1. Patent Search
  2. Details

SYSTEM FOR DETECTING ACCESS TO A PRE-DEFINED AREA ON A PRINTED CIRCUIT BOARD

20220330422 · 2022-10-13

    Inventors

    Cpc classification

    International classification

    Abstract

    The present invention provides a system for detecting access to a pre-defined area on a Printed Circuit Board, wherein the system comprises: the Printed Circuit Board comprising, on at least one of its external surfaces, at least one pre-defined area comprising electrical components, a potting material arranged over at least the pre-defined area, wherein the potting material comprises a first layer of transparent material configured to allow light to pass through, and a second layer of opaque material arranged so that completely blocks light towards the first layer, wherein the first layer is arranged between the Printed Circuit Board and the second layer and extends at least over the pre-defined area, and at least one photo-sensor arranged within the first layer of transparent material and configured to generate a tamper signal upon detection of light in the first layer.

    Claims

    1. A system for detecting access to a pre-defined area on a printed circuit board, wherein the system comprises: the printed circuit board comprising, on at least one external surface of the printed circuit board, at least one pre-defined area comprising electrical components, a potting material arranged over at least the pre-defined area, wherein the potting material comprises a first layer of transparent material configured to allow light to pass through, and a second layer of opaque material arranged so that completely blocks light towards the first layer, wherein the first layer is arranged between the printed circuit board and the second layer and extends at least over the pre-defined area, and at least one photo-sensor arranged within the first layer of transparent material and configured to generate a tamper signal upon detection of light in the first layer.

    2. The system according to claim 1, wherein the material of the first layer is transparent to at least visible light, and at least one photo-sensor is configured to react upon detection of at least visible light.

    3. The system according to claim 1, wherein the material of the first layer is transparent to a particular wavelength light, preferably infrared light, and at least one photo-sensor is configured to react upon detection of this particular wavelength light.

    4. The system according to claim 1, wherein the first layer is made of transparent epoxy, and/or the second layer is made of opaque epoxy that is optionally thermally conductive.

    5. The system according to claim 1, further comprising a tamper circuitry connected to the at least one photo-sensor and configured to perform anti-tampering operation in response to receiving the tamper signal.

    6. The system according to claim 5, further comprising a backed-up battery configured to supply the tamper circuitry.

    7. The system according to claim 5, further comprising an overlying lid sensor comprising a plurality of conductive lines conforming three dimensional characteristics, wherein these conductive lines are electrically connected to the tamper circuitry for sending a tamper signal based on an open circuit or short between conductive lines.

    8. The system according to claim 7, wherein the overlying lid sensor further comprises a substrate supporting the conductive lines that extend across at least a major portion of the surface of substrate facing the second layer, and wherein the overlying lid sensor further comprises drill plates.

    9. The system according to claim 5, wherein the overlying lid sensor extends substantially over the entire pre-defined area within the first layer, and the at least one photo-sensor is arranged closer to the second layer.

    10. The system according to claim 1, further comprising a fencing element around the periphery of the pre-defined area for holding at least the first layer of transparent material.

    11. The system according to claim 1, wherein the electrical components of the pre-defined area are at least one of the followings: a component containing sensitive information, a pad, a trace, or a via of a sensitive signal.

    12. The system according to claim 1, wherein the electrical components are dedicated pads for Joint Test Action Group, JTAG, pins or connectors.

    13. The system according to claim, further comprising third layer of opaque material blocking the same or different wavelength light than the second layer, wherein this third layer is arranged between the first and second layers.

    14. The system according to claim 13, wherein the third layer is an adhesive film and/or aluminum foil.

    15. A method for detecting access to a pre-defined area on a printed circuit board, wherein the method comprises the steps of: providing a system that comprises: the printed circuit board comprising, on at least one external surface of the printed circuit board, at least one pre-defined area comprising electrical components, a potting material arranged over at least the pre-defined area, wherein the potting material comprises a first layer of transparent material configured to allow light to pass through, and a second layer of opaque material arranged so that completely blocks light towards the first layer, wherein the first layer is arranged between the printed circuit board and the second layer and extends at least over the pre-defined area, and at least one photo-sensor arranged within the first layer of transparent material and configured to generate a tamper signal upon detection of light in the first layer; detecting, by at least one photo-sensor, light in the first layer; and generating, by the at least one photo-sensor, a tamper signal to trigger an anti-tampering operation.

