阅读说明：本技术 篡改检测 (Tamper detection ) 是由 A·H·里克 J·H·霍尔 于 2020-01-29 设计创作，主要内容包括：用于电路108的封闭体包括平台112、电荷源106、第一电容板120、122、126、第二电容板130、132、136以及电容传感器104。电路固定地耦合到平台112。第一电容板120、122、126也固定地耦合到平台112,并且单独地或与平台112一起包围容纳电路108和电荷源106的体积102,电荷源106电耦合到第一电容板120、122、126并被配置为对其充电。第二电容板130、132、136固定地耦合到平台112而不接触第一电容板120、122、126,并且单独地或与平台112一起包围第一电容板120、122、126。第二电容板130、132、136被配置为使得第一电容板120、122、126和第二电容板130、132、136之间存在电势差。电容传感器104电连接到第一电容板120、122、126并且被配置为确定第一电容板120、122、126和第二电容板130、132、136之间的电容何时改变。(The enclosure for circuit 108 includes platform 112, charge source 106, first capacitive plates 120,122,126, second capacitive plates 130,132,136, and capacitive sensor 104. The circuitry is fixedly coupled to the platform 112. The first capacitive plates 120,122,126 are also fixedly coupled to the platform 112 and, alone or with the platform 112, enclose the volume 102 housing the circuit 108 and the charge source 106, the charge source 106 being electrically coupled to the first capacitive plates 120,122,126 and configured to charge them. The second capacitive plates 130,132,136 are fixedly coupled to the platform 112 without contacting the first capacitive plates 120,122,126 and enclose the first capacitive plates 120,122,126 alone or with the platform 112. The second capacitive plates 130,132,136 are configured such that there is a potential difference between the first capacitive plates 120,122,126 and the second capacitive plates 130,132, 136. The capacitive sensor 104 is electrically connected to the first capacitive plates 120,122,126 and is configured to determine when a capacitance between the first capacitive plates 120,122,126 and the second capacitive plates 130,132,136 changes.)

1. An enclosure for an electrical circuit, comprising:

a platform to which the circuitry is fixedly coupled;

a source of electrical charge;

a first capacitive plate fixedly coupled to the platform and enclosing, alone or with the platform, a volume housing the circuit and the charge source, the charge source being electrically coupled to the first capacitive plate and configured to charge the first capacitive plate;

a second capacitive plate fixedly coupled to the platform without contacting the first capacitive plate and surrounding the first capacitive plate alone or with the platform, the second capacitive plate configured such that a potential difference exists between the first capacitive plate and the second capacitive plate; and

a capacitive sensor electrically connected to the first capacitive plate and configured to determine when a capacitance between the first capacitive plate and the second capacitive plate changes.

2. The enclosure of claim 1, wherein the second capacitive plate is electrically coupled to ground.

3. The closure of claim 1,

wherein the first capacitive plate includes a first top portion;

wherein the charge source, the circuitry, and the first top portion are fixedly coupled to a surface of the platform;

wherein the second capacitive plate comprises a second top portion, the first top portion nested within the second top portion;

wherein the first capacitive plate comprises a first bottom portion fixedly coupled to a portion of the platform that is displaced from the surface toward an interior of the platform in a direction normal to the surface; and

wherein the second capacitive plate comprises a second bottom portion fixedly coupled to a portion of the platform that is displaced more from the surface toward an interior of the platform than the first bottom portion in a direction normal to the surface;

further comprising a plurality of capacitive sensing vias coupling the first top portion to the first bottom portion and a plurality of ground vias coupling the second top portion to the second bottom portion.

4. The closure of claim 3, wherein said ground vias are arranged in a ring to form a ground via ring around a perimeter of said volume.

5. The closure of claim 4, wherein said capacitive sensing vias are arranged in a ring concentrically within said ground via ring, and wherein said capacitive sensing vias are proximate to and in alternating positions with said ground vias.

6. The closure of claim 3, wherein said ground via and/or said capacitive sensing via are arranged around a perimeter of said volume such that drilling into said volume is prevented without contacting at least one of said first capacitive plate, said second capacitive plate, said ground via and said capacitive sensing via.

7. The closure of claim 1, further comprising:

a communication node not surrounded by the first capacitive plate or the second capacitive plate, the communication node configured to receive an electronic signal; and

a communication line electronically coupling the capacitive sensor and/or the circuit to the communication node.

