Active erasure of electronically stored data upon tamper detection
First Claim
1. A system for protecting data stored in a data storage device situated within a secure environment of a secure device, wherein the capacity of the data storage device to store data depends upon the presence of a voltage at a first input node or nodes of the data storage device having a magnitude that is different from the magnitude of a voltage at a second input node or nodes of the data storage device, the system comprising:
- a detector for detecting an intrusion into the secure environment; and
a clamp for supplying current to or from a clamp reference voltage node from or to, respectively, the first node or nodes and/or the second node or nodes to cause the magnitude of the voltages at the first and second nodes to become equal, the clamp supplying current in response to detection of an intrusion by the detector.
3 Assignments
0 Petitions
Accused Products
Abstract
The invention provides additional protection for data stored in a data storage device situated within a secure environment by using active erasure to erase the stored data when an intrusion into the secure environment is detected. Active erasure effects erasure of data in a data storage device much more rapidly than passive erasure, so that the erasure of data cannot be prevented by a tamperer before the data is erased. Active erasure also enables data to be rapidly erased without requiring use of a processor (and, in some cases, additional devices) to effect the erasure or other destruction of data, which use is relatively complex and expensive, can be disabled in some situations, and cannot guarantee destruction of data in situations in which insufficient power may be available to operate the processor. The invention has particular utility when used with a volatile data storage device that is situated within a secure environment and connected to a power supply. Though the invention can be used to protect data stored in any such volatile data storage device, the invention can be particularly useful when implemented in a secure device (and, even more particularly, in such secure device that is portable) that uses a backup power supply (such as a battery) to maintain storage of data in the volatile data storage device when the secure device is not operating (i.e., connected to a primary power supply).
-
Citations
36 Claims
-
1. A system for protecting data stored in a data storage device situated within a secure environment of a secure device, wherein the capacity of the data storage device to store data depends upon the presence of a voltage at a first input node or nodes of the data storage device having a magnitude that is different from the magnitude of a voltage at a second input node or nodes of the data storage device, the system comprising:
-
a detector for detecting an intrusion into the secure environment; and
a clamp for supplying current to or from a clamp reference voltage node from or to, respectively, the first node or nodes and/or the second node or nodes to cause the magnitude of the voltages at the first and second nodes to become equal, the clamp supplying current in response to detection of an intrusion by the detector. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
the secure environment comprises an enclosure within a mechanically sealed housing; and
the electrical switch comprises a first electrically conductive region formed in or on the housing that is in contact with a second electrically conductive region formed in or on the housing such that an intrusion into the enclosure can cause the contact between the first and second electrically conductive regions to be broken.
-
-
9. A system as in claim 8, wherein the electrical switch further comprises an electrically conductive spring positioned between the first and second electrically conductive regions, such that an intrusion into the enclosure can cause the spring to be dislodged to break contact between the first and second electrically conductive regions.
-
10. A system as in claim 9, wherein the electrical switch further comprises:
-
a first plurality of electrically conductive regions formed in or on the housing;
a second plurality of electrically conductive regions formed in or on the housing; and
a plurality of electrically conductive springs, each of which is positioned between corresponding first and second electrically conductive regions, such that an intrusion into the enclosure can cause one or more of the springs to be dislodged to break contact between the corresponding first and second electrically conductive regions.
-
-
11. A system as in claim 1, wherein the secure environment comprises an enclosure within a mechanically sealed housing.
-
12. A system as in claim 1, wherein the secure environment comprises a space defined by one or more magnetic fields.
-
13. A system as in claim 1, wherein the secure environment comprises a space defined by one or more optical beams.
-
14. A system as in claim 1, wherein the secure environment comprises an electrical space established by monitoring the points of electrical ingress to, and egress from, the data storage device to determine whether each access to the volatile data storage device via one of those points is of a type that has been defined to be unauthorized or otherwise unacceptable.
-
15. A system as in claim 1, wherein:
-
the secure device includes a backup power supply that is normally connected to the data storage device to supply power to the data storage device when the secure device is not operating so that the difference between the magnitudes of the voltage at the first input node or nodes and the voltage at the second input node or nodes is maintained; and
the system further comprises means for disconnecting the backup power supply from the data storage device in response to detection of an intrusion by the detector.
-
-
16. A system as in claim 15, wherein the secure device is a portable device.
-
17. A system as in claim 1, wherein the clamp reference voltage is a voltage intermediate a ground voltage and a supply voltage of the secure device.
-
21. A method as in claim 17, wherein the step of supplying current to or from the clamp reference voltage node further comprises the step of supplying current to or from the clamp reference voltage node with a transistor.
-
22. A method as in claim 17, wherein the step of supplying current to or from the clamp reference voltage node further comprises the step of supplying current to or from the clamp reference voltage node with an analog switch.
-
23. A method as in claim 17, wherein the step of supplying current to or from the clamp reference voltage node further comprises the step of supplying current to or from the clamp reference voltage node with a combinatorial logic circuit.
-
24. A method as in claim 17, wherein the clamp reference voltage is a ground voltage of the secure device.
-
25. A method as in claim 17, wherein the clamp reference voltage is a supply voltage of the secure device.
-
26. A method as in claim 17, wherein the step of detecting an intrusion into the secure environment further comprises the step of detecting a change in state of an electrical switch in response to the intrusion.
