[go: up one dir, main page]

WO2014005385A1 - Information security protection device - Google Patents

Information security protection device Download PDF

Info

Publication number
WO2014005385A1
WO2014005385A1 PCT/CN2012/083624 CN2012083624W WO2014005385A1 WO 2014005385 A1 WO2014005385 A1 WO 2014005385A1 CN 2012083624 W CN2012083624 W CN 2012083624W WO 2014005385 A1 WO2014005385 A1 WO 2014005385A1
Authority
WO
WIPO (PCT)
Prior art keywords
circuit board
metal shield
layer
information security
conductive
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2012/083624
Other languages
French (fr)
Chinese (zh)
Inventor
袁德玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hisense Intelligent Commercial System Co Ltd
Original Assignee
Hisense Intelligent Commercial System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hisense Intelligent Commercial System Co Ltd filed Critical Hisense Intelligent Commercial System Co Ltd
Publication of WO2014005385A1 publication Critical patent/WO2014005385A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • HELECTRICITY
    • H05ELECTRIC TECHNIQUES NOT OTHERWISE PROVIDED FOR
    • H05KPRINTED CIRCUITS; CASINGS OR CONSTRUCTIONAL DETAILS OF ELECTRIC APPARATUS; MANUFACTURE OF ASSEMBLAGES OF ELECTRICAL COMPONENTS
    • H05K9/00Screening of apparatus or components against electric or magnetic fields
    • H05K9/0007Casings
    • H05K9/002Casings with localised screening
    • H05K9/0022Casings with localised screening of components mounted on printed circuit boards [PCB]
    • H05K9/0024Shield cases mounted on a PCB, e.g. cans or caps or conformal shields
    • H05K9/0026Shield cases mounted on a PCB, e.g. cans or caps or conformal shields integrally formed from metal sheet

