on the security chip, most attacks can be resisted, and the security of the security chip is improved. However, the existing uncovering detection protection structure is high in cost or can be easily cracked.
For example, in a cap opening detection protection structure, a packaging structure of a security chip may be a ceramic material; or, in another open-cover detection protection structure, the bare chip of the safety chip is bonded with anticorrosive materials on the double surfaces. Compared with common epoxy resin plastic package, the two protection structures have higher cost, only increase the cover opening difficulty, and an attacker still can open the cover by using a chemical corrosion combined physical mode. For another example, in another structure for detecting and protecting uncapping, an additional metal cover plate may be added to the packaging structure of the security chip, and the security chip may be protected by detecting a resistance change of the metal cover plate. However, an attacker can completely expose the die of the security chip by means of a chemical decap without damaging the metal cover plate.
In view of this, an embodiment of the present application provides a security chip, which can effectively improve the security performance of the security chip at a lower cost.
Hereinafter, the security chip according to the embodiment of the present application will be described in detail with reference to fig. 1 to 10.
It should be noted that, for convenience of description, like reference numerals denote like parts in the embodiments of the present application, and a detailed description of the like parts is omitted in different embodiments for the sake of brevity. It should be understood that the thickness, length, width and other dimensions of the various components in the embodiments of the present application and the overall thickness, length, width and other dimensions of the integrated device shown in the drawings are only exemplary and should not constitute any limitation to the present application.
Fig. 1 is a schematic structural diagram of a security chip 100 according to an embodiment of the present application. The secure chip 100 may include a secure chip body 110, a conductive member 120, and a molding 130. It should be noted that the secure chip 100 may correspond to the package structure of the secure chip in the foregoing, and the secure chip body 110 may correspond to the secure chip in the foregoing.
The secure chip body 110 includes an internal circuit 111 and a first pad 113, the internal circuit 111 may include an attack detection circuit and/or a power supply circuit, the attack detection circuit may be configured to detect whether the secure chip 100 is attacked, the power supply circuit may be configured to supply power to the secure chip body 110, and the first pad 113 is connected to the attack detection circuit and/or the power supply circuit. At least part of the conductive component 120 is disposed on the upper surface of the security chip body 110, the conductive component 120 is electrically connected to the first bonding pad 113 and is connected to the attack detection circuit and/or the power supply circuit through the first bonding pad 113, the conductive component 120 is conductive and can be dissolved in an acid solution, and the change of the conductive component 120 can trigger the protection of the attack detection circuit and/or the power supply circuit on the security chip body 110. The molding member 130 is used to cover the security chip body 110 and the conductive member 120, so that the first bonding pad 113 is not exposed outside the security chip 100.
Alternatively, the "variation of the conductive member 120" may include: the conductive member 120 is missing or the shape of the conductive member 120 is changed.
It should be understood that the conductive member 120 of the embodiments of the present application may also be expressed by other names. For example, the conductive member 120 may also be referred to as a safety bridge.
It should also be understood that the term "and/or" herein is merely one type of association that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone.
According to the embodiment of the application, an attacker needs to use acid liquor in the process of opening the cover of the security chip to attack the security chip body, the surface layer of the security chip body is provided with the conductive part which is conductive and can be dissolved in the acid liquor, and the conductive part is connected to the attack detection circuit and/or the power supply circuit of the security chip body through the first bonding pad. Therefore, when an attacker uncaps the safety chip, the conductive part can be dissolved in acid liquor used for uncapping, so that the change of the attack detection circuit and/or the power supply circuit can be caused, the protection mechanism of the safety chip is triggered, and the safety performance of the safety chip is improved.
The secure chip body 110 may further include a second pad 112 in addition to the first pad 113, and the second pad 112 is disposed on the upper surface of the secure chip body 110. Illustratively, the second pads may include a test pad, an input/output pad (i.e., an I/O pad), a power pad, a ground pad, and the like, the test pad is a pad used for testing before the secure chip 100 is packaged, the I/O pad may be connected to an external circuit for implementing an input/output signal, and the power pad is used for implementing a power supply function. In addition, the molding member 130 covers the second pad 112, i.e. the second pad 112 is not exposed on the outer surface of the security chip 100.
