CN112005249A - Circuit for bare chip protection, bare chip and integrated circuit - Google Patents

Circuit for bare chip protection, bare chip and integrated circuit Download PDF

Info

Publication number
CN112005249A
CN112005249A CN201980006867.9A CN201980006867A CN112005249A CN 112005249 A CN112005249 A CN 112005249A CN 201980006867 A CN201980006867 A CN 201980006867A CN 112005249 A CN112005249 A CN 112005249A
Authority
CN
China
Prior art keywords
circuit
detection circuit
delay
die
impedance
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201980006867.9A
Other languages
Chinese (zh)
Inventor
赵谦
贾波
刘彭劼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN112005249A publication Critical patent/CN112005249A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory

Abstract

The application provides a circuit, a bare chip and an integrated circuit for bare chip protection, relates to the technical field of electronics, and is used for protecting the bare chip from being illegally controlled by an attacker, so that the leakage of key information in the bare chip is avoided. The circuit comprises: a detection circuit for detecting a signal transmission parameter of a shield wire covering the die, the signal transmission parameter including at least one of a transmission impedance or a transmission delay; and the control circuit is used for acquiring the signal transmission parameter from the detection circuit and triggering the protection operation of the bare chip when the signal transmission parameter does not meet a preset condition.

Description

Circuit for bare chip protection, bare chip and integrated circuit Technical Field
The present application relates to the field of electronic technologies, and in particular, to a circuit for die protection, a die, and an integrated circuit.
Background
Active shielded wires, which are generally connected signal wires and form a protective layer on the top layer of a security chip, are an effective method for protecting a Die (Die), such as a security chip, from an invasive physical attack. As shown in fig. 1 (a), the security chip may include a transmitting terminal, a receiving terminal, an active shield line connected to the transmitting terminal and the receiving terminal, and a bottom layer circuit protected by the active shield line. Specifically, the sending end sends a signal when the safety chip works, the receiving end receives the signal, when the signal sent by the sending end is consistent with the signal received by the receiving end, the safety chip is determined to be abnormal, and when the signal sent by the sending end is inconsistent with the signal received by the receiving end or the signal cannot be received, the signal wire of the protective layer is determined to be modified, so that the safety chip can automatically start an alarm circuit or execute a self-destruction program, and an attacker is prevented from illegally controlling a bottom layer circuit.
However, as shown in fig. 1 (b), when an attacker short-circuits the active shielding line through a jumper, the sending end and the receiving end of the security chip remain connected, signals can be sent and received normally, the security chip does not start the alarm circuit, and at this time, the area covered by the active shielding line is bypassed, and the underlying circuit is partially or completely exposed, so that the attacker is easily operated illegally.
Disclosure of Invention
The embodiment of the application provides a circuit for protecting a bare chip, the bare chip and an integrated circuit, which are used for improving the safety of the bare chip.
In order to achieve the above purpose, the embodiment of the present application adopts the following technical solutions:
in a first aspect, there is provided a circuit for die protection, the circuit comprising: a detection circuit for detecting a signal transmission parameter of a shield wire covering a die, the signal transmission parameter including at least one of a transmission impedance or a transmission delay; and the control circuit is used for acquiring the signal transmission parameter from the detection circuit and triggering the protection operation of the bare chip when the signal transmission parameter does not meet the preset condition. In the above technical solution, if an attacker performs operations such as disconnection or flying short circuit on the shielding wire covered on the bare chip, the signal transmission parameter of the shielding wire may be changed, and therefore, by detecting the signal transmission parameter of the shielding wire and when it is determined that the signal transmission parameter does not satisfy the preset condition, the protection operation of the bare chip is triggered, so that the safety of the bare chip can be improved, and the leakage of key information in the bare chip is avoided.
In a possible implementation manner of the first aspect, the protection operation includes at least one of an alarm operation, a self-destruction operation, a reset operation, a power-on incapability operation, a power-off operation, or a controlled-right operation. The possible implementation manner can improve the diversity and flexibility of the protection operation of triggering the bare chip by the control circuit.
In one possible implementation manner of the first aspect, the detection circuit includes: an impedance detection circuit for detecting a transmission impedance of the shielded wire; and the delay detection circuit is used for detecting the transmission delay of the shielded wire. In the possible implementation manner, by detecting the transmission impedance and/or the transmission delay of the shielded wire, the protection operation of the bare chip can be triggered in time when the transmission impedance and/or the transmission delay of the shielded wire do not meet the preset condition, so that the safety of the bare chip is improved.
In a possible implementation manner of the first aspect, the circuit further includes: and the switching circuit is used for switching on or off the impedance detection circuit and the delay detection circuit. The possible implementation mode can improve the flexibility of the detection circuit for detecting the transmission impedance and/or the transmission delay of the shielded wire.