8. The enclosure of claim 7, wherein said electronic signals may include one or more of power, control signals for said electrical circuit and/or said capacitive sensor, data for operation of said electrical circuit and/or said capacitive sensor, or programming for said capacitive sensor.

9. The closure of claim 1, wherein said first capacitive plate alone or with said platform surrounds said volume without gaps, and wherein said second capacitive plate alone or with said platform surrounds said first capacitive plate without gaps.

10. The closure of claim 1, wherein at least one of said first and second capacitive plates is configured to shield said volume from electric and/or magnetic fields.

11. The closure of claim 1, wherein said first and second capacitive plates are formed as part of a five-sided box, an N-sided box with N-1 closed sides, or a sphere.

12. The closure of claim 1, wherein the capacitive sensor is configured to cause a designated portion of the electrical circuit to become inoperable if the capacitive sensor detects a change in the capacitance between the first and second capacitive plates that exceeds a threshold amount of change and is not altered by the charge source.

13. The enclosure of claim 1, wherein the circuitry and the capacitive sensor are configured to not receive power from outside the volume.

14. The enclosure of claim 1, wherein the charge source is configured to be powered via an electrical coupling between the charge source and a power node external to the volume, the power node configured to receive power.

15. A method of protecting a circuit from tampering, the method comprising:

enclosing a volume containing the circuitry within an inner shield, the inner shield including an electrically charged inner capacitive plate coupled to a source of charge within the volume and a capacitive sensing via coupling the inner capacitive plate to a capacitive sensor;

enclosing the volume and the inner shield within an outer shield, the outer shield including a grounded outer capacitive plate and a ground via coupling the outer capacitive plate to ground, the outer shield not contacting the inner shield;

measuring a capacitance between the inner capacitive plate and the outer capacitive plate using a sensor located within the volume; and

operating the circuit according to the measurement.

16. The method of claim 15, wherein the operating comprises causing a designated portion of the circuit to become inoperable if the capacitive sensor detects that the capacitance between the first capacitive plate and the second capacitive plate is not changed by the charge source.

17. The method of claim 16, wherein causing the designated portion of the circuit to become inoperable comprises one or more of deleting the designated data, making the designated data unchangeable, or causing a physical self-destruction event.

18. The method of claim 16, wherein the capacitance is determined not to be changed by the charge source from a comparison between the capacitance and a threshold.

19. The method of claim 15, wherein a polling frequency of a capacitance between the inner shield and the outer shield is random and/or pseudo-random.

20. The method of claim 15, further comprising shielding the volume from electric and/or magnetic fields using the inner and outer shields.

21. The method of claim 15, further comprising measuring one or more of voltage, temperature and humidity, and compensating for the measured voltage, temperature and/or humidity in the measuring step.

22. The method of claim 15, wherein the charge source is powered by a power source external to the volume.

23. A method of protecting a circuit from tampering, the method comprising:

wherein an inner shield encloses a volume containing the circuit, the inner shield comprising an electrically charged inner capacitive plate coupled to a source of charge within the volume and a capacitive sensing via coupling the inner capacitive plate to a capacitive sensor;

wherein an outer shield encloses the volume and the inner shield, the outer shield comprising a grounded outer capacitive plate and a ground via coupling the outer capacitive plate to ground, the outer shield not contacting the inner shield;

measuring a capacitance between the inner capacitive plate and the outer capacitive plate using a sensor located within the volume; and

operating the circuit according to the measurement.

Technical Field

The present application relates generally to tamper-proofing of electronic systems, and more particularly to tamper-proofing housings for sensitive electronic circuits at the Printed Circuit Board (PCB) level.

Background

Many forms of electronic security are easily penetrated if an adversary has physical access to the system. Reverse engineering, decapsulation, hardware-based man-in-the-middle attacks, and other methods may enable an attacker to physically access system buses and connected Integrated Circuits (ICs), thereby circumventing system-level and/or device-level security. Physical attack tampering may allow certain Intellectual Property (IP) assets to be discovered, stolen, altered, manipulated, destroyed, or otherwise compromised. Such IP assets may include software and its related data including, for example, financial information, authentication keys, or firmware images; or hardware such as sensitive chip-level or PCB designs, or other physical systems such as clock sources, digital sequence sources, or actuator controls. Prior art tamper-resistant system covers include, for example, potting, electromechanical switches configured to break contact upon tampering, PCB tamper mesh enclosures, or switches or buttons that use inductive sensing coils, hall effect detection, or ambient light detection.

