Abstract: This article describes many of the embedded security features in the various DS36xx secure supervisor products. Introduction Intrusion prevention in many systems had traditionally been left to the specific demands of that application and to the individual creativity of the system designer. To provide enhanced security in an ever-more-interconnected society, various entities have defined specific standards to eliminate potential holes in the creation of a "secure system." Whether the system is a cash register or a file server, the task of security is essentially identical: prevent any open path for a hacker trying to compromise that system security. Secure Supervisors The DS36xx secure supervisor products integrate a CPU supervisor, NVSRAM controller, real-time clock (RTC), temperature sensor, analog-to-digital converter (ADC), random number generator (RNG), and the I/Os and support circuitry necessary to operate this monitoring device on either system power or a battery. These products reduce component count and unload the continuous system monitoring requirements that would otherwise be placed on the processor in secure applications such as point-of-sale (PoS) terminals, PIN pads, secure communications, set-top boxes, alarm systems, or gaming systems. The secure supervisor products support the highest security level of the FIPS-140.2, Common Criteria, PCI-PED, and EMV-4.1 certification entities. Table 1 presents selection options presently available or in development. Table 1. Secure Supervisor Product Selection Guide Part Number I/O Analog Voltages Monitored¹ Digital Inputs Monitored Internal Key Memory External Memory Control Random Number Generator Over-Voltage Monitor Battery Monitor DS3600 3-wire 4 1 64B DS3605 I²C 4 1 — DS3640 I²C 5 3 1024B DS3641 4-wire 5 3 1024B DS3645* I²C 12 4 4096B DS3650 4-wire 2 — — DS3655 I²C — 4 64B ¹Does not include VCCI and VBAT monitors. *Future product—contact factory for information. The secure supervisor products are low-cost, space-efficient components that offer a premier security solution for many applications. By using the high levels of integration in these devices, valuable system resources can be fully utilized for the principal application while the secure supervisor handles the generally mundane, but very critical, security monitoring chores. Tamper Response All tamper inputs are constantly monitored in parallel. At the instant in which any tampering is detected, the following simultaneous actions are initiated: Tamper latches record the monitor channel that initiated the tamper event The tamper output asserts to alert the system processor The current time is frozen in the Time Stamp registers Encryption key memory is immediately erased (if applicable) External SRAM memory is immediately erased (if applicable) Recovery from a tamper event begins with identification of the source of the event. The tamper latches and the event time stamp will remain frozen until the condition causing the tamper event has been corrected and the latches have been reset. Power-Supply Monitoring A traditional CPU supervisor function monitors the VCCI power supply, providing a reset signal to the microprocessor when the supply is out of tolerance. A tamper reaction to an abnormally high VCCI supply is also included in many of the products. Battery-Supply Monitoring An ADC register monitors the battery voltage, which is readable through the I/O port. Tamper reaction to an abnormally low or high battery voltage is included in most of the product offerings. Time Keeping and Tamper-Event Time Stamp The integrated RTC provides a time reference for tamper-event recording and recovery. Time-of-day alarm and CPU watchdog functions are also included in many of the product offerings. External Analog Supply Monitoring Besides the internal VCCI and VBAT monitoring functions, the secure supervisor products offer multiple configurations of analog inputs. These inputs monitor external power supplies or other critical bias conditions, depending on specific application requirements. External Digital Signal Monitoring Most of these devices also include digital input channel(s), which can be utilized for a tamper response to some user-defined conditions. Using standard TTL input thresholds, these inputs could be directly fed from other on-board logic controls. If needed, the inputs can be configured with a resistive-divider network to monitor additional bias sources. Internal Encryption Key Memory Most of the devices include a nonvolatile encryption key memory array, accessible through the I/O port. In the event of a tamper, the encryption key memory is rapidly erased. External Memory Control and Security Several of the secure supervisor products include a tamper-reactive nonvolatile SRAM controller, with provisions to supply battery-backed power and control logic for external memory support. When VCCI power is within tolerance, the external SRAM is powered from that VCCI supply. Should the external power supply fail, access to the SRAM is inhibited. The battery is automatically switched in to provide backup power to that external memory. Power for External Support Circuitry A battery-backed power supply output is provided for any critical external support circuitry required for continuous operation. The output supply voltage is either the VCCI supply, if within the defined tolerance, or VBAT. Random Number Generator Most of the secure supervisor products contain a FIPS 140.2-compliant RNG. Upon initial application of VCCI power, the RNG is seeded using several natural sources of randomness. Until the device is ready, the RNG will output zeros data. Once a non-zero byte is read, any number of additional random bytes can be read in 128-byte blocks. This read cycle can be repeated any number of times until the user has retrieved sufficient random data to seed a software-controlled random number generation. Thermal Monitoring An on-chip temperature sensor monitors the system environment. High- and low-temperature limits, and appropriate tamper reaction if those operational limits are violated, counter any intended thermal attack. Discrete System Identification Each device contains a unique serial number, readable through the I/O port. This silicon serialization allows for discrete end-item system identification. The products are manufactured so that no two devices will ever contain the same serial number. BGA Packaging The product family is offered in chip-scale ball grid array (CSBGA) packages. By minimizing exposed pins, this packaging further enhances the security of the data and control signals. 我们期待您的反馈！ 喜欢？不喜欢？有待改善？或为我们提供建议？请与我们联系 — 我们将根据您的意见或建议改善我们的工作。 网页评价或提供建议 自动更新 需要自动接收最新发布的应用笔记吗？请订阅EE-Mail™ (English only)。 更多信息   APP 4244: Jun 18, 2008 DS3600 安全监控电路，带有64B电池备份、加密SRAM DS3605 NV SRAM控制器，带有实时时钟和篡改检测 DS3640 I²C安全监控电路，带有1kB电池备份、加密SRAM DS3641 兼容于SPI™的安全监控电路，具有1kB加密保护存储器 DS3645 4KB安全存储器，具有防篡改保护和RTC，适用于网络服务器应用 DS3650 NV SRAM控制器、RTC及监控电路，带有篡改检测 DS3655 超低功耗篡改检测电路，带有无痕迹存储器   下载，PDF格式 (26kB)  AN4244, AN 4244, APP4244, Appnote4244, Appnote 4244