AU3299302A - An encryption module - Google Patents

An encryption module Download PDF

Info

Publication number
AU3299302A
AU3299302A AU32993/02A AU3299302A AU3299302A AU 3299302 A AU3299302 A AU 3299302A AU 32993/02 A AU32993/02 A AU 32993/02A AU 3299302 A AU3299302 A AU 3299302A AU 3299302 A AU3299302 A AU 3299302A
Authority
AU
Australia
Prior art keywords
encryption module
adapter
printed circuit
circuit board
covers
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
AU32993/02A
Other versions
AU785229B2 (en
Inventor
Michael John Jackson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales DIS CPL Australia Pty Ltd
Original Assignee
Eracom Technologies Australia Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AUPR3898A external-priority patent/AUPR389801A0/en
Application filed by Eracom Technologies Australia Pty Ltd filed Critical Eracom Technologies Australia Pty Ltd
Priority to AU32993/02A priority Critical patent/AU785229B2/en
Publication of AU3299302A publication Critical patent/AU3299302A/en
Assigned to SAFENET AUSTRALIA PTY LIMITED reassignment SAFENET AUSTRALIA PTY LIMITED Amend patent request/document other than specification (104) Assignors: ERACOM TECHNOLOGIES AUSTRALIA PTY LTD
Application granted granted Critical
Publication of AU785229B2 publication Critical patent/AU785229B2/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Description