    Description

    BRIEF DESCRIPTION OF THE DRAWINGS

    [0071] These and other characteristics and advantages of the invention will become clearly understood in view of the detailed description of the invention which becomes apparent from a preferred embodiment of the invention, given just as an example and not being limited thereto, with reference to the drawings.

    [0072] FIG. 1 This figure shows a schematic cross-sectional view of a first embodiment of the system according to the invention.

    [0073] FIG. 2 This figure shows a schematic cross-sectional view of a second embodiment of the system according to the invention.

    [0074] FIG. 3 This figure shows a schematic cross-sectional view of a third embodiment of the system according to the invention.

    [0075] FIGS. 4a,4b These figures show a schematic view of a drill plates and serpentines of the overlying lid sensor according to the invention.

    [0076] FIG. 5 This figure shows a schematic workflow of a method for detecting access to a pre-defined area on a printed circuit board according to the invention.

    DETAILED DESCRIPTION OF THE INVENTION

    [0077] As it will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system (10) or a method.

    [0078] FIG. 1 depicts a schematic system (10) for detecting access or intrusion to certain electrical components (3) arranged within the periphery of a pre-defined area (2) on a Printed Circuit Board (1).

    [0079] The Printed Circuit Board (1) may be a single layer or multi-layered PBC so that the invention protects the external surfaces of the PBC which are the ones facing outside after assemble. Intruders may try to gain access to these electrical components (3) arranged on the pre-defined area (2) that are now intended to be protected.

    [0080] In the following, it will be assumed for exemplary purposes that the electrical components (3) are dedicated pads for JTAG pins or connectors. By accessing JTAG pads, for instance, an attacker could remotely control the microprocessor execution and dumping memory contents.

    [0081] Nevertheless, the skilled person will understand that other component(s) containing sensitive information, pad(s), trace(s) (or track(s)), or via(s) of sensitive signal can be protected as well.

    [0082] Referring back to FIG. 1, it is shown a potting material split into two different layers: a bottommost first layer (4) of transparent material and an uppermost second layer (5) of opaque material.

    [0083] The first layer (4) is disposed in direct contact with, and bonded to, the pre-defined area (2) of the PCB (1). The external surface of the PCB (1) may comprise a solder mask.

    [0084] As it can be derived also from FIG. 1, the first layer (4) encloses a photo-sensor (6) and the JTAG connectors' PCB pads (3). Although only one photo-sensor (6) is depicted, multiple ones can be envisaged within the present invention.

    [0085] The first layer allows light at specific wavelength(s) to pass through, this wavelength or spectrum of wavelengths matching with the light detectable by the photo-sensor(s) (6) for generating a tamper signal.

    [0086] In other words, if any light (for which the first layer is transparent to) enters from any point of the boundary (4.1) of the first layer (4), it will reach the photo-sensor (6) and trigger the tamper signal. Advantageously, the photo-sensor will issue an alert regardless of the incoming direction of the light.

    [0087] The second layer (5) of opaque material is arranged so that it completely blocks light towards the first layer (4). Therefore, the opaque layer is configured to block at least the wavelength(s) at which the first layer material exhibits transparency. For instance, these two layers (4, 5) can be made of epoxy.

    [0088] For exemplary purposes, it will be assumed that the first layer is transparent to visible light, which is detectable by the photo-sensor, while the second layer is opaque to this light.

    [0089] When an intruder attempts to access the JTAG connectors' PCB pads, he or she starts scratching or removing part of the outermost portion (5.1) of the second layer (5) up to produce a breach (i.e., a point where light can enter the first layer (4)). The, this light goes through the transparent material and is detected by the photo-sensor, therefore detecting the tampering event and accordingly issuing a tampering signal to allow an electronic circuitry to respond accordingly (i.e., through an anti-tampering operation), which in some cases might consist on erasing the sensitive information contained inside the sensitive PCB area.

    [0090] The system (10) may also comprise a battery backed-up tamper circuitry (not shown) connected to the at least one photo-sensor (6) and configured to perform the anti-tampering operation in response to receiving the tamper signal.