In a possible implementation manner of the first aspect, the circuit further includes: the switching circuit is specifically used for polling on or off the impedance detection circuit and the delay detection circuit; wherein the impedance detection circuit and the delay detection circuit poll to perform the detection operation. In the possible implementation manner, the impedance detection circuit and the delay detection circuit can perform detection operation in a polling manner through the switching circuit, so that the flexibility and the accuracy of detection can be improved, and the safety of the bare chip is further improved.
In a possible implementation manner of the first aspect, the signal transmission parameter not meeting the preset condition includes: the signal transmission parameter is not within a preset parameter range; the preset parameter range comprises a preset impedance range and/or a preset delay range. In the possible implementation manner, the detection accuracy can be further improved by comparing the detected transmission impedance of the shielded wire with a preset impedance range and/or comparing the detected transmission delay of the shielded wire with a preset delay range.
In a second aspect, a die is provided, which includes the circuit for die protection provided in the first aspect or any one of the possible implementations of the first aspect.
In one possible implementation manner of the second aspect, the die further includes: and the execution circuit is used for executing protection operation under the trigger of the control circuit.
In a third aspect, an integrated circuit is provided, the integrated circuit comprising: the die and the shielding wire provided by the second aspect or any possible implementation manner of the second aspect.
In one possible implementation of the third aspect, the shield line is located in a metal layer of the die, a package layer of the integrated circuit, or a silicon interposer of the integrated circuit.
In a fourth aspect, a method for die protection is provided, the method comprising: detecting a signal transmission parameter of a shielded wire covering a bare chip, the signal transmission parameter including at least one of transmission impedance or transmission delay; and triggering the protection operation of the bare chip when the signal transmission parameter does not meet the preset condition.
In a possible implementation manner of the fourth aspect, the protection operation includes at least one of an alarm operation, a self-destruction operation, a reset operation, a power-on incapability operation, a power-off operation, or a controlled-authority operation.
In a possible implementation manner of the fourth aspect, detecting a signal transmission parameter of a shielded wire covering a die includes: and polling and detecting the transmission impedance and the transmission delay of the shielded wire.
In a possible implementation manner of the fourth aspect, the signal transmission parameter not meeting the preset condition includes: the signal transmission parameter is not within a preset parameter range; the preset parameter range comprises a preset impedance range and/or a preset delay range.
It is understood that any of the dies, integrated circuits, or methods provided above includes the scheme of the circuit for die protection provided above, and therefore, the advantages achieved by the scheme can refer to the advantages of the circuit for die protection provided above, which are not described herein again.
Drawings
FIG. 1 is a schematic diagram of a prior art circuit for protecting a die;
fig. 2 is a first schematic structural diagram of a circuit for die protection according to an embodiment of the present disclosure;
fig. 3 is a second schematic structural diagram of a circuit for die protection according to an embodiment of the present disclosure;
fig. 4 is a first schematic structural diagram of an impedance detection circuit according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an impedance detection circuit according to an embodiment of the present disclosure;
fig. 6 is a first schematic structural diagram of a delay detection circuit according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of a delay detection circuit according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a circuit for die protection according to an embodiment of the present application;
fig. 9 is a fourth schematic structural diagram of a circuit for die protection according to an embodiment of the present disclosure;
fig. 10 is a schematic structural diagram of a circuit for die protection according to an embodiment of the present application;
FIG. 11 is a schematic flow chart illustrating a polling detection method according to an embodiment of the present application;
fig. 12 is a schematic structural diagram of a die according to an embodiment of the present application.
Detailed Description
In the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c or a-b-c, wherein a, b and c can be single or multiple.
It is noted that, in the present application, words such as "exemplary" or "for example" are used to mean exemplary, illustrative, or descriptive. Any embodiment or design described herein as "exemplary" or "e.g.," is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
Fig. 2 is a schematic structural diagram of a circuit for die protection according to an embodiment of the present application, and referring to fig. 2, the circuit includes: a detection circuit 201 and a control circuit 202. The detection circuit 201 is used for detecting a signal transmission parameter of a shielded wire covered on the bare chip, wherein the signal transmission parameter comprises at least one of transmission impedance or transmission delay; and a control circuit 202 for acquiring the signal transmission parameters from the detection circuit 201. And triggering the protection operation of the bare chip when the signal transmission parameter does not meet the preset condition.