22/03 '0,2 FRI 11:16 FAX 61 2 9810 8200FBRIE&C.O0 F B RICE CO. [a 004
AUSTRALIA
Patents Act 1990 ERACOM TECHNOLOGIES AUSTRALIA PTY LTD COMPLETE SPECIFICATION STANDARD PATENT
C
Invention Title: An encryption module The following statement is a full description of this invention including the best method of performing it knowrn to us:- 22/03 '02 FRI 11:16 FAX 61 2 9810 8200 F B RICE CO. 1005 Title An Encryption Module Technical Field This invention concerns an encryption module, and in particular the physical security measures applied to such a module to maintain its operational integrity.
10 Background Art Encryption of data is commonly used to provide secure communication between parties over insecure networks, such as the Internet. Encryption may be performed by software or hardware, or by a combination of both.
Cryptographic adapters are used to enhance the security and speed of i15 encryption and decryption. The cryptographic adapter manages host computer access via a secure access policy implemented in firmware on the adapter.
Delegating intensive cryptographic processing from the host central processing unit (CPU) to such a dedicated device, enables faster transaction throughput .without degradation to the host's CPU.
S. 20 Steel enclosures are sometimes secured around cryptographic adapters to provide a physical security barrier. Attempts to remove the steel will often destroy the adapter within. The steel enclosures are generally provided with perforated areas to ventilate the adapter and limit heat build up during use.
Additional physical security measures include fine line circuit patterns around the electronics to complicate probing, and micro-pressure actuators to trigger tamper mechanisms.
Summary of the Invention The invention is an encryption module having a cryptographic adapter configured for connection to a host system bus to manage host computer access via a secure access policy implemented in firmware on the adapter, the adapter being encased in a sealed cover which is designed with thermal 22/03 '02 FRI 11:16 FAX 61 2 9810 8200 F B RICE CO. @o006 W 3 characteristics so that a steady state temperature is achieved during use that is safe for continuous operation of the cryptographic adapter. Also included in the module are tamper detection devices to provide an alert should attempts be made to remove the cover, and software configurable tamper detection to induce a tamper response upon removal of adapter from the host system bus.
The electronics of the adapter may be mounted on a PCB (Printed Circuit Board) which include slots and rebates to cooperate with flanges and recesses on the half covers to allow them to fit together capturing the PCB between them. The cover may comprise two half covers made of opaque 10 polycarbonate material and ultrasonically welded together.
A daughterboard may be included, sitting above the PCB, to house memory devices.
99 The tamper detecting mechanisms may include: Light sensing devices, Micro-pressure switches.
15 The physical barrier provided by the cover prevents physical access to the printed circuit board and electronic components.
Polycarbonate is the preferred material because of its physical properties, such as impact resistance, fire retardation, good dimensional stability and low creep. Polycarbonate is a physically strong material but is able 20 to display evidence of an attack and signs of forced entry to the module, such as scrapes and scratches and the traces of knife cuts and stabs on its surfaces.
Polycarbonate has a Rockwell hardness of M70 and Izod Impact strength (J m" 1) of 600-850. Polycarbonate has a thermal conductivity at 23'C (W m"K' 1 with results 0.19-0.22 and thermal expansivity (x10 4 K'f) with results 66-70.
Packing the circuitry densely also helps to prevent logic probes being used effectively. Constant or random exponentiation times may be used to countermeasure timing attacks.
Brief Description of the Drawings An Example of the invention will now be described with reference to the accompanying drawings, in which: 22/03 '02 FRI 11:17 FAX 61 2 9810 8200 F B RICE CO.
0007 W4 Fig. 1 is an exploded view of a encryption module comprising of the front cover, cryptographic adapter and rear cover.
Fig. 2 is a diagram of the rear side of the cryptographic adapter indicating the location of micro-pressure switches.
Fig. 3 is a diagram of the front side of the cryptographic adapter indicating the location of other tamper detection switches.
Best Modes of the Invention Referring to figure 1, the encryption module comprises a front 10 cover 1 and a rear cover 2 enclosing the electronics components of a cryptographic adapter indicated generally at 3. The electronics components are housed on a one half length PCB 4, with dimensions 98mm by 205mm, and memory devices are housed on an upside down daughterboard 5. The daughterboard is connected to the PCB and separated from it using a spacer 6.
S 15 The daughterboard is arranged upside down against the PCB to minimise space within the enclosure and to provide added security for the memory devices by facing them inwardly and also by having the rear side of the daughterboard facing the front cover.
Front cover 1 has recesses 10, 11, 12 and 13, and rear cover 2 has *20 flanges 20, 21, 22 and 23. The PCB 4 has four slots at 40, 41, 42, and 43 and two rebates 44 and Front cover 1 and rear cover 2 are made of polycarbonate material and are fitted together so that slot 40 in PCB 4 allows flange 20 in rear cover 2 to pass through it and join with recess 10 in front cover 1. Similarly, slot 41 allows flange 21 to join with recess 11. Slot 42 allows flange 22 to join with recess 12.
Slot 43 allows flange 23 to join with recess 13.
After the front and rear covers are fitted together, they are ultrasonically welded to form a sealed enclosure. Rebates 44 and 45 allow for the covers 1 and 3 to fully enclose the PCB 4 and the daughterboard 5. Also rebate allows flange 31 to fully seal rear cover 2 beneath front cover 1. This seal is continuous along the top section of the PCB 4 which is a vulnerable section 22/03 '02 FRI 11:17 FAX 61 2 9810 8200 F B RICE CO. 008 S once installed into a computer. The rebate 30 provides additional strength to the enclosure when flange 31 is ultrasonically welded to the top section of front cover 1. The rebates on PCB 4 allow an interlocking configuration of front cover 1, rear cover 2 and PCB 4, resulting in permanent destruction to the PCB 4 when attempts are made at opening the enclosure.
When ultrasonically welding thermoplastics, a thermal rise occurs in the bonding areas, that is the contact points between the flanges of the rear cover 2 and the recesses of front cover 1. The thermal rise is produced by the absorption of mechanical vibrations, the reflection of the vibrations in the o.°o4.
0 connecting area, and the friction of the surfaces. Vibrations are introduced vertically, and frictional heat is produced so that the polycarbonate plasticises locally, forging an insoluble connection between the front and rear covers within a very short period of time. The joint quality is very uniform because the energy transfer, and the released internal heat remains constant and is limited to the joining area. The bonds between the front and rear covers are solid and homogenous since there is diffusion of polycarbonate material between the covers. A mm seam will have a strength approaching that of the original material.
The enclosure formed by the front and rear covers prevents direct 20 external access to the cryptographic processing elements and memory containing sensitive data. The seal between the front and rear covers has almost equal strength to the covers themselves, which makes it difficult to distinguish the seam after the front and rear covers have been ultrasonically welded together.
Low heat producing components have been specifically selected, such as a microprocessor designed for embedded applications to reduce the overall heat production of the adapter. Heat balancing ensures that the PCB and daughterboard reach a steady state temperature during use that is safe for continuous operation of the electronics. This removes the need for ventilation holes or perforations in the covers allowing for additional tamper detection such as the light sensitive switches, to be installed. The thermal conductivity of the 22/03 'a2 FRI 11:17 FAX 61 2 9810 8200 F B RICE CO. Q 009 W6 polycarbonate covers is low in comparison with materials such as metal, heat transfer convection is kept low as the heat transferred by the electronic components is proportional to the exposed surface area of the covers, and this ensures that radiation heat transfer is kept to a minimum, providing for very favourable thermal characteristics. When in operation, the thermal characteristics of the covers allow the adapter to reach a steady state temperature for safe operation of the electronic components on the PCB and daughterboard. Without having perforations in the enclosure would provide more effective and reliable operation of tamper detection components used S9 io10 within the enclosure and would also prevent other undetectable physical probing.
Within the enclosure formed by the covers there are tamper-detecting devices. These devices may include light sensitive devices, activated by opening the covers and allowing light to penetrate the enclosure. Also there are pressure switches, activated by lifting the covers away from the PCB.
As shown in figure 2, on the rear side of PCB 4, micro-pressure switches and actuators 50, 51, 52, 53 and 54 are strategically located. Turning to figure 3, on the front side of the PCB 4, micro-pressure switches with inbuilt actuators forming a single component 55, 56, 57 and 58 are strategically located. These 20 components are part of the integrated physical protection of the module in addition to the enclosure.
A tamper response mechanism is activated when an attempt to open the covers is detected or when the adapter is removed from the PCI slot. The tamper response mechanism removes power from the memory devices, resulting in an unknown and corrupt state within the memory devices, effectively erasing data stored within the memory devices. The module's tamper response will effectively destroy all sensitive information and cryptographic keys rather than exposing them.
Optical remote visible and audible alarms, or monitoring, can be attached to the PCB via an output link 22/03 '02 FRI 11:17 FAX 61 2 9810 8200 F B RICE CO. [010 07 An authenticated user can place the adapter into Transport Mode by disabling the "tamper upon removal of the adapter from the PCI slot" condition.
Tamper detection is active in poweron and poweroff states.
Although we have used the example of polycarbonate as the material for the covers, any other polymers or plastic resins would be a suitable substitute such as polyester or fibreglass. While plastics are all related, each resin has attributes that make it best suited to a particular environment or situation.
It is to be understood that numerous modifications may be made in the 10 illustrative embodiment of the invention and other arrangements may be devised without departing from the spirit and scope of the invention.
I. t will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive.
*og*e*