Disclosure of Invention

In described examples, an enclosure (enclosure) for an electrical circuit includes a platform, a charge source, a first capacitive plate, a second capacitive plate, and a capacitive sensor. The circuit is fixedly coupled to the platform. The first capacitive plate is also fixedly coupled to the platform and, alone or with the platform, encloses a volume housing a circuit and a charge source electrically coupled to the first capacitive plate and configured to charge it. The second capacitive plate is fixedly coupled to the platform without contacting the first capacitive plate and surrounds the first capacitive plate alone or with the platform. The second capacitive plate is configured such that there is a potential difference between the first capacitive plate and the second capacitive plate. A capacitive sensor is electrically connected to the first capacitive plate and configured to determine when a capacitance between the first and second capacitive plates changes.

Drawings

Figure 1 shows an example of a side view of an electrical block diagram view of a system 100 including a secure enclosure for tamper detection using capacitive sensing.

Fig. 2 illustrates an example plan view and schematic diagram of the system of fig. 1.

Fig. 3A shows a three-quarter perspective view of an example embodiment of a system including a secure enclosure (visible in fig. 3C) for tamper detection using capacitive sensing.

Fig. 3B illustrates a three-quarter perspective view of the example system embodiment of fig. 3A.

Fig. 3C illustrates a three-quarter perspective view of the example system embodiment of fig. 3A.

Fig. 4 shows an example of a process for tamper detection using capacitive sensing.

Detailed Description

Fig. 1 shows an example of a side view of an electrical block diagram view of a system 100, the system 100 including a secure enclosure 102 for tamper detection using capacitive sensing, where by way of introduction, the secure enclosure 102 includes an electrically conductive structural inner volume (120,122,126,128) and an electrically conductive structural outer volume (130,132, 136). The outer volume of the conductive structure surrounds the inner volume of the conductive structure such that a capacitance exists between the inner volume and the outer volume. As shown in fig. 1, the control unit 104, battery 106, and security assets 108 (such as one or more ICs) are mounted on a top surface 110 of a top layer 140 of a multi-layer PCB 112 (such as an FR4 PCB). The control unit 104 includes a capacitive sensor and logic for determining whether tampering has occurred based on the capacitive measurements of the sensor. A change in capacitance is preferably measured as a relative change in capacitance. A change in capacitance between the volume inside the conductive structure and the volume outside the conductive structure (e.g., a change greater than a threshold value) is indicative of tampering.

PCB 112 has a top layer 140, a middle layer 142, and a bottom layer 144. The top layer 140 has a top surface 110. The middle layer 142 has a middle top surface 116 at the interface between the top layer 140 and the middle layer 142, and a middle bottom surface 124 at the interface between the middle layer 142 and the bottom layer 144. The bottom layer has a bottom surface 134.

The "interior" of safety enclosure 102 refers herein to the interior of the internal volume described above, which is enclosed by (between) an internal top shield 120 (such as a hollow cuboid open along one major face and mounted on top surface 110) and an internal bottom shield 126 (such as a conductive plate located on intermediate bottom surface 124 (between intermediate layer 142 and bottom layer 144 of PCB 112)). The "exterior" of the safety enclosure 102 refers herein to a volume other than the outer volume described above that exceeds the outer top shield 130 (such as a hollow cuboid along one larger face but larger than the opening of the inner top shield 120 and mounted on the top surface 110) and the outer bottom shield 136 (such as a conductive plate mounted on the bottom surface 134). The inner top shield 120, the inner bottom shield 126, the outer top shield 130, and the outer bottom shield 136 are further described below. Preferably, there is a single electrical connector 114 that connects the circuitry inside the secure enclosure to the circuitry outside the secure enclosure 102 to avoid providing a path through which an attacker may attempt to gain physical access to the interior of the secure enclosure, i.e., a physical opening in the conductive structural volume. Connector 114 preferably extends along intermediate top surface 116, embedding a length of connector 114 within PCB 112, making it more difficult to tamper with connector 114 and connect to control unit 104.

In some embodiments, electrical activity within the safety enclosure 102 or between the interior and the exterior of the safety enclosure 102 may affect the sensed capacitance. This can be mitigated, for example, by PCB design, such as routing (direction and size of the connectors); the bandwidth (or associated data rate) of the signal; and timed and/or forced synchronous capacitance measurements (e.g., the system may force local electrical activity to stop while capacitance measurements are being made).

