Active erasure of electronically stored data upon tamper detection

US 6,292,898 B1
Filed: 02/04/1998
Issued: 09/18/2001
Est. Priority Date: 02/04/1998
Status: Expired due to Term

First Claim

Patent Images

1. A system for protecting data stored in a data storage device situated within a secure environment of a secure device, wherein the capacity of the data storage device to store data depends upon the presence of a voltage at a first input node or nodes of the data storage device having a magnitude that is different from the magnitude of a voltage at a second input node or nodes of the data storage device, the system comprising:

a detector for detecting an intrusion into the secure environment; and

a clamp for supplying current to or from a clamp reference voltage node from or to, respectively, the first node or nodes and/or the second node or nodes to cause the magnitude of the voltages at the first and second nodes to become equal, the clamp supplying current in response to detection of an intrusion by the detector.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides additional protection for data stored in a data storage device situated within a secure environment by using active erasure to erase the stored data when an intrusion into the secure environment is detected. Active erasure effects erasure of data in a data storage device much more rapidly than passive erasure, so that the erasure of data cannot be prevented by a tamperer before the data is erased. Active erasure also enables data to be rapidly erased without requiring use of a processor (and, in some cases, additional devices) to effect the erasure or other destruction of data, which use is relatively complex and expensive, can be disabled in some situations, and cannot guarantee destruction of data in situations in which insufficient power may be available to operate the processor. The invention has particular utility when used with a volatile data storage device that is situated within a secure environment and connected to a power supply. Though the invention can be used to protect data stored in any such volatile data storage device, the invention can be particularly useful when implemented in a secure device (and, even more particularly, in such secure device that is portable) that uses a backup power supply (such as a battery) to maintain storage of data in the volatile data storage device when the secure device is not operating (i.e., connected to a primary power supply).

140 Citations

36 Claims

1. A system for protecting data stored in a data storage device situated within a secure environment of a secure device, wherein the capacity of the data storage device to store data depends upon the presence of a voltage at a first input node or nodes of the data storage device having a magnitude that is different from the magnitude of a voltage at a second input node or nodes of the data storage device, the system comprising:
- a detector for detecting an intrusion into the secure environment; and
  
  a clamp for supplying current to or from a clamp reference voltage node from or to, respectively, the first node or nodes and/or the second node or nodes to cause the magnitude of the voltages at the first and second nodes to become equal, the clamp supplying current in response to detection of an intrusion by the detector.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 2. A system as in claim 1, wherein the clamp comprises a transistor.
  - 3. A system as in claim 1, wherein the clamp comprises an analog switch.
  - 4. A system as in claim 1, wherein the clamp comprises a combinatorial logic circuit.
  - 5. A system as in claim 1, wherein the clamp reference voltage is a ground voltage of the secure device.
  - 6. A system as in claim 1, wherein the clamp reference voltage is a supply voltage of the secure device.
  - 7. A system as in claim 1, wherein the detector comprises an electrical switch that changes state in response to an intrusion.
  - 8. A system as in claim 7, wherein:
9. A system as in claim 8, wherein the electrical switch further comprises an electrically conductive spring positioned between the first and second electrically conductive regions, such that an intrusion into the enclosure can cause the spring to be dislodged to break contact between the first and second electrically conductive regions.
10. A system as in claim 9, wherein the electrical switch further comprises:
- a first plurality of electrically conductive regions formed in or on the housing;
  
  a second plurality of electrically conductive regions formed in or on the housing; and
  
  a plurality of electrically conductive springs, each of which is positioned between corresponding first and second electrically conductive regions, such that an intrusion into the enclosure can cause one or more of the springs to be dislodged to break contact between the corresponding first and second electrically conductive regions.
11. A system as in claim 1, wherein the secure environment comprises an enclosure within a mechanically sealed housing.
12. A system as in claim 1, wherein the secure environment comprises a space defined by one or more magnetic fields.
13. A system as in claim 1, wherein the secure environment comprises a space defined by one or more optical beams.
14. A system as in claim 1, wherein the secure environment comprises an electrical space established by monitoring the points of electrical ingress to, and egress from, the data storage device to determine whether each access to the volatile data storage device via one of those points is of a type that has been defined to be unauthorized or otherwise unacceptable.
15. A system as in claim 1, wherein:
- the secure device includes a backup power supply that is normally connected to the data storage device to supply power to the data storage device when the secure device is not operating so that the difference between the magnitudes of the voltage at the first input node or nodes and the voltage at the second input node or nodes is maintained; and
  
  the system further comprises means for disconnecting the backup power supply from the data storage device in response to detection of an intrusion by the detector.
16. A system as in claim 15, wherein the secure device is a portable device.
17. A system as in claim 1, wherein the clamp reference voltage is a voltage intermediate a ground voltage and a supply voltage of the secure device.
21. A method as in claim 17, wherein the step of supplying current to or from the clamp reference voltage node further comprises the step of supplying current to or from the clamp reference voltage node with a transistor.
22. A method as in claim 17, wherein the step of supplying current to or from the clamp reference voltage node further comprises the step of supplying current to or from the clamp reference voltage node with an analog switch.
23. A method as in claim 17, wherein the step of supplying current to or from the clamp reference voltage node further comprises the step of supplying current to or from the clamp reference voltage node with a combinatorial logic circuit.
24. A method as in claim 17, wherein the clamp reference voltage is a ground voltage of the secure device.
25. A method as in claim 17, wherein the clamp reference voltage is a supply voltage of the secure device.
26. A method as in claim 17, wherein the step of detecting an intrusion into the secure environment further comprises the step of detecting a change in state of an electrical switch in response to the intrusion.
27. A method as in claim 26, wherein:
- the secure environment comprises an enclosure within a mechanically sealed housing;
  
