Classifications

• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/0806—Details of the card
  • G07F7/0813—Specific details related to card security
  • G07F7/082—Features insuring the integrity of the data on or in the card
• • G—PHYSICS
  • G04—HOROLOGY
  • G04F—TIME-INTERVAL MEASURING
  • G04F10/00—Apparatus for measuring unknown time intervals by electric means
  • G04F10/10—Apparatus for measuring unknown time intervals by electric means by measuring electric or magnetic quantities changing in proportion to time
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
  • G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
  • G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
  • G06F21/755—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
  • G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
  • G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/343—Cards including a counter
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
  • G06Q20/401—Transaction verification
  • G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
• • G—PHYSICS
  • G11—INFORMATION STORAGE
  • G11C—STATIC STORES
  • G11C16/00—Erasable programmable read-only memories
  • G11C16/02—Erasable programmable read-only memories electrically programmable
  • G11C16/06—Auxiliary circuits, e.g. for writing into memory
  • G11C16/22—Safety or protection circuits preventing unauthorised or accidental access to memory cells
• • G—PHYSICS
  • G11—INFORMATION STORAGE
  • G11C—STATIC STORES
  • G11C8/00—Arrangements for selecting an address in a digital store
  • G11C8/20—Address safety or protection circuits, i.e. arrangements for preventing unauthorized or accidental access
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/002—Countermeasures against attacks on cryptographic mechanisms
  • H04L9/004—Countermeasures against attacks on cryptographic mechanisms for fault attacks
• • H—ELECTRICITY
  • H10—SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
  • H10B—ELECTRONIC MEMORY DEVICES
  • H10B41/00—Electrically erasable-and-programmable ROM [EEPROM] devices comprising floating gates
  • H10B41/30—Electrically erasable-and-programmable ROM [EEPROM] devices comprising floating gates characterised by the memory core region
• • H—ELECTRICITY
  • H10—SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
  • H10B—ELECTRONIC MEMORY DEVICES
  • H10B41/00—Electrically erasable-and-programmable ROM [EEPROM] devices comprising floating gates
  • H10B41/30—Electrically erasable-and-programmable ROM [EEPROM] devices comprising floating gates characterised by the memory core region
  • H10B41/35—Electrically erasable-and-programmable ROM [EEPROM] devices comprising floating gates characterised by the memory core region with a cell select transistor, e.g. NAND
• • H—ELECTRICITY
  • H10—SEMICONDUCTOR DEVICES; ELECTRIC SOLID-STATE DEVICES NOT OTHERWISE PROVIDED FOR
  • H10B—ELECTRONIC MEMORY DEVICES
  • H10B69/00—Erasable-and-programmable ROM [EPROM] devices not provided for in groups H10B41/00 - H10B63/00, e.g. ultraviolet erasable-and-programmable ROM [UVEPROM] devices

Definitions

• the present invention generally relates to electronic circuits and, more particularly, the protection of information contained in an electronic circuit against fraud attempts to discover this information.
• the information may be digital quantities supposed to remain secret (that is to say within the elec ⁇ tronic circuit), such as access passwords or codes, or specific steps of algorithms and more generally, any digital information that is not supposed to be communicated in an uncontrolled manner.
• an electronic circuit When an electronic circuit is likely to manipulate information that is not supposed to be disseminated in an uncontrolled manner, it is equipped with software and / or hardware mechanisms for detecting and protecting against attempts to attack this information. Among these attacks, attacks disrupt the operation of the electronic circuit (for example, the attacks known under the name Differential Fault Analysis - DFA) or consist in cutting the power supply of the electronic circuit.
• DFA Differential Fault Analysis - DFA
• the follow-up to give to a malfunction may be different depending on whether it is an attack or an accidental malfunction.
• the present invention aims to overcome all or part of the disadvantages of the information protection mechanisms contained in an electronic circuit.
• One embodiment aims to allow different actions between accidental malfunctions and malfunctions that may be fraudulent.