The die may refer to a die that needs to be protected, for example, a circuit in which user-sensitive information is stored or a critical signal is integrated. The shielding line may refer to one or more metal lines for covering and protecting the die, and the shielding line may be covered on the die in a manner of parallel lines, serpentine lines, or well-word lines, etc. to protect the die. The exterior of the die may be encapsulated by an encapsulation material to form an encapsulated chip.
In addition, both ends of the shielded wire are connected to the detection circuit 201 to form a loop, and a signal transmitted by the detection circuit 201 can be transmitted from one end to the other end of the shielded wire and returned to the detection circuit 201. The transmission impedance detected by the detection circuit 201 may specifically be transmission impedance of a shielded wire connected to the loop, and the transmission delay detected by the detection circuit 201 may specifically be delay of the shielded wire connected to the loop.
Furthermore, the preset condition may include: the signal transmission parameter is within a preset parameter range. Further, the preset parameter range may include: at least one of a preset impedance range or a preset delay range. The specific size of the preset impedance range and the preset delay range may be preset, for example, the preset impedance range and the preset delay range may be obtained by detecting the shielded line through the detection circuit 201 or other circuits in the production line calibration or the laboratory stage in advance, and stored in the control circuit 202 or the memory connected to the control circuit 202.
Specifically, when the detection circuit 201 is used to detect the transmission impedance of the shielded line, the control circuit 202 is used to obtain the transmission impedance, and when the transmission impedance is not in the preset impedance value range, the protection operation of the die is triggered. Alternatively, when the detection circuit 201 is configured to detect the propagation delay of the shield line, the control circuit 202 is configured to obtain the propagation delay, and when the propagation delay is not within the preset delay value range, trigger the protection operation of the die. Alternatively, when the detection circuit 201 is configured to detect the transmission impedance and the transmission delay of the shield line, the control circuit 202 is configured to obtain the transmission impedance and the transmission delay, and trigger the protection operation of the die when at least one of the transmission impedance is not in the preset impedance value range and the transmission delay is not in the preset delay value range is not satisfied.
Optionally, the protection operation may include at least one of an alarm operation, a self-destruction operation, a reset operation, a power failure operation, or a permission-controlled operation. The alarm operation may be an operation of triggering generation of an alarm signal, performing other protection operations of the bare chip based on the alarm signal, or displaying the alarm signal to a user using the bare chip or a device where the bare chip is located, so as to protect the bare chip. A self-destruct operation may refer to an operation performed by hardware or software to self-destroy or delete internal data of the die for the purpose of protecting the die. The reset operation may refer to an operation for restoring the die to a starting state, such as restoring original data by setting for the purpose of protecting the die. The inability to power up may refer to an unsuccessful power up operation of the die, such that the die is unable to function properly for the purpose of protecting the die. The controlled authority may refer to setting the authority of a user using the bare chip or a device where the bare chip is located, so that the user cannot access the operation of partial data, thereby achieving the purpose of protecting the bare chip. In practical applications, the protection operation may further include other operations for protecting the die, which is not specifically limited in this embodiment.
In the embodiment of the present application, if an attacker breaks or short-circuits the shielding lines covered on the bare chip, the signal transmission parameters of the shielding lines may be changed. Therefore, the detection circuit 201 detects the signal transmission parameter of the shielded wire, and when the control circuit 202 determines that the signal transmission parameter does not satisfy the preset condition, the protection operation of the bare chip is triggered, so that data (such as payment passwords, fingerprint information or payment information) in the bare chip and a bottom layer circuit can be effectively protected, and further leakage of user sensitive data is avoided.
Further, referring to fig. 3, the detection circuit 201 includes: an impedance detection circuit 2011 and a delay detection circuit 2012. The impedance detection circuit 2011 is configured to detect a transmission impedance of the shielding line; and a delay detection circuit 2012 for detecting a transmission delay of the shielded line.
For example, as shown in fig. 4, the impedance detection circuit 2011 may include: the constant current source circuit, the amplifying circuit, the analog-to-digital converter and the load for releasing energy, two ends of the shielding wire can be respectively connected with two input ends of the amplifying circuit, and a curved arrow below the shielding wire in fig. 4 indicates the direction of current passing through the shielding wire. The constant current source circuit may include a constant current source and a voltage follower for outputting a constant current, for example, for outputting a constant current of 10 uA. The amplifying circuit may be a multi-stage amplifier, for example, the amplifying circuit may include a 100-fold amplifier and a 10-fold amplifier. The analog-to-digital converter is used for converting an analog signal into a digital signal, and the analog-to-digital converter can be used for realizing analog-to-digital conversion with different bit numbers, for example, the analog-to-digital converter can adopt a 16-bit analog-to-digital converter, namely, the analog-to-digital converter is used for realizing 16-bit binary analog-to-digital conversion.