Control unit 104 is preferably connected to battery 106 and secure assets 108 by wires 118 to mediate input and output (I/O) between secure assets 106 and the exterior of secure enclosure 102, preventing I/O if tampering is detected. The control unit 104 is electrically connected to the inner top shield 120 by electrical connection 119. The inner top shield 120 surrounds the interior of the secure enclosure 102, with no gaps in the inner top shield 120 or between the inner top shield 120 and the PCB 112. The inner top shield 120 is made of a material suitable as a capacitive plate (e.g., a conductor), preferably selected for Electromagnetic (EM) shielding, both from photons (i.e., the capacitive material is opaque) and from electric and magnetic fields. An inner top shield 120 is mounted on the top surface 110 of the PCB 112 and is electrically connected to the control unit 104 and the battery 106 and one or more capacitive sensing vias 122. The capacitive sensing vias are conductive and electrically couple the control unit 104 (and its integrated capacitive sensor) to the top and bottom inner shields 120, 130. One such via 122 is shown in fig. 1, but as shown in fig. 2, a plurality of adjacent capacitive sensing vias 122 are preferably implemented.

In the example shown in fig. 1, the battery 106 is connected to the inner top shield 120 via the control unit 104 (using electrical connections 119) so that the control unit 104 can regulate the charge on the inner top shield 120 and the inner bottom shield 126. That is, the battery 106 is connected to power the control unit 104, and the control unit 104 applies a charge to the inner top shield 120, the capacitive sensing via 122, and the inner bottom shield 130.

Capacitive sensing via 122 extends through PCB 112 from top surface 110 to intermediate bottom surface 124. Capacitive sensing via 122 is electrically connected to inner bottom shield 126. The inner bottom shield 126 is mounted on the bottom surface 124 of the PCB 112 and covers an area of the middle bottom surface 124 that matches and is aligned (e.g., vertically) with the area of the top surface 110 covered by the inner top shield 120, and is made of a conductive material selected to act as a capacitive plate and EM shield. The return line 128 electrically connects the inner bottom shield 126 to the channel of the control unit 104. As described further below, e.g., with respect to fig. 2, there are preferably a plurality of capacitive sensing vias 122 located within the perimeter of the top and bottom inner shields 120, 130 (as viewed looking at the system 100 looking toward and perpendicular to the top surface 110, as shown in fig. 2). The preferred arrangement of vias 122, 132 can also be described as a staggered arrangement of capacitive sensing vias 122 and ground vias 132, or analogized to an alternating saw-tooth configuration (with ground vias 132 in the upper portion of the saw-tooth recess and capacitive sensing vias 122 in the lower portion of the saw-tooth recess, or vice versa). Thus, in light of the foregoing, those skilled in the art will now appreciate that inner top shield 120, capacitive sensing through hole 122, and inner bottom shield 126 (collectively referred to herein as inner shields) together enclose and enclose the secure enclosure 102, as previously described.

The outer top shield 130 is mounted on the PCB 112 such that the outer top shield 130 surrounds the inner top shield 120 and is close to it but not in electrical contact with it. That is, the inner top shield 120 nests within the outer top shield 130. There is preferably no gap in the outer top shield 130 or between the outer top shield 130 and the PCB 112 to prevent access from the outside to the interior of the secure enclosure 102. The outer top shield 130 is made of a conductive material as the inner top shield 120, preferably selected to act as a capacitive plate and as an EM shield. The inner and outer top shields 120, 130 may be mounted on the PCB using, for example, solder or mounting brackets (respectively) that establish a reliable electrical connection between the shield and power or ground.