The internal circuit 111 may include a data processing circuit, in addition to the attack detection circuit and/or the power supply circuit, connected to the second pad 112, for operating and processing data. Optionally, the data processing circuit may be further electrically connected to the attack detection circuit, and/or the data processing circuit may be further electrically connected to the power supply circuit, and when the attack detection circuit and/or the power supply circuit protects the security chip 100, the data processing circuit may not perform operation on data or perform error operation and error processing on data, and the like.
The internal circuit 111 may further include a storage circuit electrically connected to the second pad 112 and to the data processing circuit, for receiving data operated and processed by the data processing circuit and storing the data. Optionally, the storage circuit may be further electrically connected to the attack detection circuit, and/or the storage circuit may be further electrically connected to the power supply circuit, and the storage circuit may erase stored data when the attack detection circuit and/or the power supply circuit protects the security chip 100.
Alternatively, the data Processing circuit may be a Central Processing Unit (CPU). Of course, the data processing Circuit may be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable Logic Devices (PLDs), discrete Gate or transistor Logic devices, discrete hardware components, etc.
Alternatively, the Memory circuit may be a Dynamic Random Access Memory (DRAM) circuit. Of course, the Memory circuit may also be other types of Memory circuits, such as other Random Access Memory (RAM) circuits, Read Only Memory (ROM) circuits, Flash Memory (Flash), and the like.
Optionally, except for different connected circuits, in other aspects, such as manufacturing process, the first pad 113 and the second pad 112 may be the same, so that an attacker cannot determine which pads of the secure chip body are the first pads, which may further improve the protection mechanism of the secure chip.
The secure chip 100 may further include a lead frame (lead frame) 140 disposed below the secure chip body 110, and the lead frame 140 may be connected to the secure chip body 110 by an adhesive layer. The lead frame 140 has a third bonding pad formed thereon, and the third bonding pad is exposed below the security chip 100 after the molding member 130 includes the security chip body 110 and the conductive member 120.
Alternatively, if the second pad includes a test pad, an I/O pad, a power pad, and a ground pad, the test pad may not be electrically connected to the third pad, and the I/O pad, the power pad, and the ground pad may be electrically connected to the third pad, for example, by gold wire bonding.
It should be understood that, in the embodiments of the present application, the terms "first", "second" and "third" are merely used to distinguish different objects, and do not limit the scope of the embodiments of the present application.
As shown in fig. 2 and 3, fig. 2 is a schematic diagram of the secure chip 100, a packaging manner of the secure chip 100 in fig. 2 is a Quad Flat No-lead package (QFN), and fig. 3 is a schematic diagram of an attacker after the cover of the secure chip 100 is opened. It can be seen that after an attacker makes a decapping attack on the security chip 100, the security chip 100 in fig. 3 does not include the conductive member 120 because the conductive member 120 is dissolved in the acid solution used for decapping, that is, the conductive member 120 is completely dissolved in the acid solution. Of course, when the attacker opens the lid of the security chip 100, only a part of the conductive member 120 may be dissolved in the acid solution.
The uncapping acid solution used by the attacker may be nitric acid or a mixed solution containing nitric acid, for example, the mixed solution containing nitric acid may be a mixed solution of nitric acid and sulfuric acid. That is, the conductive member 120 may be any conductive material that is soluble in nitric acid; alternatively, the conductive member 120 may be any conductive material dissolved in a mixed solution containing nitric acid.
Alternatively, the conductive member 120 may be a metallic conductive material.
Alternatively, the conductive member 120 may be a non-metallic conductive material. For example, the conductive component 120 may be made of a material close to the element of the molding compound of the security chip 100, for example, the conductive component 120 and the element of the molding compound of the security chip 100 may both include elements such as carbon, hydrogen, and the like. It should be noted that although the material element of the conductive member 120 is close to the material element of the molding compound of the security chip, the conductive member 120 is conductive, and the molding compound is an insulator.