Definitions

  • the present invention relates to information security technologies, and in particular, to an information security protection device. Background technique
  • Financial payment products often require a higher security physical protection mechanism to provide effective protection when an intruder attempts to invade the internal memory of the chip to detect the key or open the terminal and insert the PIN recording device to prevent data from being captured at the PIN input or the sender. And can modify the modification of the terminal operation.
  • Financial payment products also require good security logic to prevent intruders from modifying the card reader and controlling the terminal's operating procedures, preventing intruders from recovering, recording or transmitting P IN codes and other sensitive data.
  • Other requirements for financial payment products also include effective protection of magnetic stripe data.
  • a "black box" safety island is generally constructed using a single, efficient method, which is isolated from the general general area.
  • the processor inside the "black box” provides a dynamic trigger pulse signal or a static trigger signal that instantly destroys the key and PIN code and sensitive data upon detection of a physical attack.
  • the current methods for implementing a safe island generally have the following two designs:
  • the FPC of the P I material or the PCB inserting method is used to form a fence area of the safety island.
  • the upper and lower covers are additionally designed with PCBs and fixed by screws to form a safety island isolation area.
  • an information security protection device including: a metal shield, a flexible circuit board, a protected circuit board, and a conductive member, the flexible circuit board covering an outer surface of the metal shield And the extension of the flexible circuit board extends to the inner surface of the metal shield; the metal shield covered with the flexible circuit board is placed on the protected circuit board and covers the circuit to be protected on the protected circuit board;
  • the flexible circuit board and the protected circuit board are respectively provided with a first signal trigger line and a second signal trigger line, the first signal trigger line is disposed on the first conductive contact part disposed on the extension, the conductive An element, a second conductive contact member disposed on the protected circuit board is coupled to the second trigger signal line, and the first signal trigger line and the second signal trigger line are received from the security disposed on the protected circuit board a triggering signal of the processor, further, the metal shield has a top surface and a sidewall; the flexible circuit board has a body portion and according to the metal screen a bent portion of the cover outer structure, where
  • the extension of the bent portion extends along the corresponding side wall to the inner surface of the metal shield, specifically: the extension of the bent portion along the corresponding side wall
  • the bend extends onto the inner surface of the top surface of the metal shield and the conductive element is an elastic conductive element.
  • the flexible circuit board has at least two layers, the uppermost layer is a first ground protection layer and the outer surface of the first ground protection layer is coated with a conductive material, and the layer below the first ground protection layer is first Protecting the signal layer and arranging the first trigger signal line in the at least one first protection signal layer; the protected circuit board comprising a second ground protection layer at the bottom, a layer above the second ground protection layer or A plurality of second protection signal layers and at the uppermost element layer, a second trigger signal line is disposed in the at least one second protection signal layer.
  • the surface of the first protective layer and the second protective layer are coated with a light-shielding insulating material.
  • the first trigger signal line and the second trigger signal line are serpentine trigger signal lines. Wherein one side of the flexible circuit board is glued and bonded to the metal shield according to the shape of the metal shield.
  • the metal shield has four side walls, and the flexible circuit board has four bent portions.
  • each side wall of the metal shield is provided with a claw or a twisted leg
  • the protected circuit board is provided with a first through hole that cooperates with the claw or the twisted leg
  • the joint of the claw or the twisting foot of the metal shield with the side wall is provided with a shoulder having a height equal to the thickness of the flexible circuit board.
  • each bent portion of the flexible circuit board includes a first bent sub-portion and a second bent sub-portion
  • the second bent sub-portion has the extending portion and is disposed on the extended portion and protected a first contact member corresponding to the second contact member on the circuit board
  • the second bent portion is provided with a groove at a position corresponding to a claw or a twisted leg of the side wall of the metal shield, first a bent sub-section covering an outer surface of one side wall of the metal shield, the second bent sub-section covering the inner surface of the one side wall through the shoulder and the slit of the protected circuit board structure .
  • each of the second bent sub-portions is the same as the number of the second electrically conductive contact members disposed on the protected circuit board.
  • a heat conductive element is disposed on top of the heat generating component on the protected circuit board, and a large area of conductive material is coated on the surface near the first via of the protected circuit board.
  • the security processor is disposed on the component layer of the protected circuit board, and the trigger signal sent by the security processor is transmitted to the second protection through the second via hole in the protected circuit board
  • a second trigger signal line in the signal layer, the second trigger signal line on the second protection signal layer is connected to the second conductive contact part through a third via on the protected circuit board.
  • the metal shield is made of a copper-tin-nickel alloy, a copper-tin-phosphorus, a copper-tin-bismuth alloy, and a copper-silver alloy material.
  • the conductive element internally includes at least one pair of isolated conductive channels, the number of pairs of conductive channels, the number of first conductive members on the flexible circuit board, and the second conductive contact members on the protected circuit board. The same amount.
  • the metal shielding cover correspondingly forms a fin at a position where the conductive element is disposed to support the conductive element.
  • the metal shield covered with the flexible circuit board and the protected circuit board together form a three-dimensional protection space; the safety dynamic trigger signal or the static trigger signal provided by the security processor is densely distributed throughout the information security.
  • Protective device surface from information security A physical attack in any direction outside the full protection device triggers a safety trigger signal on the serpentine trigger signal line, enabling the protected circuit board on the information security device to initiate a self-destruction program, and instantly erasing the protected circuit board.
  • the key, PIN code and sensitive data in the key protect the security of the information security device.
  • FIG. 1 is a schematic structural diagram of a conventional payment terminal security protection device
  • FIG. 2 is another schematic structural diagram of a conventional payment terminal security protection device
  • FIG. 3 is a schematic structural view of an information security device according to an embodiment of the present invention
  • FIGS. 4a and 4b are plan views showing a metal shield 20 of an embodiment of the present invention
  • FIGS. 5a and 5b are views showing a flexible circuit board 30. Schematic plan view;
  • FIG. 6 is a schematic view showing a arrangement of a serpentine trigger signal line of a bottom layer of a flexible circuit board
  • FIG. 7 is a circuit diagram showing a serpentine trigger signal line of an embodiment of the present invention
  • FIGS. 8a and 8b show an embodiment of the present invention.
  • Figure 9 is a top plan view of the protected circuit board
  • FIG. 10 is a schematic view showing a heat dissipation structure of a heat generating chip according to an embodiment of the present invention.
  • Figure 11 is a schematic cross-sectional view showing the structure of a protected circuit board
  • Figure 12 is a schematic illustration of an information security device after assembly in accordance with an embodiment of the present invention
  • Figure 13 is a schematic illustration of a conductive material arrangement on a protected circuit board in accordance with an embodiment of the present invention.
  • Embodiments of the present invention provide an information security device such as a payment terminal security device that primarily includes a metal shield 20, a flexible circuit board 30, a protected circuit board 10, and conductive elements.
  • the information security protection device may be a financial payment terminal or the like.
  • the flexible circuit board 30 covers the outer surface of the metal shield 20 and the extension of the flexible circuit board extends into the metal shield On the surface.
  • a metal shield 20 covered with a flexible circuit board 30 is placed over the protected circuit board 10 and covers the circuit to be protected on the protected circuit board 10.
  • the flexible circuit board 30 and the protected circuit board 10 are respectively provided with a first signal trigger line and a second signal trigger line, the first signal trigger line passing through the first conductive contact member disposed on the extension, the conductive An element, a second conductive contact member disposed on the protected circuit board is coupled to the second trigger signal line, and the first signal trigger line and the second signal trigger line are received from the security disposed on the protected circuit board The trigger signal of the processor.
  • the metal shield 20 has a top surface and side walls.
  • the flexible circuit board 30 has a main body portion and a bent portion configured according to the outer shape of the metal shield, the bent portion having an extension portion on which a first conductive contact member is disposed, the main body portion covering the The outer surface of the top surface of the metal shield, the bent portion covers the outer surface of the corresponding side wall of the metal shield 20 and the extension of the bent portion extends along the corresponding side wall to extend into the metal shield 20 On the surface.
  • a metal shield covered with a flexible circuit board 30 is placed on the protected circuit board and covers the circuit to be protected on the protected circuit board 10, and is disposed on the protected circuit board with the extension of the flexible circuit board 30.
  • the first conductive contact member corresponds to the second conductive contact member.
  • a first trigger signal line connected to the first conductive contact part is disposed on the flexible circuit board, and the second circuit board connected to the second conductive contact part is disposed on the protected circuit board, the first conductive touch
  • the point component and the second conductive contact component are electrically connected via the conductive element.
  • the protected circuit board 10 is provided with a security processor, and the trigger signal sent by the security processor is transmitted to the second trigger signal line, the second conductive contact component, the conductive component, the first conductive contact component and the first trigger signal. In the signal loop formed by the line, the trigger signal is returned from the signal loop to the security processor.
  • the safety processor detects the interruption of the trigger signal, it will cause the trigger information security device to start the self-destruction program, and instantaneously erase the key, PIN code and sensitive data in the information security protection device, which greatly protects the information security protection device. Security.
  • the extension of the bent portion extends along the corresponding side wall to extend onto the inner surface of the metal shield: the extension of the bent portion extends along the corresponding side wall to extend to the metal On the inner surface of the top surface of the shield.
  • the first and second trigger signal lines are serpentine signal trigger lines.
  • the wiring in the flexible circuit board and the protected circuit board can be made denser. Better protection.
  • the conductive element is an elastic conductive element such as a conductive rubber.
  • FIG. 3 is a schematic structural diagram of an information security protection device according to an embodiment of the present invention.
  • the information security device includes a protected circuit board 10, an electromagnetic shield 20, and a flexible circuit board 30.
  • the flexible circuit board 30 covers the electromagnetic shield 20.
  • the electromagnetic shield 20 includes a top surface 201 and side walls 202.
  • Figure 4a shows a plan view of a metal shield 20 in accordance with an embodiment of the present invention.
  • the metal shield 20 is square.
  • the metal shield is not limited to a square shape, and may be cylindrical, or such as a 5-sided cylinder, a hexahedral cylinder, or other irregular shapes.
  • each side wall 202 has two jaws 2021. It is apparent that in the present invention, the number of the claws 2021 on each of the side walls 202 is not limited to two. Depending on the application, the claws 2021 on each side wall 202 may be one or more than three. At the junction with the side wall 202, the jaw 2021 has a shoulder 2022 having a height hi that is the same as the thickness of the flexible circuit board 30.
  • each of the side walls 202 may be provided with two twisting legs 2023.
  • Fig. 4b a schematic view of the side wall of the electromagnetic shield 1 is shown.
  • the number of the twisting legs 2023 on each of the side walls 202 is not limited to two. Depending on the application, the number of twisting legs 2023 on each side wall 202 may be one or more than three.
  • the twist leg 2023 has a shoulder 2024 having a height hi that is the same as the thickness of the flexible circuit board 30.
  • the claw 2021 or the twisted foot 2023 has a "" groove portion above the shoulder, the height h2 of which is the same as the thickness of the protected circuit board 10.
  • the number of the claws or the twisting legs is not limited to two, and may be three or more.
  • a schematic plan view of a flexible circuit board 30 is shown.
  • the number and shape of the bent portions of the flexible circuit board 30 are adapted to the number and shape of the metal shield.
  • An extension is provided on the bend and a first electrically conductive contact member is disposed on the extension.
  • the bend covers the respective side walls of the metal shield and the extension extends onto the inner surface of the metal shield.
  • the extension extends onto the inner surface of the top surface of the metal shield.
  • the flexible circuit board 30 has a main body portion 301 and four bent portions 302. Obviously, in the present invention, the flexible circuit board is not limited to the case of having four bent portions.
  • the flexible circuit board accordingly has six bends; if the metal shield The number of side walls is eight, and the flexible circuit board has eight bent portions correspondingly.
  • the body portion 301 can cover the upper surface of the top surface 201 of the metal shield 20.
  • Each of the bent portions 302 includes a first bent portion 3021, a second bent portion 3022, and an extended portion 3023.
  • the first bent portion 3021 can be bent along a crease line between it and the body portion 301 to cover the outer surface of the corresponding side wall 202 of the metal shield 20.
  • the second bent portion 3022 can be bent along the crease line between it and the first bent portion 3021 to cover the inner side surface of the corresponding side wall 202 of the metal shield 20.
  • the extension 3023 can be bent along a crease line between it and the second bent subsection 3022 to cover the lower surface of the top surface 201 of the metal shield 20.
  • a first conductive contact member 3024 is disposed on each of the extensions 3023.
  • a first electrically conductive contact member 3024 includes at least one pair of metal contacts.
  • each of the second bent sub-sections 3022 is provided with an extension 3023 at one end thereof, and the extensions 3023 on the adjacent second bent sub-sections 3022 are not adjacent, as shown in Fig. 5a.
  • the present invention is not limited to having only one extension 3023 on each of the bent sub-sections 3022, but may have more than two extensions 3023.
  • the extending portion 3023 is not limited to the case where it is provided only at the non-adjacent positions of the adjacent bent portions 302.
  • the extension may be disposed on the second bent subsection 3022 of the bend 302 on the opposite side, as shown in Figure 5b.
  • an extension portion may be provided at both ends of the second bent portion 3022.
  • the extensions may also be disposed at other locations than the ends of the second bend 3022.
  • a recess 3025 is provided at a position corresponding to the catch 3021 or the twisted leg 3023 on the side wall of the metal shield to accommodate the claw 3021 or the twisted leg 3023.
  • the flexible circuit board 30 may have a two-layer structure or a multi-layer structure.
  • the uppermost layer (i.e., the top layer) of the flexible circuit board is a first protective layer whose surface is coated with a full area of conductive material such as copper.
  • the layer under the first ground protection layer is at least one first protection signal layer and a first trigger signal line is disposed on the bottom layer of the at least one first protection signal layer, that is, the BOTTOM layer, as shown in FIG.
  • the first trigger signal line is a serpentine trigger signal line.
  • the first trigger signal line disposed on the BOTTOM layer adopts a wiring pattern with a small trace width and a small trace pitch.
  • the top layer of the flexible circuit board 30 may be made of a polyimide material and coated with a conductive material on the top layer as a GND plane.
  • the surface of the conductive material and the surface of the bottom layer of the top layer of the flexible circuit board 30 are covered with a light-shielding insulating material, so that an intruder cannot optically detect the wiring shape of the first trigger signal line on the bottom layer.
  • the structure of the flexible circuit board of the embodiment of the invention has an extremely high resistance to physical attack.
  • the first trigger signal line on the flexible circuit board may be disposed on multiple layers in the at least one first protection signal layer. In this case, the first trigger signal lines on the respective layers are staggered on the respective layers through via holes (not shown), using a smaller trace width and a smaller line pitch, thereby improving the physical attack resistance.
  • the security processor disposed on the protected circuit board provides a two-way dynamic trigger signal to the first trigger signal line on the flexible circuit board, as shown in FIG.
  • the security processor disposed on the protected circuit board provides a two-way dynamic trigger signal to the first trigger signal line on the flexible circuit board, as shown in FIG.
  • circuit number trigger signals can also be provided to the first trigger signal line of the flexible circuit board.
  • Fig. 8a shows a schematic cross-sectional view of the flexible circuit board 30 after covering the metal shield 20
  • Fig. 8b shows a partial enlarged view of Fig. 6a.
  • one side of the flexible circuit board 30 is glued and bonded to the metal shield 20 after being bent according to the shape of the metal shield.
  • Figure 9 shows a schematic diagram of the protected circuit board 10.
  • the protected circuit board 10 includes a first via 101 and a second conductive contact member 102.
  • a second electrically conductive contact member includes a pair of metal contacts that are identical in number to the metal contacts of the first electrically conductive contact member.
  • the first via 101 is disposed on the protected circuit board 10 at a position corresponding to the claw 3021 or the twisted leg 3023.
  • the second conductive contact member 102 is disposed on the protected circuit board 10 at a position corresponding to the position of the first conductive contact member 3024 on the lower surface of the top surface of the metal shield.
  • only one extension 3023 is provided at one end of each of the second bent sub-sections 3022 as shown in FIG.
  • the first conductive contact member 3024 is located after the flexible circuit board 30 is assembled with the metal shield 20
  • the second conductive contact member 102 is disposed at a corresponding region of the corner portion of the protected circuit board 10, as shown in FIG.
  • the protected circuit board 10 is provided with a circuit to be protected surrounded by the first via. When the metal shield 20 is placed over the protected circuit board 10, the circuit to be protected will be in a protected state.
  • the protected circuit board 10 further includes a heat generating chip 103 such as a CPU or the like.
  • a heat conducting element 60 is disposed on top of each of the heat generating chips, as shown in FIG.
  • the thermally conductive element 60 can be a thermally conductive silicone.
  • the heat conducting member 60 can quickly introduce the heat generated by the heat generating chip 70 to the metal shield 20 and finally to the outside.
  • a conductive member 50 is disposed between the metal shield 20 and the protected circuit board 10.
  • the conductive element 50 is an elastic conductive element such as a conductive rubber.
  • Conductive element 50 electrically connects first conductive contact member 3024 and second conductive contact member 102.
  • a protected processor (not shown) is disposed on the protected circuit board 10.
  • the conductive member 50 is placed on the metal shield 20 at a position corresponding to the stamping of the fin 112 to support the conductive member 50.
  • the protected circuit board 10 has a multi-layered structure including a second underlying protective layer 106 at the bottom, and one or more layers of a second protective signal layer 107 over the second protective layer 106. And at the topmost component layer 111, a second trigger signal line is disposed in at least one of the second protection signal layers 107. Further, a signal layer 108 is disposed over at least one of the second protective layers 107. Optionally, a third ground protection layer 109 connected to the second ground protection layer 106 and a power layer 110 above the third ground protection layer 109 may also be disposed on the signal layer 108. Similar to the flexible circuit board 30, a second trigger signal line is disposed on the second protection signal layer of the protected circuit board.
  • the second trigger signal line is a serpentine trigger signal line.
  • the wiring pattern of the second trigger signal line disposed on the second protection signal layer of the protected circuit board is the same as the wiring of the first trigger signal line on the flexible circuit board.
  • the uppermost layer that is, a part of the element layer is provided with an element, and other parts of the element layer which are not provided with the element are laid over a large area, such as copper.
  • the second protection signal layer is disposed next to the second ground protection layer.
  • the second protection signal layer is not limited to one layer, and multiple layers may be employed.
  • the second trigger signal on each layer triggers the line staggered arrangement, and each layer uses a smaller trace width and a smaller line spacing to improve the intruder The difficulty of the attack.
  • the second guard signal layer is coupled to the second conductive contact member 102 through the third via 104.
  • the security processor generates a dynamic or static trigger signal and transmits it through the second via 105 to the second trigger signal line.
  • the trigger signal is transmitted to the first trigger signal line via the second metal contact member 102, the conductive member 50, and the first conductive contact member 3024.
  • a trigger signal is disposed on both the first signal trigger line and the second signal trigger line.
  • the trigger signal is returned to the security processor via the other first conductive contact member, the conductive member, the second conductive contact member, and the second trigger signal line.
  • the assembly process of the information security device is as follows. First, the flexible circuit board 30 is bent and formed according to the crease line, and bonded to the metal shield 20. Next, the conductive elements are mounted to the inner surface of the top surface of the metal shield 20, such as to the four corner regions of the inner surface of the top surface of the metal shield, and aligned with the first pair of conductive contacts. Next, the claw or the twisted leg of the metal shield cover 20 covered with the flexible circuit board 30 is inserted into the first through hole of the protected circuit board. Aligning the conductive element with the second conductive contact member on the protected circuit board and testing the contact of the conductive element with the first and second conductive contact members. Finally, if the conductive element is in good contact with the first and second conductive contact members, the jaws or pins of the metal shield are soldered to the protected circuit board.
  • Fig. 12 is a view showing an information security device after assembly according to an embodiment of the present invention. As shown, the respective claws or twist pins of the metal shield covered with the flexible circuit board are inserted into the first through holes of the protected circuit board. Further, the claw or the twisted foot may be soldered to the protected circuit board after being inserted into the first through hole.
  • a large area of the conductive material is coated in the vicinity of the first through hole 101 on the protected circuit board 10.
  • the heat generated by the heat generating chip is transmitted to the metal shield 20 through the heat conducting member 60, and then transmitted to the large-area covering conductive material near the first through hole through the claw or the twisted leg of the metal shield 20, thereby being radiated to the outside.
  • the physical attack resistance can be improved; by increasing the wiring complexity of the first trigger signal line of the flexible circuit board 30, the physical attack resistance can also be improved.
  • the electromagnetic shield 20 can be made of copper-tin-nickel alloy to provide good electromagnetic shielding. If the electromagnetic shielding cover 20 has elastic requirements, copper-tin-phosphorus or copper-tin-bismuth alloy materials can be selected, and the shape of the information security protection device has excellent elasticity. If the information security device has high heat dissipation requirements inside, copper-silver alloy materials can be used. Silicon steel materials can also be used if magnetic shielding is required. At the same time, the selection of the above materials has no effect on safety, weldability and electromagnetic shielding effect.
  • the secure dynamic trigger signal or the static trigger signal provided by the security processor is densely attached to the entire surface of the information security device.
  • the flexible circuit board covers the outer surface of the metal shield and forms a three-dimensional protective space together with the outermost second protective layer of the protected circuit board.
  • the information security protection device of the present invention can guard against physical attacks from any one direction.
  • the invention adopts the metal shield of the integral structure, it not only has good electromagnetic shielding effect, but also has strong anti-physical attack capability, and can effectively resist physical damage such as high temperature and punching.
  • the information security device when the information security device is subjected to other physical attacks, such as disassembly and splitting, it also triggers a security trigger signal on the trigger circuit of the flexible circuit board or the protected circuit board.
  • the security processor detects the attack. Therefore, the protected circuit board on the information security protection device initiates a self-destruction program, instantaneously erasing the key, the PIN code and the sensitive data in the protected circuit board, thereby greatly protecting the security of the information security protection device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Shielding Devices Or Components To Electric Or Magnetic Fields (AREA)
  • Structure Of Printed Boards (AREA)