Fig. 5 is a schematic diagram of an exemplary impedance detection circuit 2011, where R1 to R10 are resistors. In fig. 5, the constant current source circuit may include a constant current source and a voltage follower for outputting a constant current, which is transmitted to the load through the shielded wire, the other end of the load being grounded; two ends of the shielding wire are respectively connected to positive input ends (+) of two operational amplifiers in the amplifying circuit, the amplifying circuit comprises a 100-time amplifier and a 10-time amplifier, the 100-time amplifier comprises resistors R1-R7 and three operational amplifiers, and the 10-time amplifier comprises resistors R8-R10 and one operational amplifier. The output end of the amplifying circuit is connected to the input end of the 16-bit analog-to-digital converter, and after the conversion from the analog signal to the digital signal, the output end of the 16-bit analog-to-digital converter outputs a 16-bit binary number, namely a digital value of the transmission impedance of the shielding wire.
For convenience of description, the constant output of the constant current source is 10uA current, and the impedance value of the shield line is 1m Ω at the lowest. Specifically, when the 10uA current flows through the shielded wire, a voltage drop of at least about 1m Ω × 10uA ═ 0.01uV is generated on the shielded wire; this 0.01uV drop is amplified by a multistage amplifier, for example by a 100 x amplifier and a 10 x amplifier as shown in fig. 4, in this case 1000 x, and the amplified analog signal is input to an analog-to-digital converter. The analog signal is converted from analog to digital in the analog-to-digital converter, and then a digital value of the transmission resistance value which is finally detected is output, and when the analog-to-digital converter is a 16-bit analog-to-digital converter, the output digital value of the transmission resistance value can be obtained by 16-bit binary numbers.
In addition, taking the 16-bit analog-to-digital converter as an example, the detection range of the transmission impedance of the impedance detection circuit 2011 may be 1m Ω to 75 Ω, and the resolution may be 1m Ω. In practical applications, the device parameters, the number of components, the structure, and the like of the impedance detection circuit 2011 may be set according to the impedance value of the shielded line and the detection range and the resolution of the transmission impedance to be achieved. Fig. 4 is only an example, and does not limit the embodiments of the present application.
Illustratively, as shown in fig. 6, the delay detection circuit 2012 may include: a signal transmitting end, and a time-to-digital converter (TDC) circuit, which may include a delay calculating circuit and a delay chain. The signal transmitting end may include an emitter for transmitting a detection signal, such as a pulse signal, where the pulse signal may be transmitted in two paths, one path of the pulse signal is directly transmitted to the first input end of the TDC circuit, and the other path of the pulse signal is transmitted through the shielding wire (i.e., the pulse signal enters from one end of the shielding wire and then is transmitted from the other end of the shielding wire) and then is input to the second input end of the TDC circuit. The TDC circuit may record the arrival time of the pulse signal at the first input terminal and the pulse signal at the second input terminal through the delay chain and the number of delay units (e.g., inverters in fig. 7) in the delay chain, and finally calculate the digital value of the transmission delay, which may be referred to as a delay value for short, by the delay calculation circuit. For example, the delay chain may be as shown in fig. 7, and the delay chain may include n inverters connected in sequence, and an output end of each inverter is connected to one D flip-flop, the clock input ends of the n D flip-flops are all connected to signals output via the shielding line, the output ends of the n D flip-flops are respectively connected to n input ends of the delay calculation circuit, and n is a positive integer greater than or equal to 2.
For convenience of description, the transmission delay of the shielded line is described as about tens of ns. Specifically, the pulse signal of the first input end and the pulse signal of the second input end of the TDC circuit are successively sent into the delay chain, when the pulse signal of the first input end passes through the m-level inverter and is sent into a D flip-flop with the pulse signal of the second input end, the signal of the D flip-flop is inverted at this time, the signal Dm is output, the delay calculation circuit records that the signal passes through m delay chains at this time, the output delay value is t0 × m, and t0 represents the delay corresponding to one delay unit (i.e., one inverter).
It should be noted that, taking n as 1000 as an example, the delay chain includes 1000 inverters and 1000D flip-flops, and the delay of each inverter is about t0 — 100ps, so that after passing through 1000 inverters and 1000D flip-flops, the delay chain generates at most a delay: 100ps × 1000 ═ 100 ns; correspondingly, the delay detection range of the delay detection circuit 2022 is 100ps to 100ns, and the resolution is 100 ps. In practical applications, the device parameters, the number of components, and the structure of the delay detection circuit 2022 may be set according to the delay value of the shielding line and the desired delay detection range and resolution.
Further, referring to fig. 8, the circuit further includes: the switching circuit 203. The switching circuit 203 is configured to turn on or off the impedance detection circuit 2011 and the delay detection circuit 2012. When the switching circuit 203 is used to turn on the impedance detection circuit 2011 and turn off the delay detection circuit 2012, the impedance detection circuit 2011 can detect the transmission impedance of the shielding line; when the switching circuit 203 is used to turn off the impedance detection circuit 2011 and turn on the delay detection circuit 2012, the transmission delay of the shielded line can be detected by the delay detection circuit 2012; when the switching circuit 203 is used to turn on the impedance detection circuit 2011 and turn on the delay detection circuit 2012, the transmission impedance of the shielded line can be detected by the impedance detection circuit 2011 and the transmission delay of the shielded line can be detected by the delay detection circuit 2012.