• One embodiment aims at a solution compatible with the current manufacturing technologies of integrated circuits and EEPROM memories.
• the present invention provides a method of protecting information contained in an electronic circuit against a disturbance of its operation, wherein a detection of a disturbance conditions the increment or the decrement of a counter on at least one bit, the counter being reset automatically after a period independent of the fact that the circuit is powered or not.
• the counter is designed as at least one charge-retaining circuit comprising at least one capacitive element having a leak through its dielectric space.
• a passage of a bit of said counter in an active state is caused by an injection or extraction of charges in said first capacitive element.
• a test of the value of said counter is performed before any execution of a process considered as sensitive from the point of view of the information to be protected.
• said test causes, if a threshold is exceeded, an action permanently blocking at least access to said process and, preferably, the operation of the circuit.
• said counter is on several bits, the result of said test being provided directly by the state of one of the bits.
• an incrementation or decrementation of said counter forces the circuit to perform said test.
• said counter is incremented or decremented before a process considered sensitive from the point of view of the information to be protected, then decremented, respectively incremented, at the end of the process if no disturbance has been detected during the process. execution of the process.
• One embodiment provides an electronic circuit capable of implementing the method and wherein the or each charge retention circuit comprises: at least one first capacitive element of which a first electrode is connected to a floating node; at least one second capacitive element of which a first electrode is connected to said floating node, the second capacitive element having a capacity greater than the first; and at least a first isolated control terminal transistor connected to said floating node.
• at least one third capacitive element has a first electrode connected to said floating node and a second electrode connectable to a voltage source.
• the circuit is implanted in an array of EEPROM type memory cells each comprising a selection transistor in series with a floating gate transistor, and in which, on the same row of memory cells whose respective floating gates transistors of the cells are interconnected: the first capacitive element comprises a first subset of at least one first cell whose thickness of the dielectric of the tunnel window of the floating gate transistor is lower than that of the other cells; the second capacitive element comprises a second subset of at least one second cell whose drain and source of the floating gate transistor are interconnected; the third capacitive element comprises a third subset of at least one third cell; and the first transistor has a fourth subset of at least one fourth cell whose tunnel window is suppressed.
• FIG. 1 represents a smart card of the type to which the present invention applies by way of example;
• FIG. 1 represents a smart card of the type to which the present invention applies by way of example;
• FIG. 2 represents an electronic circuit of the type to which the present invention applies by way of example;
• Figure 3 illustrates an attack by power interruption of a smart card;
• 4 shows, schematically and in block form, an embodiment of an elec tronic ⁇ circuit;
• Figure 5 is a simplified block diagram of a first phase of the protection method according to an embodiment;
• Figure 6A is a simplified block diagram of a second phase of the protection method according to an embodiment;
• Figure 6B is a simplified block diagram of a second phase of the protection method according to another embodiment;
• FIG. 7 very schematically shows in the form of blocks an embodiment of an event counter used by the implementations illustrated in FIGS. 5, 6A and 6B;
• FIG. 8 represents an embodiment of an electronic charge retention circuit;
• FIGS. 9 is a current-voltage graph illustrating the operation of the circuit of Fig. 8;
• Figure 10 is a timing diagram illustrating the operation of the circuit of Figure 8;
• Fig. 11 shows another embodiment of a charge retention circuit in an exemplary environment;
• Fig. 12 is a current-voltage graph illustrating the operation of the circuit of Fig. 11;
• FIGS. 13A, 13B and 13C are respectively a view from above, a sectional view in a first direction and the equivalent electric diagram of an embodiment of a electronic circuit for retaining charges from EEPROM cells;
• FIGS. 14A, 14B and 14C are respectively a view from above, a sectional view along a second direction and the equivalent electric diagram of a first element of the circuit of FIGS.