Description

信息安全保护装置 技术领域  Information security protection device

本发明涉及信息安全技术, 尤其涉及一种信息安全保护装置。 背景技术  The present invention relates to information security technologies, and in particular, to an information security protection device. Background technique

近年来,金融支付产品的应用越来越广泛。 金融支付产品往往需要较高 的安全物理保护机制, 在入侵者试图侵入芯片内部存储区以探测密钥或者 打开终端、 插入 PIN记录装置时提供有效防护, 防止数据在 PIN输入或发 送端被捕获, 并可阻止对终端操作的修改。 金融支付产品还需要良好的安 全逻辑机制, 防止入侵者修改读卡器、 控制终端的运行程序, 避免入侵者 恢复、 记录或发送 P IN码以及其它敏感数据。 对于金融支付产品的其它要 求还包括磁条数据的有效保护。 对于金融支付产品的安全性评估标准由国 际支付卡产业安全标准委员会制定, 对于可以支持全球金融结算功能的终 端产品的安全性评估都由其指定的专业实验室负责。 目前, 对于此类产品 的生产商都提供符合其安全要求的产品, 但是实现方法极其复杂, 成本极 高, 不利于这些终端产品的推广和普及, 特别是对于经济发展水平较低的 发展中国家。 因此, 现有技术中一般使用一种筒单、 高效的方法构筑一个 "黑盒" 的安全岛, 和外部的一般区域隔离开来。 "黑盒" 内部的处理器 提供动态触发脉沖信号或者静态触发信号, 一旦检测到有物理攻击则瞬间 销毁密钥和 PIN码以及敏感数据。  In recent years, the application of financial payment products has become more and more extensive. Financial payment products often require a higher security physical protection mechanism to provide effective protection when an intruder attempts to invade the internal memory of the chip to detect the key or open the terminal and insert the PIN recording device to prevent data from being captured at the PIN input or the sender. And can modify the modification of the terminal operation. Financial payment products also require good security logic to prevent intruders from modifying the card reader and controlling the terminal's operating procedures, preventing intruders from recovering, recording or transmitting P IN codes and other sensitive data. Other requirements for financial payment products also include effective protection of magnetic stripe data. The safety assessment criteria for financial payment products are set by the International Payment Card Industry Safety Standards Committee, and the safety assessment of the terminal products that can support the global financial settlement function is the responsibility of the designated professional laboratory. At present, manufacturers of such products are provided with products that meet their safety requirements, but the implementation methods are extremely complicated and extremely costly, which is not conducive to the promotion and popularization of these end products, especially for developing countries with low economic development. Therefore, in the prior art, a "black box" safety island is generally constructed using a single, efficient method, which is isolated from the general general area. The processor inside the "black box" provides a dynamic trigger pulse signal or a static trigger signal that instantly destroys the key and PIN code and sensitive data upon detection of a physical attack.

目前的关于安全岛可以实现的方法, 大体有以下的两种设计:  The current methods for implementing a safe island generally have the following two designs:

(1) 参见图 1所示, 使用 FR-4材料的硬质 PCB, 设计多块不同构造的, 内部采用铣床镂空图形, 采用叠积木的方法, 堆积为一个安全岛区域, 整 体采用焊接 +螺丝固定方式紧固为一个整体。  (1) Referring to Figure 1, using the rigid PCB of FR-4 material, design multiple pieces of different structures, the internal use of milling machine hollow pattern, using the method of stacked blocks, stacked into a safe island area, the whole is welded + screw fixed The way is fastened as a whole.

(2) 参见图 2所示, 使用 P I材料的 FPC或者采用 PCB插接方式配合塑 料铸模形成一个安全岛的围墙区域, 上、 下盖板另外设计 PCB, 使用螺丝固 定, 这样形成一个安全岛隔离区域。  (2) Referring to Figure 2, the FPC of the P I material or the PCB inserting method is used to form a fence area of the safety island. The upper and lower covers are additionally designed with PCBs and fixed by screws to form a safety island isolation area.

以上两种方式设计复杂, 实现成本高, 但是抗物理攻击能力都不高, 而且无法抵御电磁信号的探测, 不法分子只需花费一定量的时间和金钱, 便可以轻易将其破解, 支付终端的安全保护性能低。 发明内容 The above two methods are complicated in design and high in implementation cost, but the anti-physical attack capability is not high, and it is unable to resist the detection of electromagnetic signals. The criminals can easily crack them by paying a certain amount of time and money. Low security protection. Summary of the invention

根据本发明的实施例, 提供了一种信息安全保护装置, 包括: 金属屏 蔽罩、 柔性电路板、 被保护的电路板和导电元件, 所述柔性电路板覆盖于 所述金属屏蔽罩的外表面并且所述柔性电路板的延伸部延伸到金属屏蔽罩 的内表面上; 覆盖有柔性电路板的金属屏蔽罩放置在被保护的电路板上并 罩住被保护的电路板上的待保护电路; 所述柔性电路板和被保护的电路板 分别设置有第一信号触发线和第二信号触发线, 第一信号触发线经设置在 所述延伸部上的第一导电触点部件、 所述导电元件、 设置在所述被保护的 电路板上的第二导电触点部件连接到第二触发信号线, 第一信号触发线和 第二信号触发线接收来自设置在被保护的电路板上的安全处理器的触发信 进一步, 所述金属屏蔽罩具有顶面和侧壁; 所述柔性电路板具有主体 部和根据所述金属屏蔽罩外形构造的折弯部, 所述折弯部上具有所述延伸 部, 所述主体部覆盖于所述金属屏蔽罩的顶面的外表面, 所述折弯部覆盖 于所述金属屏蔽罩的相应侧壁外表面并且该折弯部的延伸部沿着相应的侧 壁折弯延伸到金属屏蔽罩的内表面上; 所述安全处理器发出的触发信号传 送到第二触发信号线、 第二导电触点部件、 导电元件、 第一导电触点部件 和第一触发信号线组成的信号回路中, 所述触发信号从该信号回路返回所 述安全处理器。  According to an embodiment of the present invention, an information security protection device is provided, including: a metal shield, a flexible circuit board, a protected circuit board, and a conductive member, the flexible circuit board covering an outer surface of the metal shield And the extension of the flexible circuit board extends to the inner surface of the metal shield; the metal shield covered with the flexible circuit board is placed on the protected circuit board and covers the circuit to be protected on the protected circuit board; The flexible circuit board and the protected circuit board are respectively provided with a first signal trigger line and a second signal trigger line, the first signal trigger line is disposed on the first conductive contact part disposed on the extension, the conductive An element, a second conductive contact member disposed on the protected circuit board is coupled to the second trigger signal line, and the first signal trigger line and the second signal trigger line are received from the security disposed on the protected circuit board a triggering signal of the processor, further, the metal shield has a top surface and a sidewall; the flexible circuit board has a body portion and according to the metal screen a bent portion of the cover outer structure, wherein the bent portion has the extending portion, the main body portion covers an outer surface of a top surface of the metal shield, and the bent portion covers the metal shield Corresponding side wall outer surface and the extension of the bent portion extends along the corresponding side wall to the inner surface of the metal shield; the trigger signal sent by the safety processor is transmitted to the second trigger signal line, In a signal loop composed of two conductive contact members, a conductive member, a first conductive contact member and a first trigger signal line, the trigger signal is returned from the signal loop to the safety processor.

所述信息安全保护装置中, 所述折弯部的延伸部沿着相应的侧壁折弯 延伸到金属屏蔽罩的内表面上具体为: 所述折弯部的延伸部沿着相应的侧 壁折弯延伸到金属屏蔽罩的顶面的内表面上, 并且所述导电元件为弹性导 电元件。  In the information security device, the extension of the bent portion extends along the corresponding side wall to the inner surface of the metal shield, specifically: the extension of the bent portion along the corresponding side wall The bend extends onto the inner surface of the top surface of the metal shield and the conductive element is an elastic conductive element.

进一步, 所述柔性电路板具有至少两层, 最上面的一层为第一地保护 层并在该第一地保护层外表面涂覆导电材料, 第一地保护层之下的层为第 一保护信号层并且在至少一个第一保护信号层中布置第一触发信号线; 所 述被保护的电路板包括位于最下面的第二地保护层、 在第二地保护层之上 的一层或者多层第二保护信号层以及在最上面的元件层, 在至少一层第二 保护信号层中布置第二触发信号线。  Further, the flexible circuit board has at least two layers, the uppermost layer is a first ground protection layer and the outer surface of the first ground protection layer is coated with a conductive material, and the layer below the first ground protection layer is first Protecting the signal layer and arranging the first trigger signal line in the at least one first protection signal layer; the protected circuit board comprising a second ground protection layer at the bottom, a layer above the second ground protection layer or A plurality of second protection signal layers and at the uppermost element layer, a second trigger signal line is disposed in the at least one second protection signal layer.

其中, 在所述第一地保护层和第二地保护层表面均涂覆有遮光绝缘材 料。  Wherein, the surface of the first protective layer and the second protective layer are coated with a light-shielding insulating material.

其中, 第一触发信号线和第二触发信号线为蛇形触发信号线。 其中, 所述柔性电路板的一面涂胶并根据所述金属屏蔽罩外形折弯之 后粘接到所述金属屏蔽罩上。 The first trigger signal line and the second trigger signal line are serpentine trigger signal lines. Wherein one side of the flexible circuit board is glued and bonded to the metal shield according to the shape of the metal shield.

较佳地, 所述金属屏蔽罩具有 4个侧壁, 所述柔性电路板具有 4个折 弯部。  Preferably, the metal shield has four side walls, and the flexible circuit board has four bent portions.

较佳地, 所述金属屏蔽罩的每一个侧壁设置有卡爪或者扭脚, 并且所 述被保护的电路板上设置有与所述卡爪或扭脚配合的第一过孔, 所述金属 屏蔽罩的卡爪或扭脚与侧壁的结合处设置有肩部, 该肩部的高度与所述柔 性电路板的厚度相同。  Preferably, each side wall of the metal shield is provided with a claw or a twisted leg, and the protected circuit board is provided with a first through hole that cooperates with the claw or the twisted leg, The joint of the claw or the twisting foot of the metal shield with the side wall is provided with a shoulder having a height equal to the thickness of the flexible circuit board.

其中, 所述柔性电路板的每一个折弯部包括第一折弯子部和第二折弯 子部, 第二折弯子部具有所述的延伸部并且在该延伸部上设置有和所述被 保护电路板上的第二触点部件对应的第一导电触点部件, 第二折弯子部在 与所述金属屏蔽罩的侧壁的卡爪或扭脚相应的位置处设置有凹槽, 第一折 弯子部覆盖在所述金属屏蔽罩的一个侧壁的外表面上, 第二折弯子部穿过 所述肩部和所述被保护电路板构造的缝隙覆盖在该一个侧壁的内表面上。  Wherein each bent portion of the flexible circuit board includes a first bent sub-portion and a second bent sub-portion, the second bent sub-portion has the extending portion and is disposed on the extended portion and protected a first contact member corresponding to the second contact member on the circuit board, the second bent portion is provided with a groove at a position corresponding to a claw or a twisted leg of the side wall of the metal shield, first a bent sub-section covering an outer surface of one side wall of the metal shield, the second bent sub-section covering the inner surface of the one side wall through the shoulder and the slit of the protected circuit board structure .

其中, 每一个第二折弯子部的延伸部与设置在被保护电路板上的第二 导电触点部件的个数相同。  Wherein, the extension of each of the second bent sub-portions is the same as the number of the second electrically conductive contact members disposed on the protected circuit board.