Optionally, the switching circuit 203 may be specifically configured to poll the on or off impedance detection circuit 2011 and the delay detection circuit 2012; here, the impedance detection circuit 2011 and the delay detection circuit 2012 poll for performing the detection operation. Specifically, the switching circuit 203 can switch between turning on the impedance detection circuit 2011 and turning off the delay detection circuit 2012 (hereinafter referred to as a first state), and turning off the impedance detection circuit 2011 and turning on the delay detection circuit 2012 (hereinafter referred to as a second state). In the switching process, the transmission impedance of the shielded line may be detected by the impedance detection circuit 2011 when the shielded line is switched to the first state, the transmission delay of the shielded line may be detected by the delay detection circuit 2012 when the shielded line is switched to the second state, and the polling detection operations of the impedance detection circuit 2011 and the delay detection circuit 2012 are realized by continuously switching the switching circuit 203 between the first state and the second state.
Illustratively, as shown in fig. 9, the switching circuit 203 may include a first switch 2031 and a second switch 2032. The first switch 2031 and the second switch 2032 may be specifically configured to turn on the impedance detection circuit 2011 and turn off the delay detection circuit 2012, and at this time, the shielding wire is connected to the impedance detection circuit 2011; alternatively, the first switch 2031 and the second switch 2032 may be specifically used to turn off the impedance detection circuit 2011 and turn on the delay detection circuit 2012, and at this time, the shielding line is connected to the delay detection circuit 2012. In the polling detection process, the states of the first switch 2031 and the second switch 2032 may be continuously switched, so that the shielded line is polled to be connected to the impedance detection circuit 2011 and the delay detection circuit 2012, and the polling detection of the transmission impedance and the transmission delay of the shielded line is further implemented.
In practical applications, the turning on or off of the first switch 2031 and the second switch 2032 can be controlled by the control circuit 202. Specifically, the control circuit 202 may be configured to control the first switch 2031 and the second switch 2032 to turn on the impedance detection circuit 2011 and turn off the delay detection circuit 2012, and to control the first switch 2031 and the second switch 2032 to turn off the impedance detection circuit 2011 and turn on the delay detection circuit 2012. In addition, before the impedance detection circuit 2011 detects the transmission impedance of the shield line, the control circuit 202 may also be configured to enable the impedance detection circuit 2011; the control circuit 202 may also be used to enable the delay detection circuit 2012 before the delay detection circuit 2012 detects the propagation delay of the shielded line.
For the sake of understanding, the specific process of the polling detection is described in detail by taking the circuit shown in fig. 10 as an example, and fig. 10 illustrates an example in which the control circuit 202 includes an active mask control circuit 2021 and a secure chip control circuit 2022, and preset parameter values are stored in a memory 2023 connected to the secure chip control circuit. Fig. 11 is a schematic flowchart of polling detection provided in an embodiment of the present application, which may specifically include the following steps.
S301: after the circuit shown in fig. 10 is powered on and initialized, the security chip control circuit 2022 reads the preset impedance value a and the preset delay value b in the memory 2023. The memory 2023 may store a preset impedance range corresponding to the preset impedance value a and a preset delay range corresponding to the preset delay value b, in addition to the preset impedance value a and the preset delay value b. The preset impedance value a and the preset delay value b may be obtained through chip testing or debugging and stored in the memory 2023, and the specific method is similar to the method for detecting the transmission impedance and the transmission delay by the circuit, and is not described herein again in the embodiments of the present application.
S302: it is determined whether the active mask control circuit 2021 is enabled. If yes, go to step S303; if not, the detection is ended. Wherein, normally after power-up initialization of the circuit, the security chip control circuit 2022 enables the active shield control circuit 2021 to electrically connect thereto and perform the operation of the control detection circuit 201.
S303: the active shield control circuit 2021 connects the shield wire to the impedance detection circuit 2011. The active shielding control circuit 2021 may turn on the impedance detection circuit 2011 and turn off the delay detection circuit 2012 by controlling the first switch 2031 and the second switch 2032, and at this time, the shielding line is connected to the impedance detection circuit 2011.
S304: the active shield control circuit 2021 enables the impedance detection circuit 2011 to perform impedance detection. S305: the detected transmission impedance c is output to the security chip control circuit 2022. The impedance detection circuit 2011 performs impedance detection on the shielded line and outputs an impedance detection result, that is, the transmission impedance c of the shielded line is sent to the active shielding control circuit 2021, and the active shielding control circuit 2021 outputs the transmission impedance c to the security chip control circuit 2022.
