Abstract: This article describes many of the embedded security features in the various DS36xx secure supervisor products. Introduction Intrusion prevention in many systems had traditionally been left to the specific demands of that application and to the individual creativity of the system designer. To provide enhanced security in an ever-more-interconnected society, various entities have defined specific standards to eliminate potential holes in the creation of a "secure system." Whether the system is a cash register or a file server, the task of security is essentially identical: prevent any open path for a hacker trying to compromise that system security. Secure Supervisors The DS36xx secure supervisor products integrate a CPU supervisor, NVSRAM controller, real-time clock (RTC), temperature sensor, analog-to-digital converter (ADC), random number generator (RNG), and the I/Os and support circuitry necessary to operate this monitoring device on either system power or a battery. These products reduce component count and unload the continuous system monitoring requirements that would otherwise be placed on the processor in secure applications such as point-of-sale (PoS) terminals, PIN pads, secure communications, set-top boxes, alarm systems, or gaming systems. The secure supervisor products support the highest security level of the FIPS-140.2, Common Criteria, PCI-PED, and EMV-4.1 certification entities. Table 1 presents selection options presently available or in development. Table 1. Secure Supervisor Product Selection Guide Part Number I/O Analog Voltages Monitored¹ Digital Inputs Monitored Internal Key Memory External Memory Control Random Number Generator Over-Voltage Monitor Battery Monitor DS3600 3-wire 4 1 64B DS3605 I²C 4 1 — DS3640 I²C 5 3 1024B DS3641 4-wire 5 3 1024B DS3645* I²C 12 4 4096B DS3650 4-wire 2 — — DS3655 I²C — 4 64B ¹Does not include VCCI and VBAT monitors. *Future product—contact factory for information. The secure supervisor products are low-cost, space-efficient components that offer a premier security solution for many applications. By using the high levels of integration in these devices, valuable system resources can be fully utilized for the principal application while the secure supervisor handles the generally mundane, but very critical, security monitoring chores. Tamper Response All tamper inputs are constantly monitored in parallel. At the instant in which any tampering is detected, the following simultaneous actions are initiated: Tamper latches record the monitor channel that initiated the tamper event The tamper output asserts to alert the system processor The current time is frozen in the Time Stamp registers Encryption key memory is immediately erased (if applicable) External SRAM memory is immediately erased (if applicable) Recovery from a tamper event begins with identification of the source of the event. The tamper latches and the event time stamp will remain frozen until the condition causing the tamper event has been corrected and the latches have been reset. Power-Supply Monitoring A traditional CPU supervisor function monitors the VCCI power supply, providing a reset signal to the microprocessor when the supply is out of tolerance. A tamper reaction to an abnormally high VCCI supply is also included in many of the products. Battery-Supply Monitoring An ADC register monitors the battery voltage, which is readable through the I/O port. Tamper reaction to an abnormally low or high battery voltage is included in most of the product offerings. Time Keeping and Tamper-Event Time Stamp The integrated RTC provides a time reference for tamper-event recording and recovery. Time-of-day alarm and CPU watchdog functions are also included in many of the product offerings. External Analog Supply Monitoring Besides the internal VCCI and VBAT monitoring functions, the secure supervisor products offer multiple configurations of analog inputs. These inputs monitor external power supplies or other critical bias conditions, depending on specific application requirements. External Digital Signal Monitoring Most of these devices also include digital input channel(s), which can be utilized for a tamper response to some user-defined conditions. Using standard TTL input thresholds, these inputs could be directly fed from other on-board logic controls. If needed, the inputs can be configured with a resistive-divider network to monitor additional bias sources. Internal Encryption Key Memory Most of the devices include a nonvolatile encryption key memory array, accessible through the I/O port. In the event of a tamper, the encryption key memory is rapidly erased. External Memory Control and Security Several of the secure supervisor products include a tamper-reactive nonvolatile SRAM controller, with provisions to supply battery-backed power and control logic for external memory support. When VCCI power is within tolerance, the external SRAM is powered from that VCCI supply. Should the external power supply fail, access to the SRAM is inhibited. The battery is automatically switched in to provide backup power to that external memory. Power for External Support Circuitry A battery-backed power supply output is provided for any critical external support circuitry required for continuous operation. The output supply voltage is either the VCCI supply, if within the defined tolerance, or VBAT. Random Number Generator Most of the secure supervisor products contain a FIPS 140.2-compliant RNG. Upon initial application of VCCI power, the RNG is seeded using several natural sources of randomness. Until the device is ready, the RNG will output zeros data. Once a non-zero byte is read, any number of additional random bytes can be read in 128-byte blocks. This read cycle can be repeated any number of times until the user has retrieved sufficient random data to seed a software-controlled random number generation. Thermal Monitoring An on-chip temperature sensor monitors the system environment. High- and low-temperature limits, and appropriate tamper reaction if those operational limits are violated, counter any intended thermal attack. Discrete System Identification Each device contains a unique serial number, readable through the I/O port. This silicon serialization allows for discrete end-item system identification. The products are manufactured so that no two devices will ever contain the same serial number. BGA Packaging The product family is offered in chip-scale ball grid array (CSBGA) packages. By minimizing exposed pins, this packaging further enhances the security of the data and control signals. 의견을 보내주세요! 위 내용이 도움이 되셨나요? 여러분의 의견을 기다립니다 — Maxim은 보내주신 정정이나 제안사항을 반영하고 있습니다. 이 페이지를 평가하고 의견을 보내주십시오. 자동 업데이트 관심있는 분야의 애플리케이션 노트가 나올 때 자동으로 업데이트 받고 싶으세요? 그렇다면 EE-Mail™을 신청하십시오. 추가 정보   APP 4244: Jun 18, 2008 DS3600 배터리로 동작하는 64B Nonimprinting 암호화 키 SRAM이 내장된 보안 감시소자 DS3605 RTC 및 열 Tamper 감지 기능이 내장된 NV SRAM 컨트롤러 DS3640 배터리로 동작하는 1kB Nonimprinting 암호화 키 SRAM이 내장된 I²C 보안 감시소자 DS3641 1kB Nonimprinting 키 메모리가 내장된 SPI™ 호환 보안 감시소자 DS3645 4kB SRAM이 내장된 보안 암호화 키 컨트롤러 DS3650 Tamper 감지 기능이 내장된 NV SRAM 컨트롤러, RTC 및 감시소자 DS3655 비각인 (Nonimprinting) 메모리 기능이 내장된 초저전력 Tamper 감지 회로   다운로드, PDF 형식 (26kB)  AN4244, AN 4244, APP4244, Appnote4244, Appnote 4244