• Figures 15A, 15B and 15C are respectively a top view, a sectional view along the second direction and the equivalent electrical diagram of a second element of the circuit of Figures 13A to 13C;
• Figures 16A, 16B and 16C are respectively a top view, a sectional view along the second direction and the equivalent electrical diagram of a third element of the circuit of Figures 13A to 13C;
• Figs. 17A, 17B and 17C are respectively a top view, a sectional view along the second direction and the equivalent electric diagram of a fourth element of the circuit of Figs. 13A to 13C.
• FIG. 1 schematically represents a smart card 1 of the type to which, by way of example, the present invention.
• a card consists of a support, generally made of plastic, on or in which are inset one or more electronic circuits 10.
• the circuit 10 is able to communicate with a terminal by means of contacts 2 and / or without contact (transmission radio frequency or by modulating an electromagnetic field of a terminal).
• FIG. 2 very schematically shows in the form of blocks an electronic circuit 10 (for example of a smart card 1 of FIG. 1) of the type to which the present invention applies by way of example.
• the circuit 10 comprises, inter alia, a digital processing unit 11 (for example, a central processing unit - CPU), one or more memories 12 (MEM) among which at least one non-volatile memory (for example of the EEPROM type) and an input / output (I / O) circuit 13 for communicating with the outside of the circuit (for connection to the contacts 2 or to an antenna).
• the various elements internal to the circuit communicate with each other and with the interface 13 by one or more buses 14 of data, addresses and commands, as well as any direct links between some of these elements.
• the circuit 10 can also integrate other software functions or mate ⁇ rial. These functions have been symbolized by a block 15 (FCT) in FIG.
• FIG. 3 very schematically illustrates in the form of blocks an exemplary implementation of a so-called power cut-off attack of the integrated circuit 10 of a smart card 1.
• the circuit 10 draws power from a terminal 20, for example, by means of contacts 21 provided in a slot 22 of the terminal 20 intended to receive, by introduction, a card 1.
• the contacts 21 constitute not only contacts power supply but also data exchange contacts with the circuit 10 and are connected to an electronic device 23 of the terminal 20, powered by a Valim voltage (for example, by means of battery or power distribution network).
• An attack by interrupting the supply of the smart card to cause an erroneous behavior thereof is, for example, to abruptly withdraw the card from the slot so as to interrupt its power supply during processing.
• Such a power interruption can either be used directly to disrupt the operation of the card or, in more complex mechanisms, be used to avoid a countermeasure of the card aimed, after detection of an attempted fraud, to cause a registration in nonvolatile memory type EEPROM. Intervening on the power supply at the appropriate time avoids writing in this memory and can render ineffective the fault detection countermeasures.
• an electronic circuit is not neces sarily ⁇ continuously powered and, in most cases, does not contain a battery to operate a time counter, so that such a time measurement problem. Moreover, even if it has a battery, it is likely to be discharged (voluntarily or not). In addition, in the case of a voluntary power failure (for example, by tearing the card of its reader), the event counter that could be stored in a non-volatile memory reprogrammable is difficult to update.
• FIG. 4 very schematically shows, in block form, a view to be compared with FIG. 2, of an embodiment of an electronic circuit 10 '.
• this circuit 10 comprises a processing unit 11 (CPU) capable of controlling its function ⁇ compassion, whether in hardware and / or software, one or more memories 12 (MEM) among which at least one non memory volatile reprogrammable, an input-output circuit (I / O) and various hardware or software functions symbolized by a block 15 (FCT) depending on the application.
• CPU processing unit
• MEM memories 12
• I / O input-output circuit
• FCT hardware or software functions symbolized by a block 15 (FCT) depending on the application.
• the circuit 10 ' also comprises at least one charge retention circuit 100 (TK) whose charge level changes with time, even when the circuit 10' is not powered.
• TK charge retention circuit 100
• circuits 100 will be described later in connection with FIGS. 8 and following.
• a circuit 100 is capable of being programmed or activated (placed in a state arbitrarily noted as 1) by injection or extraction of charges in a capacitive element which leaks through its dielectric space, so that its active state disappears (the element back to state 0) after a given time, regardless of the possible power supply of the circuit.