S306: the security chip control circuit 2022 determines whether a and c match. The security chip control circuit 2022 may compare the transmission impedance c with a preset impedance value a, and determine whether the difference value is within a first preset range by obtaining a difference value between a and c; if yes, go to step S307; if not, step S311 is performed. S111: a protection operation is triggered. For example, the security chip control circuit 2022 may trigger a protection operation such as an alarm operation or a self-destruction operation.
S307: the active shield control circuit 2021 connects the shield wire to the delay detection circuit 2012. The active shielding control circuit 2021 may turn off the impedance detection circuit 2011 and turn on the delay detection circuit 2012 by controlling the first switch 2031 and the second switch 2032, and at this time, the shielding line is connected to the delay detection circuit 2012.
S308: the active shield control circuit 2021 enables the delay detection circuit 2012 to perform delay detection. S309: the detected transmission delay d is output to the security chip control circuit 2022. The delay detection circuit 2012 performs delay detection on the shielded wire and outputs a delay detection result, that is, the transmission delay d of the shielded wire is transmitted to the active shielding control circuit 2021, and the active shielding control circuit 2021 outputs the transmission delay d to the security chip control circuit 2022.
S310: the security chip control circuit 2022 determines whether b and d coincide with each other. The security chip control circuit 2022 may compare the transmission delay d with a preset delay value b, and determine whether the difference value is within a second preset range by obtaining a difference value between b and d; if yes, go to step S302; if not, step S111 is performed. It should be noted that, when the results of the determinations b and d are yes, the process returns to the step S302, which means that one detection cycle is ended, and the polling detection of the next cycle is started.
In another embodiment of the present application, a die is further provided, where the die may include the circuit for protecting the die as illustrated in any one of fig. 2 to fig. 10, and for a specific structure and a related description of the circuit, reference may be made to the description above, and details of the embodiment of the present application are not repeated herein. Specifically, two bumps (bump) may be disposed in the metal layer of the die, and the two bumps may be used to connect two ends of the shielding wire so as to connect the shielding wire into a circuit for protecting the die.
Optionally, as shown in fig. 12, the die may further include an execution circuit. And the execution circuit is used for executing the protection operation under the trigger of the control circuit 202 in the circuit. For example, the protection operation may include at least one of: alarm operation, self-destruction operation, reset operation, non-power-on operation, authority-controlled operation and the like. The execution circuitry may be a processor or other control circuitry in a die for performing a corresponding protection operation to disable continued use of at least some of the functions of the die by an unauthorized user.
In another embodiment of the present application, there is also provided an integrated circuit including the above-described die, and a shield line for covering the die. The shielding lines may be located in a metal layer of the die, in a package layer of the integrated circuit for packaging the die, or in a silicon interposer (interposer) of the integrated circuit. Alternatively, the integrated circuit may be packaged using a Package on Package (PoP). PoP is a new type of highly integrated package, and a general PoP stack package structure adopts a Ball Grid Array (BGA) package, integrates high-density digital or mixed signal logic devices (e.g., baseband, application processor, multimedia processor, etc.) in the bottom layer of the PoP package, and integrates a combined memory (e.g., DRAM or Flash, etc.) in the top layer of the PoP package.
In the embodiment of the present application, if an attacker breaks or short-circuits the shielding lines covered on the bare chip, the signal transmission parameters of the shielding lines may be changed. Therefore, the bare chip or the integrated circuit provided by the application triggers the protection operation of the bare chip by detecting the signal transmission parameter of the shielding wire and determining that the signal transmission parameter does not meet the preset condition, so that the data and the bottom layer circuit in the bare chip can be effectively protected, and further the leakage of user sensitive data is avoided.
In the embodiments provided in the present application, it should be understood that the disclosed circuit may also be implemented in other ways. For example, the circuit embodiments described above are merely illustrative, and for example, the division of the circuit is merely a division of a logic function of a circuit, and an actual implementation may have another division, for example, a plurality of components may be combined or integrated into another device, or some features may be omitted, or not executed. In addition, the signal transmission or communication between each other shown or discussed may be indirect communication or communication connection through some interfaces, components or units.
In addition, alternatively, each functional circuit for performing the protection function in the embodiments of the present application may be integrated in one integrated circuit, for example, in the die, or each circuit unit may exist alone physically, or two or more circuit units may be integrated together. The integrated circuit unit can be realized in a hardware form, and can also be realized in a software function form.
Finally, it should be noted that: the above description is only an embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (14)

