AU785229B2 - An encryption module - Google Patents
An encryption module Download PDFInfo
- Publication number
- AU785229B2 AU785229B2 AU32993/02A AU3299302A AU785229B2 AU 785229 B2 AU785229 B2 AU 785229B2 AU 32993/02 A AU32993/02 A AU 32993/02A AU 3299302 A AU3299302 A AU 3299302A AU 785229 B2 AU785229 B2 AU 785229B2
- Authority
- AU
- Australia
- Prior art keywords
- encryption module
- adapter
- printed circuit
- circuit board
- covers
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Description
22/03 '0,2 FRI 11:16 FAX 61 2 9810 8200 FBRC O F B RICE CO. 16004
AUSTRALIA
Patents Act 1990 G 04 &WtA-rclk COMPLETE SPECIFICATION STANDARD PATENT Invention Title: An encryption module The following statement is a full description of this invention including the best method of performing it known to us:- 22/03 '02 FRI 11:16 FAX 61 2 9810 8200 F B RICE CO. 1005s W 2 Title An Encryption Module Technical Field This invention concerns an encryption module, and in particular the physical security measures applied to such a module to maintain its operational integrity.
10 Background Art Encryption of data is commonly used to provide secure communication between parties over insecure networks, such as the Internet. Encryption may be performed by software or hardware, or by a combination of both.
Cryptographic adapters are used to enhance the security and speed of 15 encryption and decryption. The cryptographic adapter manages host computer access via a secure access policy implemented in firmware on the adapter.
Delegating intensive cryptographic processing from the host central processing S unit (CPU) to such a dedicated device, enables faster transaction throughput without degradation to the host's CPU.
20 Steel enclosures are sometimes secured around cryptographic adapters to provide a physical security barrier. Attempts to remove the steel will often destroy the adapter within. The steel enclosures are generally provided with perforated areas to ventilate the adapter and limit heat build up during use.
Additional physical security measures include fine line circuit patterns around the electronics to complicate probing, and micro-pressure actuators to trigger tamper mechanisms.
Summary of the Invention The invention is an encryption module having a cryptographic adapter configured for connection to a host system bus to manage host computer access via a secure access policy implemented in firmware on the adapter, the adapter being encased in a sealed cover which is designed with thermal 22/03 '02 FRI 11:16 FAX 61 2 9810 8200 F B RICE CO. (006 S3 characteristics so that a steady state temperature is achieved during use that is safe for continuous operation of the cryptographic adapter. Also included in the module are tamper detection devices to provide an alert should attempts be made to remove the cover, and software configurable tamper detection to induce a tamper response upon removal of adapter from the host system bus.
The electronics of the adapter may be mounted on a PCB (Printed Circuit Board) which include slots and rebates to cooperate with flanges and recesses on the half covers to allow them to fit together capturing the PCB between them. The cover may comprise two half covers made of opaque polycarbonate material and ultrasonically welded together.
A daughterboard may be included, sitting above the PCB, to house memory devices.
The tamper detecting mechanisms may include: Light sensing devices, Micro-pressure switches.
The physical barrier provided by the cover prevents physical access to the printed circuit board and electronic components.
Polycarbonate is the preferred material because of its physical properties, such as impact resistance, fire retardation, good dimensional stability and low creep. Polycarbonate is a physically strong material but is able 20 to display evidence of an attack and signs of forced entry to the module, such as scrapes and scratches and the traces of knife cuts and stabs on its surfaces.
Polycarbonate has a Rockwell hardness of M70 and Izod Impact strength (J m' 1) of 600-850. Polycarbonate has a thermal conductivity at 23°C (W m"'K 1 with results 0.19-0.22 and thermal expansivity (xl 0K' 1 with results 66-70.
Packing the circuitry densely also helps to prevent logic probes being used effectively. Constant or random exponentiation times may be used to countermeasure timing attacks.
Brief Description of the Drawings An Example of the invention will now be described with reference to the accompanying drawings, in which: 22/03 '02 FRI 11:17 FAX 61 2 9810 8200 F B RICE CO.
*4 Fig. 1 is an exploded view of a encryption module comprising of the front cover, cryptographic adapter and rear cover.