• Such a charge retention circuit is used to store at least one state indicative of suspicious behavior of the electronic circuit 10.
• FIG. 5 illustrates, in a simplified block diagram, a mode of implementation of a first phase of a protection mechanism.
• the central unit 11 starts by checking (block 32, COUNT ⁇ TH?) The state of a counter COUNT with respect to a threshold TH.
• the counter COUNT represents the number of malfunctions detected and stored in the one or more charge retention circuits 100 of the circuit 10 '. If the number of malfunctions exceeds the threshold
• N output of block 32 the electronic circuit stops (block 33, STOP).
• STOP the electronic circuit stops
• a countermeasure adapted to fraudulent behavior is taken. For example, applications that are considered sensitive from the point of view of the security of the information they handle are inaccessible.
• FIG. 6A illustrates, by a simplified block diagram, a first embodiment of a second phase of the protection mechanism.
• the protection mechanism then causes either the stop (block 43, STOP) or a reset (block 43, RESET) of the electronic circuit 10 '.
• this is not the usual countermeasure when an attempted fraud is detected, but a treatment requiring circuit to go through the phase described in relation to Figure 5 before any sensitive process continuation.
• the counter COUNT resets automatically and independently of the power supply of the electronic circuit 10 '. Therefore, it is now possible to trigger a countermeasure dedicated to a supposedly fraudulent behavior by counting the number of malfunctions over a given period.
• a single-bit counter is sufficient to trigger the shutdown of the circuit. It is then a systematic blocking for a given duration at each malfunction. Since an accidental malfunction is not expected to occur with the same frequency, resetting the bit allows a restart while a new attack will block the circuit again.
• FIG. 6B illustrates, by a simplified functional diagram, another embodiment of a second phase of the protection mechanism.
• This mode of implementation is more particularly intended for malfunctions likely to prevent an update of a non-volatile memory, in particular an EEPROM. It is therefore, for example, to protect against attacks by tearing or more generally attacks where the fraudster monitors any detections of his attacks by the circuit to prevent subsequent writes in non-volatile memory.
• the first phase ( Figure 5) can play its role at the next execution.
• the process 45 is a process considered sensitive, the first phase is in fact preferably implemented before each execution (before or after update 42).
• the two modes of implementation of the second phase are combinable with each other and / or with other countermeasures.
• FIG. 7 very schematically shows in the form of blocks an example of a counting circuit 50.
• a counting circuit 50 containing n electronic charge retention circuits 10OQ, 100 ] _, ..., 10O n each storing a bit BQ, B ] _, ..., B n COUNT counter.
• the circuit 50 is preferably controlled by an internal circuit 51 (CTRL) causing, as will be better understood later in connection with FIGS. 8 and following, the incrementation of the counter following a malfunction detection (INC input of the block 50), as well as reading the status of one or more bits of the counter.
• CTRL internal circuit 51
• the highest rank bit B n defines the threshold TH. Indeed, a change of state of this bit represents an overflow with respect to the count 2 - 1. The reading of this single bit is then sufficient to provide an OK / NOK signal indicating the result of the test 32 (FIG. 5).
• One advantage of such an overflow comparison is that it makes the same hardware realization of the versatile circuit 50. Indeed, the threshold TH can then be easily adapted regardless of the number of structural bits of the counter 50 by selecting the one of the counter bits to be taken into account to provide the OK / NOK result of the test 32.
• Different thresholds can be chosen depending on the type of alarm detected. For example, if it is an unexpected sequence of operations (highly likely to be also accidental) a blocking of relatively short duration (for example, a few hours may suffice). On the other hand, if it is a card reset detection (by cutting off its power supply), then a duration of the order of one week can be provided in order to discourage a potential fraudster.
• One advantage is to separate accidental malfunctions from fraudulent malfunctions of an integrated circuit and to take appropriate measures.