The material elements of the conductive part are close to those of the plastic packaging material, so that an attacker cannot determine the position of the conductive part in the security chip and cannot avoid the conductive part when the security chip is subjected to uncovering attack, and the security performance of the security chip can be further improved.
For example, the conductive member 120 may be a conductive ink applied by a screen printing process, and preferably, the conductive member 120 may be a carbon-based conductive ink. As another example, the conductive feature 120 may be a conductive oxide, such as doped zinc oxide, grown by a physical vapor deposition or chemical vapor deposition process. Preferably, the conductive member 120 may be Aluminum-doped zinc oxide (AZO) or Indium-doped zinc oxide (IZO).
Since an attacker often adopts a nondestructive method, such as detection means such as X-ray and the like to detect the internal structure of the security chip body, and selects the most appropriate uncapping scheme according to the detected internal structure of the security chip body, the nondestructive detection means are effective on metal materials. According to the technical scheme, the conductive part is made of the nonmetal material, so that due to the characteristics of the used material, an attacker is difficult to accurately detect the position, the appearance and the like of the conductive part in the security chip through a nondestructive detection means, the attacker is difficult to reproduce or reproduce the conductive part after the security chip is uncovered, and the effective protection of the security chip can be further improved.
Further, since the conductive component is generally the conductive ink and the like described above, compared with some current schemes, such as adding an anti-corrosion material and a ceramic package, the manufacturing cost of the conductive component is lower, so that the security performance of the security chip can be effectively improved at a lower cost.
The position of the conductive member 120 within the security chip 100 is related to the position of the first pad 113, and the position of the first pad 113 will be described in detail first.
In one implementation, the plurality of first pads 113 may be discretely distributed on the entire upper surface of the secure chip body 110, or, as shown in fig. 4 to 6, the plurality of first pads 113 may be discretely distributed at partial positions of the upper surface of the secure chip body 110.
Fig. 4-6 are top views of the security chip body 110, and it can be seen that the security chip body 110 includes a test pad and an I/O pad in addition to the first pad 113, and a part of the pads in the security chip body are connected with a conductive component, so that the cost of the conductive component can be reduced, and the manufacturing cost of the security chip can be further reduced.
The first bonding pad 113 in fig. 4 is disposed at the upper left corner region of the upper surface of the security chip body 110, the first bonding pad 113 in fig. 5 is disposed at the outermost circle of the upper surface of the security chip body 110, and the first bonding pad 113 in fig. 6 is disposed at the middle position of the upper surface of the security chip body 110.
Regarding the position of the conductive member 120 within the secure chip 100, as an example, referring again to fig. 2, when the plurality of first pads 113 are discretely distributed over the entire upper surface of the secure chip body 110, the conductive member 120 may cover the entire upper surface of the secure chip body 110. At this time, the security chip body 110 may not include a passivation layer, so that the security performance of the chip is improved while the number of process steps is reduced, thereby reducing the cost as a whole. Wherein the passivation layer may serve to insulate the security chip 100 from the external environment.
The conductive part covers the whole upper surface of the safety chip body, so that when an attacker attacks the safety chip, no matter which angle the attacker uncaps the safety chip, the conductive part can be dissolved in acid liquor used by the attacker in the first time, and therefore the attack detection circuit and/or the power supply circuit of the safety chip body can be changed in a short time, and the protection mechanism of the safety chip is triggered.
As another example, the conductive member 120 may be disposed at a partial position of the upper surface of the security chip body 110. For example, referring to fig. 4-6 again, if the first pads 113 are disposed as shown in fig. 4, the conductive members 120 may be disposed at the upper left corner of the upper surface of the security chip body 110; if the first pad 113 is disposed as shown in fig. 5, the conductive member 120 may be disposed at an outermost position of the upper surface of the security chip body 110, or may be disposed at an upper right corner of the upper surface of the security chip body 110; if the first pad 113 is disposed as shown in fig. 6, the conductive member 120 may be disposed at an intermediate position on the upper surface of the security chip body 110.