    [0091] Although the boundary surface is shown as a bubble in FIG. 1, it is not limited to this specific shape as will be seen hereinafter. Other shapes can be flat, convex or concave.

    [0092] In a preferred embodiment, the first (4) and second (5) layers are made from epoxy. Then, in an example, when the first layer (4) of epoxy has cured, a chemical bond to it is not possible and, instead, bonding should be promoted by mechanical means. For instance, this mechanical bonding can be achieved by lightly sanding the boundary (4.1) or outer surface of the first layer (4) before applying or depositing the second layer (5) of epoxy.

    [0093] In another example, when the first layer (4) of epoxy is not completely cured and remains tacky, a second pour of epoxy can be made for the second layer (5). Advantageously, adding the second layer (5) at this stage allows avoiding any surface preparation. Nevertheless, as mentioned, if the cure goes beyond the tacky stage, then the epoxy for the first layer (4) is let to finish the curing cycle and, afterward, a sand dull and cleaning of the surface is performed before applying the next layer.

    [0094] Advantageously, epoxy continues the curing cycle even if sealed, as it is a chemical reaction where no air is needed.

    [0095] The second layer (5) may extend beyond the pre-defined area (2) over other areas of the PCB (1) for enclosing other electrical components, pads, traces, vias, etc. of the PCB outside this area (2).

    [0096] FIG. 2 depicts a variant of the embodiment of FIG. 1, where the system (10) further comprising a fencing element (8) around the periphery of the pre-defined area (2) for holding at least the first layer (4) of transparent material.

    [0097] This fencing element (8) shapes the contour of the first layer (4) and may closely match the shape of the pre-defined area (2) of the PCB intended to be protected in order to save transparent material.

    [0098] After deposition of the first layer (4), the second layer (5) can be applied both over the boundary (4.1) of the first layer (4) and the surroundings.

    [0099] In this way, production lead time is increased because the pre-defined area(s) (2) on the PCB can be filled in advance and then the remainder PCB areas can be covered by the material of the second layer (5) up to a height that covers the first layer (4) so as to completely block light thereinto.

    [0100] In order to assure, for instance, that light is completely blocked, the system may further comprises a third layer (9) of opaque material blocking the same or different wavelength light than the second layer (5).

    [0101] As it can be seen, this third layer (9) is arranged between part or the entire interface between the first (4) and second (5) layers. For instance, in FIG. 1, the third layer (9) complements the fencing element (8) in order to surround the first layer (4).

    [0102] In other embodiments (not shown), the third layer (9) can be embodied as a cap-shaped element comprising a lateral wall matching the contour of the fencing element (8) and a built-in lid to cover it.

    [0103] The third layer (9) may also promote adhesion between the first (4) and second (5) layers.

    [0104] As known, the first epoxy layer (4) should cure or be cured enough (i.e., substantially retaining its shape and tacky) before applying the second layer (5) on top of it. In this case, the interface or boundary (4.1) between them is a clean and fully defined surface.

    [0105] Otherwise, as mentioned, if the first epoxy layer (4) is not let to sufficiently or fully cure before applying the second layer (5) on top of it, this entails that the second layer (5) may blend into the boundary (4.1) of the first layer (4). In this case, a third layer (9) would be required to achieve a defined interface.

    [0106] This third layer can be made of any compatible material with, for instance, epoxy material allowing the first (4) and second (5) layers to cure at the same time. Advantageously, this reduces manufacturing lead-time by a single cure time, which might be longer as a thicker layer is to cure. As an example, the third layer (9) may be an adhesive film.

    [0107] Collaterally, in presence of the third layer (9), the second layer (5) would not need to be as thick as before, but just sufficiently thick for blocking at least the wavelengths to which the light sensor is sensitive to. In further developments of the invention, the third layer can be also transparent.

    [0108] For instance, even if the first layer (4) of epoxy has partially (i.e., still tacky) or completely cured, a piece of aluminum, such as aluminium foil, or any other opaque material that epoxy adheres to, can be used as the third layer (9) and can immediately or later be covered by the second layer (5) of epoxy. In further embodiments, an adhesive helps to bond the aluminium foil to the cured first layer, or the aluminium foil may already comprise an adhesive surface.

    [0109] Therefore, in a particular embodiment, the third layer (9) is an adhesive aluminium foil.