Claims (14)

1. An encryption module having a cryptographic adapter configured for connection to a host system bus to manage host computer access via a secure access policy implemented in firmware on the adapter, the adapter being encased in a sealed cover which is designed with thermal characteristics so that a steady state temperature is achieved during use that is safe for continuous operation of the cryptographic adapter, and the module further comprising tamper detection devices including a 10 software configurable tamper detection component to induce a tamper response upon removal of adapter from the host system bus.
An encryption module as claimed in claim 1, where the sealed cover comprises two half covers fitted together.
3. An encryption module as claimed in claim 2, where the electronics of the 15 adapter are mounted on a printed circuit board which includes slots and rebates, and the two half covers include flanges and recesses to cooperate with the slots and rebates and each other such that the half covers fitted together capture the printed circuit board between them.
4. An encryption module as claimed in claim 2 or 3, where the two half 20 covers are made of opaque plastics material.
An encryption module as claimed in claim 2, 3 or 4, where the two half covers are made from polycarbonate material.
6. An encryption module as claimed in claim 2, 3 or 4 where the two half covers are ultrasonically welded together.
7. An encryption module as claimed in any one of claims 3, 4, 5 or 6, where the two half covers are interlocked with the printed circuit board such that opening the sealed cover results in destruction of the printed circuit board.
8. An encryption module as claimed in any one of claims 3 to 7, where memory devices of the adapter are mounted on a daughterboard connected to the printed circuit board, and located within the sealed cover. 22/03 '02 FRI 11:18 FAX 61 2 9810 8200 F B RICE CO. 012 W9
9. An encryption module as claimed in claim 8, where the daughter board is located above the printed circuit board and upside down with respect to it.
An encryption module as claimed in any preceding claim, where the tamper detection devices are configured to give an alert signal if an attempt is made to remove the sealed cover.
11. An encryption module as claimed in any preceding claim, where the tamper response removes power from the cryptographic adapter and destroys any cryptographic keys stored in it.
12. An encryption module as claimed in any preceding claim, where the tamper detection devices include light sensing devices. t.
13. An encryption module as claimed in any preceding claim, where the tamper detection devices include micro-pressure switches.
14. An encryption module as claimed in any preceding claim, where the s15 circuitry is packed densely to prevent logic probes being used effectively. An encryption module substantially as hereinbefore described with reference to the accompanying drawings. Dated this twenty-first day of March 2002 Eracom Technologies Australia Pty Ltd Patent Attorneys for the Applicant: F B RICE CO
AU32993/02A 2001-03-22 2002-03-22 An encryption module Ceased AU785229B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU32993/02A AU785229B2 (en) 2001-03-22 2002-03-22 An encryption module