The outer top shield 130 is connected to a plurality of ground vias 132, which ground vias 132 are connected to a ground (not shown) located outside the secure enclosure 102. Ground vias 132 extend through PCB 112 from top surface 110 to bottom surface 134. The ground vias 132 are electrically connected to the outer bottom shield 136. An outer bottom shield 136 is mounted on the bottom surface 134 of the PCB and covers an area of the bottom surface 134 that matches and is aligned (e.g., vertically) with the area of the top surface 110 covered by the outer top shield 130, and is made of a material selected to act as a capacitive plate and EM shield. The ground vias 132 are preferably disposed in a ring (i.e., in surrounding alignment, but not necessarily circular) near the perimeter of the outer bottom shield 136. Capacitive sensing via 122 and ground via 132 are preferably "blind" vias. Thus, when the secure enclosure 102 is fully assembled, they are preferably externally invisible or physically inaccessible (e.g., a portion of the capacitive sensing via 122 connected to the intermediate bottom surface 124 is covered by the inner bottom shield 126 and a portion of the ground via 132 connected to the bottom surface 134 is covered by the outer bottom shield 136). Together, the outer top shield 130, the ground vias 132, and the outer bottom shield 136 enclose and enclose the secure enclosure 102, the inner top shield 120, the capacitive sensing vias 122, and the inner bottom shield 130.

Preferably, the security asset 108 equipment is placed on only one side of the PCB 112 enclosed by the inner top shield 120 and the outer top shield 130. (in some embodiments, the volume that may fit into the security asset 108 may be located on more than one side of the PCB 112, such as on both sides of the planar PCB 112). Furthermore, it is preferred that the sensitive power planes and signal traces be located within the secure enclosure 102.

The inner top shield 120 and the outer top shield 130 act as a top plate capacitor that is driven by the control unit 104 (powered by the battery 106) using the capacitive sensing vias 122 and grounded by the ground vias 132. Similarly, the inner bottom shield 126 and the outer bottom shield 136 act as a bottom plate capacitor, driven by the battery 106 using the capacitive sensing via 122, and grounded by the ground via 132. The EM field lines extend between the inner top shield 120 and the outer top shield 130, and between the inner bottom shield 126 and the outer bottom shield 136. The control unit 104 preferably controls the inner top shield 120, the capacitive sensing via 122 and the inner bottom shield 130 to be charged and (partially) discharged at a high frequency, e.g. 1 MHz.

The control unit 114 is configured to measure the capacitance change of the top plate capacitor and the bottom plate capacitor. The empty volume 138 between the inner top shield 120 and the outer top shield 130 or the inner bottom shield 126 and the outer bottom shield 136 (PCB material rather than empty volume located between the bottom shields 126, 136 in the example shown in fig. 1) may be filled with a dielectric material containing air or another dielectric material, such as a dielectric material with increased capacitance and/or reduced production processing requirements and/or costs.

Fig. 2 illustrates an example plan view and schematic 200 of the system 100 of fig. 1. From the above description and the plan view of fig. 2, those skilled in the art will further appreciate that the outer perimeter of the inner top shield 120 encloses each of the control unit 104, the battery 106, and the security assets 108. Further, the plurality of capacitive sensing vias 122 form a substantially inner perimeter that extends into the page from the perspective of FIG. 2, as seen in FIG. 1, and is located within the outer boundary (perimeter) of the inner top shield 120 and within the outer boundary (perimeter) of the outer top shield 130. Similarly, the plurality of ground vias 132 form a generally outer perimeter that extends into the page from the angle of fig. 2, as also seen in fig. 1, and is located outside of and/or overlaps with the outer boundary (perimeter) of the outer top shield 130.

In operation and as described in further detail below with respect to fig. 4, the control unit 104 may detect changes in capacitance between the shields 120, 126, 130, 136, e.g., detect whether such changes occur based on an attempt to tamper with the system 100. The capacitance change measured by the control unit 104 may occur due to, for example: one of the shields 120, 126, 130, 136 is moved, removed, twisted or deflected (changing the distance between the plates), drilled through or ablated (changing the size of the plates and thereby the total conductor area; and/or shorting the inner and outer plates if the drill bit is conductive) or charged by an external source (changing the charge on the plates). The capacitance change measured by the control unit 104 may also occur due to, for example: a drill bit (or other device for removing material) is used to access the interior of the safety enclosure 102 and drill through or contact the ground via 132 or the capacitive sensing via 122 en route; or the conductive probe contacts one (or more) of the shields 120, 126, 130, 136 or vias 122, 132.