  1. A circuit for die protection, comprising:
    a detection circuit for detecting a signal transmission parameter of a shield wire covering the die, the signal transmission parameter including at least one of a transmission impedance or a transmission delay;
    and the control circuit is used for acquiring the signal transmission parameter from the detection circuit and triggering the protection operation of the bare chip when the signal transmission parameter does not meet a preset condition.
  2. The circuit of claim 1, wherein the protection operation comprises at least one of: alarm operation, self-destruction operation, reset operation, incapability of power-on operation, power-off operation or permission-controlled operation.
  3. The circuit of claim 1 or 2, wherein the detection circuit comprises:
    an impedance detection circuit for detecting the transmission impedance of the shielded wire;
    and the delay detection circuit is used for detecting the transmission delay of the shielding wire.
  4. The circuit of claim 3, further comprising:
    and the switching circuit is used for switching on or off the impedance detection circuit and the time delay detection circuit.
  5. The circuit according to claim 4, wherein the switching circuit is specifically configured to poll for turning on or off the impedance detection circuit and the delay detection circuit; wherein the impedance detection circuit and the delay detection circuit poll to perform a detection operation.
  6. The circuit of any one of claims 1 to 5, wherein the signal transmission parameter not satisfying a preset condition comprises: the signal transmission parameters are not within a preset parameter range.
  7. A die comprising a circuit for die protection as claimed in any one of claims 1 to 6.
  8. The die of claim 7, further comprising:
    and the execution circuit is used for executing the protection operation under the trigger of the control circuit.
  9. An integrated circuit comprising a die as claimed in claim 7 or 8 and the shield line.
  10. The integrated circuit of claim 9, wherein the shield lines are located in a metal layer of the die, a package layer of the integrated circuit, or a silicon interposer of the integrated circuit.
  11. A method for die protection, comprising:
    detecting a signal transmission parameter of a shield wire covering the die, the signal transmission parameter including at least one of a transmission impedance or a transmission delay;
    triggering a protection operation of the die when the signal transmission parameter does not satisfy a preset condition.
  12. The method of claim 11, wherein the protection operation comprises at least one of: alarm operation, self-destruction operation, reset operation, incapability of power-on operation, power-off operation or permission-controlled operation.
  13. The method of claim 11 or 12, wherein the detecting a signal transmission parameter of a shield wire covering the die comprises: and polling to detect the transmission impedance of the shielded wire and detect the transmission delay of the shielded wire.
  14. The method according to any one of claims 11 to 13, wherein the signal transmission parameter not satisfying the preset condition comprises: the signal transmission parameters are not within a preset parameter range.
CN201980006867.9A 2019-03-05 2019-03-05 Circuit for bare chip protection, bare chip and integrated circuit Pending CN112005249A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/077011 WO2020177082A1 (en) 2019-03-05 2019-03-05 Circuit for die protection, die, and integrated circuit