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
AUPR3898 2001-03-22
AUPR3898A AUPR389801A0 (en) 2001-03-22 2001-03-22 An encryption module
AU32993/02A AU785229B2 (en) 2001-03-22 2002-03-22 An encryption module

Publications (2)

Publication Number Publication Date
AU3299302A true AU3299302A (en) 2002-09-26
AU785229B2 AU785229B2 (en) 2006-11-23

Family

ID=25622297

Family Applications (1)

Application Number Title Priority Date Filing Date
AU32993/02A Ceased AU785229B2 (en) 2001-03-22 2002-03-22 An encryption module

Country Status (1)

Country Link
AU (1) AU785229B2 (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0852032A1 (en) * 1995-07-20 1998-07-08 Dallas Semiconductor Corporation Single chip microprocessor, math co-processor, random number generator, real-time clock and ram having a one-wire interface
DE29615221U1 (en) * 1996-08-31 1996-10-31 Hts Elektronik Gmbh Protection against electricity theft with electricity meters (registration of unauthorized removal of the terminal cover)
US6411884B1 (en) * 1998-09-28 2002-06-25 Lear Automotive Dearborn, Inc. Auto PC module enclosure

Also Published As

Publication number Publication date
AU785229B2 (en) 2006-11-23

Similar Documents

Publication Publication Date Title
US7015811B2 (en) Object management
EP3040902B1 (en) Usb security device and method
US5159629A (en) Data protection by detection of intrusion into electronic assemblies
KR100341665B1 (en) Confidential data processor with password and change detection
WO2010128939A1 (en) Arrangement for cooling tamper protected circuitry
US11080222B2 (en) Secure crypto module including optical glass security layer
US8732860B2 (en) System and method for securing data to be protected of a piece of equipment
US8284387B2 (en) Methods and systems for recognizing tamper events
US7518507B2 (en) Method and system to detect tampering of a closed chassis using a passive fiber optic sensor
AU785229B2 (en) An encryption module
JP3511467B2 (en) Security equipment
US7495554B2 (en) Clamshell protective encasement
US7719419B2 (en) Intrusion detection using pseudo-random binary sequences
JP2008065401A (en) Casing and casing constituting member
EP1370919A2 (en) Encryption module with physical security or protection
US20220327249A1 (en) Systems and methods for chassis intrusion detection
CN212586888U (en) Trigger structure for self-destruction of illegal shutdown data
EP1194828A1 (en) Apparatus and method for safeguarding electronic equipment from theft
KR20210021283A (en) Prevent tampering through computer
CN218866475U (en) Password device
CN209879511U (en) Internet of things safety computer
EP2892161B1 (en) Mobile terminal provided with security function
Yang et al. Security systems of point-of-sales devices
US20230134349A1 (en) Hardware protection module
EP1801723B1 (en) Device for verifying an identification code