• Another advantage is the compatibility with any mode of detecting a malfunction, including when this detection is itself detected by the fraudster who then cuts the power to avoid a countermeasure.
• the solution exposed is compatible with the usual countermeasures (for example, a definitive blocking) of the electronic circuit. Only the triggering of this countermeasure is then deferred when the TH threshold is exceeded, thus making it possible to separate accidental malfunctions from fraudulent malfunctions (or sufficiently repetitive so that it is considered preferable to block the circuit).
• FIG. 8 represents a preferred example of a charge retention circuit 100.
• the circuit 100 comprises a first capacitive element C1 whose first electrode 121 is connected to a floating node F and whose dielectric space 123 is designed (by its permittivity and / or by its thickness) to exhibit significant leakage over time .
• Floating node F is understood to mean a node not directly connected to any diffused region of the semiconductor substrate in which circuit 100 (and circuit 10 ') is preferably produced and, more particularly, separated by a dielectric space from any terminal of application of potential.
• the second electrode 122 of the capacitive element C1 is either connected (dotted in FIG. 2) to a terminal 112 intended to be connected to a reference potential (for example the ground), or left in the air.
• a second capacitive element C2 has a first electrode 131 connected to the node F and a second electrode 132 connected to the terminal 112.
• the capacitive element C2 has a higher charge retention capacity than the capacitive element C1.
• a third capacitive element C3 has a first electrode 141 connected to the node F and a second electrode 142 connected to a terminal 113 of the circuit 100, for connection to a power source during an initiated ⁇ lisation of a charge retention phase (activation of the bit stored in state 1).
• a role of the capacitive element C2 is to store an electric charge.
• a role of the capacitive element C1 is to relatively slowly discharge the storage element C2 (relative to a direct connection of its electrode 131 to ground) through a leakage through its dielectric space.
• the presence of the capacitive element C2 makes it possible to separate the level of charge present in the circuit 100 with respect to the discharge element (capacitor C1).
• the thickness of the dielectric of the element C2 is greater than that of the element C1.
• the capacitance of the element C2 is greater, preferably in a ratio of at least 10, than that of the element C2.
• a role of the capacitive element C3 is to allow a charge injection into the capacitive element C2 by the Fowler-Nordheim effect or by a hot electron injection phenomenon.
• the element C3 makes it possible to avoid the stresses (stress) on the element C1 when the elements C2 and C1 are loaded in parallel.
• the thickness of the dielectric space of the element C3 is greater than that of the element C1, so as to avoid introducing a parasitic leakage path.
• the node F is connected to a gate G of an insulated control terminal transistor (for example, a MOS transistor 150) whose conduction terminals (drain D and source S) are connected to output terminals 114 and 115 for measure the residual charge contained in the element C2 (neglecting the capacity of the element C1 in parallel).
• an insulated control terminal transistor for example, a MOS transistor 150
• the terminals 114 and 115 for measure the residual charge contained in the element C2 (neglecting the capacity of the element C1 in parallel).
• the terminal 114 is connected to a current source (not shown) allowing a current-voltage conversion of the drain current I ] _ ] _4 in the transistor 150.
• the thickness of the gate dielectric of transistor 150 is greater than that of the dielectric of element C1 so as to avoid introducing an additional leak on node F.
• the gate thickness of transistor 150 is even greater. to the thickness of the dielectric of the element C3, so as to avoid introducing a parasitic path of programming (injection or extraction of loads from the node F).
• the interpretation of the stored level can be carried out simply by means of a comparator whose switching takes place as long as the load of the node F remains sufficient.
• the level for which the comparator switches then defines the level of change of state of the bit stored by the element 100.
• Other reading solutions can be envisaged, for example a multilevel interpretation in an embodiment where the circuit 100 stores directly several bits.
• FIG. 9 shows a current pace of example I] _] _4 transistor drain 150 according to the voltage Vp at node F, referenced with respect to terminal 115.
• the voltage Vp then expresses the gate / source voltage of the transistor 150. It depends on the residual load across capacitors C1 and C2 in parallel, so essentially the residual charge in capacitor C2.
• the evaluation of the drain current I] _] _4 can be performed by maintaining terminals 112 and 115 at the same potential (e.g. ground) and by applying a known voltage on terminal 114.
• Figure 10 illustrates the evolution of the load Qp at point F as a function of time.
• the charge Q starts from an initial value Q INIT T o cancel an instant t with a capacitive discharge speed.
• the time interval between the times t0 and t1 depends not only on the leakage capacity of the dielectric of the element C1 but also on the value (therefore of the storage capacity) of the element C2 which conditions the value QINIT- Assuming that the terminals 112 and 115 and the second electrode 122 of the capacitive element C1 are at reference potentials and that the terminal 114 is biased to a determined level so that a variation of the current I114 only comes from a variation of the potential of the node F, this variation then depends only on the time elapsed since the instant t0.
• This result is, in the embodiment shown, obtained through the dissociation operated between the time leakage element (C1) and the representative element of the residual charge (C2).
• the retention time can be adapted not only by adjusting the thicknesses and / or permittivities of the dielectrics of the elements C1 and C2 but also by providing several elements C1 and / or C2 in parallel.
• Fig. 11 shows the wiring diagram of another embodiment of a charge retention circuit 100 '.
• the transistor 150 is replaced by a floating gate transistor FG connected to the node F.
• the control gate CG of the transistor 160 is connected to a load control terminal 116. residual in the circuit 100 '(thus the state of the bit stored).
• the thickness of the dielectric, between the floating gate FG and the channel (active zone) of the transistor 160, is greater than that of the element C1 and preferably greater than that of the element C3.
• the charge injection or extraction element C3 is a floating gate MOS transistor 170.
• the floating gate 141 of transistor 170 is connected to node F.
• the circuit has been represented in part of its environment.
• the drain 142 of the transistor 170 is connected to a current source 118 receiving a supply voltage Valim and its source 173 is connected to ground.
• Its control gate 174 receives a control signal CTRL intended to make transistor 170 turn on when there is a need for charge injection.
• the drain (terminal 114) of the transistor 160 receives the supply voltage Valim and its source is connected to ground by a current source 119 (variant inverted with respect to the embodiment described in connection with Figure 8).
• the voltage V ] _ ] _g across the current source 119 is representative of the voltage at the point F and is used to switch the output of a comparator (not shown).
• FIG. 12 illustrates, by a graph of the current I ] _i4 as a function of the voltage V ] _ ] _g applied to the control gate, the operation of the circuit of FIG. 11.
• the voltage at the drain and source terminals 114 of the transistor 160 is kept constant by the external reading circuit.
• the voltage drop between the floating gate and the terminal 115 then depends on the electrical load present at the node F, the total capacitance between the nodes F and 112 (essentially the capacitors C1 and C2), and the voltage applied to the gate 116 of the transistor 160.
• three curves a, b and c have been illustrated. Curve a represents the case where node F is fully discharged.
• Curve b represents the case of a positive charge present on the node F (electron extraction).
• the threshold of the transistor 160 is then lowered.
• the curve c represents the case of a negative charge at the node F (electron injection) which generates an upper threshold for the MOS transistor 160.
• it will be possible to inject or extract charges from the node F so as to modify the characteristic of transistor 160 from curve a to one of curves b and c.
• the leakage of the capacitance C1 makes it possible to regain the curve a with time.
• a measurement of the current I ] _i4 (therefore of the voltage V ] _ ] _g) with voltage V ] _ ] _g zero allows to detect an expiration of time (reset ⁇ lisation of the bit to zero) when the current I114 is canceled.
• a charge retention circuit is produced with the following values:
• Capacity C3 1 fF, dielectric thickness: 80 A.
• Such a circuit can be initialized by applying a voltage of the order of 12 volts and is discharged after about a week. This is of course only one example, the dielectric thicknesses and the possible parallel association of several elements C1 or C2 conditioning the charge retention time.
• 15C, 16A, 16B, 16C, 17A, 17B and 17C show an exemplary circuit 100 'according to the embodiment of FIG. 11 in an integrated structure, derived from a memory architecture
• FIGS. 13A, 14A, 15A, 16A and 17A are diagrammatic top views, respectively, of the electronic charge retention circuit and its elements C2, 170, C1 and 160.
• Figure 13B is a section along the line AA 'of Figure 13A.
• FIGS. 14B, 15B, 16B and 17B are respectively sectional views along the lines BB 'of FIGS. 14A, 15A, 16A and 17A.
• FIGS. 13C, 14C, 15C, 16C and 17C represent the respective equivalent electrical diagrams of the electronic charge retention circuit and its elements C2, 170, C1 and 160.
• Each element or cell C2, 170, C1 or 160 is obtained from a floating gate transistor connected in series with a selection transistor T2, T3, T1 or T4 with a single gate for selecting, for example, in a matrix network of EEPROM memory cells, the electronic circuit of charge retention.
• the floating gates of the different transistors forming elements C2, 170, Cl 160 and are connected inter ⁇ (conductive line 184) to form the floating node F.
• Their control gates are connected to a conductive line 185 of application of the signal CG read command.
• Their respective sources SC2, S7, SC1 and S6 are interconnected to terminal 112 (ground) and their respective drains DC2, D7, DC1 and D6 are connected to the respective sources of selection transistors T2, T3, T1 and T4.
• the gates of transistors T1 to T4 are connected together to a conductive line 186 for applying a circuit select signal SEL.
• Their respective drains D1 to D4 are connected to individually controllable bit lines BL1 to BL4.
• the order of the bit lines in FIG. 13C has been arbitrarily illustrated BL2, BL3, BL1 and BL4 but the order of the different elements C2, 170, C1 and 160 in the horizontal direction of the rows (in the orientation of the lines). figures) is indifferent.
• source and drain regions of type N are assumed (FIG. 13B) separated from each other. other in the direction of the lines by insulating areas 181.
• the floating gates are made in a first conductive level Ml separated from the active regions by an insulating level 182 and the control gates are made in a second conductive level M2 separated from the first by a third level insulator 183.
• the gates of the selection transistors are made, for example, in the M2 level.
• FIGS. 14A to 14C illustrate the embodiment of storage capacitor C2.
• the drain DC2 and source SC2 of the corresponding floating gate transistor are short-circuited (by extension of the N + type implantation throughout the active area, FIG. 14B) to form the electrode 132 of the capacitor.
• the tunnel window is eliminated compared to a standard EEPROM cell.
• FIGS. 15A to 15C illustrate the embodiment of the transistor 170 forming the programming capacitive element C3.
• This is a standard EEPROM cell whose extension 201 of the N-doped zone under the tunnel window 202 (FIG. 15B) makes it possible to obtain a plateau in the charge injection zone.
• the drain zone D7 is connected to the source of the selection transistor T3.
• the source zone S7 is connected to the terminal 112.
• FIGS. 16A to 16C illustrate the embodiment of the capacitive element C1 constituting the leakage element of the charge retention circuit.
• a difference consists in thinning (zone 212, FIG. 16B) the dielectric window used for the tunnel effect to increase the leaks.
• the thickness of the dielectric 212 is chosen to be about half (for example, between 30 and 40 angstroms) of that (for example, between 70 and 80 angstroms) of a tunnel window (202, Fig. 15B) of an unmodified cell.
• 17A to 17C illustrate the forming of read transistor 160 wherein the tunnel window has been deleted as well as, preferably, the implanted zone habi ⁇ tual (201, 15B) of an EEPROM cell.
• the active zone bounded by the sources S6 and drain D6 is therefore similar to that of a normal MOS transistor.
• FIGS. 13A to 17C are diagrammatic and may be adapted to the technology used.