The conductive component is arranged on part of the upper surface of the security chip body, so that the manufacturing cost of the security chip can be reduced.
It should be understood that the arrangement of the conductive component in the security chip and the arrangement of the first pad shown in fig. 4 to 6 described above are merely examples, and the conductive component and the first pad may be arranged at other positions of the security chip, which is not specifically limited in the embodiment of the present application.
Optionally, in this embodiment of the application, the security chip body 110 may further include a passivation layer 132, a window is disposed on the passivation layer 132, and the first pad 113 is disposed below the window. Further, the secure chip 110 may further include an interconnection layer 133. The interconnect layer 133 may include a conductive metal layer 1501 and an insulating interlayer dielectric layer 1502, and the passivation layer 132 is disposed on the upper surface of the interconnect layer 133.
The material of the metal layer 1501 includes, but is not limited to, one or more of the following materials:titanium (Ti), copper (Cu), aluminum (Al), molybdenum (Mo), nickel (Ni), gold (Au), palladium (Pd), or titanium nitride (TiN), tantalum nitride (TaN), or the like. The interlevel dielectric layer 1502 may include, but is not limited to: silicon oxide (SiO)2) Silicon nitride (SiN), silicon carbide nitride (SiCN), Polyimide (PI), Polybenzoxazole (PBO), and Benzocyclobutene (BCB).
In this case, the conductive member 120 may be disposed in two ways in the security chip 100, which will be described separately below.
Mode 1
A conductive member 120 may be disposed over the passivation layer 132 and cover the window to electrically connect the first pad 113.
Referring to fig. 7, fig. 7 is a schematic diagram of a specific structure of the security chip 100. The secure chip 100 may include a conductive member 120 and a secure chip body 110. The security chip body 110 may include a first pad 113, a passivation layer 132, an interconnection layer 133, a device layer 134, and a substrate 135, where the interconnection layer 133 may be a trace of the internal circuit 111, and the device layer 134 may be a component in the internal circuit 111. The internal circuit of the security chip body is composed of physical structures such as a device layer and an interconnection layer, so that functions such as encryption and random number generation in the security chip body are achieved. As can be seen in fig. 7, the security conductive feature 120 is disposed over the passivation layer 132 and covers the window on the passivation layer 132.
In this implementation, in the process of manufacturing the security chip 100, the passivation layer 132 may be first prepared on a Wafer (Wafer), and then the conductive feature 120 may be grown on the upper surface of the passivation layer 132.
In mode 1, in one implementation, the internal circuitry 111 of the secure chip body may include attack detection circuitry.
As a possible embodiment, the conductive member 120 may access the attack detection circuit through a plurality of first pads (e.g., two first pads in fig. 4) of the first pads 113 to serve as a wire or a resistor in the attack detection circuit, so that the attack detection circuit may protect the security chip 100 when the wire or the resistor is broken.
The protection of the security chip 100 by the attack detection circuit when the wire or the resistor is broken may include, but is not limited to:
A. an alarm is given, for example, the alarm signal in a normal condition is "0", and after the security chip 100 is attacked, the alarm signal output by the attack detection circuit is "1"; for another example, an electronic device including a security chip may sound an alarm, such as a beep or beep, or a display of the electronic device may output a text such as "hack".
B. The data stored in the storage circuit can be erased, which is the whole data stored in the storage circuit, or can be erased according to the security level of the data stored in the storage circuit, for example, the data with the highest security level can be erased;
C. restarting the secure chip body 110;
D. the output error results, for example, the output results may all be "0" or all be "1", or data not stored by the memory circuit itself may be output to let an attacker get the erroneous data.
It should be understood that the specific examples in the embodiments of the present application are for the purpose of promoting a better understanding of the embodiments of the invention, and are not intended to limit the scope of the embodiments of the present application.
It should also be understood that the attack detection circuit is not particularly limited in this embodiment, and any circuit that can implement the above-described functions may be used as the attack detection circuit in this embodiment.