  the electrical switch comprises a first electrically conductive region formed in or on the housing that is in contact with a second electrically conductive region formed in or on the housing; and
  
  the step of detecting a change in state of the electrical switch in response to the intrusion further comprises the step of detecting the breaking of contact between the first and second electrically conductive regions.
28. A method as in claim 27, wherein:
- the electrical switch further comprises an electrically conductive spring positioned between the first and second electrically conductive regions; and
  
  the step of detecting the breaking of contact between the first and second electrically conductive regions further comprises the step of detecting dislodgement of the spring that breaks contact between the first and second electrically conductive regions.
29. A method as in claim 28, wherein:
- the electrical switch further comprises;
  
  a first plurality of electrically conductive regions formed in or on the housing;
  
  a second plurality of electrically conductive regions formed in or on the housing; and
  
  a plurality of electrically conductive springs, each of which is positioned between corresponding first and second electrically conductive regions; and
  
  the step of detecting the breaking of contact between the first and second electrically conductive regions further comprises the step of detecting dislodgement of one or more of the springs that breaks contact between the corresponding first and second electrically conductive regions.
30. A method as in claim 17, wherein the secure environment comprises an enclosure within a mechanically sealed housing.
31. A method as in claim 17, wherein the secure environment comprises a space defined by one or more magnetic fields.
32. A method as in claim 17, wherein the secure environment comprises a space defined by one or more optical beams.
33. A method as in claim 17, wherein the secure environment comprises an electrical space established by monitoring the points of electrical ingress to, and egress from, the data storage device to determine whether each access to the volatile data storage device via one of those points is of a type that has been defined to be unauthorized or otherwise unacceptable.
34. A method as in claim 17, wherein:
- the secure device includes a backup power supply that is normally connected to the data storage device to supply power to the data storage device when the secure device is not operating so that the difference between the magnitudes of the voltage at the first input node or nodes and the voltage at the second input node or nodes is maintained; and
  
  the method further comprises the step of disconnecting the backup power supply from the data storage device in response to detection of an intrusion.
35. A method as in claim 34, wherein the secure device is a portable device.
36. A method as in claim 17, wherein the clamp reference voltage is a voltage intermediate a ground voltage and a supply voltage of the secure device.

18. A method for protecting data stored in a data storage device situated within a secure environment of a secure device, wherein the capacity of the data storage device to store data depends upon the presence of a voltage at a first input node or nodes of the data storage device having a magnitude that is different from the magnitude of a voltage at a second input node or nodes of the data storage device, the method comprising the steps of:
- detecting an intrusion into the secure environment; and
  
  supplying current to or from a clamp reference voltage node from or to, respectively, the first node or nodes and/or the second node or nodes to cause the magnitude of the voltages at the first and second nodes to become equal, the step of supplying current being performed in response to detection of an intrusion by the detector.

19. A system for protecting data stored in a data storage device situated within a secure environment of a secure device, wherein the capacity of the data storage device to store data depends upon the presence of a voltage at a supply node of the data storage device having a magnitude that is different from the magnitude of a voltage at a ground node of the data storage device, the system comprising:
- a transistor, comprising;
  
  a first current handling node connected to the supply node of the data storage device;
  
  a second current handling node connected to the ground node of the data storage device, and to a ground voltage of a power supply and the secure device; and
  
  a current control node;
  
  a first resistor comprising;
  
  a first node connected to the supply node of the data storage device and to the first current handling node of the transistor; and
  
  a second node connected to a supply voltage of the power supply;
  
  a second resistor comprising;
  
  a first node connected to the supply voltage of the power supply and to the second node of the first resistor; and
  
  a second node connected to the current control node of the transistor; and
  
  a switch comprising;
  
  a first node connected to the current control node of the transistor and to the second node of the second resistor; and
  
  a second node connected to the ground node of the data storage device, to the second current handling node of the transistor, and to the ground voltage of the power supply and the secure device, wherein;
  
  during normal operation of the secure device, the switch is closed so that the current control node of the transistor is connected to the ground node of the data storage device and to the ground voltage of the power supply and the secure device, so that the transistor is turned off to prevent current from flowing between the first and second current handling nodes of the transistor, thus maintaining a voltage at the supply node of the data storage device that is different from the voltage at the ground node of the data storage device and thereby enabling data to be stored in the data storage device; and
  
  detection of intrusion into the secure environment causes the switch to open so that the current control node of the transistor is disconnected from the ground node of the data storage device and from the ground voltage of the power supply and the secure device, thus causing the voltage at the current control node of the transistor to increase to a magnitude that turns the transistor on to allow current to flow between the first and second current handling nodes of the transistor, thus causing the voltage at the supply node of the data storage device to become equal to the voltage at the ground node of the data storage device and thereby erasing the data stored in the data storage device.
- View Dependent Claims (20)
- - 20. A system as in claim 19, wherein:

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SPEX Technologies, Inc.
Original Assignee
Spyrus, Inc.
Inventors
Sutherland, Mark J.
Primary Examiner(s)
Lee, Thomas
Assistant Examiner(s)
Mai, Rijue

Application Number

US09/018,451
Time in Patent Office

1,322 Days
Field of Search

713/200, 713/201, 713/189, 713/190, 713/191, 713/192, 713/193, 713/194, 710/200, 710/260, 710/261, 710/267, 714/769
US Class Current

726/34
CPC Class Codes

G06F 21/87   by means of encapsulation, ...

G06F 2221/2143   Clearing memory, e.g. to pr...

G11C 7/24   Memory cell safety or prote...

Active erasure of electronically stored data upon tamper detection

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

140 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Active erasure of electronically stored data upon tamper detection

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

140 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links