    [0110] FIG. 3 depicts a further embodiment of the system (10). For exemplary purposes, it is shown as a variant of FIG. 1 but it can also inherits the features and advantages of the system (10) according to FIG. 2.

    [0111] As it can be seen, the system further comprises an overlying lid sensor (7) comprising a plurality of conductive lines (7.2) that conforms three-dimensional characteristics. These conductive lines (7.2) are electrically connected to the tamper circuitry (11) in order to send a tamper signal in response to an open circuit or short between conductive lines (7.2) caused by the tools of an intruder (see FIGS. 4a and 4b).

    [0112] The overlying lid sensor (7) may further comprise a substrate (7.3) supporting the conductive lines (7.2) that extend across at least a major portion of the surface of substrate facing the second layer. In this embodiment, the overlying lid sensor (7) further comprises drill plates.

    [0113] This overlying lid sensor (7) can be embodied as a secondary intrusion detection PCB, soldered (e.g., by soldered paste) directly to the main PCB through dedicated connections pads (7.1) to it. This secondary PCB is located above the sensitive signals like the JTAG connector's PCB pads and preferably covers the whole pre-defined area.

    [0114] Thanks to this arrangement, it makes any attempt to access these JTAG connector's PCB pads to first go through this secondary PCB. As it comprises layer(s) of randomized or serpentine conductive lines (7.2) with drill plate(s) (7.2), if the lines become an open circuit or if there is a short between any combinations of lines and/or drill plate(s), this causes a tamper signal to the battery backed-up tamper circuitry that will respond to the event.

    [0115] Through the entire document, “drill plates” are understood as two or more layers of conductive material layered on top of each other that are separated by a thin layer of an insulating material or substrate (7.3). The conductive layers may be either continuous conductive surfaces, made of conductive lines (7.2), or a combination thereof. Drill plates can be seen from FIG. 4a.

    [0116] The purpose of such drill plates is that due to their closeness, when being drilled through, that some of the material removed by the drill bit from these conductive layers will touch each other creating an electrical short between both, which is detectable by electronic circuitry (such as tamper circuitry (11)) as their default state is being an open circuit.

    [0117] Conductive lines (7.2) in form of serpentines can be seen in FIG. 4b. Conductive serpentines are conductive traces going around the surface of an insulating layer or substrate (7.3) from one point to the other, usually in a non-linear fashion.

    [0118] The purpose of such serpentine traces is that when drilled through or when material is removed that it will break connectivity along the trace, creating an open that is detectable by electronic circuitry as its default state is being a short between both extremities of the serpentine. In addition, the removed material can also create a short with another serpentine or even a drill plate that are isolated from it, which conditions are also detectable by electronic circuitry (such as tamper circuitry (11)). As mentioned, the electronic circuitry or tamper circuitry (11) can optionally also detect any combinations of shorts between various serpentines and/or drill plate layers, so that two or more simultaneous tamper conditions cannot cancel each other.

    [0119] As it can be appreciated from FIG. 3, the overlying lid sensor (7) extends substantially over the entire pre-defined area within the first layer (4), and the photo-sensor (6) is arranged closer to the second layer (5).

    [0120] In particular, the photo-sensor (6) is centered on top of the secondary PCB (7) and both are covered by a sufficiently thick layer of transparent material which is shown as a bubble in the figure, but it is not limited to this specific shape as explained above.

    [0121] This makes it even more difficult for the intruder to access the pre-defined area (2) of the PCB (1) without detection, as the photo-sensor (6) will detect light as soon as the opaque material layer above it has been breached. As soon as the optical sensor detects light, it generates a tamper signal to the battery backed-up tamper circuitry that will respond to the event. Even if the intruder is able to use non-detectable light wavelengths, he still has to go through the secondary PCB that will issue the tamper event.

    [0122] FIG. 5 depicts a method (100) for detecting access to a pre-defined area on a printed circuit board, wherein the method comprises the steps of: [0123] iv. providing (110) a system according to any of the embodiments shown in FIGS. 1 to 3; [0124] detecting (120), by at least one photo-sensor, light in the first layer; and [0125] generating (130), by the at least one photo-sensor, a tamper signal to trigger an anti-tampering operation.