For example, in the attack detection circuit, one end of the conductive member 120 may be connected to a power source and one end to ground.
As yet another example, fig. 8 shows one possible attack detection circuit. The resistor in fig. 8 is the conductive element 120. Under normal conditions, the voltage at the detection point in the attack detection circuit is high, and the alarm signal output by the attack detection circuit is "0" (or "1"). When the resistor is broken after an attacker attacks the security chip 100, the potential at the detection point is lowered, and the alarm signal outputted from the attack detection circuit becomes "1" (or "0").
In another possible embodiment, as shown in fig. 9, the conductive component 120 may overlap with a projection of the metal layer 1501 in the interconnection layer 133 on a surface perpendicular to the secure chip body 110, so that the conductive component 120 and the metal layer 1501 together with the passivation layer 132 in between the conductive component 120 and the metal layer 1501 may form a capacitor (as shown by a dashed box in fig. 9) in an attack detection circuit, which may shield the secure chip 100 when a change in the capacitance value of the capacitor is detected. The conductive part, the metal layer and the passivation layer in the security chip form a capacitor in the internal circuit, so that when an attacker attacks the security chip, the capacitance value of the capacitor can be changed as long as the conductive part is slightly changed, the detection precision of the internal circuit can be improved, and the security chip can be effectively protected.
The capacitance value of the capacitor is proportional to the size of the area where the conductive member 120 overlaps the metal layer 1501. The change in area of the conductive member 120 may cause a change in capacitance. The capacitance value of the capacitor may be changed such that the capacitance of the capacitor becomes larger or smaller.
In this embodiment, when the capacitance value of the capacitor changes, the attack detection circuit protects the security chip 100, which may include but is not limited to: alarm, erase data stored in the memory circuit, restart the secure chip body 110, output an error result, and the like.
In another implementation, the internal circuit 111 may include a power circuit, and the conductive component 120 may be connected to the power circuit through at least a part of the first pads 113, so that the power circuit may stop supplying power to the secure chip body 110 when the conductive component 120 changes, so that the secure chip body 110 cannot be powered up. For example, the conductive member 120 may be used as a wire or a resistor of the power circuit after the power circuit is connected, so that the power circuit may stop supplying power to the security chip body 110 when the wire or the resistor is disconnected.
Mode 2
As shown in fig. 10, the conductive member 120 may be disposed between the passivation layer 132 and the interconnection layer 133, i.e., the conductive member 120 may be disposed under the passivation layer 132 and between the top metal layers of the interconnection layer 133 to electrically connect the first pads 113, and the conductive member 120 is at least partially exposed to the surface of the security chip body 110 through the window on the passivation layer 132, i.e., the conductive member 120 may be at least partially exposed through the window of the passivation layer 132.
In this implementation, in the process of manufacturing the security chip 100, the conductive element 120 may be first manufactured on the wafer, and then the passivation layer 132 may be grown on the upper surface of the conductive element 120.
In mode 2, in one implementation, the internal circuitry 111 of the secure chip body may include attack detection circuitry.
As a possible embodiment, the conductive member 120 may access the attack detection circuit through a plurality of first pads (e.g., two first pads in fig. 4) of the first pads 113 to serve as a wire or a resistor in the attack detection circuit, so that the attack detection circuit may protect the security chip 100 when the wire or the resistor is broken.
Optionally, the attack detection circuit protects the security chip 100 when a wire or a resistor is broken, and may include but is not limited to: alarm, erase data stored in the memory circuit, restart the secure chip body 110, output an error result, and the like.
In another implementation, the internal circuit 111 may include a power circuit, and the conductive component 120 may be connected to the power circuit through at least a part of the first pads 113, so that the power circuit may stop supplying power to the secure chip body 110 when the conductive component 120 changes, so that the secure chip body 110 cannot be powered up.
It should be noted that, for a specific implementation manner of the manner 2, reference may be made to the description of the manner 1, and here, for brevity of the content, detailed description is not repeated.