-
27. A method as in claim 26, wherein:
-
the secure environment comprises an enclosure within a mechanically sealed housing;
the electrical switch comprises a first electrically conductive region formed in or on the housing that is in contact with a second electrically conductive region formed in or on the housing; and
the step of detecting a change in state of the electrical switch in response to the intrusion further comprises the step of detecting the breaking of contact between the first and second electrically conductive regions.
-
-
28. A method as in claim 27, wherein:
-
the electrical switch further comprises an electrically conductive spring positioned between the first and second electrically conductive regions; and
the step of detecting the breaking of contact between the first and second electrically conductive regions further comprises the step of detecting dislodgement of the spring that breaks contact between the first and second electrically conductive regions.
-
-
29. A method as in claim 28, wherein:
-
the electrical switch further comprises;
a first plurality of electrically conductive regions formed in or on the housing;
a second plurality of electrically conductive regions formed in or on the housing; and
a plurality of electrically conductive springs, each of which is positioned between corresponding first and second electrically conductive regions; and
the step of detecting the breaking of contact between the first and second electrically conductive regions further comprises the step of detecting dislodgement of one or more of the springs that breaks contact between the corresponding first and second electrically conductive regions.
-
-
30. A method as in claim 17, wherein the secure environment comprises an enclosure within a mechanically sealed housing.
-
31. A method as in claim 17, wherein the secure environment comprises a space defined by one or more magnetic fields.
-
32. A method as in claim 17, wherein the secure environment comprises a space defined by one or more optical beams.
-
33. A method as in claim 17, wherein the secure environment comprises an electrical space established by monitoring the points of electrical ingress to, and egress from, the data storage device to determine whether each access to the volatile data storage device via one of those points is of a type that has been defined to be unauthorized or otherwise unacceptable.
-
34. A method as in claim 17, wherein:
-
the secure device includes a backup power supply that is normally connected to the data storage device to supply power to the data storage device when the secure device is not operating so that the difference between the magnitudes of the voltage at the first input node or nodes and the voltage at the second input node or nodes is maintained; and
the method further comprises the step of disconnecting the backup power supply from the data storage device in response to detection of an intrusion.
-
-
35. A method as in claim 34, wherein the secure device is a portable device.
-
36. A method as in claim 17, wherein the clamp reference voltage is a voltage intermediate a ground voltage and a supply voltage of the secure device.
-
18. A method for protecting data stored in a data storage device situated within a secure environment of a secure device, wherein the capacity of the data storage device to store data depends upon the presence of a voltage at a first input node or nodes of the data storage device having a magnitude that is different from the magnitude of a voltage at a second input node or nodes of the data storage device, the method comprising the steps of:
-
detecting an intrusion into the secure environment; and
supplying current to or from a clamp reference voltage node from or to, respectively, the first node or nodes and/or the second node or nodes to cause the magnitude of the voltages at the first and second nodes to become equal, the step of supplying current being performed in response to detection of an intrusion by the detector.
-
-
19. A system for protecting data stored in a data storage device situated within a secure environment of a secure device, wherein the capacity of the data storage device to store data depends upon the presence of a voltage at a supply node of the data storage device having a magnitude that is different from the magnitude of a voltage at a ground node of the data storage device, the system comprising:
-
a transistor, comprising;
a first current handling node connected to the supply node of the data storage device;
a second current handling node connected to the ground node of the data storage device, and to a ground voltage of a power supply and the secure device; and
a current control node;
a first resistor comprising;
a first node connected to the supply node of the data storage device and to the first current handling node of the transistor; and
a second node connected to a supply voltage of the power supply;
a second resistor comprising;
a first node connected to the supply voltage of the power supply and to the second node of the first resistor; and
a second node connected to the current control node of the transistor; and
a switch comprising;
a first node connected to the current control node of the transistor and to the second node of the second resistor; and
a second node connected to the ground node of the data storage device, to the second current handling node of the transistor, and to the ground voltage of the power supply and the secure device, wherein;
during normal operation of the secure device, the switch is closed so that the current control node of the transistor is connected to the ground node of the data storage device and to the ground voltage of the power supply and the secure device, so that the transistor is turned off to prevent current from flowing between the first and second current handling nodes of the transistor, thus maintaining a voltage at the supply node of the data storage device that is different from the voltage at the ground node of the data storage device and thereby enabling data to be stored in the data storage device; and
detection of intrusion into the secure environment causes the switch to open so that the current control node of the transistor is disconnected from the ground node of the data storage device and from the ground voltage of the power supply and the secure device, thus causing the voltage at the current control node of the transistor to increase to a magnitude that turns the transistor on to allow current to flow between the first and second current handling nodes of the transistor, thus causing the voltage at the supply node of the data storage device to become equal to the voltage at the ground node of the data storage device and thereby erasing the data stored in the data storage device. - View Dependent Claims (20)
the first resistor has a resistance of about 470 ohms;
the second resistor has a resistance of about 27 megohms; and
the difference between the supply voltage of the power supply and the ground voltage of the power supply is about 3 volts.
-
Specification