As shown in fig. 2, capacitive sensing vias 122 and ground vias 132 are preferably arranged in a closely spaced concentric geometry around the perimeter of secure enclosure 102, with inner ring vias (capacitive sensing vias 122) having alternating positions (interleaving) with outer ring vias (ground vias 132), e.g., to prevent PCB 112 from being drilled through by an attacker seeking to enter the secure enclosure. (for clarity and simplicity, the breaks in the via ring through which the connection 114 passes are shown. in the preferred embodiment, the connection 114 is routed between the capacitive sensing via 122 and the ground via 132, without breaks in the via ring.) furthermore, the perimeter of the capacitive sensing via 122 is preferably within the perimeter of the top inner shield 120 and the bottom inner shield 130, and the perimeter of the ground via 132 is preferably within or overlaps the perimeter of the top outer shield 126 and the bottom outer shield 136. Thus, the shields 120, 126, 130, 136 and the vias 122, 132 together provide a physical barrier to attacks attempting to physically enter the secure enclosure, while allowing sufficient spacing 112 to be arranged in or on the surface of the PCB to pass power and/or signal traces from outside the secure enclosure 102 to inside it.

The outer shield is electrically connected and surrounds the secure enclosure 102 in three dimensions, forming a faraday cage around the secure enclosure 102. That is, the outer shield generally prevents EM fields originating outside the secure enclosure 102 from penetrating to affect the interior of the secure enclosure 102 (isolating the secure enclosure 102 from external electrical current and photon signals). This means that the external shield connected to the system ground shields the secure enclosure 102 from EM-based attacks (e.g., electrical over-voltage stress) and unintended EM interference (reducing noise within the secure enclosure 102). Thus, the control unit 104 is less sensitive to false tamper detection events, such as during system assembly or other intended end-user processing, since the external shield connected to system ground means that the capacitance change in the top and bottom board capacitors is typically only caused by the removal of the top or outer bottom shields 126, 136 in ordinary processing.

In some embodiments, when control unit 104 detects tampering (a change in capacitance in the top and/or bottom plate capacitors), it may cause secure assets 108 to be disabled. For example, the security asset 108 may be caused to delete sensitive data, make sensitive data unchangeable, or trigger a physical self-destruction event (e.g., burn the entire programmable fuse array to make data previously stored in a selected portion of the fuses unreadable).

Fig. 3A illustrates a three-quarter perspective view 300 of an example embodiment of the system 100 as shown in fig. 1A and described with respect to fig. 1A. Fig. 3A shows the system 100 with an inner top shield 120 (not visible) and an outer top shield 130 covering the secure enclosure 102. Outer carrier 302 (partially visible) holds outer top shield 130 in place against PCB 112. The ground vias 132 are visible outside the perimeter of the outer top shield 130.

Fig. 3B illustrates a three-quarter perspective view 304 of the example system 100 embodiment of fig. 3A. In fig. 3B, the outer top shield 130 is exploded from the surface of the PCB 112 to expose the inner top shield 120. Inner bracket 306 holds inner top shield 120 in place against PCB 112.

Fig. 3C illustrates a three-quarter perspective view 308 of the example system 300 embodiment of fig. 3A. In fig. 3C, the outer top shield 130 and the inner top shield 120 are exploded from the surface of the PCB 112 to expose the secure enclosure 102. Capacitive sensing vias 122 are visible within the perimeter of inner top shield 120. (for clarity and simplicity, in FIGS. 3A, 3B, and 3C, the inner top shield 120 and the outer top shield 130 are spaced relatively far apart. the capacitive sensing through hole 122 and the ground through hole 132 are preferably closer together than shown-e.g., close enough to block and/or prevent physical attack by drilling into the secure enclosure 102, as described above.) the control unit 104, the battery 106, and the secure assets 108 are also visible within the space that houses the secure enclosure 102 when the inner top shield 120 and the outer top shield 130 are fixedly attached to the PCB 112.

As shown in fig. 3A, 3B, and 3C, when outer top shield 120 and inner top shield 130 are fixedly attached to PCB 112 by outer carrier 302 and inner carrier 306, the conductive structure inner volume (120,122,126,128) is capacitively coupled to the conductive structure outer volume (130,132, 136). Thus, a change in capacitance between the conductive structure inner volume (120,122,126,128) and the conductive structure outer volume (130,132,136), as measured by a capacitive sensor in the control unit 104, indicates tampering, such as an attempt to physically or electrically access the interior of the secure enclosure 102.