• the grids have been shown aligned with the boundaries of the drain and source areas but a slight overlap is often present.
• An advantage of the embodiment by means of a techno logy ⁇ EEPROM cell is that the charge retention circuit can be set and reset by applying the same voltage levels and the same time slots as used for erase or write in EEPROM memory cells.
• Another advantage is that it preserves stability over time by avoiding degradation of the thin oxide of the leakage element (Cl) during successive writing operations.
• bit lines BL1 to BL4 depend on the operating phases of the circuit and in particular on the programming (activation) or reading phase.
• Table I illustrates a mode of implementation of an activation (SET) and a reading (READ) of an electronic charge retention circuit as illustrated by FIGS. 13A to 17C.
• the selection signal SEL is brought to a first high potential VPP 1 with respect to the ground to make the different transistors T1 to T4 go through while the CG signal applied to the control gates of the floating gate transistors remains at the low level 0 so as not to turn on the transistor 160.
• the bit lines BL1, BL2 and BL4 remain in the air (state of high impedance HZ) while the line BL3 is applied a positive potential Vpp 2 allowing the charge of the floating node F.
• the line 112, common sources of floating gate transistors, is preferably left in the air HZ.
• the different selection transistors are activated by the signal SEL at a level Vg Elj and a voltage VpEAO ⁇ e reading is applied to the control gates of the different floating gate transistors.
• the lines BL1, BL2 and BL3 are in a state of high impedance HZ while the line BL4 receives a potential V 114 for supplying the source of read current.
• Line 112 is here connected to ground.
• VPP 1, VPP 2, V SEL 'V READ V and 114 thereof "t, preferably the following: 1 VPP VPP higher than 2; V SEL greater than Vp ⁇ 0;
• VPP 1 14 volts
• VPP 2 12 volts
• V SEL 4 volts
• EEPROM cell per element of the charge retention circuit can of course be replaced by a structure in which subsets of several identical cells in parallel are used for the different respective elements.
• several elements C2 can be used in parallel to increase the capacity of the node F so as to increase the discharge time of the electronic circuit;
• several elements 170 may be used in parallel to increase the injection or electron extraction speed at node F during programming;
• several leakage elements C1 can be used in parallel to reduce the discharge time of the system; and / or a plurality of read elements 160 may be introduced in parallel to provide a higher current when evaluating the circuit.
• An electronic charge retention circuit can be introduced into any position of a standard EEPROM memory cell network, which makes it more difficult for its location to be found by a malicious user.
• the selection transistors of the cells forming the charge retention circuit are shared with normal EEPROM cells on the same bit lines, by providing suitable addressing and switching means.
• the present invention is susceptible of various variations and modifications which will be apparent to those skilled in the art.
• the charge retention circuit may be constituted by any circuit likely to reproducibly present a pressure drop over time independently of the power supply of the circuit.
• a circuit as described in international application WO-A-03/083769 may be used.
• the counters can be of any kind and the counting function can be any increment or decrement.
• the counting function can be any increment or decrement.
• the invention can be implemented in contactless devices (transponder type elec ⁇ tromagnographic) which derive their power of an electro magnetic field ⁇ wherein they find (generated by a terminal).

Applications Claiming Priority (2)

Publications (1)

Family

ID=38235117

Family Applications (1)

Country Status (5)

Families Citing this family (16)

Family Cites Families (34)

• 2008
  • 2008-01-04 WO PCT/EP2008/050072 patent/WO2008084016A1/fr active Application Filing
  • 2008-01-04 CN CN2008800017151A patent/CN101611414B/zh active Active
  • 2008-01-04 US US12/521,772 patent/US8566931B2/en active Active
  • 2008-01-04 EP EP08701252A patent/EP2108163A1/de not_active Withdrawn
  • 2008-01-04 JP JP2009544414A patent/JP5070297B2/ja not_active Expired - Fee Related

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events