From 03d6a8362ddd243525eeecb7e2bad84f74046f1b Mon Sep 17 00:00:00 2001 From: jaseg Date: Tue, 26 Aug 2025 18:25:26 +0200 Subject: [PATCH] Add lots of patent history detail --- chapter-hsms/chapter.tex | 67 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 66 insertions(+), 1 deletion(-) diff --git a/chapter-hsms/chapter.tex b/chapter-hsms/chapter.tex index 96b9f56..9acb3b1 100644 --- a/chapter-hsms/chapter.tex +++ b/chapter-hsms/chapter.tex @@ -139,9 +139,58 @@ The design of these IBM/Gore meshes is documented in an extensive list of patent \subsection{Tamper-sensing Mesh Monitoring} +Tamper-sensing meshes are most effective when they are continuously monitored using a backup power supply when the +larger system is powered off. In practice, the main challenge with continuous monitoring of tamper-sensing meshes is in +the design of the monitoring circuit. A large portion of industry attention has been spent on designing low-power +monitoring circuits that are sensitive to tampering with the mesh while using little enough power to enable years of +operation from a battery. Commonly, one or two cylindrical or large coin cell Lithium primary batteries are used, +providing in the order of \qtyrange{10}{20}{\watt\hour} over their lifetime. Broken down to an unpowered storage life of +e.g.\ 5 years, this corresponds to a maximum average power consumption of \qty{450}{\micro\watt}. + +% FIXME cite patent US20010056542A1, maybe others? +% relevant categories: (H01L23/576), (G06K19/07372) +% keyword: wire covering +% FIXME US10251260B1, US9730315B1 (both square) mention wheatstone bridge +% FIXME DE2656349A1 mentions bridge circuit but applied to a fence(!) +To achieve low power consumption, a popular technique known since at least 1902 +% FIXME cite US708093A +and still used today +% FIXME cite section on utimaco / gore mesh, cite US20010056542A1 (ibm), US10251260B1, US9730315B1 (square) +is to measure the mesh's deviation from its baseline value. This measurement can be implemented either by directly +comparing a mesh trace's resistance with a reference resistor, or using a wheatstone bridge. +% FIXME cite DE559905C +This technique, known since at least 1929, is still used in modern HSMs for its simple implementation: Comparators do no +need a lot of power, and similar to the layout of a strain gauge, the wheatstone bridge circuit can be implemented using +the mesh's traces. When all traces are interleaved, this also provides some degree of intrinsic temperature +compensation. + +% FIXME US10321589B2 cites comparators + +% US587931A (1897) describes overlapping structure +% FIXME US7345497B2 uses balanced transmission lines / fast pulses + +% FIXME NCR Group patent US4593384A mentioned tamper traces in 1984 +% FIXME NCR Group patent US3594770A mentions meshes in 1968 +% FIXME US110362A from 1870 may be oldes mention of mesh I found +% FIXME US708093A from 1902 shows literal meshes like we do them today, just with wires not PCBs, and also describes +% bridge-like comparator circuit using counter-wound coils +% FIXME Hughes Aircraft patent US5568124A mentions mesh-like panels in 1993 + +% NOTE: US3882324A mentions exploding the device as tamper response + \subsection{Other Tamper Sensing Techniques} -\subsection{Hardware Security Module Applications} +Besides tamper-sensing meshes, environmental sensors such as temperature or light sensors are frequently used as a +secondary line of defence in HSMs and similar devices. By placing such sensors in the device and verifying the device is +within its nominal operating environment, tampering can be made less convenient. Modern security standards often mandate +the implementation of at least a temperature sensor to prevent cold-boot attacks on a device. A multitude of other +sensors have been proposed, including humidity sensors, vibration sensors, light sensors, magnetometers, and radiation +sensors such as X-ray sensors have been proposed. While the implementation cost of most sensor types is low, each +additional environmental sensor comes with an increased false alarm rate. Anecdotally, we have heard of light sensors +being removed from a datacenter HSM product because they caused frequent false alarms despite extensive efforts like +custom injection-molded plastic light baffles at all air vents of the device designed to prevent ingress of outside +light. +% FIXME citations? \subsection{The Patent Landscape} @@ -154,6 +203,22 @@ their designs. While most original tamper sensing mesh implementations are cover highlight IBM for dwarfing the efforts of most other companies and fielding industry's widest portfolio of related patents. +While the patent history of HSM-like devices is rather shallow and begins in the 1990ies +% FIXME cite +with scarce prior examples, +% FIXME cite +tamper-sensing meshes have a much longer history dating back to at least 1870. +% FIXME cite +Tamper-sensing meshes were often called \emph{wire coverings} in earlier patent literature from before the widespread +adoption of printed circuits. Beginning in the late 1800s, there is an abundance of patents claiming such meshes for the +protection of safes and vault rooms. +A 1969 NCR patent +% FIXME cite US10321589B2 +is the earliest mention we were able to find of such a tamper-sensing mesh being implemented in a printed circuit +process instead of by laying out a physical wire. + +\subsection{Hardware Security Module Applications} + \section{A Survey of Meshes in the Wild} Concluding the brief history of tamper sensing meshes above, we find that they were initially developed for sensitive