It should be understood that, herein, the above fig. 1 to fig. 10 are only exemplary illustrations of the security chip, and in other embodiments, it may be understood that the security chip in fig. 1 to fig. 10 is spatially rotated, or structurally symmetrically arranged, and the like, which all fall within the protection scope of the present application, and specific solutions may refer to the above description and are not described herein again.
An electronic device is further provided in this embodiment of the present application, as shown in fig. 11, the electronic device 200 may include a secure chip 210 and a data transmission chip 220, and the secure chip 210 may be the secure chip 100 in the foregoing embodiments. By way of example and not limitation, the electronic device in the embodiments of the present application may be a portable or mobile computing device such as a terminal device, a mobile phone, a tablet computer, a notebook computer, a desktop computer, a game device, an in-vehicle electronic device, or a wearable smart device, and other electronic devices such as an electronic database, an automobile, and an Automated Teller Machine (ATM). This wearable smart machine includes that the function is complete, the size is big, can not rely on the smart mobile phone to realize complete or partial function, for example: smart watches or smart glasses and the like, and only focus on a certain type of application function, and need to be used in cooperation with other devices such as smart phones, such as various smart bracelets for physical sign monitoring, smart jewelry and other devices.
The data transmission chip 220 may be used to transmit data and is connected to the security chip 210. Illustratively, the data transmission chip 220 may be an NFC chip, and cooperates with the secure chip 210 to implement NFC card payment, authentication, and other functions. Alternatively, the data transmission chip 220 may be a chip or the like that performs network communication or data transmission.
Optionally, the electronic device 200 may further include: a display screen. Illustratively, when the security chip 210 is attacked, the display screen may be used to display words such as "attacked" to remind the user of the attack.
The display screen may be a non-foldable display screen or a foldable display screen, that is, a flexible display screen, which is not specifically limited in this application.
It should be noted that, without conflict, the embodiments and/or technical features in the embodiments described in the present application may be arbitrarily combined with each other, and the technical solutions obtained after the combination also fall within the protection scope of the present application.
It is to be understood that the terminology used in the embodiments of the present application and the appended claims is for the purpose of describing particular embodiments only and is not intended to be limiting of the embodiments of the present application. For example, as used in the examples of this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
Those of ordinary skill in the art will appreciate that the elements of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the several embodiments provided in the present application, it should be understood that the disclosed system and apparatus may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiments of the present application.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially or partially contributed by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
While the invention has been described with reference to specific embodiments, the scope of the invention is not limited thereto, and those skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (13)
1. A security chip, comprising:
the security chip comprises a security chip body and a chip protection circuit, wherein the security chip body comprises an internal circuit and at least one first bonding pad, the internal circuit comprises an attack detection circuit and a power supply circuit, the first bonding pad is electrically connected with the attack detection circuit and/or the power supply circuit, the attack detection circuit is used for detecting whether the security chip is attacked or not, and the power supply circuit is used for supplying power to the security chip body;
the conductive component is arranged on the upper surface of the security chip body, is electrically connected with the first bonding pad and is connected to the attack detection circuit and/or the power supply circuit through the first bonding pad;
the plastic package is used for coating the security chip body and the conductive component;
the conductive part is made of a nonmetal conductive material and can be dissolved in acid liquor, the attack detection circuit and/or the power supply circuit are/is triggered to protect the safety chip by the change of the conductive part, and the change of the conductive part comprises the absence of the conductive part or the change of the shape of the conductive part.
2. The security chip of claim 1, wherein said conductive means is soluble in nitric acid; alternatively, the conductive member may be dissolved in a mixed solution containing nitric acid.
3. The security chip according to claim 1, wherein the conductive means is a carbon-based conductive ink or doped zinc oxide.
4. The security chip according to any one of claims 1 to 3, wherein the security chip body further comprises: the security chip comprises a passivation layer and an interconnection layer, wherein a window is arranged on the passivation layer, the first bonding pad is arranged below the window, the conductive part is arranged between the passivation layer and a top metal layer of the interconnection layer so as to be electrically connected with the first bonding pad, and the conductive part is exposed on the surface of the security chip body through the window.