可选地, 在被保护的电路板上的发热元件顶部设置有导热元件, 并且 在被保护的电路板的第一过孔附近的表面上涂覆大面积导电材料。  Optionally, a heat conductive element is disposed on top of the heat generating component on the protected circuit board, and a large area of conductive material is coated on the surface near the first via of the protected circuit board.

其中, 在所述被保护的电路板的元件层之上设置所述安全处理器, 所 述安全处理器发出的触发信号通过所述被保护的电路板中的第二过孔传输 到第二保护信号层中的第二触发信号线, 第二保护信号层上的第二触发信 号线通过被保护的电路板上的第三过孔连接到第二导电触点部件。  Wherein the security processor is disposed on the component layer of the protected circuit board, and the trigger signal sent by the security processor is transmitted to the second protection through the second via hole in the protected circuit board A second trigger signal line in the signal layer, the second trigger signal line on the second protection signal layer is connected to the second conductive contact part through a third via on the protected circuit board.

其中, 所述金属屏蔽罩是由铜锡镍合金、 铜锡磷、 铜锡铍合金和铜银 合金材料制成。  Wherein, the metal shield is made of a copper-tin-nickel alloy, a copper-tin-phosphorus, a copper-tin-bismuth alloy, and a copper-silver alloy material.

进一步, 所述导电元件内部包含至少一对隔离的导电通道, 所述导电 通道对的数量、 柔性电路板上的第一导电部件的数量和被保护的电路板上 的第二导电触点部件的数量相同。  Further, the conductive element internally includes at least one pair of isolated conductive channels, the number of pairs of conductive channels, the number of first conductive members on the flexible circuit board, and the second conductive contact members on the protected circuit board. The same amount.

其中, 所述金属屏蔽罩在导电元件设置位置处对应成型出鳍脚, 支撑 所述导电元件。  Wherein, the metal shielding cover correspondingly forms a fin at a position where the conductive element is disposed to support the conductive element.

由上述技术方案可见, 本发明中, 覆盖有柔性电路板的金属屏蔽罩和 被保护的电路板一起构成立体的保护空间; 安全处理器提供的安全动态触 发信号或者静态触发信号密布于整个信息安全保护装置表面, 来自信息安 全保护装置外部的任意一个方向的物理攻击, 都会触发蛇形触发信号线上 的安全触发信号, 使信息安全保护装置上的被保护的电路板启动自毁程序, 瞬时擦除被保护的电路板中的密钥、 PIN码以及敏感数据, 极大的保护了信 息安全保护装置的安全。 附图说明 It can be seen from the above technical solution that, in the present invention, the metal shield covered with the flexible circuit board and the protected circuit board together form a three-dimensional protection space; the safety dynamic trigger signal or the static trigger signal provided by the security processor is densely distributed throughout the information security. Protective device surface, from information security A physical attack in any direction outside the full protection device triggers a safety trigger signal on the serpentine trigger signal line, enabling the protected circuit board on the information security device to initiate a self-destruction program, and instantly erasing the protected circuit board. The key, PIN code and sensitive data in the key protect the security of the information security device. DRAWINGS

为了更清楚地说明本发明实施例或现有技术中的技术方案,以下将对 实施例或现有技术描述中所需要使用的附图作筒单地介绍。 显而易见地, 以下描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员 而言, 还可以根据这些附图所示实施例得到其它的实施例及其附图。  In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings to be used in the embodiments or the description of the prior art will be briefly described below. It is apparent that the drawings in the following description are only some embodiments of the present invention, and other embodiments and drawings thereof may be obtained by those skilled in the art from the embodiments shown in the drawings.

图 1是现有的支付终端安全保护装置结构示意图;  1 is a schematic structural diagram of a conventional payment terminal security protection device;

图 2是现有的支付终端安全保护装置另一结构示意图;  2 is another schematic structural diagram of a conventional payment terminal security protection device;

图 3示出了根据本发明实施例的信息安全保护装置结构示意图; 图 4a和 4b示出了本发明实施例的金属屏蔽罩 20的平面示意图; 图 5a和 5b示出了柔性电路板 30的平面示意图;  3 is a schematic structural view of an information security device according to an embodiment of the present invention; FIGS. 4a and 4b are plan views showing a metal shield 20 of an embodiment of the present invention; and FIGS. 5a and 5b are views showing a flexible circuit board 30. Schematic plan view;

图 6示出了柔性电路板的底层的蛇形触发信号线布置示意图; 图 7示出了本发明实施例的蛇形触发信号线的电路原理示意图; 图 8a和 8b示出了本发明实施例中的柔性电路板覆盖于金属屏蔽罩上 之后的截面示意图;  6 is a schematic view showing a arrangement of a serpentine trigger signal line of a bottom layer of a flexible circuit board; FIG. 7 is a circuit diagram showing a serpentine trigger signal line of an embodiment of the present invention; and FIGS. 8a and 8b show an embodiment of the present invention. A schematic cross-sectional view of the flexible circuit board after covering the metal shield;

图 9为被保护的电路板的俯视图;  Figure 9 is a top plan view of the protected circuit board;

图 10示出了本发明实施例的发热芯片散热结构示意图;  FIG. 10 is a schematic view showing a heat dissipation structure of a heat generating chip according to an embodiment of the present invention; FIG.

图 11为被保护的电路板的结构的截面示意图;  Figure 11 is a schematic cross-sectional view showing the structure of a protected circuit board;

图 12为根据本发明的实施例的装配之后的信息安全保护装置示意图; 图 1 3为根据本发明实施例的被保护的电路板上的覆导电材料布置示意 图。 具体实施方式  Figure 12 is a schematic illustration of an information security device after assembly in accordance with an embodiment of the present invention; Figure 13 is a schematic illustration of a conductive material arrangement on a protected circuit board in accordance with an embodiment of the present invention. detailed description

为使本发明的目的、技术方案及优点更加清楚明白, 以下参照附图并 举实施例, 对本发明进一步详细说明。  The present invention will be further described in detail below with reference to the accompanying drawings.

本发明的实施例提供了一种信息安全保护装置如支付终端安全保护装 置, 其主要包括金属屏蔽罩 20、 柔性电路板 30、 被保护的电路板 10和导 电元件。 信息安全保护装置可以是金融支付终端等。 柔性电路板 30覆盖于 金属屏蔽罩 20外表面并且所述柔性电路板的延伸部延伸到金属屏蔽罩的内 表面上。 覆盖有柔性电路板 30的金属屏蔽罩 20放置在被保护的电路板 10 上并罩住被保护的电路板 10上的待保护电路。 柔性电路板 30和被保护的 电路板 10分别设置有第一信号触发线和第二信号触发线, 第一信号触发线 经设置在所述延伸部上的第一导电触点部件、 所述导电元件、 设置在所述 被保护的电路板上的第二导电触点部件连接到第二触发信号线, 第一信号 触发线和第二信号触发线接收来自设置在被保护的电路板上的安全处理器 的触发信号。 Embodiments of the present invention provide an information security device such as a payment terminal security device that primarily includes a metal shield 20, a flexible circuit board 30, a protected circuit board 10, and conductive elements. The information security protection device may be a financial payment terminal or the like. The flexible circuit board 30 covers the outer surface of the metal shield 20 and the extension of the flexible circuit board extends into the metal shield On the surface. A metal shield 20 covered with a flexible circuit board 30 is placed over the protected circuit board 10 and covers the circuit to be protected on the protected circuit board 10. The flexible circuit board 30 and the protected circuit board 10 are respectively provided with a first signal trigger line and a second signal trigger line, the first signal trigger line passing through the first conductive contact member disposed on the extension, the conductive An element, a second conductive contact member disposed on the protected circuit board is coupled to the second trigger signal line, and the first signal trigger line and the second signal trigger line are received from the security disposed on the protected circuit board The trigger signal of the processor.

本发明的实施例中, 金属屏蔽罩 20 具有顶面和侧壁。 柔性电路板 30 具有主体部和根据所述金属屏蔽罩外形构造的折弯部, 折弯部上具有延伸 部并且在该延伸部上设置有第一导电触点部件, 所述主体部覆盖于所述金 属屏蔽罩的顶面的外表面, 折弯部覆盖于金属屏蔽罩 20的相应侧壁外表面 并且该折弯部的延伸部沿着相应的侧壁折弯延伸到金属屏蔽罩 20的内表面 上。 覆盖有柔性电路板 30的金属屏蔽罩放置在被保护的电路板上并罩住被 保护的电路板 10上的待保护电路, 在被保护的电路板上设置与柔性电路板 30 的延伸部上的第一导电触点部件对应的第二导电触点部件。 柔性电路板 上布置有与第一导电触点部件连接的第一触发信号线, 所述被保护的电路 板上布置有与第二导电触点部件连接的第二触发信号线, 第一导电触点部 件和第二导电触点部件之间经所述导电元件电连接。 被保护的电路板 10上 设置有安全处理器, 所述安全处理器发出的触发信号传送到第二触发信号 线、 第二导电触部件、 导电元件、 第一导电触点部件和第一触发信号线组 成的信号回路中, 所述触发信号从该信号回路返回所述安全处理器。  In an embodiment of the invention, the metal shield 20 has a top surface and side walls. The flexible circuit board 30 has a main body portion and a bent portion configured according to the outer shape of the metal shield, the bent portion having an extension portion on which a first conductive contact member is disposed, the main body portion covering the The outer surface of the top surface of the metal shield, the bent portion covers the outer surface of the corresponding side wall of the metal shield 20 and the extension of the bent portion extends along the corresponding side wall to extend into the metal shield 20 On the surface. A metal shield covered with a flexible circuit board 30 is placed on the protected circuit board and covers the circuit to be protected on the protected circuit board 10, and is disposed on the protected circuit board with the extension of the flexible circuit board 30. The first conductive contact member corresponds to the second conductive contact member. a first trigger signal line connected to the first conductive contact part is disposed on the flexible circuit board, and the second circuit board connected to the second conductive contact part is disposed on the protected circuit board, the first conductive touch The point component and the second conductive contact component are electrically connected via the conductive element. The protected circuit board 10 is provided with a security processor, and the trigger signal sent by the security processor is transmitted to the second trigger signal line, the second conductive contact component, the conductive component, the first conductive contact component and the first trigger signal. In the signal loop formed by the line, the trigger signal is returned from the signal loop to the security processor.

当信息安全保护装置受到物理的攻击, 比如拆解、 分割等, 就会导致 导电触点部件之间的触点断开、 松动或接触不良, 从而导致柔性电路板 30 或者被保护电路板 10上的触发信号线上的触发信号中断。 安全处理器检测 到触发信号的中断时, 会引起触发信息安全保护装置启动自毁程序, 瞬时 擦除信息安全保护装置中的密钥、 PIN码以及敏感数据, 极大的保护了信息 安全保护装置的安全。  When the information security device is physically attacked, such as disassembling, splitting, etc., the contacts between the conductive contact members are broken, loose or poorly contacted, resulting in the flexible circuit board 30 or the protected circuit board 10. The trigger signal on the trigger signal line is interrupted. When the safety processor detects the interruption of the trigger signal, it will cause the trigger information security device to start the self-destruction program, and instantaneously erase the key, PIN code and sensitive data in the information security protection device, which greatly protects the information security protection device. Security.

较佳地, 所述折弯部的延伸部沿着相应的侧壁折弯延伸到金属屏蔽罩 的内表面上为: 所述折弯部的延伸部沿着相应的侧壁折弯延伸到金属屏蔽 罩的顶面的内表面上。  Preferably, the extension of the bent portion extends along the corresponding side wall to extend onto the inner surface of the metal shield: the extension of the bent portion extends along the corresponding side wall to extend to the metal On the inner surface of the top surface of the shield.