Fig. 2 is a diagram of the rear side of the cryptographic adapter indicating the location of micro-pressure switches.
Fig. 3 is a diagram of the front side of the cryptographic adapter indicating the location of other tamper detection switches.
Best Modes of the Invention Referring to figure 1, the encryption module comprises a front S 10 cover 1 and a rear cover 2 enclosing the electronics components of a cryptographic adapter indicated generally at 3. The electronics components are housed on a one half length PCB 4, with dimensions 98mm by 205mm, and memory devices are housed on an upside down daughterboard 5. The daughterboard is connected to the PCB and separated from it using a spacer 6.
15 The daughterboard is arranged upside down against the PCB to minimise space within the enclosure and to provide added security for the memory devices by facing them inwardly and also by having the rear side of the daughterboard facing the front cover.
Front cover 1 has recesses 10, 11, 12 and 13, and rear cover 2 has 20 flanges 20, 21, 22 and 23. The PCB 4 has four slots at 40, 41, 42, and 43 and two rebates 44 and Front cover 1 and rear cover 2 are made of polycarbonate material and are fitted together so that slot 40 in PCB 4 allows flange 20 in rear cover 2 to pass through it and join with recess 10 in front cover 1. Similarly, slot 41 allows flange 21 to join with recess 11. Slot 42 allows flange 22 to join with recess 12.
Slot 43 allows flange 23 to join with recess 13.
After the front and rear covers are fitted together, they are ultrasonically welded to form a sealed enclosure. Rebates 44 and 45 allow for the covers 1 and 3 to fully enclose the PCB 4 and the daughterboard 5. Also rebate allows flange 31 to fully seal rear cover 2 beneath front cover 1. This seal is continuous along the top section of the PCB 4 which is a vulnerable section @]007 22/03 '02 FRI 11:17 FAX 61 2 9810 8200 F B RICE CO. 00oo8 once installed into a computer. The rebate 30 provides additional strength to the enclosure when flange 31 is ultrasonically welded to the top section of front cover 1. The rebates on PCB 4 allow an interlocking configuration of front cover 1, rear cover 2 and PCB 4, resulting in permanent destruction to the PCB 4 when attempts are made at opening the enclosure.
When ultrasonically welding thermoplastics, a thermal rise occurs in the bonding areas, that is the contact points between the flanges of the rear cover 2 and the recesses of front cover 1. The thermal rise is produced by the absorption of mechanical vibrations, the reflection of the vibrations in the connecting area, and the friction of the surfaces. Vibrations are introduced vertically, and frictional heat is produced so that the polycarbonate plasticises locally, forging an insoluble connection between the front and rear covers within a very short period of time. The joint quality is very uniform because the energy transfer, and the released internal heat remains constant and is limited to the S. 15 joining area. The bonds between the front and rear covers are solid and homogenous since there is diffusion of polycarbonate material between the covers. A 1/ mm seam will have a strength approaching that of the original material.
The enclosure formed by the front and rear covers prevents direct 2o external access to the cryptographic processing elements and memory containing sensitive data. The seal between the front and rear covers has almost equal strength to the covers themselves, which makes it difficult to distinguish the seam after the front and rear covers have been ultrasonically welded together.
Low heat producing components have been specifically selected, such as a microprocessor designed for embedded applications to reduce the overall heat production of the adapter. Heat balancing ensures that the PCB and daughterboard reach a steady state temperature during use that is safe for continuous operation of the electronics. This removes the need for ventilation holes or perforations in the covers allowing for additional tamper detection such as the light sensitive switches, to be installed. The thermal conductivity of the 22/03 '02 FRI 11:17 FAX 61 2 9810 8200 F B RICE CO.
S6 polycarbonate covers is low in comparison with materials such as metal, heat transfer convection is kept low as the heat transferred by the electronic components is proportional to the exposed surface area of the covers, and this ensures that radiation heat transfer is kept to a minimum, providing for very favourable thermal characteristics. When in operation, the thermal characteristics of the covers allow the adapter to reach a steady state temperature for safe operation of the electronic components on the PCB and daughterboard. Without having perforations in the enclosure would provide more effective and reliable operation of tamper detection components used S• 10 within the enclosure and would also prevent other undetectable physical probing.