5. The security chip according to any one of claims 1 to 3, wherein the security chip body further comprises a passivation layer, wherein a window is disposed on the passivation layer, the first pad is disposed below the window, and the conductive member is disposed over the passivation layer and covers the window to electrically connect the first pad.
6. The security chip according to claim 5, wherein the conductive member overlaps a projection of a metal layer of an interconnect layer in the security chip body perpendicular to a surface of the security chip body, the conductive member, the metal layer, and the passivation layer intermediate the conductive member and the metal layer forming a capacitor in the attack detection circuit, the attack detection circuit safeguarding the security chip upon detection of a change in capacitance of the capacitor.
7. The security chip of claim 4, wherein the at least one first pad comprises a plurality of first pads, and wherein the conductive member accesses the attack detection circuit through two of the plurality of first pads as a wire or a resistor in the attack detection circuit, and wherein the attack detection circuit protects the security chip when the wire or the resistor is open.
8. The security chip according to claim 7, wherein the security chip body further includes a second pad disposed on an upper surface of the security chip body, the internal circuit further includes a storage circuit for storing data, the storage circuit is electrically connected to the second pad and the attack detection circuit, respectively, and the attack detection circuit protects the security chip, including:
the attack detection circuitry performs at least one of the following actions: sending an alarm, erasing data stored in the storage circuit, restarting the security chip body and outputting an error result.
9. The security chip according to any one of claims 1 to 3, wherein the conductive member is connected to the power supply circuit through the first pad to serve as a wire or a resistor in the power supply circuit, and the power supply circuit stops power supply to the security chip body when the wire or the resistor is broken due to the absence of the conductive member or the change in the shape of the conductive member.
10. The security chip according to any one of claims 1 to 3, wherein the internal circuit further includes a data processing circuit, the data processing circuit is configured to perform operations and processing on data, the security chip body further includes a second pad, the second pad is disposed on an upper surface of the security chip body and is electrically connected to the data processing circuit, the data processing circuit is further electrically connected to the attack detection circuit, and/or the data processing circuit is further electrically connected to the power supply circuit, and when the attack detection circuit and/or the power supply circuit protects the security chip, the data processing circuit does not perform operations on the data or performs error operations and error processing on the data.
11. The security chip according to claim 10, wherein the internal circuit further includes a storage circuit electrically connected to the second pad, the storage circuit is electrically connected to the data processing circuit, and is configured to receive the data processed and operated by the data processing circuit and store the data, the storage circuit is further electrically connected to the attack detection circuit, and/or the storage circuit is further electrically connected to the power supply circuit, and when the attack detection circuit and/or the power supply circuit protects the security chip, the storage circuit erases the stored data.
12. The security chip according to claim 10, wherein the security chip further comprises a lead frame disposed under the security chip body, the lead frame having a third bonding pad formed thereon, the third bonding pad being exposed under the security chip after the molding compound covers the security chip body and the conductive member,
the second pad includes at least one of the following pads: the testing device comprises a testing pad, an input/output pad, a power supply pad and a grounding pad, wherein the input/output pad, the power supply pad and the grounding pad are electrically connected with a third pad, and the testing pad is not electrically connected with the third pad.
