Circuits are protected from timing attacks by adding a random delay to mask any relation between contents of processed information packages and the processing time required between in- and output signals of protected circuits. This random delay has to be performed preferably inside the protected volume and can be realized by one or more random delay buffers that are realized by means of e.g. random shift-registers. Further protection may be provided by situating the circuits in a single chip housing, such that the signals thereof interfere with each other and it is difficult to obtain information therefrom. A physical barrier may be provided in order to prevent or at least limit physical access to for example at least one TPM chip arranged inside of the barrier. The physical barrier comprises an impedance, i.e. in form of a capacitor with capacity C and or resistor R and or inductivity L, for example formed by two of the reflector layers of the barrier with an absorbing material in between. Any impedance (i.e. capacity C and/or resistance R and/or inductivity L) change can be detected and any impedance (i.e. capacity and/or resistance and/or inductivity L) change beyond a chosen threshold is indicative of an attempt to physically destruct or enter the barrier. Upon detecting an impedance (i.e. capacity C and/or resistance R and/or inductivity L) change beyond the threshold, any suitable action may be performed, such as deleting all information from the chip, destroying the chip or providing wrong information. The barrier may also act as a reflector for reflecting the desired signal of the at least one chip, such that the desired signal and the reflected signals interfere with each other and it is difficult to obtain information therefrom.

An integrated circuit includes a system memory, a security processor and a non-security processor. An attack against the integrated circuit is made more difficult based on using a key generated by the security processor. The security processor, as an example, reads a program image from the system memory and generates the key based on the program image. In some instances, a dedicated communication channel is provided for communication between the non-security processor and the security processor. The dedicated channel may be used to provide the key to the non-security processor for performance of a security operation.

A tamper detection system may include organic material and a tamper detection circuit embedded in the organic material. A portion of the organic material is ablated away to form an incision in the organic material. A portion of the tamper detection circuit obstructs a fragment of the ablation path. The tamper detection circuit remains intact. The incision enables a gas flow between a first side of the organic material and a second side of the organic material.

A tamper detection system may include organic material and a tamper detection circuit embedded in the organic material. A portion of the organic material is ablated away to form an incision in the organic material. A portion of the tamper detection circuit obstructs a fragment of the ablation path. The tamper detection circuit remains intact. The incision enables a gas flow between a first side of the organic material and a second side of the organic material.

A PUF-film includes a circuit structure having a plurality of circuit elements, wherein the circuit structure is evaluable with respect to a plurality of electric capacitance values being arranged between the plurality of circuit elements, and is evaluable with respect to a plurality of electric resistance values of the plurality of circuit components.

A PUF-film includes a circuit structure having a plurality of circuit elements, wherein the circuit structure is evaluable with respect to a plurality of electric capacitance values being arranged between the plurality of circuit elements, and is evaluable with respect to a plurality of electric resistance values of the plurality of circuit components.

A tamper-resistant memory is formed by placing a solid-state memory array between metal wiring layers in the upper portion of an integrated circuit (back-end of the line). The metal layers form a mesh that surrounds the memory array to protect it from picosecond imaging circuit analysis, side channel attacks, and delayering with electrical measurement. Interconnections between a memory cell and its measurement circuit are designed to protect each layer below, i.e., an interconnecting metal portion in a particular metal layer is no smaller than the interconnecting metal portion in the next lower layer. The measurement circuits are shrouded by the metal mesh. The substrate, metal layers and memory array are part of a single monolithic structure. In an embodiment adapted for a chip identification protocol, the memory array contains a physical unclonable function identifier that uniquely identifies the tamper-resistant integrated circuit, a symmetric encryption key and a release key.

The embodiments herein are directed to technologies for backside security meshes of semiconductor packages. One package includes a substrate having a first interconnect terminal of a first type and a second interconnect terminal of a second type. The package also includes a first security mesh structure disposed on a first side of an integrated circuit die and a conductive path coupled between the first interconnect terminal and the second interconnect terminal. The first security mesh structure is coupled to the first interconnect terminal and the second interconnect terminal being coupled to a terminal on a second side of the integrated circuit die.

The embodiments herein are directed to technologies for backside security meshes of semiconductor packages. One package includes a substrate having a first interconnect terminal of a first type and a second interconnect terminal of a second type. The package also includes a first security mesh structure disposed on a first side of an integrated circuit die and a conductive path coupled between the first interconnect terminal and the second interconnect terminal. The first security mesh structure is coupled to the first interconnect terminal and the second interconnect terminal being coupled to a terminal on a second side of the integrated circuit die.

A resistor mesh with distributed sensing points is provided in a security chip as an anti-tamper shield. An analog multiplexing circuit is configured to receive a pair of digital selection values created by an algorithm processing circuit, and produce a respective differential voltage formed by a pair of voltages obtained at a pair of selected sensing points within the resistor mesh corresponding to the pair of digital selection values. Each differential voltage is converted into a corresponding digital output value. An algorithm processing circuit is configured to receive a respective digital output value associated with each pair of digital selection values and derive a binary value based on a subset of the digital output values, wherein the binary value is unique to the security chip.