.o Within the enclosure formed by the covers there are tamper-detecting devices. These devices may include light sensitive devices, activated by opening the covers and allowing light to penetrate the enclosure. Also there 15 are pressure switches, activated by lifting the covers away from the PCB.
As shown in figure 2, on the rear side of PCB 4, micro-pressure switches and actuators 50, 51, 52, 53 and 54 are strategically located. Turning to figure 3, on the front side of the PCB 4, micro-pressure switches with inbuilt actuators forming a single component 55, 56, 57 and 58 are strategically located. These .i 20 components are part of the integrated physical protection of the module in addition to the enclosure.
A tamper response mechanism is activated when an attempt to open the covers is detected or when the adapter is removed from the PCI slot. The tamper response mechanism removes power from the memory devices, resulting in an unknown and corrupt state within the memory devices, effectively erasing data stored within the memory devices. The module's tamper response will effectively destroy all sensitive information and cryptographic keys rather than exposing them.
Optical remote visible and audible alarms, or monitoring, can be attached to the PCB via an output link.
10O09 22/03 '02 FRI 11:17 FAX 61 2 9810 8200 F B RICE CO. 1]010 7 An authenticated user can place the adapter into Transport Mode by disabling the "tamper upon removal of the adapter from the PCI slot" condition.
Tamper detection is active in poweron and poweroff states.
Although we have used the example of polycarbonate as the material for the covers, any other polymers or plastic resins would be a suitable substitute such as polyester or fibreglass. While plastics are all related, each resin has attributes that make it best suited to a particular environment or situation.
It is to be understood that numerous modifications may be made in the 10 illustrative embodiment of the invention and other arrangements may be devised without departing from the spirit and scope of the invention.
It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive.
i
Claims (14)
1. An encryption module having a cryptographic adapter configured for connection to a host system bus to manage host computer access via a secure access policy implemented in firmware on the adapter, the adapter being encased in a sealed cover which is designed with thermal characteristics so that a steady state temperature is achieved during use that is safe for continuous operation of the cryptographic adapter, and the module further comprising tamper detection devices including a software configurable tamper detection component to induce a tamper response upon removal of adapter from the host system bus.
2. An encryption module as claimed in claim 1, where the sealed cover comprises two half covers fitted together.
3. An encryption module as claimed in claim 2, where the electronics of the is adapter are mounted on a printed circuit board which includes slots and rebates, and the two half covers include flanges and recesses to cooperate with the slots and rebates and each other such that the half covers fitted together capture the printed circuit board between them.
4. An encryption module as claimed in claim 2 or 3, where the two half 20 covers are made of opaque plastics material.
An encryption module as claimed in claim 2, 3 or 4, where the two half covers are made from polycarbonate material.
6. An encryption module as claimed in claim 2, 3 or 4 where the two half covers are ultrasonically welded together.
7. An encryption module as claimed in any one of claims 3, 4, 5 or 6, where the two half covers are interlocked with the printed circuit board such that opening the sealed cover results in destruction of the printed circuit board.
8. An encryption module as claimed in any one of claims 3 to 7, where memory devices of the adapter are mounted on a daughterboard connected to the printed circuit board, and located within the sealed cover. 22/03 '02 FRI 11:18 FAX 61 2 9810 8200 F B RICE CO. 4012 09
9. An encryption module as claimed in claim 8, where the daughter board is located above the printed circuit board and upside down with respect to it.
An encryption module as claimed in any preceding claim, where the tamper detection devices are configured to give an alert signal if an attempt is made to remove the sealed cover.
11. An encryption module as claimed in any preceding claim, where the tamper response removes power from the cryptographic adapter and destroys any cryptographic keys stored in it. lo
12. An encryption module as claimed in any preceding claim, where the tamper detection devices include light sensing devices.
13. An encryption module as claimed in any preceding claim, where the i tamper detection devices include micro-pressure switches.