13. An electronic device, comprising:
the data transmission chip is used for transmitting data;
a security chip connected to the data transmission chip, the security chip comprising the security chip of any one of claims 1 to 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010786765.8A CN111738391B (en) | 2020-08-07 | 2020-08-07 | Security chip and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010786765.8A CN111738391B (en) | 2020-08-07 | 2020-08-07 | Security chip and electronic device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111738391A true CN111738391A (en) | 2020-10-02 |
| CN111738391B CN111738391B (en) | 2020-11-17 |
Family
ID=72658243
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010786765.8A Active CN111738391B (en) | 2020-08-07 | 2020-08-07 | Security chip and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111738391B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5030796A (en) * | 1989-08-11 | 1991-07-09 | Rockwell International Corporation | Reverse-engineering resistant encapsulant for microelectric device |
| US20120199948A1 (en) * | 2011-02-09 | 2012-08-09 | Inside Secure | Semiconductor chip comprising protection means against a physical attack |
| CN103500740A (en) * | 2013-10-10 | 2014-01-08 | 北京昆腾微电子有限公司 | Chip capable of resisting invasive attack, manufacturing method thereof and attack detection method |
| CN103985674A (en) * | 2014-06-03 | 2014-08-13 | 山东华芯半导体有限公司 | Anti-attack structure of security chip and anti-attack method |
| CN107949853A (en) * | 2015-04-14 | 2018-04-20 | 第资本服务公司 | Anti-tamper dynamic transaction card and the method that anti-tamper dynamic transaction card is provided |
| CN109934022A (en) * | 2019-02-25 | 2019-06-25 | 天津大学 | Device and attack resistance method with the attack resistance chip for destroying structure |
-
2020
- 2020-08-07 CN CN202010786765.8A patent/CN111738391B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5030796A (en) * | 1989-08-11 | 1991-07-09 | Rockwell International Corporation | Reverse-engineering resistant encapsulant for microelectric device |
| US20120199948A1 (en) * | 2011-02-09 | 2012-08-09 | Inside Secure | Semiconductor chip comprising protection means against a physical attack |
| CN103500740A (en) * | 2013-10-10 | 2014-01-08 | 北京昆腾微电子有限公司 | Chip capable of resisting invasive attack, manufacturing method thereof and attack detection method |
| CN103985674A (en) * | 2014-06-03 | 2014-08-13 | 山东华芯半导体有限公司 | Anti-attack structure of security chip and anti-attack method |
| CN107949853A (en) * | 2015-04-14 | 2018-04-20 | 第资本服务公司 | Anti-tamper dynamic transaction card and the method that anti-tamper dynamic transaction card is provided |
| CN109934022A (en) * | 2019-02-25 | 2019-06-25 | 天津大学 | Device and attack resistance method with the attack resistance chip for destroying structure |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111738391B (en) | 2020-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Anderson et al. | Tamper resistance-a cautionary note | |
| US8836509B2 (en) | Security device | |
| US7923830B2 (en) | Package-on-package secure module having anti-tamper mesh in the substrate of the upper package | |
| JP5503526B2 (en) | Package-on-package secure module with BGA mesh cap | |
| US7791898B2 (en) | Security apparatus | |
| CN101772775B (en) | Tamper-resistant semiconductor device and methods of manufacturing thereof | |
| TW388942B (en) | Anti-tamper bond wire shield for an intergated circuit | |
| US7768005B2 (en) | Physically highly secure multi-chip assembly | |
| EP1700256B1 (en) | Protection for an integrated circuit chip containing confidential data | |
| JP2017028354A (en) | Electronic device network and chip authentication system | |
| US7812428B2 (en) | Secure connector grid array package | |
| CN102257516B (en) | For the equipment making electronic integrated circuit shell invade from physics or chemistry | |
| EP2431911B1 (en) | Device for protecting a connector and a communication wire of a memory-card reader. | |
| US20080088996A1 (en) | Active Protection Device for Protecting Circuit Against Mechanical and Electromagnetic Attack | |
| US10332373B1 (en) | Packaging supporting verification of package integrity and detection of related intrusion | |
| WO2022027535A1 (en) | Security chip and electronic device | |
| EP2241997A1 (en) | Memory card reader | |
| CN111738391B (en) | Security chip and electronic device | |
| US9226392B2 (en) | Tamper protection device and data transaction apparatus | |
| US20110264900A1 (en) | Method and arrangement for configuring electronic devices | |
| JP4836995B2 (en) | Integrated circuit module | |
| TW201601001A (en) | Secure element | |
| JP4181068B2 (en) | Integrated circuit module | |
| US20230401342A1 (en) | Electronic tampering detection | |
| Jones et al. | Retention of data in heat-damaged SIM cards and potential recovery methods |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |