WO2003046986A2 - Semiconductor device, and means for checking the authenticity - Google Patents

Semiconductor device, and means for checking the authenticity Download PDF

Info

Publication number
WO2003046986A2
WO2003046986A2 PCT/IB2002/005050 IB0205050W WO03046986A2 WO 2003046986 A2 WO2003046986 A2 WO 2003046986A2 IB 0205050 W IB0205050 W IB 0205050W WO 03046986 A2 WO03046986 A2 WO 03046986A2
Authority
WO
WIPO (PCT)
Prior art keywords
semiconductor device
impedance
actual
security
passivation structure
Prior art date
Application number
PCT/IB2002/005050
Other languages
French (fr)
Other versions
WO2003046986A3 (en
Inventor
Petra E. De Jongh
Edwin Roks
Robertus A. M. Wolters
Hermanus L. Peek
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Priority to JP2003548307A priority Critical patent/JP4545438B2/en
Priority to KR10-2004-7008034A priority patent/KR20040060993A/en
Priority to AU2002353267A priority patent/AU2002353267A1/en
Priority to EP02788288A priority patent/EP1451871A2/en
Priority to US10/497,257 priority patent/US7525330B2/en
Publication of WO2003046986A2 publication Critical patent/WO2003046986A2/en
Publication of WO2003046986A3 publication Critical patent/WO2003046986A3/en

Links

Classifications

    • HELECTRICITY
    • H01ELECTRIC ELEMENTS
    • H01LSEMICONDUCTOR DEVICES NOT COVERED BY CLASS H10
    • H01L27/00Devices consisting of a plurality of semiconductor or other solid-state components formed in or on a common substrate
    • H01L27/02Devices consisting of a plurality of semiconductor or other solid-state components formed in or on a common substrate including semiconductor components specially adapted for rectifying, oscillating, amplifying or switching and having potential barriers; including integrated passive circuit elements having potential barriers
    • H01L27/04Devices consisting of a plurality of semiconductor or other solid-state components formed in or on a common substrate including semiconductor components specially adapted for rectifying, oscillating, amplifying or switching and having potential barriers; including integrated passive circuit elements having potential barriers the substrate being a semiconductor body
    • HELECTRICITY
    • H01ELECTRIC ELEMENTS
    • H01LSEMICONDUCTOR DEVICES NOT COVERED BY CLASS H10
    • H01L23/00Details of semiconductor or other solid state devices
    • H01L23/57Protection from inspection, reverse engineering or tampering
    • H01L23/576Protection from inspection, reverse engineering or tampering using active circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • G06K19/07309Means for preventing undesired reading or writing from or onto record carriers
    • G06K19/07372Means for preventing undesired reading or writing from or onto record carriers by detecting tampering with the circuit
    • HELECTRICITY
    • H01ELECTRIC ELEMENTS
    • H01LSEMICONDUCTOR DEVICES NOT COVERED BY CLASS H10
    • H01L2924/00Indexing scheme for arrangements or methods for connecting or disconnecting semiconductor or solid-state bodies as covered by H01L24/00
    • H01L2924/0001Technical content checked by a classifier
    • H01L2924/0002Not covered by any one of groups H01L24/00, H01L24/00 and H01L2224/00
    • HELECTRICITY
    • H01ELECTRIC ELEMENTS
    • H01LSEMICONDUCTOR DEVICES NOT COVERED BY CLASS H10
    • H01L2924/00Indexing scheme for arrangements or methods for connecting or disconnecting semiconductor or solid-state bodies as covered by H01L24/00
    • H01L2924/30Technical effects
    • H01L2924/301Electrical effects
    • H01L2924/3011Impedance
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S257/00Active solid-state devices, e.g. transistors, solid-state diodes
    • Y10S257/922Active solid-state devices, e.g. transistors, solid-state diodes with means to prevent inspection of or tampering with an integrated circuit, e.g. "smart card", anti-tamper

Definitions

  • Semiconductor device card, system, and methods of initializing and checking the authenticity and the identity of the semiconductor device
  • the invention relates to a semiconductor device provided with a circuit comprising an active element, which circuit is present at a side of a substrate and is covered by a passivation structure, which semiconductor device is further provided with a first security element comprising a local area of the passivation structure and having a first impedance.
  • the invention also relates to a system comprising a semiconductor device and an access device.
  • the invention further relates to a card provided with a semiconductor device.
  • the invention further relates to a method of initializing a semiconductor device and to a method of checking the authenticity of a semiconductor device and to a method of identifying a semiconductor device.
  • the first security element of the known device is a capacitor with two capacitor electrodes that are coupled capacitively together by the passivation structure.
  • the device preferably comprises a plurality of security elements. On checking the authenticity of the device, a measured voltage is compared with a calculated reference voltage. If there is a difference, the authenticity is not recognized.
  • the security elements may be circumvented.
  • the security elements may be replaced by other structures with the same capacitance which do not interfere with the underlying circuit. Furthermore, aremoval of the passivation structure and the electrodes in order to take a look at the circuit cannot be detected if the electrodes and the passivation structure are reapplied afterwards.
  • the first object is realized in that: measuring means are present for measuring actual values of the first and the second impedance; and transferring means are present for transferring the actual values to an external access device comprising or having access to a central database device.
  • the second object is realized in a system of a semiconductor device and an access device in which: the semiconductor device according to the invention is present; the access device comprises or has access to a central database device; and the central database device comprises memory elements which are suitable to store actual values of the first and the second security elements as first and second reference values, respectively.
  • the semiconductor device has security elements with impedances that are dependent on the constitution of the passivation structure. The difference in impedance is thus related to a physically implemented feature.
  • the constitution of the passivation structure may be varied over the circuit in several ways, as will be explained with reference to the semiconductor device.
  • a removal of the passivation structure and a subsequent renewed application will lead, under normal circumstances, to a variation of at least one of the impedances of the security elements.
  • the correctness of the actual values, and hence the authenticity of the semiconductor device can be checked by comparison with data that are only present externally to the semiconductor device, for example in the central database device that is part of or is connected to the access device.
  • the identity of the semiconductor device may be identified by comparison with said data.
  • a usual criterion for identification such as an account number, may be used for a check of the authenticity of the user.
  • the actual values are not stored in a memory on the semiconductor device, but are instead transferred to the external access device.
  • a memory could be used for checking whether a reapplied passivation structure fits the original data.
  • a memory or interconnect design of the device could be modified so as to provide the correct actual values to an external device, even though the passivation structure were removed.
  • the semiconductor device of the invention has three features: a passivation structure that in principle cannot be removed and replaced without a change in the impedances of the security elements; measuring means for measuring actual values of said impedances; and transferring means for transferring said actual values to the access device.
  • measuring means will depend on the specific type of impedance to be measured. If the capacitance is measured, measuring means as known from the field of fingerprint sensors may be used. Such measuring means are, for example, the totality of drive means and sensing means as known from US-A 5,325,442. Alternatively, especially if the number of security elements is relatively small, these may be measured one after the other with a conventional circuit wherein the measurement apparatus is placed in parallel to the impedance. It is being understood, in the context of this patent application, that the measurement of the actual value includes the determination of any parameter indicative thereof, or representing it or corresponding to it. As even a dielectric constant can be measured at different frequencies with different results, it will be clear that this actual value need not to be a value that can be obtained independently anywhere else. However, it is a value measured actually; and if the measurement is repeated in a device that has not been attacked under the same conditions, it must provide the same actual value.
  • the measuring means comprise an oscillator and a binary counter.
  • the oscillator With the oscillator, the imaginary part of the impedance of a chosen security element can be measured, which results in a signal with a frequency that depends on said part of the impedance.
  • the binary counter will compare this frequency with a standard frequency.
  • the advantage of this implementation lies in its use of standard components, such as oscillators and binary counters. These are present in the integrated circuit already, and can be applied as measuring means. Alternatively and preferably, additional oscillators and binary counters may be added.
  • a second oscillator and a processor function may be added.
  • the second oscillator will provide an oscillation at a different frequency.
  • a reapplied passivation structure must have the same behaviour as the original passivation structure, not only at one frequency, but also at the second frequency.
  • the impedance can be measured by feeding into the security element a square wave of known frequency and amplitude generated within the semiconductor device. As a result the current is measured. The calculated actual value thereof is then digitized by means of an A/D-converter within the semiconductor device.
  • the transferring means are generally an antenna or any electrical connection to an antenna present on a card or the like of which the semiconductor device forms part. Alternatively, the transferring means may consist of contact pads allowing physical contact with the access device. Such transferring means, and the manner of transferring the actual values, are known to those skilled in the art.
  • algorithm means are present for modifying the actual values as measured into the actual values as transferred.
  • the algorithm means is for instance constituted by a microprocessor. Alternatively, it may be a circuit wherein the data format of the actual values is adapted.
  • the passivation structure has an effective dielectric constant that varies laterally over the circuit, such that the first impedance is different from the second impedance.
  • the term 'effective dielectric constant' is used in the sense that it is a property of a particular layer or stack of layers, each of which may be a mixture of materials. The term is further means to include any conductivity and magnetic permeability component, that are reflected in actual values as measured. This constitution may be varied in several ways.
  • a first example is that the thickness of the passivation structure varies over the circuit.
  • the passivation structure comprises at least two layers with a substantially rough interface. Also, the layers may be partially mixed, or be locally modified.
  • the passivation structure may consist of a multilayer stack.
  • the first and second security elements may be of the same kind - for example a capacitor, a resistor, an inductor, an LC-circuit, a transformer, - but also of different kinds. They may furthermore be hidden in a layer comprising a large number of other structures, such as interconnect lines.
  • the first and second impedances may furthermore be measured at different frequencies.
  • the semiconductor device comprises a plurality of security elements
  • the central database device comprises an associated plurality of corresponding memory elements.
  • the number is such that the complete surface of the passivation structure is covered with security elements. For practical reasons, these may be provided as an array of security elements. The provision of a plurality of security elements enhances the complexity of the passivation structure strongly.
  • the passivation structure comprises a passivating layer and a security layer, which security layer comprises particles that are distributed inhomogeneously over the circuit.
  • the security elements may have impedances which are dependent on the actual deposition process.
  • the inhomogeneous distribution of particles may be realized in several forms: the security layer may contain particles of different sizes, of different compositions, of different shapes, of different orientations and in concentrations that vary over the circuit.
  • the particles Preferably, the particles have a size of the order of the local surface areas of the security elements.
  • the impedances of the individual security elements cannot be predicted. They will not be known before an initialization.
  • the memory elements will contain reference values that are practically unique and can be used for identification purposes.
  • Another consequence of the deposition process dependent impedances is that it is practically impossible to provide the same security layer once it has been removed.
  • the security layer is preferably chosen such that it is extremely difficult to remove, and that it is not possible to look through it with any microscope.
  • it comprises a ceramic material and may be applied in a sol-gel process.
  • An example of a security layer is based on monoaluminum phosphate, which is known from WO-A 99/65074.
  • Other examples of such matrix materials include TiO 2 , SiO 2 (to be applied from tetraethoxyorthosilicate) and spin-on polymers.
  • Such a security layer may be applied on a passivating layer in order to assure that the active elements of the underlying circuit will not be contaminated.
  • the size of the particles is comparable to that of the local surface area of a security element, there will automatically be an inhomogeneous distribution.
  • the distribution may for example be made inhomogeneous by application of an inhomogeneous suspension of the matrix material filled with particles.
  • the first and the second electrode of the first security element may have various shapes. If the first security element is - primarily - an inductor having one turn, the first and the second electrode may be connected via the one turn; i.e. they are part of the same metal line. If the first and second electrode are not part of the same metal line, they may be present at the same side or at both sides of the passivation structure. One of the electrodes may even be present inside the passivation structure, and other variants will be clear to the skilled person. If there are more than one security elements, and the second electrodes are connected to a ground plane, several second electrodes may be integrated into one.
  • these second electrodes may be implemented as a substantially unpatterned layer that is connected to a ground plane at one point.
  • some other electrically conductive layer may be used, such as a layer of electrically conductive polymer or a layer comprising electrically conductive particles.
  • Such an unpatterned conductive layer may also be used as an ESD-protection.
  • the passivation structure is present on top of a metal layer, which metal layer comprises the first and the second electrode.
  • the first and the second electrode constitute a pair of interdigitated electrodes.
  • the surface area of the electrodes is comparatively large, which is positive for the magnitude of the impedance.
  • the embodiment is especially suitable for the measurement of the capacitive part of the impedance between the first and second electrodes. Large variations in capacitance can be realized through the choice of particles with a dielectric constant different from that or those of the main material or materials in the passivation structure.
  • they may have a dielectric constant that is comparitively high, such as BaTiO 3 , SrTiO 3 , TiN, WO 3 or comparatively low, such as air (for example a pore), an organic dielectric material, or a porous alkyl-substituted SiO 2 .
  • a dielectric constant that is comparitively high, such as BaTiO 3 , SrTiO 3 , TiN, WO 3 or comparatively low, such as air (for example a pore), an organic dielectric material, or a porous alkyl-substituted SiO 2 .
  • interconnects for connection of active elements in a desired pattern are present in the metal layer as well. It is an advantage of this embodiment that no additional metal layers need be deposited in order to provide the electrodes of the security elements. Another advantage is that the electrode can be hidden in the structure of interconnects, in that they are given substantially the same shape.
  • the card of the invention is preferably a smartcard containing any financial or private data or giving access to any building or information.
  • the safety requirements for such smartcards show a steady increase, which is related to the increasing confidence and use of these smartcards.
  • the card may be a transponder-type of card that can be read out contactlessly.
  • an antenna will be present on the card, to which antenna the semiconductor device is connected.
  • the card may also be a banknote. In this case the semiconductor device must be very thin.
  • the improved passivation structure of the semiconductor device allows the number of interconnect layers to be reduced, thus reducing the cost price of the device.
  • Another type of card is a SLM-card for a mobile phone.
  • This method is not limited to a semiconductor device with a passivation structure of which the impedance is really unpredictable. In many cases, such as the case in which the passivation structure contains a layer filled with particles, only an average value of the impedance can be calculated. The measurement of the actual value and its storage as the first reference value renders it possible to obtain a much preciser first reference value.
  • the semiconductor device may furthermore be re-initialized under certain circumstances. This is preferable if reuse is envisaged, for security purposes it is not. Such a reuse may be advantageous, for example, in the context of the use of semiconductor devices according to the invention for giving access to a building.
  • a second actual value is measured at a second frequency, .
  • the impedance In order to realize an enhanced security it is preferable to measure the impedance at more than one frequency. As a consequence, this value should be measured and transferred to the access device for storage during initializing as well.
  • the actual values could be modified in accordance with an algorithm.
  • the actual value could be multiplied by an integer value so as to create a value that is in the range between 0 and 1000.
  • the actual value could be modified so as to create an integer or it could be digitized.
  • the method of checking the authenticity of the semiconductor device of the invention comprises the steps of: measuring the actual value of the first impedance, transferring the actual value to the access device; providing the identity of the semiconductor device to the central database device; reading the first reference value corresponding to the semiconductor device, providing the first reference value from the central database device to the access device, and recognizing the authenticity of the semiconductor device, if the difference between the actual value and the first reference value is smaller than a predefined threshold value.
  • the method of the invention uses the features of the system of the invention.
  • the identity of the semiconductor device may be a number or something else, and is generally provided automatically by the semiconductor device to the access device, without any specific action of a user.
  • the actual value may be modified in accordance with an algorithm.
  • the actual value may be multiplied by an integer value so as to create a value that is in the range between 0 and 1000.
  • the actual value may modified so as to create an integer, or it could be digitized. If there is a modifying algorithm, it will be implemented in the semiconductor device, such that it cannot be adapted. In this way it is assured that the actual value and the first reference value are modified in the same way.
  • the predefined threshold value is generally very small, about 3 to 5%, and may depend on the number of security elements as well as on other design parameters. It is defined in order to correct uncertainties of measurement or influences of temperature and other external conditions.
  • This object is achieved in a method of identifying the semiconductor device of the invention in the system of the invention, which semiconductor device: has been initialized by storing the actual values of the first and the second impedances as first and second reference values in the first and second memory elements respectively, and has an identity at least partially defined by a combination of the actual values of the first and the second impedance, which method comprises the steps of: measuring the actual values of the first and the second impedance, transferring the actual values to the central database device; recognizing the identity of the semiconductor device, if at least the difference between the actual value and the first reference value is smaller than a predefined threshold value.
  • This method of identification allows the reversal of identification and security features.
  • the combination of actual values may be used as the identity.
  • the bank account number may be provided by the owner subsequently, and be used as a security feature.
  • the method of the invention may be used for providing access to a building, or to a specific set of data.
  • the combination of actual values may be used as the main identification tool.
  • This combination of actual values is also called the unique chip identifier code. This may be desired especially in those cases, in which a user does not want to be identified by the system as a specific person. This may be the case, for example, with a medical file archive.
  • the actual value may be modified in accordance with an algorithm.
  • the actual value may be multiplied with an integer value so as to create a value that is in the range between 0 and 1000.
  • the actual value may be modified, so as to create an integer, or it could be digitized. If there is a modifying algorithm, it will be implemented in the semiconductor device, such that it cannot be adapted. In this way it is assured that the actual value and the first reference value are modified in the same way.
  • the predefined threshold value is generally very small, about 3 to 5%, and may depend on the number of security elements as well as on other design parameters. It is defined in order to correct uncertainties of measurement or influences of temperature and other external conditions.
  • Fig. 1 is a diagrammatical cross-sectional view of a first embodiment of the semiconductor device
  • Fig. 2 is a diagrammatical cross-sectional view of a second embodiment of the semiconductor device
  • Fig. 3 is a diagrammatical cross-sectional view of a third embodiment of the semiconductor device
  • Fig. 4 is a diagrammatical cross-sectional view of a fourth embodiment of the semiconductor device
  • Fig. 5 is a schematic diagram of the system
  • Fig. 6 shows an embodiment of the measuring means of the semiconductor device
  • Fig. 7 shows another embodiment of the measuring means of the semiconductor device
  • the semiconductor device 11 has a substrate 31 of silicon, with a first side 32. On this side 32, the device 11 is provided with a first active element 33 and a second active element 43.
  • These active elements 33, 43 in this example are bipolar transistors with emitter regions 34, 44, base regions 35, 45, and collector regions 36,46.
  • Said regions 34-36, 44-46 are provided in a first layer 37 which is covered with a patterned insulating layer 38 of silicon oxide.
  • the insulating layer 38 is patterned such that it has contact windows at the emitter regions 34, 44 and the base regions 35, 45.
  • field effect transistors may be present instead of or besides the bipolar transistor.
  • other elements such as capacitors, resistors, and diodes may be integrated in the semiconductor device 11.
  • interconnects 39, 40, 41, 42 are connected to interconnects 39, 40, 41, 42.
  • the interconnects in this embodiment extend at a first level and a second level.
  • the interconnect structure may contain more levels.
  • a barrier layer (not shown) is generally present between the interconnects and the active elements.
  • the interconnects 39, 40,41,42 are manufactured, for example, in Al or in Cu in a known manner with and are covered and mutually insulated by dielectric layers 47 that preferably have a low dielectric constant. Additionally present barrier layers are not shown.
  • Another metal layer 28, is present in between these dielectric layers 47. In this metal layer 28, the electrodes 14,15 of the first security element 12A are defined at a mutual distance of 4 ⁇ m.
  • the first security element further comprises a dielectic 17, constituted as a local area of the passivation structure 50.
  • This passivation structure in this embodiment comprises an adhesion layer 51 of phosphorus silicate glass in a thickness of 0.50 ⁇ m, a passivating layer 52 of SiN in a thickness of 0.60 ⁇ m, and a security layer 53 of monoaluminum phosphate in a thickness of 3.0 ⁇ m.
  • This layer was applied by spincoating of a composition of 15 % by weight of monoaluminum phosphate, 20 to 50% by weight of particles in water, and subsequent drying at about 100 to 150 °C. Alternatively, it may be applied by spraycoating of a composition of 5 to 10% by weight of monoaluminum phosphate.
  • the security layer 53 is planarized, and an epoxy material is present thereon as a package 54.
  • the security layer 53 may be patterned so as to define contact pads for connection to a PCB, for example.
  • the particles contained in the security layer 53 are TiO 2 , TiN, SrTiO 3 and/or modified BaTiO 3 .
  • modified BaTiO 3 is disclosed, for example, in US6,078,494. Relative dielectric constants and conductivities of these particles and the other materials in the passivation structure 50 are shown in Table 1.
  • Fig. 2 shows a second embodiment of the semiconductor device 11 of the invention.
  • the first security element 12A is an LC- structure which comprises a capacitor with a first electrode 14, second electrode 15, and a dielectric 17, and a coil with two windings 55, 56.
  • the first and the second electrode 14, 15 are not present in the same layer on the same side of the passivation structure 50.
  • the first electrode 14 and the second winding 56 are present in the metal layer 28 between the passivation structure 50 and the active elements 33, 43. Both the first electrode 14 and the second winding 56 are connected to further circuitry through interconnects 48.
  • Fig. 3 shows a third embodiment of the semiconductor device 11 of the invention.
  • the device 11 of this embodiment comprises a first security element 12 A, a second security element 12B, and a third security element 12C. All of these security elements 12 A, 12B, 12C are capacitors with a common second electrode 15 that is connected to a ground plane.
  • the security elements 12 A, 12B, 12C have different first electrodes 14 A, 14B, 14C. These may very well be integrated in an array, as will be further explained with reference to Fig. 5.
  • Fig. 4 shows a fourth embodiment of the semiconductor device 11 of the invention.
  • the device 11 of this embodiment comprises a first, second, and third security element 12A, 12B, 12C.
  • the passivation structure 50 of this embodiment comprises patterned layers 61, 62, 63 of various materials, an intermetal dielectric layer 64 of SiO 2 , a passivating layer 52 of SiN, and a security layer of TiN.
  • the first security element 12A is a capacitor and has a first and a second electrode 14A, 15A which are both present in the metal layer 28.
  • the dielectric 17A is a portion of the patterned layer 61 made of methyl substituted mesoporous SiO 2 , obtained from a mixture of tetraethoxyorthosilicate (TEOS) and methyltrimethoxysilane (MTMS) in a molar ratio of 1 : 1 with a non-polar surfactant. It has a relative dielectric constant of 2.0.
  • the distance between the electrodes 14A, 15A is 2.0 ⁇ m, the length of the electrodes is 10 ⁇ m, and the height of the electrodes is 0.7 ⁇ m.
  • the first security element 12A thus has a capacitance of 6,3.10 "5 pF, as calculated without having regard to any stray capacitance.
  • the second security element 12B is a capacitor and has a first and a second capacitor electrode 14B, 15B which are present in the metal layer 28, as well as an intermediate capacitor electrode 57.
  • the dielectric 17B comprises a portion of the intermetal dielectric layer 64 of SiO 2 and the patterned layer 62 of SiN.
  • the distance between the first and second electrodes 14B, 15B is 0.5 ⁇ m, the length of the electrodes is 40 ⁇ m, and the height of the electrodes is 0.7 ⁇ m.
  • the width of the electrodes is 20 ⁇ m, and the distance between the electrodes 14B, 15B and the intermediate electrode 57 is 0.1 ⁇ m (0.04 ⁇ m SiN and 0.06 ⁇ m SiO 2 ).
  • the second security element 12B thus has a capacitance of 2.40.10 "2 pF, as calculated without having regard to any stray capacitance.
  • the third security element 12C is a capacitor and has a first and a second capacitor electrode 14C, 15C which are both present in the metal layer 28.
  • the dielectric 17C has the shape of a channel and is a portion of the patterned layer 63 of SiO 2 .
  • the distance between the first and second electrodes 14B, 15B is 0.5 ⁇ m, the length of the channel is 100 ⁇ m, and the height of the electrodes is 0.7 ⁇ m.
  • the third security element 12C thus has a capacitance of 5.4.10 3 pF, as calculated without having regard to any stray capacitance.
  • Fig. 5 is a diagram of an embodiment of the semiconductor device 11 together with an access device 2.
  • the semiconductor device 11 comprises measuring means 4, control means 8, and transferring means 6.
  • the semiconductor device comprises a plurality of security elements 12.
  • the control means 8, may be a microprocessor or a dedicated circuit.
  • the control means 8 need not be dedicated solely to the control of the measurment of the impedances of the security elements 12, but may control the operation of the complete semiconductor device 11, including a memory with financial or identification data.
  • the security elements 12 are capacitors in this example and are connected to a ground plane at one side.
  • the access device 2 is generally a card reader, but may be someother device, for example an apparatus with which the initialization is performed. It comprises or is connected to a central database device 3. Also, some information of the central database device 3 may be stored in a local memory. This central database device 3 contains a memory 7 with memory elements 7A, 7B, 7C, ...., in which the actual values of the security elements 12A, 12B, 12C can be stored as the reference values.
  • the memory is of a conventional type and comprises a read and storage control for reading and storing.
  • a verification control 9 is present for comparing any actual value with a reference value. It may be, that not all actual values are measured, but only a portion thereof. If it should turn out that the difference between actual values and reference values of this portion is substantially equal to zero, then the measurement of the impedances of the other security elements 12 can be abandoned under certain conditions.
  • the circuit in the semiconductor device 11 functions as follows: a signal is sent from the access device 2 to the semiconductor device 11, requesting the measurement of the actual value of the first security element 12 A, and probably also the actual values of the other or some other security elements 12B, 12C, .... This signal enters the control means 8.
  • the control means 8 will send a signal to the measuring means 4, indicating that the security elements 12 must be measured. It is preferred that this signal is a signal with which the first security element 12 can be selected, measured, and stored; in this case a microprocessor need not be included in the measuring means 4. In this preferred embodiment, the number of signals from the control means to the measuring means 4 will be equal to or greater than the number of security elements 12. After being measured, the actual value of the first impedance may be stored in a volatile memory in the control means 8, or it may be sent to the access device 2 directly.
  • the access device 2 will provide the actual value of the first impedance to the central database unit 3.
  • the actual value will be stored as the first reference value in the first memory element 7A.
  • the actual value will be compared with the first reference value, which is read from the first memory element 7 A.
  • the first reference value will be compared with the first reference values of various semiconductor devices.
  • the memory 7 is a database, and a search may be made therein.
  • the authenticity or the identity of the semiconductor device 11 will be recognized only, if the difference between the two values is smaller than a predefined threshold value, for example 3%.
  • the predefined threshold value will be dependent on the precision of the measuring means. It could alternatively be 10 or 20%, especially if the number of security elements is large, for example 10 or more. It could be alternatively less than 1%.
  • Fig. 6 shows a first embodiment of the measuring means 4 of the semiconductor device 11.
  • the security elements 12 A, 12B, and 12C are shown as well.
  • the measuring means 4 of this embodiment measure the imaginary part of the impedance of the security elements 12.
  • the oscillator 82 provides a signal to a counter 84, whose frequency depends on said imaginary part of the measured security element 12.
  • the counter 84 compares this frequency with a signal having a clock frequency.
  • This signal originates from oscillator with a capacitor 87 and a resistor 88 which both have a precise and well- known value.
  • the result of the comparison in the - binary - counter 84 is a digitized signal which can be stored.
  • the digitized signal represents the actual value of the impedance of the measured security element 12.
  • a selection unit 81 is present for selecting which security element 12 A, 12B, 12C is to be measured. It will send signals such that one of the switches 91, 92, 93 is on, and one of the security elements 12A, 12B, 12C is measured.
  • the switches are preferably transistors.
  • a desired combination of security elements 12 may be measured so as to minimize the number of measuring steps or to complicate the security. This simultaneous multiple measurement is to be understood as equivalent to measuring the actual value of the first security element 12A in the context of this application.
  • the selection unit also provides a signal to the counter 84 after a measuring step so as to clear its result.
  • the selection unit 81 may be part of the control means 8.
  • the oscillator 86 may be embodied as the clock generator of the semiconductor device 11. In that case it may be absent in the measuring means 4 and its signal may be sent to the counter 84 via the control means 8.
  • the oscillators 82, 86 are adjusted so as to be correct to within approximately 1%. This is done in a usual manner known to the skilled person, and preferably by the provision of an adequate design.
  • the security element 12C is a reference element whose actual value is known. It maybe realized, for example, by implementing this element 12C in the interconnect structure; especially if the passivation structure 50 comprises a security layer 53 with particles that are distributed inhomogeneously. This reference security element 12C can be used for optimizing the measuring results and for any performing deduction of actual values from the results of the binary counter 84, if applicable.
  • Fig. 7 shows a second embodiment of the measuring means 4 of the semiconductor device 11, which is largely identical to the first embodiment.
  • a second oscillator 94 with a resistor 95 is provided, as well as a switch 96.
  • the selection unit 81 does not only select the security element 12 A, 12B, 12C that is to be measured, it also selects the oscillator 82, 94 with which the security element 12 A, 12B, 12C is to measured.
  • the oscillators 82, 94 will be scaled differently, their frequencies will differ.
  • the embodiment renders it possible to measure the impedance at two frequencies. Both of the resulting actual values may be transferred to the access device 2. These values may be mutually compared in a comparator placed functionally behind the binary counter 84.
  • the semiconductor device of the invention comprises a circuit covered by a passivation structure. It is provided with a first and a second security element which comprise local areas of the passivation structure, and with a first and a second electrode.
  • the security elements have a first and a second impedance, respectively, which impedances differ. This is realized in that the passivation structure has an effective dielectric constant that varies laterally over the circuit.
  • Actual values of the impedances are measured by measuring means and transferred to an access device by transferring means.
  • the access device comprises or has access to a central database device for storing the impedances.
  • the access device furthermore on may compare the actual values with the stored values of the impedances in order to check the authenticity or the identity of the semiconductor device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Condensed Matter Physics & Semiconductors (AREA)
  • Semiconductor Integrated Circuits (AREA)
  • Storage Device Security (AREA)
  • Internal Circuitry In Semiconductor Integrated Circuit Devices (AREA)
  • Testing Or Measuring Of Semiconductors Or The Like (AREA)

Abstract

The semiconductor device (11) of the invention comprises a circuit covered by a passivation structure (50). It is provided with a first and a second security element (12A, 12B) which comprise local areas of the passivation structure (50), and with a first and a second electrode (14,15). The security elements (12A, 12B) have a first and a second impedance, respectively, which impedances differ. This is realized in that the passivation structure has an effective dielectric constant that varies laterally over the circuit. Actual values of the impedances are measured by measuring means and transferred to an access device by transferring means. The access device comprises or has access to a central database device for storing the impedances. The access device furthermore may compare the actual values with the stored values of the impedances in order to check the authenticity or the identity of the semiconductor device.

Description

Semiconductor device, card, system, and methods of initializing and checking the authenticity and the identity of the semiconductor device
The invention relates to a semiconductor device provided with a circuit comprising an active element, which circuit is present at a side of a substrate and is covered by a passivation structure, which semiconductor device is further provided with a first security element comprising a local area of the passivation structure and having a first impedance.
The invention also relates to a system comprising a semiconductor device and an access device.
The invention further relates to a card provided with a semiconductor device. The invention further relates to a method of initializing a semiconductor device and to a method of checking the authenticity of a semiconductor device and to a method of identifying a semiconductor device.
Such a system, such a semiconductor device and such a smartcard are known from EP-A 300864. The first security element of the known device is a capacitor with two capacitor electrodes that are coupled capacitively together by the passivation structure. The device preferably comprises a plurality of security elements. On checking the authenticity of the device, a measured voltage is compared with a calculated reference voltage. If there is a difference, the authenticity is not recognized.
It is a disadvantage of the known device that the security elements may be circumvented. The security elements may be replaced by other structures with the same capacitance which do not interfere with the underlying circuit. Furthermore, aremoval of the passivation structure and the electrodes in order to take a look at the circuit cannot be detected if the electrodes and the passivation structure are reapplied afterwards.
It is a first object of the invention to provide a semiconductor device of the kind mentioned in the opening paragraph, in which a removal of the passivation structure can be detected afterwards. It is a second object of the invention to provide a system of the kind mentioned in the opening paragraph with which a removal of the passivation structure can be detected. The first object is realized in that: measuring means are present for measuring actual values of the first and the second impedance; and transferring means are present for transferring the actual values to an external access device comprising or having access to a central database device. The second object is realized in a system of a semiconductor device and an access device in which: the semiconductor device according to the invention is present; the access device comprises or has access to a central database device; and the central database device comprises memory elements which are suitable to store actual values of the first and the second security elements as first and second reference values, respectively. In the system according to the invention, the semiconductor device has security elements with impedances that are dependent on the constitution of the passivation structure. The difference in impedance is thus related to a physically implemented feature. The constitution of the passivation structure may be varied over the circuit in several ways, as will be explained with reference to the semiconductor device. A removal of the passivation structure and a subsequent renewed application will lead, under normal circumstances, to a variation of at least one of the impedances of the security elements. The correctness of the actual values, and hence the authenticity of the semiconductor device, can be checked by comparison with data that are only present externally to the semiconductor device, for example in the central database device that is part of or is connected to the access device. Alternatively, the identity of the semiconductor device may be identified by comparison with said data. A usual criterion for identification, such as an account number, may be used for a check of the authenticity of the user.
In the semiconductor device of the invention, the actual values are not stored in a memory on the semiconductor device, but are instead transferred to the external access device. This is considered to be an advantage for reasons of security. Such a memory could be used for checking whether a reapplied passivation structure fits the original data. Also, a memory or interconnect design of the device could be modified so as to provide the correct actual values to an external device, even though the passivation structure were removed. In order to realize its proposed use, the semiconductor device of the invention has three features: a passivation structure that in principle cannot be removed and replaced without a change in the impedances of the security elements; measuring means for measuring actual values of said impedances; and transferring means for transferring said actual values to the access device. The implementation of the measuring means will depend on the specific type of impedance to be measured. If the capacitance is measured, measuring means as known from the field of fingerprint sensors may be used. Such measuring means are, for example, the totality of drive means and sensing means as known from US-A 5,325,442. Alternatively, especially if the number of security elements is relatively small, these may be measured one after the other with a conventional circuit wherein the measurement apparatus is placed in parallel to the impedance. It is being understood, in the context of this patent application, that the measurement of the actual value includes the determination of any parameter indicative thereof, or representing it or corresponding to it. As even a dielectric constant can be measured at different frequencies with different results, it will be clear that this actual value need not to be a value that can be obtained independently anywhere else. However, it is a value measured actually; and if the measurement is repeated in a device that has not been attacked under the same conditions, it must provide the same actual value.
In a preferred implementation, the measuring means comprise an oscillator and a binary counter. With the oscillator, the imaginary part of the impedance of a chosen security element can be measured, which results in a signal with a frequency that depends on said part of the impedance. The binary counter will compare this frequency with a standard frequency. The advantage of this implementation lies in its use of standard components, such as oscillators and binary counters. These are present in the integrated circuit already, and can be applied as measuring means. Alternatively and preferably, additional oscillators and binary counters may be added.
In order to increase the specificity of the measurement of the measuring means, a second oscillator and a processor function may be added. The second oscillator will provide an oscillation at a different frequency. In fact, a reapplied passivation structure must have the same behaviour as the original passivation structure, not only at one frequency, but also at the second frequency.
In another embodiment, the impedance can be measured by feeding into the security element a square wave of known frequency and amplitude generated within the semiconductor device. As a result the current is measured. The calculated actual value thereof is then digitized by means of an A/D-converter within the semiconductor device. The transferring means are generally an antenna or any electrical connection to an antenna present on a card or the like of which the semiconductor device forms part. Alternatively, the transferring means may consist of contact pads allowing physical contact with the access device. Such transferring means, and the manner of transferring the actual values, are known to those skilled in the art.
In order to improve the security while transferring the actual values, it is preferred that algorithm means are present for modifying the actual values as measured into the actual values as transferred. The algorithm means is for instance constituted by a microprocessor. Alternatively, it may be a circuit wherein the data format of the actual values is adapted.
In a preferred embodiment, the passivation structure has an effective dielectric constant that varies laterally over the circuit, such that the first impedance is different from the second impedance. The term 'effective dielectric constant' is used in the sense that it is a property of a particular layer or stack of layers, each of which may be a mixture of materials. The term is further means to include any conductivity and magnetic permeability component, that are reflected in actual values as measured. This constitution may be varied in several ways. A first example is that the thickness of the passivation structure varies over the circuit. A second example is that the passivation structure comprises at least two layers with a substantially rough interface. Also, the layers may be partially mixed, or be locally modified. Furthermore, the passivation structure may consist of a multilayer stack.
The first and second security elements may be of the same kind - for example a capacitor, a resistor, an inductor, an LC-circuit, a transformer, - but also of different kinds. They may furthermore be hidden in a layer comprising a large number of other structures, such as interconnect lines. The first and second impedances may furthermore be measured at different frequencies.
Preferably, the semiconductor device comprises a plurality of security elements, and the central database device comprises an associated plurality of corresponding memory elements. Preferably, the number is such that the complete surface of the passivation structure is covered with security elements. For practical reasons, these may be provided as an array of security elements. The provision of a plurality of security elements enhances the complexity of the passivation structure strongly.
In an advantageous embodiment, the passivation structure comprises a passivating layer and a security layer, which security layer comprises particles that are distributed inhomogeneously over the circuit. In this embodiment the security elements may have impedances which are dependent on the actual deposition process. The inhomogeneous distribution of particles may be realized in several forms: the security layer may contain particles of different sizes, of different compositions, of different shapes, of different orientations and in concentrations that vary over the circuit. Preferably, the particles have a size of the order of the local surface areas of the security elements. A consequence thereof is that the impedances of the individual security elements cannot be predicted. They will not be known before an initialization. This has the advantage that the memory elements will contain reference values that are practically unique and can be used for identification purposes. Another consequence of the deposition process dependent impedances is that it is practically impossible to provide the same security layer once it has been removed.
The security layer is preferably chosen such that it is extremely difficult to remove, and that it is not possible to look through it with any microscope. In an advantageous embodiment, it comprises a ceramic material and may be applied in a sol-gel process. An example of a security layer is based on monoaluminum phosphate, which is known from WO-A 99/65074. Other examples of such matrix materials include TiO2, SiO2 (to be applied from tetraethoxyorthosilicate) and spin-on polymers. Such a security layer may be applied on a passivating layer in order to assure that the active elements of the underlying circuit will not be contaminated. If the size of the particles is comparable to that of the local surface area of a security element, there will automatically be an inhomogeneous distribution. Alternatively, the distribution may for example be made inhomogeneous by application of an inhomogeneous suspension of the matrix material filled with particles.
The first and the second electrode of the first security element may have various shapes. If the first security element is - primarily - an inductor having one turn, the first and the second electrode may be connected via the one turn; i.e. they are part of the same metal line. If the first and second electrode are not part of the same metal line, they may be present at the same side or at both sides of the passivation structure. One of the electrodes may even be present inside the passivation structure, and other variants will be clear to the skilled person. If there are more than one security elements, and the second electrodes are connected to a ground plane, several second electrodes may be integrated into one. Especially if the second electrodes are present on top of the passivation structure, these second electrodes may be implemented as a substantially unpatterned layer that is connected to a ground plane at one point. Instead of a metal layer some other electrically conductive layer may be used, such as a layer of electrically conductive polymer or a layer comprising electrically conductive particles. Such an unpatterned conductive layer may also be used as an ESD-protection.
In a preferred embodiment, the passivation structure is present on top of a metal layer, which metal layer comprises the first and the second electrode. The first and the second electrode constitute a pair of interdigitated electrodes. In this embodiment the surface area of the electrodes is comparatively large, which is positive for the magnitude of the impedance. The embodiment is especially suitable for the measurement of the capacitive part of the impedance between the first and second electrodes. Large variations in capacitance can be realized through the choice of particles with a dielectric constant different from that or those of the main material or materials in the passivation structure. Thus, they may have a dielectric constant that is comparitively high, such as BaTiO3, SrTiO3, TiN, WO3 or comparatively low, such as air (for example a pore), an organic dielectric material, or a porous alkyl-substituted SiO2.
In a further embodiment, interconnects for connection of active elements in a desired pattern are present in the metal layer as well. It is an advantage of this embodiment that no additional metal layers need be deposited in order to provide the electrodes of the security elements. Another advantage is that the electrode can be hidden in the structure of interconnects, in that they are given substantially the same shape.
It is a third object of the invention to provide a card with an improved security.
This object is achieved in that the semiconductor device of the invention is present. Due to the protection against reverse engineering offered by the semiconductor device and the system of the invention, this object is achieved in the card of the invention. The card of the invention is preferably a smartcard containing any financial or private data or giving access to any building or information. The safety requirements for such smartcards show a steady increase, which is related to the increasing confidence and use of these smartcards. Alternatively, the card may be a transponder-type of card that can be read out contactlessly. In that embodiment, an antenna will be present on the card, to which antenna the semiconductor device is connected. The card may also be a banknote. In this case the semiconductor device must be very thin. The improved passivation structure of the semiconductor device allows the number of interconnect layers to be reduced, thus reducing the cost price of the device. Another type of card is a SLM-card for a mobile phone. It is a fourth object of the invention to provide a method of initializing the semiconductor device of the invention for the system of the invention. This object is realized in that: actual values of the first and the second impedance are measured; and the actual values are transferred to the central database device to be stored as the first and the second reference value in the first and the second memory element respectively.
This method is not limited to a semiconductor device with a passivation structure of which the impedance is really unpredictable. In many cases, such as the case in which the passivation structure contains a layer filled with particles, only an average value of the impedance can be calculated. The measurement of the actual value and its storage as the first reference value renders it possible to obtain a much preciser first reference value. The semiconductor device may furthermore be re-initialized under certain circumstances. This is preferable if reuse is envisaged, for security purposes it is not. Such a reuse may be advantageous, for example, in the context of the use of semiconductor devices according to the invention for giving access to a building.
In an embodiment, a second actual value is measured at a second frequency, . In order to realize an enhanced security it is preferable to measure the impedance at more than one frequency. As a consequence, this value should be measured and transferred to the access device for storage during initializing as well.
It is being recognized that before the actual values are transferred to the access device, it could be modified in accordance with an algorithm. For example, the actual value could be multiplied by an integer value so as to create a value that is in the range between 0 and 1000. Also, the actual value could be modified so as to create an integer or it could be digitized.
It is a fifth object of the invention to provide a method of checking the authenticity of a semiconductor device, which method can detect a removal and of the passivation structure and a reapplication thereof, and which method assumes that the semiconductor device has been initialized by the method of initialization of the invention.
The method of checking the authenticity of the semiconductor device of the invention, which is provided with an identity, comprises the steps of: measuring the actual value of the first impedance, transferring the actual value to the access device; providing the identity of the semiconductor device to the central database device; reading the first reference value corresponding to the semiconductor device, providing the first reference value from the central database device to the access device, and recognizing the authenticity of the semiconductor device, if the difference between the actual value and the first reference value is smaller than a predefined threshold value.
The method of the invention uses the features of the system of the invention. The identity of the semiconductor device may be a number or something else, and is generally provided automatically by the semiconductor device to the access device, without any specific action of a user.
It is noted here that under normal conditions there will be a plurality of security elements with impedances. It may thus be expected that all impedances, or at least a number of them, must be compared with the corresponding reference values before the authenticity of the semiconductor device can be recognized completely.
It is being recognized that, before the actual value is compared with the first reference value, it may be modified in accordance with an algorithm. For example, the actual value may be multiplied by an integer value so as to create a value that is in the range between 0 and 1000. Alternatively, the actual value may modified so as to create an integer, or it could be digitized. If there is a modifying algorithm, it will be implemented in the semiconductor device, such that it cannot be adapted. In this way it is assured that the actual value and the first reference value are modified in the same way.
The predefined threshold value is generally very small, about 3 to 5%, and may depend on the number of security elements as well as on other design parameters. It is defined in order to correct uncertainties of measurement or influences of temperature and other external conditions.
It is a sixth object of the invention to provide a method of ascertaining the identity of a semiconductor device with an identity code that is not stored in the semiconductor device. This object is achieved in a method of identifying the semiconductor device of the invention in the system of the invention, which semiconductor device: has been initialized by storing the actual values of the first and the second impedances as first and second reference values in the first and second memory elements respectively, and has an identity at least partially defined by a combination of the actual values of the first and the second impedance, which method comprises the steps of: measuring the actual values of the first and the second impedance, transferring the actual values to the central database device; recognizing the identity of the semiconductor device, if at least the difference between the actual value and the first reference value is smaller than a predefined threshold value.
This method of identification allows the reversal of identification and security features. In the case of the identification of the owner of a bank account, for example, the combination of actual values may be used as the identity. The bank account number may be provided by the owner subsequently, and be used as a security feature. Alternatively, the method of the invention may be used for providing access to a building, or to a specific set of data. In this case, the combination of actual values may be used as the main identification tool. This combination of actual values is also called the unique chip identifier code. This may be desired especially in those cases, in which a user does not want to be identified by the system as a specific person. This may be the case, for example, with a medical file archive.
It is noted here that under normal conditions there will be a plurality of security elements with impedances. It may thus be expected that all impedances, or at least a number of them, must be compared with the corresponding reference values before the authenticity of the semiconductor device can be recognized completely. It is further noted here, that other identification processes may be used in addition to the method of the invention. The combination of actual values is then only a part of the identification code.
It is being recognized that, before the actual value is compared with the first reference value, it may be modified in accordance with an algorithm. For example, the actual value may be multiplied with an integer value so as to create a value that is in the range between 0 and 1000. Also, the actual value may be modified, so as to create an integer, or it could be digitized. If there is a modifying algorithm, it will be implemented in the semiconductor device, such that it cannot be adapted. In this way it is assured that the actual value and the first reference value are modified in the same way. The predefined threshold value is generally very small, about 3 to 5%, and may depend on the number of security elements as well as on other design parameters. It is defined in order to correct uncertainties of measurement or influences of temperature and other external conditions.
These and other aspects of the system, the semiconductor device, the card, the method of initializing, and the method of checking the authenticity of the invention will be further explained with reference to the Figures, of which:
Fig. 1 is a diagrammatical cross-sectional view of a first embodiment of the semiconductor device;
Fig. 2 is a diagrammatical cross-sectional view of a second embodiment of the semiconductor device;
Fig. 3 is a diagrammatical cross-sectional view of a third embodiment of the semiconductor device; Fig. 4 is a diagrammatical cross-sectional view of a fourth embodiment of the semiconductor device;
Fig. 5 is a schematic diagram of the system;
Fig. 6 shows an embodiment of the measuring means of the semiconductor device; and Fig. 7 shows another embodiment of the measuring means of the semiconductor device;
The Figures are schematically drawn and not true to scale, and the identical reference numerals in different Figures refer to corresponding elements. It will be clear those skilled in the art, that alternative but equivalent embodiments of the invention are possible without deviating from the true inventive concept, and that the scope of the invention will be limited by the claims only.
In Fig. 1 , the semiconductor device 11 has a substrate 31 of silicon, with a first side 32. On this side 32, the device 11 is provided with a first active element 33 and a second active element 43. These active elements 33, 43 in this example are bipolar transistors with emitter regions 34, 44, base regions 35, 45, and collector regions 36,46.
Said regions 34-36, 44-46 are provided in a first layer 37 which is covered with a patterned insulating layer 38 of silicon oxide. The insulating layer 38 is patterned such that it has contact windows at the emitter regions 34, 44 and the base regions 35, 45. As is known to those skilled in the art, field effect transistors may be present instead of or besides the bipolar transistor. As is further known to those skilled in the art, other elements, such as capacitors, resistors, and diodes may be integrated in the semiconductor device 11.
At these contact windows in the insulating layer 38, the said regions are connected to interconnects 39, 40, 41, 42. The interconnects in this embodiment extend at a first level and a second level. As is generally known, the interconnect structure may contain more levels. A barrier layer (not shown) is generally present between the interconnects and the active elements. The interconnects 39, 40,41,42 are manufactured, for example, in Al or in Cu in a known manner with and are covered and mutually insulated by dielectric layers 47 that preferably have a low dielectric constant. Additionally present barrier layers are not shown. Another metal layer 28, is present in between these dielectric layers 47. In this metal layer 28, the electrodes 14,15 of the first security element 12A are defined at a mutual distance of 4 μm. The first security element further comprises a dielectic 17, constituted as a local area of the passivation structure 50. This passivation structure in this embodiment comprises an adhesion layer 51 of phosphorus silicate glass in a thickness of 0.50 μm, a passivating layer 52 of SiN in a thickness of 0.60 μm, and a security layer 53 of monoaluminum phosphate in a thickness of 3.0 μm. This layer was applied by spincoating of a composition of 15 % by weight of monoaluminum phosphate, 20 to 50% by weight of particles in water, and subsequent drying at about 100 to 150 °C. Alternatively, it may be applied by spraycoating of a composition of 5 to 10% by weight of monoaluminum phosphate. After drying, the layer is annealed at 400 to 500 °C to allow condensation, due to which a transition from the liquid to the solid phase takes place. The security layer 53 is planarized, and an epoxy material is present thereon as a package 54. The security layer 53 may be patterned so as to define contact pads for connection to a PCB, for example. The particles contained in the security layer 53 are TiO2, TiN, SrTiO3 and/or modified BaTiO3. Such modified BaTiO3 is disclosed, for example, in US6,078,494. Relative dielectric constants and conductivities of these particles and the other materials in the passivation structure 50 are shown in Table 1.
Figure imgf000014_0001
materials which may be present in the passivation structure
Fig. 2 shows a second embodiment of the semiconductor device 11 of the invention. In the device 11 of this embodiment, the first security element 12A is an LC- structure which comprises a capacitor with a first electrode 14, second electrode 15, and a dielectric 17, and a coil with two windings 55, 56. Contrary to the embodiment of Fig. 1, the first and the second electrode 14, 15 are not present in the same layer on the same side of the passivation structure 50. The first electrode 14 and the second winding 56 are present in the metal layer 28 between the passivation structure 50 and the active elements 33, 43. Both the first electrode 14 and the second winding 56 are connected to further circuitry through interconnects 48. The second electrode 15 and the first winding 55, which are mutually connected, are present in an additional metal layer 58 between the passivation structure 50 and the package 54. The additional metal layer 58 is protected against the package 54 by an additional passivating layer 59. Fig. 3 shows a third embodiment of the semiconductor device 11 of the invention. The device 11 of this embodiment comprises a first security element 12 A, a second security element 12B, and a third security element 12C. All of these security elements 12 A, 12B, 12C are capacitors with a common second electrode 15 that is connected to a ground plane. The security elements 12 A, 12B, 12C have different first electrodes 14 A, 14B, 14C. These may very well be integrated in an array, as will be further explained with reference to Fig. 5.
Fig. 4 shows a fourth embodiment of the semiconductor device 11 of the invention. In the drawing, the total assembly of layers 31,37 to 42, 47, and 28 is shown as a substrate 131. The device 11 of this embodiment comprises a first, second, and third security element 12A, 12B, 12C. The passivation structure 50 of this embodiment comprises patterned layers 61, 62, 63 of various materials, an intermetal dielectric layer 64 of SiO2, a passivating layer 52 of SiN, and a security layer of TiN.
The first security element 12A is a capacitor and has a first and a second electrode 14A, 15A which are both present in the metal layer 28. The dielectric 17A is a portion of the patterned layer 61 made of methyl substituted mesoporous SiO2, obtained from a mixture of tetraethoxyorthosilicate (TEOS) and methyltrimethoxysilane (MTMS) in a molar ratio of 1 : 1 with a non-polar surfactant. It has a relative dielectric constant of 2.0. The distance between the electrodes 14A, 15A is 2.0 μm, the length of the electrodes is 10 μm, and the height of the electrodes is 0.7 μm. The first security element 12A thus has a capacitance of 6,3.10"5 pF, as calculated without having regard to any stray capacitance.
The second security element 12B is a capacitor and has a first and a second capacitor electrode 14B, 15B which are present in the metal layer 28, as well as an intermediate capacitor electrode 57. The dielectric 17B comprises a portion of the intermetal dielectric layer 64 of SiO2 and the patterned layer 62 of SiN. The distance between the first and second electrodes 14B, 15B is 0.5 μm, the length of the electrodes is 40 μm, and the height of the electrodes is 0.7 μm. The width of the electrodes is 20 μm, and the distance between the electrodes 14B, 15B and the intermediate electrode 57 is 0.1 μm (0.04 μm SiN and 0.06 μm SiO2). The second security element 12B thus has a capacitance of 2.40.10"2 pF, as calculated without having regard to any stray capacitance.
The third security element 12C is a capacitor and has a first and a second capacitor electrode 14C, 15C which are both present in the metal layer 28. The dielectric 17C has the shape of a channel and is a portion of the patterned layer 63 of SiO2. The distance between the first and second electrodes 14B, 15B is 0.5 μm, the length of the channel is 100 μm, and the height of the electrodes is 0.7 μm. The third security element 12C thus has a capacitance of 5.4.103 pF, as calculated without having regard to any stray capacitance.
Fig. 5 is a diagram of an embodiment of the semiconductor device 11 together with an access device 2. The semiconductor device 11 comprises measuring means 4, control means 8, and transferring means 6. Furthermore, the semiconductor device comprises a plurality of security elements 12. The control means 8, may be a microprocessor or a dedicated circuit. The control means 8 need not be dedicated solely to the control of the measurment of the impedances of the security elements 12, but may control the operation of the complete semiconductor device 11, including a memory with financial or identification data. The security elements 12 are capacitors in this example and are connected to a ground plane at one side.
The access device 2 is generally a card reader, but may be someother device, for example an apparatus with which the initialization is performed. It comprises or is connected to a central database device 3. Also, some information of the central database device 3 may be stored in a local memory. This central database device 3 contains a memory 7 with memory elements 7A, 7B, 7C, ...., in which the actual values of the security elements 12A, 12B, 12C can be stored as the reference values. The memory is of a conventional type and comprises a read and storage control for reading and storing. A verification control 9 is present for comparing any actual value with a reference value. It may be, that not all actual values are measured, but only a portion thereof. If it should turn out that the difference between actual values and reference values of this portion is substantially equal to zero, then the measurement of the impedances of the other security elements 12 can be abandoned under certain conditions.
The circuit in the semiconductor device 11 functions as follows: a signal is sent from the access device 2 to the semiconductor device 11, requesting the measurement of the actual value of the first security element 12 A, and probably also the actual values of the other or some other security elements 12B, 12C, .... This signal enters the control means 8. The control means 8 will send a signal to the measuring means 4, indicating that the security elements 12 must be measured. It is preferred that this signal is a signal with which the first security element 12 can be selected, measured, and stored; in this case a microprocessor need not be included in the measuring means 4. In this preferred embodiment, the number of signals from the control means to the measuring means 4 will be equal to or greater than the number of security elements 12. After being measured, the actual value of the first impedance may be stored in a volatile memory in the control means 8, or it may be sent to the access device 2 directly.
The access device 2 will provide the actual value of the first impedance to the central database unit 3. During of initialization, the actual value will be stored as the first reference value in the first memory element 7A. During checking of the authenticity of the semiconductor device 11 , the actual value will be compared with the first reference value, which is read from the first memory element 7 A. During of identification of the semiconductor device, the first reference value will be compared with the first reference values of various semiconductor devices. Preferably, the memory 7 is a database, and a search may be made therein.
On comparing the actual value and the first reference value the authenticity or the identity of the semiconductor device 11 will be recognized only, if the difference between the two values is smaller than a predefined threshold value, for example 3%. The predefined threshold value will be dependent on the precision of the measuring means. It could alternatively be 10 or 20%, especially if the number of security elements is large, for example 10 or more. It could be alternatively less than 1%.
Fig. 6 shows a first embodiment of the measuring means 4 of the semiconductor device 11. The security elements 12 A, 12B, and 12C are shown as well. The measuring means 4 of this embodiment measure the imaginary part of the impedance of the security elements 12. In fact, the oscillator 82 provides a signal to a counter 84, whose frequency depends on said imaginary part of the measured security element 12. The counter 84 compares this frequency with a signal having a clock frequency. This signal originates from oscillator with a capacitor 87 and a resistor 88 which both have a precise and well- known value. The result of the comparison in the - binary - counter 84 is a digitized signal which can be stored. The digitized signal represents the actual value of the impedance of the measured security element 12. The actual value may be present in any kind of Si-unit, or else in any semiconductor specific value, as it will not be compared with any externally measured value. A selection unit 81 is present for selecting which security element 12 A, 12B, 12C is to be measured. It will send signals such that one of the switches 91, 92, 93 is on, and one of the security elements 12A, 12B, 12C is measured. The switches are preferably transistors. Alternatively, a desired combination of security elements 12 may be measured so as to minimize the number of measuring steps or to complicate the security. This simultaneous multiple measurement is to be understood as equivalent to measuring the actual value of the first security element 12A in the context of this application. The selection unit also provides a signal to the counter 84 after a measuring step so as to clear its result.
The selection unit 81 may be part of the control means 8. Furthermore, the oscillator 86 may be embodied as the clock generator of the semiconductor device 11. In that case it may be absent in the measuring means 4 and its signal may be sent to the counter 84 via the control means 8. In order to obtain actual and reference values that are precise enough, such that the difference between them is lower than a threshold value of 3-5%, the oscillators 82, 86 are adjusted so as to be correct to within approximately 1%. This is done in a usual manner known to the skilled person, and preferably by the provision of an adequate design.
It is preferred that the security element 12C is a reference element whose actual value is known. It maybe realized, for example, by implementing this element 12C in the interconnect structure; especially if the passivation structure 50 comprises a security layer 53 with particles that are distributed inhomogeneously. This reference security element 12C can be used for optimizing the measuring results and for any performing deduction of actual values from the results of the binary counter 84, if applicable.
Fig. 7 shows a second embodiment of the measuring means 4 of the semiconductor device 11, which is largely identical to the first embodiment. In this case a second oscillator 94 with a resistor 95 is provided, as well as a switch 96. Here the selection unit 81 does not only select the security element 12 A, 12B, 12C that is to be measured, it also selects the oscillator 82, 94 with which the security element 12 A, 12B, 12C is to measured. As the oscillators 82, 94 will be scaled differently, their frequencies will differ. Hence, the embodiment renders it possible to measure the impedance at two frequencies. Both of the resulting actual values may be transferred to the access device 2. These values may be mutually compared in a comparator placed functionally behind the binary counter 84.
The semiconductor device of the invention comprises a circuit covered by a passivation structure. It is provided with a first and a second security element which comprise local areas of the passivation structure, and with a first and a second electrode. The security elements have a first and a second impedance, respectively, which impedances differ. This is realized in that the passivation structure has an effective dielectric constant that varies laterally over the circuit.
Actual values of the impedances are measured by measuring means and transferred to an access device by transferring means. The access device comprises or has access to a central database device for storing the impedances. The access device furthermore on may compare the actual values with the stored values of the impedances in order to check the authenticity or the identity of the semiconductor device.

Claims

CLAIMS:
1. A semiconductor device (11) provided with a circuit comprising an active element (33,43), which circuit is present at a side (32) of a substrate (31) and is covered by a passivation structure (50), which semiconductor device (11) is further provided with a first security element (12A), comprising a first local area of the passivation structure (50) and having a first impedance, and with a second security element (12B), comprising a second local area of the passivation structure (50) and having a second impedance, each of which security elements (12A,12B) is provided with a first and second electrode (14,15), characterized in that: measuring means (4) are present for measuring actual values of the first and second impedance; and transferring means (6) are present for transferring the actual values to an external access device (2) comprising or having access to a central database device (3).
2. A device as claimed in Claim 1, chracterized in that algorithm means are present to modify the actual value as measured according to a predefined algorithm into the actual value as transferred.
3. A device as claimed in claim 1, characterized in that the passivation structure (50) has an effective dielectric constant that varies laterally over the circuit, such that the first impedance is different from the second impedance.
4. A semiconductor device (11) as claimed in Claim 3, characterized in that the passivation structure (50) comprises a passivating layer (52) and a security layer (53), which security layer (53) comprises a carrier material and particles which are distributed inhomogeneously over the circuit.
5. A semiconductor device (11) according to Claim 3 or 4, characterized in that: the passivation structure (50) is present on top of a metal layer (28), and the first and second electrodes (14,15) of the security elements (12A, 12B) are present in the metal layer and constitute a pair of interdigitated electrodes.
6. A system comprising a semiconductor device (11) and an access device (2), characterized in that: the semiconductor device (11) as claimed in any of the Claims 1 to 5 is present; the access device (2) comprises or has access to a central database device(3); and the central database device (3) comprises memory elements (7 A, 7B) which are suitable to store the actual values of the first and the second impedances as first and second reference values respectively.
7. A card provided with a semiconductor device (11) as claimed in any of the claims 1 to 5.
8. A method of initializing the semiconductor device (11) as claimed in Claim 1 for use in a system as claimed in Claim 6, wherein: actual values of the first and the second impedance are measured; and the actual values are transferred to the central database device (3) to be stored as the first and the second reference value in the first and the second memory element (7A,7B), respectively.
9. A method of recognizing the authenticity of a semiconductor device (11) as claimed in Claim 1 in a system as claimed in Claim 6, which semiconductor device (11) has been initialized by storing the actual values of the first and the second impedance as the first and the second reference values in the first and the second memory elements (7A,7B), respectively, which method comprises the steps of: measuring the actual value of the first impedance, transferring the actual value to the access device (2); providing the identity of the semiconductor device (11) to the central database device (3); reading the first reference value corresponding to the identity of the semiconductor device (11), providing the first reference value from the central database device (3) to the access device (2), and recognizing the authenticity of the semiconductor device, if the difference between the actual value and the first reference value is smaller than a predefined threshold value.
10 A method of identifying a semiconductor device (11) according to Claim 1 in a system according to Claim 6, which semiconductor device (11): has been initialized by storing the actual values of the first and the second impedance as first and second reference values in the first and second memory elements (7A,7B), respectively, and has an identity at least partially defined by a combination of the actual values of the first and the second impedance, which method comprises the steps of: measuring the actual values of the first and the second impedance, transferring the actual values to the central database device; recognizing the identity of the semiconductor device (11), if at least the difference between the actual value and the first reference value is smaller than a predefined threshold value.
11. A method as claimed in any of the claims 8, 9 and 10, characterized in that the before transferring the actual value as measured it is modified according to a predefined algorithm into the actual value as transferred.
PCT/IB2002/005050 2001-11-28 2002-11-28 Semiconductor device, and means for checking the authenticity WO2003046986A2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
JP2003548307A JP4545438B2 (en) 2001-11-28 2002-11-28 Semiconductor device, card, system, and method for initializing and inspecting authenticity and discrimination of semiconductor device
KR10-2004-7008034A KR20040060993A (en) 2001-11-28 2002-11-28 Semiconductor device, card, system, and methods of initializing and checking the authenticity and the identity of the semiconductor device
AU2002353267A AU2002353267A1 (en) 2001-11-28 2002-11-28 Semiconductor device, and means for checking the authenticity
EP02788288A EP1451871A2 (en) 2001-11-28 2002-11-28 Semiconductor device, and means for checking the authenticity
US10/497,257 US7525330B2 (en) 2001-11-28 2002-11-28 Semiconductor device, card, system, and methods of initializing and checking the authenticity and the identity of the semiconductor device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP01204588 2001-11-28
EP01204588.6 2001-11-28

Publications (2)

Publication Number Publication Date
WO2003046986A2 true WO2003046986A2 (en) 2003-06-05
WO2003046986A3 WO2003046986A3 (en) 2004-03-18

Family

ID=8181323

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2002/005050 WO2003046986A2 (en) 2001-11-28 2002-11-28 Semiconductor device, and means for checking the authenticity

Country Status (7)

Country Link
US (1) US7525330B2 (en)
EP (1) EP1451871A2 (en)
JP (1) JP4545438B2 (en)
KR (1) KR20040060993A (en)
CN (1) CN100378991C (en)
AU (1) AU2002353267A1 (en)
WO (1) WO2003046986A2 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004105125A2 (en) * 2003-05-26 2004-12-02 Koninklijke Philips Electronics N.V. Semiconductor device, method of authentifying and system
EP1887460A2 (en) 2004-10-15 2008-02-13 Nxp B.V. Integrated circuit with a true random number generator
FR2910708A1 (en) * 2006-12-20 2008-06-27 Commissariat Energie Atomique Electronic component for protecting confidential data in e.g. chip card, has integrated circuit chip comprising internal detection circuit for detecting impedance variation of inductor and providing signal indicating separation of chips
WO2008093273A2 (en) * 2007-01-30 2008-08-07 Nxp B.V. Sensing circuit for devices with protective coating
EP2056346A3 (en) * 2007-10-30 2012-12-19 Giesecke & Devrient GmbH Semi-conductor chip with a protective layer and method of operating a semi-conductor chip
WO2013079335A1 (en) * 2011-11-28 2013-06-06 Smartrac Ip B.V. Tag forgery protection

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7309907B2 (en) * 2001-11-28 2007-12-18 Nxp B.V. Semiconductor device card methods of initializing checking the authenticity and the identity thereof
US7840803B2 (en) 2002-04-16 2010-11-23 Massachusetts Institute Of Technology Authentication of integrated circuits
WO2006053304A2 (en) 2004-11-12 2006-05-18 Pufco, Inc. Volatile device keys and applications thereof
KR100983250B1 (en) * 2005-08-18 2010-09-20 고쿠리츠 다이가쿠 호진 도호쿠 다이가쿠 Device identifying method, device manufacturing method, and electronic device
KR101366376B1 (en) 2006-01-24 2014-02-24 베라요, 인크. Signal generator based device security
US8782396B2 (en) * 2007-09-19 2014-07-15 Verayo, Inc. Authentication with physical unclonable functions
WO2010044063A2 (en) * 2008-10-16 2010-04-22 Koninklijke Philips Electronics N.V. Device and method for identifying electronic/electric products
US8683210B2 (en) * 2008-11-21 2014-03-25 Verayo, Inc. Non-networked RFID-PUF authentication
US8811615B2 (en) 2009-08-05 2014-08-19 Verayo, Inc. Index-based coding with a pseudo-random source
US8468186B2 (en) * 2009-08-05 2013-06-18 Verayo, Inc. Combination of values from a pseudo-random source
JP2012074674A (en) 2010-09-02 2012-04-12 Canon Inc Semiconductor integrated circuit device
US10236115B2 (en) * 2014-06-16 2019-03-19 Stmicroelectronics S.R.L. Integrated transformer

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4423371A (en) * 1981-09-03 1983-12-27 Massachusetts Institute Of Technology Methods and apparatus for microdielectrometry
WO1998018102A1 (en) * 1996-10-22 1998-04-30 Reinhard Posch Method and arrangement for protecting electronic computing units, in particular chip cards
WO1999008192A1 (en) * 1997-08-07 1999-02-18 Hitachi, Ltd. Semiconductor device
US6047068A (en) * 1995-09-19 2000-04-04 Schlumberger Industries Method for determining an encryption key associated with an integrated circuit
US6201296B1 (en) * 1996-09-23 2001-03-13 Siemens Aktiengesellschaft Semiconductor chip with protection against analyzing

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4353056A (en) * 1980-06-05 1982-10-05 Siemens Corporation Capacitive fingerprint sensor
FR2617979B1 (en) * 1987-07-10 1989-11-10 Thomson Semiconducteurs DEVICE FOR DETECTING THE BREAKDOWN OF AN INTEGRATED CIRCUIT
FR2649817B1 (en) * 1989-07-13 1993-12-24 Gemplus Card International INTRUSION PROTECTED MICROCIRCUIT CARD
US5389738A (en) * 1992-05-04 1995-02-14 Motorola, Inc. Tamperproof arrangement for an integrated circuit device
US5469363A (en) * 1994-05-19 1995-11-21 Saliga; Thomas V. Electronic tag with source certification capability
US5861652A (en) * 1996-03-28 1999-01-19 Symbios, Inc. Method and apparatus for protecting functions imbedded within an integrated circuit from reverse engineering
FR2746962B1 (en) * 1996-04-01 1998-04-30 Schlumberger Ind Sa SECURITY DEVICE OF A SEMICONDUCTOR PELLET
JP3037191B2 (en) * 1997-04-22 2000-04-24 日本電気アイシーマイコンシステム株式会社 Semiconductor device
DE19737324A1 (en) * 1997-08-28 1999-03-04 Philips Patentverwaltung Multi-layer capacitor with silver and rare earth doped barium titanate
EP0964361A1 (en) * 1998-06-08 1999-12-15 International Business Machines Corporation Protection of sensitive information contained in integrated circuit cards
JP2002518829A (en) * 1998-06-10 2002-06-25 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Semiconductor device having an integrated circuit with a ceramic protective coating and method of manufacturing the device
DE59913706D1 (en) * 1998-11-05 2006-09-07 Siemens Ag PROTECTION FOR INTEGRATED CIRCUIT
US7024565B1 (en) * 1999-12-17 2006-04-04 Intel Corporation Method and apparatus to detect circuit tampering
US7005733B2 (en) * 1999-12-30 2006-02-28 Koemmerling Oliver Anti tamper encapsulation for an integrated circuit
ATE350766T1 (en) * 2000-08-21 2007-01-15 Infineon Technologies Ag DEVICE FOR PROTECTING AN INTEGRATED CIRCUIT
DE10120520A1 (en) * 2001-04-26 2002-11-14 Infineon Technologies Ag Semiconductor device and manufacturing process
US7309907B2 (en) * 2001-11-28 2007-12-18 Nxp B.V. Semiconductor device card methods of initializing checking the authenticity and the identity thereof
ATE477590T1 (en) * 2002-03-21 2010-08-15 Nxp Bv SEMICONDUCTOR COMPONENT WITH A PROTECTIVE SAFETY COATING AND METHOD FOR PRODUCING IT
CN100442071C (en) * 2002-04-09 2008-12-10 Nxp股份有限公司 Method and arrangement for protecting a chip and checking its authenticity

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4423371A (en) * 1981-09-03 1983-12-27 Massachusetts Institute Of Technology Methods and apparatus for microdielectrometry
US6047068A (en) * 1995-09-19 2000-04-04 Schlumberger Industries Method for determining an encryption key associated with an integrated circuit
US6201296B1 (en) * 1996-09-23 2001-03-13 Siemens Aktiengesellschaft Semiconductor chip with protection against analyzing
WO1998018102A1 (en) * 1996-10-22 1998-04-30 Reinhard Posch Method and arrangement for protecting electronic computing units, in particular chip cards
WO1999008192A1 (en) * 1997-08-07 1999-02-18 Hitachi, Ltd. Semiconductor device

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004105125A2 (en) * 2003-05-26 2004-12-02 Koninklijke Philips Electronics N.V. Semiconductor device, method of authentifying and system
WO2004105125A3 (en) * 2003-05-26 2005-01-06 Koninkl Philips Electronics Nv Semiconductor device, method of authentifying and system
US7554337B2 (en) 2003-05-26 2009-06-30 Nxp B.V. Semiconductor device, method of authentifying and system
EP1887460A2 (en) 2004-10-15 2008-02-13 Nxp B.V. Integrated circuit with a true random number generator
EP1887459A2 (en) 2004-10-15 2008-02-13 Nxp B.V. Integrated circuit with a true random number generator
FR2910708A1 (en) * 2006-12-20 2008-06-27 Commissariat Energie Atomique Electronic component for protecting confidential data in e.g. chip card, has integrated circuit chip comprising internal detection circuit for detecting impedance variation of inductor and providing signal indicating separation of chips
WO2008093273A2 (en) * 2007-01-30 2008-08-07 Nxp B.V. Sensing circuit for devices with protective coating
WO2008093273A3 (en) * 2007-01-30 2008-11-06 Nxp Bv Sensing circuit for devices with protective coating
US8138768B2 (en) 2007-01-30 2012-03-20 Nxp B.V. Sensing circuit for devices with protective coating
EP2056346A3 (en) * 2007-10-30 2012-12-19 Giesecke & Devrient GmbH Semi-conductor chip with a protective layer and method of operating a semi-conductor chip
WO2013079335A1 (en) * 2011-11-28 2013-06-06 Smartrac Ip B.V. Tag forgery protection

Also Published As

Publication number Publication date
KR20040060993A (en) 2004-07-06
CN1596471A (en) 2005-03-16
US7525330B2 (en) 2009-04-28
US20050051351A1 (en) 2005-03-10
AU2002353267A1 (en) 2003-06-10
JP4545438B2 (en) 2010-09-15
WO2003046986A3 (en) 2004-03-18
CN100378991C (en) 2008-04-02
AU2002353267A8 (en) 2003-06-10
JP2005514674A (en) 2005-05-19
EP1451871A2 (en) 2004-09-01

Similar Documents

Publication Publication Date Title
US7525330B2 (en) Semiconductor device, card, system, and methods of initializing and checking the authenticity and the identity of the semiconductor device
EP1451759B1 (en) Semiconductor device, card, methods of initializing, checking the authenticity and the identity thereof
US6501284B1 (en) Capacitive finger detection for fingerprint sensor
US8110894B2 (en) Protection for an integrated circuit chip containing confidential data
US6399994B2 (en) Semiconductor device for surface-shape recognition
EP1499905B1 (en) Method and arrangement for protecting a chip and checking its authenticity
CN105453109B (en) For the connection gasket of fingerprint acquisition apparatus
US7554337B2 (en) Semiconductor device, method of authentifying and system
US20020126792A1 (en) Electric or electronic circuit arrangement and method of protecting said circuit arrangement from manipulation and/or abuse
KR100758516B1 (en) Semiconductor apparatus for fingerprint recognition
US8779548B2 (en) Integrated circuit including a porous material for retaining a liquid and manufacturing method thereof
US11387195B2 (en) Electronic chip
US11355456B2 (en) Electronic chip with protected rear face
KR19990013829A (en) Apparatus for detecting the topological features of objects
JP2001156062A (en) Semiconductor device and its manufacturing method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2002788288

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2003548307

Country of ref document: JP

Ref document number: 20028235983

Country of ref document: CN

Ref document number: 10497257

Country of ref document: US

Ref document number: 1020047008034

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2002788288

Country of ref document: EP