较佳地, 第一和第二触发信号线为蛇形信号触发线。 采用蛇形信号触 发线, 可以使得柔性电路板和被保护的电路板中的布线更为密集, 能够获 得更好的保护效果。 Preferably, the first and second trigger signal lines are serpentine signal trigger lines. Using a serpentine signal trigger line, the wiring in the flexible circuit board and the protected circuit board can be made denser. Better protection.

较佳地, 导电元件为弹性导电元件, 例如导电橡胶。  Preferably, the conductive element is an elastic conductive element such as a conductive rubber.

下面结合具体实施例详细描述本发明的信息安全保护装置的示例结构 及工作原理。  The exemplary structure and operation principle of the information security device of the present invention will be described in detail below with reference to specific embodiments.

图 3示出了根据本发明实施例的信息安全保护装置结构示意图。如图 1 所示, 信息安全保护装置包括被保护的电路板 10 , 电磁屏蔽罩 20和柔性电 路板 30。 柔性电路板 30覆盖于电磁屏蔽罩 20。  FIG. 3 is a schematic structural diagram of an information security protection device according to an embodiment of the present invention. As shown in FIG. 1, the information security device includes a protected circuit board 10, an electromagnetic shield 20, and a flexible circuit board 30. The flexible circuit board 30 covers the electromagnetic shield 20.

电磁屏蔽罩 20包括顶面 201和侧壁 202。图 4a示出了本发明实施例的 金属屏蔽罩 20的平面示意图。 图 4a中, 金属屏蔽罩 20为方形。 本发明中, 金属屏蔽罩不限于方形, 其可以是圆柱体形、 或者诸如 5 面柱体、 六面柱 体形, 还可以是其他不规则的形状。  The electromagnetic shield 20 includes a top surface 201 and side walls 202. Figure 4a shows a plan view of a metal shield 20 in accordance with an embodiment of the present invention. In Figure 4a, the metal shield 20 is square. In the present invention, the metal shield is not limited to a square shape, and may be cylindrical, or such as a 5-sided cylinder, a hexahedral cylinder, or other irregular shapes.

如图 4a所示, 每一个侧壁 202具有两个卡爪 2021。 显然, 本发明中, 每一个侧壁 202上的卡爪 2021的数量不限于 2个。 根据具体的应用, 每一 个侧壁 202上的卡爪 2021可以是一个, 也可以是 3个以上。 在与侧壁 202 的连接处, 卡爪 2021具有一个肩部 2022 , 其高度 hi与柔性电路板 30的厚 度相同。  As shown in Figure 4a, each side wall 202 has two jaws 2021. It is apparent that in the present invention, the number of the claws 2021 on each of the side walls 202 is not limited to two. Depending on the application, the claws 2021 on each side wall 202 may be one or more than three. At the junction with the side wall 202, the jaw 2021 has a shoulder 2022 having a height hi that is the same as the thickness of the flexible circuit board 30.

作为替换, 每一个侧壁 202 上也可以配置有两个扭脚 2023。 如图 4b 所示, 示出了电磁屏蔽罩 1 的侧壁示意图。 类似地, 每一个侧壁 202上的 扭脚 2023的数量不限于 2个。 根据具体的应用, 每一个侧壁 202上的扭脚 2023可以是一个, 也可以是 3个以上。 在与侧壁 202的连接处, 扭脚 2023 具有一个肩部 2024 , 其高度 hi与柔性电路板 30的厚度相同。 卡爪 2021或 扭脚 2023在肩部之上具有一"" ^槽部, 其高度 h2与被保护的电路板 10的厚 度相同。  Alternatively, each of the side walls 202 may be provided with two twisting legs 2023. As shown in Fig. 4b, a schematic view of the side wall of the electromagnetic shield 1 is shown. Similarly, the number of the twisting legs 2023 on each of the side walls 202 is not limited to two. Depending on the application, the number of twisting legs 2023 on each side wall 202 may be one or more than three. At the junction with the side wall 202, the twist leg 2023 has a shoulder 2024 having a height hi that is the same as the thickness of the flexible circuit board 30. The claw 2021 or the twisted foot 2023 has a "" groove portion above the shoulder, the height h2 of which is the same as the thickness of the protected circuit board 10.

本发明中, 卡爪或扭脚的数量不限于 2个, 可以是 3个以上。  In the present invention, the number of the claws or the twisting legs is not limited to two, and may be three or more.

参见图 5a , 示出了柔性电路板 30的平面示意图。 本发明中, 柔性电路 板 30的折弯部的数量以及形状与金属屏蔽罩的数量和形状相适应。 折弯部 上设置有延伸部并且在该延伸部上设置有第一导电触点部件。 折弯部覆盖 在金属屏蔽罩的相应侧壁上并且所述延伸部延伸到该金属屏蔽罩的内表面 上。 较佳地, 所述延伸部延伸到金属屏蔽罩的顶面的内表面上。 在图 5a所 示的实例中, 柔性电路板 30具有主体部 301和 4个折弯部 302。 显然, 本 发明中, 柔性电路板不限于具有 4 个折弯部的情形。 例如, 如果金属屏蔽 罩具有 6个侧壁, 则柔性电路板相应地具有 6个折弯部; 如果金属屏蔽罩 的侧壁为 8个, 则柔性电路板相应地具有 8个折弯部。 参见图 3和 5a , 主 体部 301可覆盖于金属屏蔽罩 20的顶面 201的上表面上。每一个折弯部 302 包括第一折弯子部 3021、 第二折弯子部 3022和延伸部 3023。 第一折弯子 部 3021 可沿着其与主体部 301之间的折痕线折弯以覆盖于金属屏蔽罩 20 的相应侧壁 202的外部表面上。 第二折弯子部 3022可沿着其与第一折弯子 部 3021之间的折痕线折弯以覆盖于金属屏蔽罩 20的相应侧壁 202的内侧 表面上。 延伸部 3023可沿着其与第二折弯子部 3022之间的折痕线折弯以 覆盖于金属屏蔽罩 20的顶面 201 的下表面上。 每一个延伸部 3023上设置 有第一导电触点部件 3024。一个第一导电触点部件 3024包括至少一对金属 触点。 Referring to Figure 5a, a schematic plan view of a flexible circuit board 30 is shown. In the present invention, the number and shape of the bent portions of the flexible circuit board 30 are adapted to the number and shape of the metal shield. An extension is provided on the bend and a first electrically conductive contact member is disposed on the extension. The bend covers the respective side walls of the metal shield and the extension extends onto the inner surface of the metal shield. Preferably, the extension extends onto the inner surface of the top surface of the metal shield. In the example shown in FIG. 5a, the flexible circuit board 30 has a main body portion 301 and four bent portions 302. Obviously, in the present invention, the flexible circuit board is not limited to the case of having four bent portions. For example, if the metal shield has six side walls, the flexible circuit board accordingly has six bends; if the metal shield The number of side walls is eight, and the flexible circuit board has eight bent portions correspondingly. Referring to Figures 3 and 5a, the body portion 301 can cover the upper surface of the top surface 201 of the metal shield 20. Each of the bent portions 302 includes a first bent portion 3021, a second bent portion 3022, and an extended portion 3023. The first bent portion 3021 can be bent along a crease line between it and the body portion 301 to cover the outer surface of the corresponding side wall 202 of the metal shield 20. The second bent portion 3022 can be bent along the crease line between it and the first bent portion 3021 to cover the inner side surface of the corresponding side wall 202 of the metal shield 20. The extension 3023 can be bent along a crease line between it and the second bent subsection 3022 to cover the lower surface of the top surface 201 of the metal shield 20. A first conductive contact member 3024 is disposed on each of the extensions 3023. A first electrically conductive contact member 3024 includes at least one pair of metal contacts.

较佳地, 每一个第二折弯子部 3022 上仅在其一端设置有一个延伸部 3023 ,且相邻的第二折弯子部 3022上的延伸部 3023不相邻,如图 5a所示。 但本发明并不限于每一个折弯子部 3022上仅有一个延伸部 3023 ,而是可以 具有 2个以上的延伸部 3023。 本发明中, 延伸部 3023也不限于仅设置在相 邻的折弯部 302 的不相邻位置的情形。 可选地, 延伸部可以设置在相对侧 的折弯部 302的第二折弯子部 3022上, 如图 5b所示。 可替换地, 也可以 在第二折弯子部 3022的两端均设置有延伸部。 作为另一个实例, 延伸部也 可以设置在第二折弯子部 3022两端之外的其他位置上。  Preferably, each of the second bent sub-sections 3022 is provided with an extension 3023 at one end thereof, and the extensions 3023 on the adjacent second bent sub-sections 3022 are not adjacent, as shown in Fig. 5a. However, the present invention is not limited to having only one extension 3023 on each of the bent sub-sections 3022, but may have more than two extensions 3023. In the present invention, the extending portion 3023 is not limited to the case where it is provided only at the non-adjacent positions of the adjacent bent portions 302. Alternatively, the extension may be disposed on the second bent subsection 3022 of the bend 302 on the opposite side, as shown in Figure 5b. Alternatively, an extension portion may be provided at both ends of the second bent portion 3022. As another example, the extensions may also be disposed at other locations than the ends of the second bend 3022.

在柔性电路板的第二折弯子部 3022上, 对应于金属屏蔽罩的侧壁上的 卡抓 3021或扭脚 3023的位置处设置有凹孔 3025以容纳卡爪 3021或扭脚 3023。  On the second bent portion 3022 of the flexible circuit board, a recess 3025 is provided at a position corresponding to the catch 3021 or the twisted leg 3023 on the side wall of the metal shield to accommodate the claw 3021 or the twisted leg 3023.

柔性电路板 30可以具有两层结构, 也可以是多层结构。 柔性电路板的 最上面的一层 (即顶层) 为第一地保护层, 其表面涂覆全面积的导电材料 例如铜。 第一地保护层之下的层为至少一个第一保护信号层并且在该至少 一个第一保护信号层的最底层即 BOTTOM层上布置有第一触发信号线, 如图 6 所示。 较佳地, 第一触发信号线为蛇形触发信号线。 本发明中, BOTTOM 层上布置的第一触发信号线采用走线宽度小、 走线间距小的布线方式。 柔 性电路板 30的顶层可以采用聚酰亚胺材料,并在顶层上覆导电材料作为 GND 平面。 在柔性电路板 30的顶层的覆导电材料表面和底层表面均涂覆遮光绝 缘材料来遮蔽, 从而使入侵者无法通过光学方法探测底层上的第一触发信 号线的布线形状。 本发明实施例的柔性电路板的结构具有极高的抗物理攻 击能力。 可替换地, 柔性电路板上的第一触发信号线可布置在至少一个第一保 护信号层中的多层上。 在此情形下, 各层上的第一触发信号线通过过孔(未 示出) 在各层上交错布线, 使用较小的走线宽度和较小的线间距, 从而提 高抗物理攻击能力。 The flexible circuit board 30 may have a two-layer structure or a multi-layer structure. The uppermost layer (i.e., the top layer) of the flexible circuit board is a first protective layer whose surface is coated with a full area of conductive material such as copper. The layer under the first ground protection layer is at least one first protection signal layer and a first trigger signal line is disposed on the bottom layer of the at least one first protection signal layer, that is, the BOTTOM layer, as shown in FIG. Preferably, the first trigger signal line is a serpentine trigger signal line. In the present invention, the first trigger signal line disposed on the BOTTOM layer adopts a wiring pattern with a small trace width and a small trace pitch. The top layer of the flexible circuit board 30 may be made of a polyimide material and coated with a conductive material on the top layer as a GND plane. The surface of the conductive material and the surface of the bottom layer of the top layer of the flexible circuit board 30 are covered with a light-shielding insulating material, so that an intruder cannot optically detect the wiring shape of the first trigger signal line on the bottom layer. The structure of the flexible circuit board of the embodiment of the invention has an extremely high resistance to physical attack. Alternatively, the first trigger signal line on the flexible circuit board may be disposed on multiple layers in the at least one first protection signal layer. In this case, the first trigger signal lines on the respective layers are staggered on the respective layers through via holes (not shown), using a smaller trace width and a smaller line pitch, thereby improving the physical attack resistance.

本发明的示例实施例中, 设置在被保护的电路板上的安全处理器给柔 性电路板上的第一触发信号线提供二路动态触发信号, 如图 7 所示。 本领 域技术人员理解, 也可以给柔性电路板的第一触发信号线提供其他路数数 目的触发信号。  In an exemplary embodiment of the invention, the security processor disposed on the protected circuit board provides a two-way dynamic trigger signal to the first trigger signal line on the flexible circuit board, as shown in FIG. Those skilled in the art will appreciate that other circuit number trigger signals can also be provided to the first trigger signal line of the flexible circuit board.

图 8a示出了柔性电路板 30覆盖于金属屏蔽罩 20上之后的截面示意图, 图 8b示出了图 6a中的局部放大图。 如图 8a和 8b所示, 柔性电路板 30的 一面涂胶并根据所述金属屏蔽罩外形折弯之后粘接固定到金属屏蔽罩 20 上。  Fig. 8a shows a schematic cross-sectional view of the flexible circuit board 30 after covering the metal shield 20, and Fig. 8b shows a partial enlarged view of Fig. 6a. As shown in Figs. 8a and 8b, one side of the flexible circuit board 30 is glued and bonded to the metal shield 20 after being bent according to the shape of the metal shield.

图 9示出了被保护的电路板 10的示意图。 被保护的电路板 10包括第 一过孔 101、 第二导电触点部件 102。 一个第二导电触点部件包括与第一导 电触点部件的金属触点对数相同的金属触点对。 第一过孔 101 设置在被保 护的电路板 10上、 与卡爪 3021或扭脚 3023相应的位置处。 第二导电触点 部件 102设置在被保护的电路板 10上、 与第一导电触点部件 3024在金属 屏蔽罩的顶面的下表面上的位置相应的位置处。 在如图 3a所示的每一个第 二折弯子部 3022上仅在其一端设置有一个延伸部 3023的情形中, 第一导 电触点部件 3024在柔性电路板 30与金属屏蔽罩 20装配后位于金属屏蔽罩 20的顶面的下表面的角部区域上, 此时, 第二导电触点部件 102设置在被 保护的电路板 10的则个角部的相应区域, 如图 9所示。 被保护的电路板 10 上设置有被第一过孔所包围的待保护的电路。 当金属屏蔽罩 20罩于被保护 的电路板 10上时, 待保护的电路将处于保护状态下。  Figure 9 shows a schematic diagram of the protected circuit board 10. The protected circuit board 10 includes a first via 101 and a second conductive contact member 102. A second electrically conductive contact member includes a pair of metal contacts that are identical in number to the metal contacts of the first electrically conductive contact member. The first via 101 is disposed on the protected circuit board 10 at a position corresponding to the claw 3021 or the twisted leg 3023. The second conductive contact member 102 is disposed on the protected circuit board 10 at a position corresponding to the position of the first conductive contact member 3024 on the lower surface of the top surface of the metal shield. In the case where only one extension 3023 is provided at one end of each of the second bent sub-sections 3022 as shown in FIG. 3a, the first conductive contact member 3024 is located after the flexible circuit board 30 is assembled with the metal shield 20 On the corner region of the lower surface of the top surface of the metal shield 20, at this time, the second conductive contact member 102 is disposed at a corresponding region of the corner portion of the protected circuit board 10, as shown in FIG. The protected circuit board 10 is provided with a circuit to be protected surrounded by the first via. When the metal shield 20 is placed over the protected circuit board 10, the circuit to be protected will be in a protected state.

被保护的电路板 10上还包括发热芯片 103 , 例如 CPU等。 为了满足信 息安全保护装置的内部芯片的散热要求, 在每一个发热芯片顶部设置导热 元件 60 , 如图 10所示。 导热元件 60可以是导热硅胶。 导热元件 60可以将 发热芯片 70发出的热量很快地导入到金属屏蔽罩 20 , 并最终传递至外界。  The protected circuit board 10 further includes a heat generating chip 103 such as a CPU or the like. In order to meet the heat dissipation requirements of the internal chip of the information security device, a heat conducting element 60 is disposed on top of each of the heat generating chips, as shown in FIG. The thermally conductive element 60 can be a thermally conductive silicone. The heat conducting member 60 can quickly introduce the heat generated by the heat generating chip 70 to the metal shield 20 and finally to the outside.

参见图 3 ,在金属屏蔽罩 20和被保护的电路板 10之间设置有导电元件 50。 较佳地, 导电元件 50 为弹性导电元件, 例如导电橡胶。 导电元件 50 电连接第一导电触点部件 3024和第二导电触点部件 102。 被保护的电路板 10上设置有安全处理器 (未示出) 。 本领域技术人员理解, 图 3所示的导 电元件的安装方式仅仅是示例性的, 在所述延伸部延伸到金属屏蔽罩的侧 第一导电触点部件和第二导电触点、部件。 、 、 V Referring to FIG. 3, a conductive member 50 is disposed between the metal shield 20 and the protected circuit board 10. Preferably, the conductive element 50 is an elastic conductive element such as a conductive rubber. Conductive element 50 electrically connects first conductive contact member 3024 and second conductive contact member 102. A protected processor (not shown) is disposed on the protected circuit board 10. Those skilled in the art understand that the guide shown in Figure 3 The manner in which the electrical components are mounted is merely exemplary, with the extension extending to the side first conductive contact member and the second conductive contact, member of the metal shield. , , V

从图 8b和 9, 在金属屏蔽罩 20上放置导电元件 50位置处对应经沖压 成型出鳍脚 112, 以支撑导电元件 50。  From Fig. 8b and 9, the conductive member 50 is placed on the metal shield 20 at a position corresponding to the stamping of the fin 112 to support the conductive member 50.

如图 11所示, 被保护的电路板 10具有多层结构, 包括位于最下面的 第二地保护层 106、在第二地保护层 106之上的一层或者多层第二保护信号 层 107以及在最顶层的元件层 111,在至少一层第二保护信号层 107中布置 第二触发信号线。进一步,在至少一层第二保护层 107之上设置信号层 108。 可选地, 还可以在信号层 108之上设置于第二地保护层 106相连接的第三 地保护层 109 以及在第三地保护层 109之上的电源层 110。 与柔性电路板 30相似, 在被保护的电路板的第二保护信号层上布置第二触发信号线。 较 佳地, 第二触发信号线为蛇形触发信号线。 在被保护的电路板的第二保护 信号层上布置的第二触发信号线的布线形式与柔性电路板上的第一触发信 号线的布线相同。 如图 11所示, 最上面的一层即元件层上的一部分设置有 元件, 元件层上未设置有元件的其他部分大面积铺导电材料, 例如涂覆铜。 第二保护信号层紧挨第二地保护层上布置。 第二保护信号层不限于采用一 层, 可以采用多层。 在具有多层第二保护信号层例如三层的情形下, 各层 上的第二触发信号触发线交错布置, 且各层使用较小的走线宽度和较小的 线间距, 以提高入侵者的攻击难度。 第二保护信号层通过第三过孔 104 连 接到第二导电触点部件 102。  As shown in FIG. 11, the protected circuit board 10 has a multi-layered structure including a second underlying protective layer 106 at the bottom, and one or more layers of a second protective signal layer 107 over the second protective layer 106. And at the topmost component layer 111, a second trigger signal line is disposed in at least one of the second protection signal layers 107. Further, a signal layer 108 is disposed over at least one of the second protective layers 107. Optionally, a third ground protection layer 109 connected to the second ground protection layer 106 and a power layer 110 above the third ground protection layer 109 may also be disposed on the signal layer 108. Similar to the flexible circuit board 30, a second trigger signal line is disposed on the second protection signal layer of the protected circuit board. Preferably, the second trigger signal line is a serpentine trigger signal line. The wiring pattern of the second trigger signal line disposed on the second protection signal layer of the protected circuit board is the same as the wiring of the first trigger signal line on the flexible circuit board. As shown in Fig. 11, the uppermost layer, that is, a part of the element layer is provided with an element, and other parts of the element layer which are not provided with the element are laid over a large area, such as copper. The second protection signal layer is disposed next to the second ground protection layer. The second protection signal layer is not limited to one layer, and multiple layers may be employed. In the case of a multi-layer second protection signal layer such as three layers, the second trigger signal on each layer triggers the line staggered arrangement, and each layer uses a smaller trace width and a smaller line spacing to improve the intruder The difficulty of the attack. The second guard signal layer is coupled to the second conductive contact member 102 through the third via 104.

参见图 3和 11, 安全处理器产生动态或静态触发信号并通过第二过孔 105将其传送到第二触发信号线上。 触发信号经第二金属触点部件 102、 导 电元件 50、 第一导电触点部件 3024传送到第一触发信号线。 这样, 第一信 号触发线和第二信号触发线上均布置有触发信号。 然后, 触发信号再经另 外的第一导电触点部件、 导电元件、 第二导电触点部件、 第二触发信号线 返回到安全处理器。  Referring to Figures 3 and 11, the security processor generates a dynamic or static trigger signal and transmits it through the second via 105 to the second trigger signal line. The trigger signal is transmitted to the first trigger signal line via the second metal contact member 102, the conductive member 50, and the first conductive contact member 3024. Thus, a trigger signal is disposed on both the first signal trigger line and the second signal trigger line. Then, the trigger signal is returned to the security processor via the other first conductive contact member, the conductive member, the second conductive contact member, and the second trigger signal line.

本发明中, 信息安全保护装置的装配过程如下。 首先, 将柔性电路板 30根据折痕线折弯成型, 粘接到金属屏蔽罩 20上。 其次, 将导电元件安装 到金属屏蔽罩 20的顶面的内表面上, 例如安装到金属屏蔽罩的顶面的内表 面的四个角部区域, 并对准第一导电触点对。 接下来, 将覆盖有柔性电路 板 30的金属屏蔽罩 20的卡爪或扭脚插入到被保护的电路板上的第一通孔 中, 使导电元件与被保护的电路板上的第二导电触点部件对准, 并测试导 电元件和第一与第二导电触点部件的接触。 最后, 如果导电元件与第一和 第二导电触点部件良好接触, 将金属屏蔽罩的卡爪或扭脚焊接到被保护的 电路板上。 In the present invention, the assembly process of the information security device is as follows. First, the flexible circuit board 30 is bent and formed according to the crease line, and bonded to the metal shield 20. Next, the conductive elements are mounted to the inner surface of the top surface of the metal shield 20, such as to the four corner regions of the inner surface of the top surface of the metal shield, and aligned with the first pair of conductive contacts. Next, the claw or the twisted leg of the metal shield cover 20 covered with the flexible circuit board 30 is inserted into the first through hole of the protected circuit board. Aligning the conductive element with the second conductive contact member on the protected circuit board and testing the contact of the conductive element with the first and second conductive contact members. Finally, if the conductive element is in good contact with the first and second conductive contact members, the jaws or pins of the metal shield are soldered to the protected circuit board.

图 12示出了根据本发明的实施例的装配之后的信息安全保护装置示意 图。 如图所示, 覆盖有柔性电路板的金属屏蔽罩的各个卡爪或扭脚插入到 被保护的电路板的第一通孔之中。 进一步地, 可以在卡爪或扭脚插入到第 一通孔中之后将其焊接固定在被保护的电路板上。  Fig. 12 is a view showing an information security device after assembly according to an embodiment of the present invention. As shown, the respective claws or twist pins of the metal shield covered with the flexible circuit board are inserted into the first through holes of the protected circuit board. Further, the claw or the twisted foot may be soldered to the protected circuit board after being inserted into the first through hole.

如图 13所示, 为了将被保护的电路板 10上的发热芯片的热量快速地 传到到外部, 在被保护的电路板 10上的第一通孔 101附近大面积覆导电材 料。 这样, 发热芯片的发热经导热元件 60传递到金属屏蔽罩 20 , 再经金属 屏蔽罩 20的卡爪或扭脚传递到第一通孔附近的大面积覆导电材料上, 从而 散发到外部。  As shown in Fig. 13, in order to quickly transfer the heat of the heat generating chip on the protected circuit board 10 to the outside, a large area of the conductive material is coated in the vicinity of the first through hole 101 on the protected circuit board 10. Thus, the heat generated by the heat generating chip is transmitted to the metal shield 20 through the heat conducting member 60, and then transmitted to the large-area covering conductive material near the first through hole through the claw or the twisted leg of the metal shield 20, thereby being radiated to the outside.

本发明中,通过增加柔性电路板 30的层数,可以提高抗物理攻击能力; 通过增加柔性电路板 30的第一触发信号线的布线复杂度, 也可以提高抗物 理攻击能力。  In the present invention, by increasing the number of layers of the flexible circuit board 30, the physical attack resistance can be improved; by increasing the wiring complexity of the first trigger signal line of the flexible circuit board 30, the physical attack resistance can also be improved.

电磁屏蔽罩 20可以采用铜锡镍合金, 提供良好的电磁屏蔽效果。 如果 对电磁屏蔽罩 20有弹性要求, 可以选择使用铜锡磷或者铜锡铍合金材料, 则信息安全保护装置外形就有极佳的弹性。 如果信息安全保护装置内部有 高散热要求, 可以使用铜银合金材料。 如果对磁屏蔽要求, 还可以使用硅 钢材料。 同时上述材料的选用对于安全性、 可焊接性、 电磁屏蔽效果没有 任何影响。  The electromagnetic shield 20 can be made of copper-tin-nickel alloy to provide good electromagnetic shielding. If the electromagnetic shielding cover 20 has elastic requirements, copper-tin-phosphorus or copper-tin-bismuth alloy materials can be selected, and the shape of the information security protection device has excellent elasticity. If the information security device has high heat dissipation requirements inside, copper-silver alloy materials can be used. Silicon steel materials can also be used if magnetic shielding is required. At the same time, the selection of the above materials has no effect on safety, weldability and electromagnetic shielding effect.

本发明中, 安全处理器提供的安全动态触发信号或者静态触发信号密 布于整个信息安全保护装置表面。 所述柔性电路板覆盖于金属屏蔽罩的外 表面, 和被保护的电路板的最外部的第二地保护层一起构成立体的保护空 间。 当入侵者从金属屏蔽罩的顶面或者侧面方向入侵安全信息保护装置时, 会导致导电元件松动, 从而触发被保护的电路板启动自毁程序, 瞬时擦除 被保护的电路板中的密钥、 P IN码以及敏感数据。 当有入侵者使用探针从金 属屏蔽罩的顶面或侧面方向探测信息安全保护装置上的信息时, 探针会刺 入触发信号线如蛇形触发信号线, 安全处理器将检测到这种入侵, 因而触 发被保护的电路板启动自毁程序, 瞬时擦除被保护的电路板中的密钥、 P IN 码以及敏感数据。 同样, 当入侵者从被保护的电路板的外部方向入侵信息 安全保护装置时, 由于被保护的电路板中同样布置有触发信号线, 安全处 理器同样检测到这种入侵, 也会触发被保护的电路板的触发信号线上的信 号从而启动自毁程序, 瞬时擦除被保护的电路板中的密钥、 PIN码以及敏感 数据。 因此, 本发明的信息安全保护装置能够防备来自任意一个方向的物 理攻击。 In the present invention, the secure dynamic trigger signal or the static trigger signal provided by the security processor is densely attached to the entire surface of the information security device. The flexible circuit board covers the outer surface of the metal shield and forms a three-dimensional protective space together with the outermost second protective layer of the protected circuit board. When an intruder invades a safety information protection device from the top or side of the metal shield, the conductive component is loosened, triggering the protected circuit board to initiate a self-destruction process, and instantaneously erasing the key in the protected circuit board. , P IN code and sensitive data. When an intruder uses a probe to detect information on the information security device from the top or side of the metal shield, the probe will pierce the trigger signal line, such as a serpentine trigger signal line, which the security processor will detect. The intrusion thus triggers the protected board to initiate a self-destruction routine that instantaneously erases the key, P IN code, and sensitive data in the protected board. Similarly, when an intruder invades information from the outside of the protected board In the case of the safety protection device, since the trigger signal line is also arranged in the protected circuit board, the safety processor also detects the intrusion, and also triggers the signal on the trigger signal line of the protected circuit board to start the self-destruction program. Instantly erase the key, PIN code, and sensitive data in the protected board. Therefore, the information security protection device of the present invention can guard against physical attacks from any one direction.

此外, 由于本发明采用一体结构的金属屏蔽罩, 不仅具有良好的电磁 屏蔽效果, 还具有较强的抗物理攻击能力, 可以有效抵御高温、 打孔等物 理破坏。  In addition, since the invention adopts the metal shield of the integral structure, it not only has good electromagnetic shielding effect, but also has strong anti-physical attack capability, and can effectively resist physical damage such as high temperature and punching.

当然, 当信息安全保护装置受到其他物理攻击, 比如拆解、 分割时, 也会触发柔性电路板或者被保护的电路板上的触发信号线上的安全触发信 号, 安全处理器检测到这种攻击, 从而引发信息安全保护装置上的被保护 的电路板启动自毁程序, 瞬时擦除被保护的电路板中的密钥、 PIN码以及敏 感数据, 极大的保护了信息安全保护装置的安全。  Of course, when the information security device is subjected to other physical attacks, such as disassembly and splitting, it also triggers a security trigger signal on the trigger circuit of the flexible circuit board or the protected circuit board. The security processor detects the attack. Therefore, the protected circuit board on the information security protection device initiates a self-destruction program, instantaneously erasing the key, the PIN code and the sensitive data in the protected circuit board, thereby greatly protecting the security of the information security protection device.

以上所述仅为本发明的较佳实施例, 并非用于限制本发明的保护范围。 凡在本发明的精神和原则之内, 所作的任何修改、 等同替换以及改进等, 均应包含在本发明的保护范围之内。  The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention. Any modifications, equivalent substitutions, and improvements made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 书 Claim 1. 一种信息安全保护装置, 包括: 金属屏蔽罩、 柔性电路板、 被保护 的电路板和导电元件, 其特征在于:  An information security device comprising: a metal shield, a flexible circuit board, a protected circuit board, and a conductive element, characterized by: 所述柔性电路板覆盖于所述金属屏蔽罩的外表面并且所述柔性电路板 的延伸部延伸到金属屏蔽罩的内表面上;  The flexible circuit board covers an outer surface of the metal shield and the extension of the flexible circuit board extends onto an inner surface of the metal shield; 覆盖有柔性电路板的金属屏蔽罩放置在被保护的电路板上并罩住被保 护的电路板上的待保护电路;  A metal shield covered with a flexible circuit board is placed on the protected circuit board and covers the circuit to be protected on the protected circuit board; 所述柔性电路板和被保护的电路板中分别设置有第一信号触发线和第 二信号触发线, 第一信号触发线经设置在所述延伸部上的第一导电触点部 件、 所述导电元件、 设置在所述被保护的电路板上的第二导电触点部件连 接到第二触发信号线, 第一信号触发线和第二信号触发线接收来自设置在 被保护的电路板上的安全处理器的触发信号。  a first signal trigger line and a second signal trigger line are respectively disposed in the flexible circuit board and the protected circuit board, the first signal trigger line is disposed on the first conductive contact part disposed on the extension portion, a conductive element, a second conductive contact member disposed on the protected circuit board is coupled to the second trigger signal line, and the first signal trigger line and the second signal trigger line are received from the circuit board disposed on the protected circuit board The trigger signal of the security processor. 2. 如权利要求 1所述的信息安全保护装置, 其中, 所述金属屏蔽罩具 有顶面和侧壁; 2. The information security device according to claim 1, wherein the metal shield has a top surface and a side wall; 所述柔性电路板具有主体部和根据所述金属屏蔽罩外形构造的折弯 部, 所述折弯部上具有所述延伸部, 所述主体部覆盖于所述金属屏蔽罩的 顶面的外表面, 所述折弯部覆盖于所述金属屏蔽罩的相应侧壁外表面并且 该折弯部的延伸部沿着相应的侧壁折弯延伸到金属屏蔽罩的内表面上; 所述安全处理器发出的触发信号传送到第二触发信号线、 第二导电触 点部件、 导电元件、 第一导电触点部件和第一触发信号线组成的信号回路 中, 所述触发信号从该信号回路返回所述安全处理器。  The flexible circuit board has a main body portion and a bent portion according to the outer shape of the metal shield cover, the bent portion has the extending portion, and the main body portion covers the outer surface of the metal shield cover a surface, the bent portion covers a corresponding side wall outer surface of the metal shield and the extension of the bent portion extends along a corresponding side wall to an inner surface of the metal shield; the safety treatment The trigger signal sent by the device is transmitted to a signal loop composed of the second trigger signal line, the second conductive contact member, the conductive element, the first conductive contact member and the first trigger signal line, and the trigger signal is returned from the signal loop The security processor. 3. 如权利要求 2所述的信息安全保护装置, 其中, 所述折弯部的延伸 部沿着相应的侧壁折弯延伸到金属屏蔽罩的内表面上具体为: 所述折弯部 的延伸部沿着相应的侧壁折弯延伸到金属屏蔽罩的顶面的内表面上, 并且 所述导电元件为弹性导电元件。 The information security protection device according to claim 2, wherein the extension portion of the bent portion extends along the corresponding side wall to extend onto the inner surface of the metal shield, specifically: the bent portion The extensions are bent along the respective side walls to extend onto the inner surface of the top surface of the metal shield, and the conductive elements are resilient conductive elements. 4. 如权利要求 2或 3所述的信息安全保护装置, 其中, 所述柔性电路 板具有至少两层, 最上面的一层为第一地保护层并在该第一地保护层外表 面涂覆导电材料, 第一地保护层之下的层为第一保护信号层并且在至少一 个第一保护信号层中布置第一触发信号线; The information security protection device according to claim 2 or 3, wherein the flexible circuit board has at least two layers, and the uppermost layer is a first protective layer and is coated on the outer surface of the first protective layer. Covering the conductive material, the layer under the first protective layer is the first protection signal layer and at least one Arranging a first trigger signal line in the first protection signal layer; 所述被保护的电路板包括位于最下面的第二地保护层、 在第二地保护 层之上的一层或者多层第二保护信号层以及在最上面的元件层, 在至少一 层第二保护信号层中布置第二触发信号线。  The protected circuit board includes a second ground protection layer at the bottom, one or more layers of a second protection signal layer over the second ground protection layer, and an uppermost component layer, at least one layer A second trigger signal line is disposed in the second protection signal layer. 5. 如权利要求 4所述的信息安全保护装置, 其中, 在所述第一地保护 层和第二地保护层表面均涂覆有遮光绝缘材料。 The information security device according to claim 4, wherein the first protective layer and the second protective layer are coated with a light-shielding insulating material. 6. 如权利要求 1、 2或 3所述的信息安全保护装置, 其中, 第一触发信 号线和第二触发信号线为蛇形触发信号线。 The information security protection device according to claim 1, 2 or 3, wherein the first trigger signal line and the second trigger signal line are serpentine trigger signal lines. 7. 如权利要求 2所述的信息安全保护装置, 其中, 所述柔性电路板的 一面涂胶并根据所述金属屏蔽罩外形折弯之后粘接到所述金属屏蔽罩上。 7. The information security device according to claim 2, wherein one side of the flexible circuit board is glued and bonded to the metal shield according to the shape of the metal shield. 8. 如权利要求 1-3之一所述的信息安全保护装置, 其中, 所述金属屏 蔽罩具有 4个侧壁, 所述柔性电路板具有 4个折弯部。 The information security device according to any one of claims 1 to 3, wherein the metal shield has four side walls, and the flexible circuit board has four bent portions. 9. 如权利要求 1-3之一所述的信息安全保护装置, 其中, 所述金属屏 蔽罩的每一个侧壁设置有卡爪或者扭脚, 并且所述被保护的电路板上设置 有与所述卡爪或扭脚配合的第一过孔, 所述金属屏蔽罩的卡爪或扭脚与侧 壁的结合处设置有肩部, 该肩部的高度与所述柔性电路板的厚度相同。 The information security device according to any one of claims 1 to 3, wherein each side wall of the metal shield is provided with a claw or a twisted leg, and the protected circuit board is provided with The first through hole of the claw or the twisting leg, the joint of the claw or the twisting leg of the metal shield and the side wall is provided with a shoulder, the height of the shoulder is the same as the thickness of the flexible circuit board . 10. 如权利要求 9所述的信息安全保护装置, 其中, 所述柔性电路板 的每一个折弯部包括第一折弯子部和第二折弯子部, 第二折弯子部具有所 述的延伸部并且在该延伸部上设置有和所述被保护电路板上的第二触点部 件对应的第一导电触点部件, 第二折弯子部在与所述金属屏蔽罩的侧壁的 卡爪或扭脚相应的位置处设置有凹槽, 第一折弯子部覆盖在所述金属屏蔽 罩的一个侧壁的外表面上, 第二折弯子部穿过所述肩部和所述被保护电路 板构造的缝隙覆盖在该一个侧壁的内表面上。 10. The information security device according to claim 9, wherein each of the bent portions of the flexible circuit board includes a first bent portion and a second bent portion, and the second bent portion has the extension And a first conductive contact member corresponding to the second contact member on the protected circuit board, the second bent portion being on the side wall of the metal shield Or a corresponding position at the position of the twisting foot, the first bent portion covering the outer surface of one side wall of the metal shield, the second bent portion passing through the shoulder and the protected circuit A slit of the plate structure covers the inner surface of the one side wall. 11. 如权利要求 10所述的信息安全保护装置, 其中, 每一个第二折弯 子部的延伸部与设置在被保护电路板上的第二导电触点部件的个数相同。 11. The information security device of claim 10, wherein the extension of each of the second bent sub-portions is the same as the number of the second electrically conductive contact members disposed on the protected circuit board. 12. 如权利要求 9所述的信息安全保护装置, 其中, 在被保护的电路 板上的发热元件顶部设置有导热元件, 并且在被保护的电路板的第一过孔 附近的表面上涂覆大面积导电材料。 12. The information security device according to claim 9, wherein a heat conductive element is disposed on a top of the heat generating component on the protected circuit board, and is coated on a surface near the first via hole of the protected circuit board. Large area conductive material. 1 3. 如权利要求 4 所述的信息安全保护装置, 其中, 在所述被保护的 电路板的元件层之上设置所述安全处理器, 所述安全处理器发出的触发信 号通过所述被保护的电路板中的第二过孔传输到第二保护信号层中的第二 触发信号线, 第二保护信号层上的第二触发信号线通过被保护的电路板上 的第三过孔连接到第二导电触点部件。 The information security protection device according to claim 4, wherein the security processor is disposed on an element layer of the protected circuit board, and a trigger signal sent by the security processor passes through the The second via in the protected circuit board is transmitted to the second trigger signal line in the second protection signal layer, and the second trigger signal line on the second protection signal layer is connected through the third via on the protected circuit board To the second conductive contact member. 14. 如权利要求 1 所述的信息安全保护装置, 其中, 所述金属屏蔽罩 是由铜锡镍合金、 铜锡磷、 铜锡铍合金和铜银合金材料制成。 14. The information security device according to claim 1, wherein the metal shield is made of a copper-tin-nickel alloy, a copper-tin-phosphorus, a copper-tin-bismuth alloy, and a copper-silver alloy material. 15. 如权利要求 1- 3之一所述的信息安全保护装置, 所述导电元件内 部包含至少一对隔离的导电通道, 所述导电通道对的数量、 柔性电路板上 的第一导电部件的数量和被保护的电路板上的第二导电触点部件的数量相 同。 The information security protection device according to any one of claims 1 to 3, wherein the conductive element internally comprises at least one pair of isolated conductive channels, the number of the pair of conductive channels, and the first conductive member on the flexible circuit board. The number is the same as the number of second conductive contact members on the protected circuit board. 16. 如权利要求 1或 3所述的信息安全保护装置, 其中, 所述金属屏 蔽罩在导电元件设置位置处对应成型出鳍脚, 支撑所述导电元件。 The information security protection device according to claim 1 or 3, wherein the metal shield covers the fins at a position where the conductive elements are disposed, and supports the conductive elements.
PCT/CN2012/083624 2012-07-03 2012-10-26 Information security protection device Ceased WO2014005385A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201210226844 2012-07-03
CN201210226844.9 2012-07-03
CN201210381106.1 2012-10-09
CN201210381106.1A CN102930648B (en) 2012-07-03 2012-10-09 Information safety protector

Publications (1)

Publication Number Publication Date
WO2014005385A1 true WO2014005385A1 (en) 2014-01-09

Family

ID=47645436

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/083624 Ceased WO2014005385A1 (en) 2012-07-03 2012-10-26 Information security protection device

Country Status (2)

Country Link
CN (1) CN102930648B (en)
WO (1) WO2014005385A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3269444A1 (en) 2016-07-14 2018-01-17 Base4 Innovation Ltd Method of identifying droplets in a stack and an associated sequencer
WO2018042028A1 (en) 2016-09-02 2018-03-08 Base4 Innovation Limited Single nucleotide detection method and associated probes
WO2018046521A1 (en) 2016-09-06 2018-03-15 Base4 Innovation Limited Single nucleotide detection method and associated probes
WO2018054964A1 (en) 2016-09-20 2018-03-29 Base4 Innovation Limited Single nucleotide detection method and associated probes
WO2018210823A1 (en) 2017-05-15 2018-11-22 Base4 Innovation Limited Single nucleotide detection method and associated probes
WO2019243577A1 (en) 2018-06-21 2019-12-26 Base4 Innovation Limited Sequencing method using modified nucleoside polyphosphates

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017019738A1 (en) * 2015-07-30 2017-02-02 Laird Technologies, Inc. Soft and/or flexible emi shields and related methods
CN105555113B (en) * 2016-02-01 2019-02-05 深圳市信维通信股份有限公司 Shielding case structure
CN107463857B (en) 2016-06-03 2019-11-22 南宁富桂精密工业有限公司 Light pipe and electronic device
CN110084074B (en) * 2019-01-26 2021-06-22 鼎铉商用密码测评技术(深圳)有限公司 Protection device and data equipment
CN110057246B (en) * 2019-05-06 2024-05-07 苏州高甲防护科技有限公司 Slot type high-safety stab-resistant fabric structure
CN110287738B (en) * 2019-06-06 2024-05-17 深圳市金泰克半导体有限公司 Data storage device and data protection method thereof
CN114675582B (en) * 2022-04-20 2023-01-24 希博(张家港)科技有限公司 An information security intelligent management and control system based on big data

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060259788A1 (en) * 2005-05-10 2006-11-16 Arcadi Elbert Secure circuit assembly
CN101526802A (en) * 2009-04-21 2009-09-09 上海杉德金卡信息系统科技有限公司 Information protection method for PIN input equipment
CN101605448A (en) * 2008-06-11 2009-12-16 联发科技股份有限公司 Shielding device and printed circuit board with shielding protection
CN101882191A (en) * 2009-05-08 2010-11-10 深圳长城开发科技股份有限公司 Information security protecting device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6686539B2 (en) * 2001-01-03 2004-02-03 International Business Machines Corporation Tamper-responding encapsulated enclosure having flexible protective mesh structure
CN201114985Y (en) * 2007-04-20 2008-09-10 太阳神(珠海)电子有限公司 Novel information protection flexible printed circuit board
CN101308739B (en) * 2007-05-16 2010-05-26 深圳市证通电子股份有限公司 Self-destruct circuit trigger detection method and switch structure
CN101615235A (en) * 2009-08-04 2009-12-30 青岛海信智能商用设备有限公司 A kind of self-destruction system for memory data
CN101833627A (en) * 2010-06-09 2010-09-15 深圳视融达科技有限公司 Safety wall

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060259788A1 (en) * 2005-05-10 2006-11-16 Arcadi Elbert Secure circuit assembly
CN101605448A (en) * 2008-06-11 2009-12-16 联发科技股份有限公司 Shielding device and printed circuit board with shielding protection
CN101526802A (en) * 2009-04-21 2009-09-09 上海杉德金卡信息系统科技有限公司 Information protection method for PIN input equipment
CN101882191A (en) * 2009-05-08 2010-11-10 深圳长城开发科技股份有限公司 Information security protecting device

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3269444A1 (en) 2016-07-14 2018-01-17 Base4 Innovation Ltd Method of identifying droplets in a stack and an associated sequencer
WO2018011398A1 (en) 2016-07-14 2018-01-18 Base4 Innovation Limited Method of identifying droplets in a stack and an associated sequencer
WO2018042028A1 (en) 2016-09-02 2018-03-08 Base4 Innovation Limited Single nucleotide detection method and associated probes
WO2018046521A1 (en) 2016-09-06 2018-03-15 Base4 Innovation Limited Single nucleotide detection method and associated probes
WO2018054964A1 (en) 2016-09-20 2018-03-29 Base4 Innovation Limited Single nucleotide detection method and associated probes
WO2018210823A1 (en) 2017-05-15 2018-11-22 Base4 Innovation Limited Single nucleotide detection method and associated probes
EP4534689A2 (en) 2017-05-15 2025-04-09 Lightcast Discovery Ltd Single nucleotide detection method and associated probes
WO2019243577A1 (en) 2018-06-21 2019-12-26 Base4 Innovation Limited Sequencing method using modified nucleoside polyphosphates

Also Published As

Publication number Publication date
CN102930648A (en) 2013-02-13
CN102930648B (en) 2015-09-16

Similar Documents

Publication Publication Date Title
WO2014005385A1 (en) Information security protection device
US7549064B2 (en) Secure circuit assembly
US20130283386A1 (en) Tamper respondent covering
EP1421549B1 (en) A pin pad
US7791898B2 (en) Security apparatus
US9450586B2 (en) Security shield assembly
US7180008B2 (en) Tamper barrier for electronic device
CN201532635U (en) A safety protection device
TWI595382B (en) Safety protecting device, forming and manufacturing method thereof
CN201233600Y (en) Protection apparatus for sensitive data anti-theft
EP2608162B1 (en) Anti-spying encrypted keyboard
CN100576985C (en) safety cover
US20020002683A1 (en) Security module system, apparatus and process
JP2018530056A (en) Circuit board and electronic package including embedded tamper sensitive sensor
CN102573283B (en) PCB (printed circuit board) safety protective board and PCB safety protective device
WO2014158159A1 (en) Shield for an electronic device
CN103617908B (en) The keyboard safety protection device of payment terminal and method
US11432399B2 (en) Tamper resistance wall structure
US20110255253A1 (en) Protective serpentine track for card payment terminal
WO2009036610A1 (en) Safety protection device
JP4969426B2 (en) Destruction detection pattern board
CN102750037B (en) Penetration attack preventing liquid crystal touch screen
CN209710415U (en) Via hole protects structure and POS machine
CN102638930A (en) Self-destruction protective cover of circuit board
CN206460467U (en) The equipment of resistance against physical attack

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12880338

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12880338

Country of ref document: EP

Kind code of ref document: A1