Fig. 4 shows an example of a process 400 for tamper detection using capacitive sensing. In step 402, a volume containing a security asset (e.g., a circuit) is enclosed within an inner shield, the inner shield including charged inner capacitive plates coupled to a charge source within the volume and capacitive sensing vias coupling the inner capacitive plates to a capacitive sensor located within the volume. In step 404, the volume and inner shield are enclosed within an outer shield, the outer shield including a grounded outer capacitive plate and a ground via coupling the outer capacitive plate to ground, the outer shield not contacting the inner shield. In step 406, the capacitance between the inner capacitive plate and the outer capacitive plate is measured using the capacitive sensor. In step 408, the circuit is operated according to the measurement — for example, if a change in the measurement of capacitance is detected, then it is therefore presumed that tampering was the cause and caused a portion of the secure asset to become inoperable. Further, when tampering is detected, a reporting element may be triggered. For example, an alarm may be activated, information regarding the detected change in capacitance may be stored in a storage device within the secure enclosure, or a signal indicative of the detected tampering may be sent to the exterior of the secure enclosure.

Modifications in the described embodiments are possible within the scope of the claims, and other embodiments are possible.

In some embodiments, there is more than one electrical connection between the interior and exterior of the secure enclosure.

In some embodiments, there is a direct electrical connection between the outside of the secure enclosure and the secure asset.

In some embodiments, there is no electrical connection between the interior and exterior of the secure enclosure.

In some embodiments, the power requirements of the control unit and the safety assets are small. In some embodiments where the safety enclosure is isolated from a power source external to the safety enclosure, a small battery, such as a button cell, may be used.

In some embodiments, only one of the inner top shield and the outer shield includes electromagnetic shielding. In some embodiments, only one of the bottom inner and outer shields includes electromagnetic shielding.

In some embodiments, the I/O between the secure enclosure and the outside is routed through the control unit. In some embodiments, the control unit is not connected to communicate with the secure asset. In some embodiments, the control unit is not electrically connected to the security asset.

In some embodiments, MSP430FR2633 or other MSP430 CapTIvate-enabled devices include or are used in a control unit. These devices are commercially available from texas instruments.

In some embodiments, the secure enclosure may house, for example, one or more of the following: a processor, a memory, or a communication device.

In some embodiments, more than two through-hole rings are used. In some embodiments, the through holes are arranged differently than the rings.

In some embodiments, a tamper sensor, such as a photon or pressure sensor, is used in addition to the control unit.

In some embodiments, the battery is selected to be large enough to last the expected life of the secure asset. In some embodiments, the life of the battery defines the useful life of the security asset. In some embodiments, the power is supplied by wires extending from the exterior to the interior of the secure enclosure. That is, the charge source for charging the top and bottom internal shields may be powered by a power source external to the secure enclosure and connected to the control unit, for example, by a connector.

In some embodiments, capacitive sensing and data protection (such as hardware-level security keys) may be implemented on the same device.

In some embodiments, one or more of the outer top shield, the inner top shield, the outer bottom shield, and the inner bottom shield are removable. In some embodiments, one or more of the outer top shield, the inner top shield, the outer bottom shield, and the inner bottom shield are non-removable (e.g., soldered to the PCB or connected to the PCB using an adhesive).

In some embodiments, voltage, temperature and humidity monitoring subsystems may be included in a tamper detection system inside or outside the secure enclosure to help detect physical tampering attacks and/or provide measurements that may be analyzed to compensate for environmental factors that may affect the capacitance measurement. In some embodiments, these subsystems are located within a secure enclosure for use in conjunction with a capacitance measurement system. In some embodiments, these subsystems are integrated into the control unit (e.g., into an integrated circuit that includes the capacitance measurement circuit). In some embodiments, the timing of the capacitance measurements, and/or the timing of activating the voltage, temperature, and humidity monitoring subsystems, may be controlled to present non-certainty to an attacker, for example, using a random or pseudo-random timing for measurement polling events.

In some embodiments, the devices within the secure enclosure are powered solely by batteries or other energy storage devices that are fully contained within the secure enclosure. In some embodiments, devices within the secure enclosure may receive power from outside the secure enclosure.

In some embodiments, the security assets and/or control units are programmable from outside the secure enclosure. In some embodiments, the security assets may be reprogrammed by the control unit. In some embodiments, the control unit may be reprogrammed by the security asset.

In some embodiments, the inner and outer shields completely surround the PCB (or other platform on which the secure asset is mounted). In some such embodiments, there is only one inner shield and only one outer shield. In some such embodiments, a separate shield (without a PCB) is sufficient to surround and enclose the secure enclosure.

In some embodiments, the control unit alters the operation of the security asset (e.g., causing reprogramming or destruction of some or all of the security asset) if the change in capacitance between the inner and outer plate capacitors is greater than a threshold value. In some embodiments, the threshold depends on the state of charge of the inner plate capacitor or environmental factors (such as sensed voltage, temperature, and humidity).

In some embodiments, the source of charge for the inner capacitive plates is not a battery.

In some embodiments, the inner top shield and the outer top shield are shaped as a five-sided box, an N-sided polyhedron with N-1 closed sides, or a continuous portion of a sphere.

In some embodiments, the electrical connections between the interior and the exterior of the secure enclosure may be configured to provide one or more of power, control signals for the circuitry and/or the capacitive sensor, or data for operation of the circuitry and/or the capacitive sensor into the secure enclosure (from a communications node outside the secure enclosure to which the electrical connections are connected).

In some embodiments, the ground vias and/or the capacitive sensing vias are larger or smaller. In some embodiments, more or fewer ground vias and/or capacitive sensing vias are used.

In some embodiments, a polyhedron shape (including polyhedron shapes other than cuboids, which are open on one or more faces and configured to be fixedly or removably attached to a PCB without gaps in the shape or between the shape and the PCB) made of a conductive material may be used as a shield (capacitive plate).

In some embodiments, an inner bottom shield and an outer bottom shield are mounted on the bottom surface and enclose an empty volume, similar to the inner top shield and the outer top shield. In some such embodiments, the circuitry is located within an empty volume enclosed by the inner and outer bottom shields.

In some embodiments, in one or more of the inner top shield, the outer top shield, the inner bottom shield, or the outer top shield, or between one or more shields and the PCB (or other platform on which the equipment in the secure enclosure is mounted), the gap is made too small for an attacker to use to gain access to the interior of the secure enclosure.

In some embodiments, the control unit uses different (or randomized) frequencies to charge and discharge the internal shield (top and bottom inner plates and capacitive sensing vias).

In some embodiments, the outer shield is electrically coupled to ground, but not at a voltage of ground. For example, the outer shield may be electrically coupled to ground via a resistor and/or one or more other impedance elements. In some embodiments, the outer shield is configured such that there is a potential difference between the outer shield and the inner shield (e.g., different than the potential difference corresponding to the charged inner shield and the grounded outer shield).

In some embodiments, the volume within the conductive structure does not include a capacitive sensing via and/or an internal floor. In some embodiments, the conductive structure outer volume does not include a ground via and/or an outer floor. In some embodiments, different capacitive sensors measure capacitance with respect to the inner and outer top plates rather than with respect to the inner and outer bottom plates and/or with respect to the ground vias and the capacitive sensing vias.

In some embodiments, the outer shield may be coated and/or covered with a non-conductive material. In some embodiments, the exposed portion of the via may be coated and/or covered with a non-conductive material.

In some embodiments, the secure enclosure is hermetically sealed.

In some embodiments, the secure enclosure and/or the empty volume are completely or partially filled with a non-conductive material, such as a potting material (encapsulation material).

In some embodiments, the key may be transmitted into the control unit from outside the secure enclosure, which disables at least a portion of the control unit functionality; for example, intentional access to the interior of a secure enclosure is permitted.

In some embodiments, the capacitive sensing vias may be located outside of the perimeter of the inner top shield and/or the inner bottom shield and inside the perimeter of the outer top shield and/or the outer bottom shield. In some embodiments, the capacitive sensing vias may be positioned to overlap a perimeter of the inner top shield and/or the inner bottom shield. In some embodiments, the ground vias may be located inside the perimeter of the outer top and/or bottom shields and inside the perimeter of the inner top and/or bottom shields.

In some embodiments, a return line is not used. In some embodiments, the battery and control unit are coupled to ground via a capacitive coupling between the inner and outer shields.

In some embodiments, the ceiling and the floor and/or the capacitive sensing vias are driven (charged) separately. That is, the ceiling, floor and capacitive sensing vias may be driven using a channel separate from the capacitive sensor (either directly or indirectly from a battery or other source of charge). Power may also be distributed to other devices within the secure enclosure on the same or additional separate channels.

In some embodiments, the connection uses a medium other than electrical energy to transmit signals over wires, such as photonic or galvanic signal transmission.

In some embodiments, the capacitive sensing via is capacitively coupled to the ground via.