Publications (1)

Publication Number Publication Date
CN112005249A true CN112005249A (en) 2020-11-27

Family

ID=72337435

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201980006867.9A Pending CN112005249A (en) 2019-03-05 2019-03-05 Circuit for bare chip protection, bare chip and integrated circuit

Country Status (2)

Country Link
CN (1) CN112005249A (en)
WO (1) WO2020177082A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070121575A1 (en) * 2003-12-29 2007-05-31 Olivier Savry Protection for an integrated circuit chip containing confidential data
CN101609804A (en) * 2008-06-17 2009-12-23 台湾积体电路制造股份有限公司 The formation method of integrated circuit structure
CN106067460A (en) * 2015-04-20 2016-11-02 原子能和替代能源委员会 Electronic chip including shielded rear surface
CN107944309A (en) * 2017-10-31 2018-04-20 北京中电华大电子设计有限责任公司 A kind of shield detection circuit of resistance against physical attack

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7005733B2 (en) * 1999-12-30 2006-02-28 Koemmerling Oliver Anti tamper encapsulation for an integrated circuit
JP4748929B2 (en) * 2003-08-28 2011-08-17 パナソニック株式会社 Protection circuit and semiconductor device
CN105243343B (en) * 2015-10-21 2018-05-01 北京华大信安科技有限公司 A kind of metal-shielded wire protection circuit, equivalent circuit and detection method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070121575A1 (en) * 2003-12-29 2007-05-31 Olivier Savry Protection for an integrated circuit chip containing confidential data
CN101609804A (en) * 2008-06-17 2009-12-23 台湾积体电路制造股份有限公司 The formation method of integrated circuit structure
CN106067460A (en) * 2015-04-20 2016-11-02 原子能和替代能源委员会 Electronic chip including shielded rear surface
CN107944309A (en) * 2017-10-31 2018-04-20 北京中电华大电子设计有限责任公司 A kind of shield detection circuit of resistance against physical attack

Also Published As

Publication number Publication date
WO2020177082A1 (en) 2020-09-10

Similar Documents

Publication Publication Date Title
US8074082B2 (en) Anti-tamper module
US9323957B2 (en) Anti-tamper system based on dual random bits generators for integrated circuits
KR20170095155A (en) Secure semiconductor chip and operating method thereof
KR920005167A (en) Semiconductor memory with multiple clocks for entering test mode
US5920690A (en) Method and apparatus for providing access protection in an integrated circuit
CN107533607B (en) Attack detection by signal delay monitoring
US11276648B2 (en) Protecting chips from electromagnetic pulse attacks using an antenna
CN103440452B (en) A kind of chip makes physical integrity detection device
CN113343317B (en) Security integrated circuit and protection method thereof
CN113383376A (en) Fingerprinting of semiconductor die arrangements
CN117254929A (en) Detection device and chip
CN107492395B (en) Conditional access chip, built-in self-test circuit and test method thereof
CN112005249A (en) Circuit for bare chip protection, bare chip and integrated circuit
US11216593B2 (en) Data protection circuit of chip, chip, and electronic device
EP1840964A1 (en) Semiconductor device with protected access
CN112513858A (en) Tamper detection in integrated circuits
US20140049359A1 (en) Security device and integrated circuit including the same
CN115048077A (en) Quantum random number generator
CN206711097U (en) The protection circuit and code keypad of a kind of sensitive data
CN210109973U (en) Server alarm circuit based on BMC and sensing module
CN106909860A (en) The protection circuit and code keypad of a kind of sensitive data
KR102251812B1 (en) Semiconductor Apparatus and Operating Method of Semiconductor Apparatus
CN115080961A (en) Fault injection attack detection circuit and method, electronic device, and medium
CN114338463B (en) Safety detection circuit, equipment and detection method based on pulse contraction delay chain
US20180238963A1 (en) Overriding a signal in a semiconductor chip

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20201127