14. An encryption module as claimed in any preceding claim, where the S" 15 circuitry is packed densely to prevent logic probes being used effectively. An encryption module substantially as hereinbefore described with reference to the accompanying drawings. Dated this twenty-first day of March 2002 Eracom Technologies Australia Pty Ltd Patent Attorneys for the Applicant: F B RICE CO
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU32993/02A AU785229B2 (en) | 2001-03-22 | 2002-03-22 | An encryption module |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AUPR3898A AUPR389801A0 (en) | 2001-03-22 | 2001-03-22 | An encryption module |
| AUPR3898 | 2001-03-22 | ||
| AU32993/02A AU785229B2 (en) | 2001-03-22 | 2002-03-22 | An encryption module |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| AU3299302A AU3299302A (en) | 2002-09-26 |
| AU785229B2 true AU785229B2 (en) | 2006-11-23 |
Family
ID=25622297
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU32993/02A Ceased AU785229B2 (en) | 2001-03-22 | 2002-03-22 | An encryption module |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU785229B2 (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE29615221U1 (en) * | 1996-08-31 | 1996-10-31 | Hts Elektronik Gmbh | Protection against electricity theft with electricity meters (registration of unauthorized removal of the terminal cover) |
| WO1997004377A1 (en) * | 1995-07-20 | 1997-02-06 | Dallas Semiconductor Corporation | Single chip microprocessor, math co-processor, random number generator, real-time clock and ram having a one-wire interface |
| WO2000018614A1 (en) * | 1998-09-28 | 2000-04-06 | Lear Automotive Dearborn, Inc. | Auto pc module enclosure |
-
2002
- 2002-03-22 AU AU32993/02A patent/AU785229B2/en not_active Ceased
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1997004377A1 (en) * | 1995-07-20 | 1997-02-06 | Dallas Semiconductor Corporation | Single chip microprocessor, math co-processor, random number generator, real-time clock and ram having a one-wire interface |
| DE29615221U1 (en) * | 1996-08-31 | 1996-10-31 | Hts Elektronik Gmbh | Protection against electricity theft with electricity meters (registration of unauthorized removal of the terminal cover) |
| WO2000018614A1 (en) * | 1998-09-28 | 2000-04-06 | Lear Automotive Dearborn, Inc. | Auto pc module enclosure |
Also Published As
| Publication number | Publication date |
|---|---|
| AU3299302A (en) | 2002-09-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3040902B1 (en) | Usb security device and method | |
| US7015811B2 (en) | Object management | |
| US5159629A (en) | Data protection by detection of intrusion into electronic assemblies | |
| KR100341665B1 (en) | Confidential data processor with password and change detection | |
| US20080136641A1 (en) | Thermal Active Tag for Electronic Designs and Intellectual Property Cores | |
| US11080222B2 (en) | Secure crypto module including optical glass security layer | |
| US8732860B2 (en) | System and method for securing data to be protected of a piece of equipment | |
| US8284387B2 (en) | Methods and systems for recognizing tamper events | |
| US7518507B2 (en) | Method and system to detect tampering of a closed chassis using a passive fiber optic sensor | |
| AU785229B2 (en) | An encryption module | |
| JP3511467B2 (en) | Security equipment | |
| US7495554B2 (en) | Clamshell protective encasement | |
| JP2008065401A (en) | Casing and casing constituting member | |
| EP1370919A2 (en) | Encryption module with physical security or protection | |
| US20220327249A1 (en) | Systems and methods for chassis intrusion detection | |
| CN212586888U (en) | Trigger structure for self-destruction of illegal shutdown data | |
| EP1194828A1 (en) | Apparatus and method for safeguarding electronic equipment from theft | |
| EP2892161B1 (en) | Mobile terminal provided with security function | |
| Yang et al. | Security systems of point-of-sales devices | |
| US20230134349A1 (en) | Hardware protection module | |
| EP1239358B1 (en) | Security system for preventing a personal computer from being stolen or used by unauthorized people | |
| CN112154437A (en) | Method and intrusion manager for handling intrusions of electronic devices | |
| TWM403541U (en) | Anti-theft safe | |
| WO2005036302A9 (en) | Information protection system, storage medium used for the same, and storage medium containing case |