STM1403 3V FIPS-140 Security Supervisor with Battery Switchover DATA BRIEFING FEATURES* ■ ■ ■ ■ ■ ■ ■ STM1403 SUPPORTS FIPS-140 SECURITY LEVEL 3+ – 4 High-Impedance Physical Tamper Inputs – Over/Under Operating Voltage Detector – Security Alarm (SAL) on Tamper Detection SUPERVISORY FUNCTIONS – Automatic Battery Switchover – RST Output (Open Drain) – Manual (Push-button) Reset Input (MR) – Power-fail Comparator (PFI/PFO) Vccsw (VCC SWITCH OUTPUT) – Low When Switched to VCC – High When Switched to VBAT (BATT ON Indicator) BATTERY LOW VOLTAGE DETECTOR (POWER-UP) OPTIONAL VREF (1.237V) (Available for STM1403A only) Figure 1. Package QFN16, 3mm x 3mm (Q) LOW BATTERY SUPPLY CURRENT (2.8µA, typ) SECURE LOW PROFILE 16-PIN, 3x3mm, QFN PACKAGE Table 1. Device Options VREF (1.237V) Option VOUT Status, During Alarm Vccsw Status, During Alarm ✔ ✔ ON Normal Mode(2) ✔ ✔ Note 3 High-Z High ✔ ✔ Note 3 Ground High STM704 Functions(1) Physical Tamper Inputs STM1403A ✔ ✔ STM1403B ✔ STM1403C ✔ Over/Under Over/Under Voltage Temperature Alarms Alarms Note: 1. SAL, RST, PFO, and BLD are Open Drain. 2. Normal Mode: Low when VOUT is internally switched to VCC and High when VOUT is internally switched to battery. 3. Pin 9 is the VREF pin for STM1403A. It is the VTPU pin for STM1403B/C. * Contact local ST sales office for the full datasheet. October 2005 For further information contact your local ST sales office. Rev 4.0 1/9 STM1403 SUMMARY DESCRIPTION The STM1403 family of security supervisors are a low power family of intrusion (tamper) detection chips targeted at manufacturers of POS terminals and other systems, to enable them to meet physical and/or environmental intrusion monitoring requirements as mandated by various standards, such as Federal Information Processing Standards (FIPS) Pub 140 entitled “Security Requirements for Cryptographic Modules,” published by the National Institute of Standards and Technology, U.S. Department of Commerce), EMVCo, ISO, ZKA, and VISA PED. STM1403 supports target levels 3 and lower The STM1403 includes Automatic Battery Switchover, RST Output (Open Drain), Manual (Push-button) Reset Input (MR), Power-fail Comparator (PFI/PFO), Physical and/or Environmental Tamper Detect/Security Alarm, and Battery Low Voltage Detect features. The STM1403A also offers a VREF (1.237V) as an option on pin 9. On the STM1403B/C, this pin is VTPU (internally switched VCC or VBAT). VOUT Pin Modes The STM1403 is available in three versions, corresponding to three modes of the VOUT pin (Supply Voltage Out), when the SAL (Security Alarm) is asserted (active-low) upon tamper detection: STM1403A. VOUT stays ON (at VCC or VBAT) when SAL is driven low (activated). STM1403B. VOUT is set to High-Z when SAL is driven low (activated). STM1403C. VOUT is driven to Ground when SAL is activated (may be used when VOUT is connected directly to the VCC pin of the external SRAM that holds the cryptographic codes). All variants (see Table 1., Device Options) are pincompatible and available in a security-friendly, low profile, 16-pin QFN package. Table 2. Signal Names Figure 2. Logic Diagram VREF or VBAT VCC VTPU(1) BLD(3) VCCSW(2) VOUT Vccsw(1) VCC Switch Output MR Manual (Push-button) Reset Input PFI Power-fail Input TP1 - TP4 Independent Physical Tamper Detect Pins 1 through 4 VOUT Supply Voltage Output RST (2) Active-low Reset Output RST(3) PFO(2) PFI PFO(3) (2) SAL Security Alarm Output TP1 (NH) SAL(3) BLD(2) Battery Low Voltage Detect VREF(3) 1.237V Reference Voltage VTPU(3) Tamper Pull-up (VCC or VBAT) VBAT Back-up Supply Voltage VCC Supply Voltage VSS Ground MR STM1403 TP2 TP3 (NL) (NH) TP4 VSS (NL) AI09682 Note: 1. VREF only for STM1403A; VTPU for STM1403B/C. 2. Normal Mode: Low when VOUT is internally switched to VCC and High when VOUT is internally switched to battery. 3. SAL, RST, PFO, and BLD are Open Drain. 2/9 Power-fail Output Note: See PIN DESCRIPTIONS, page 9 of the full datasheet for details. 1. Normal Mode: Low when VOUT is internally switched to VCC and High when VOUT is internally switched to battery. 2. SAL, RST, PFO, and BLD are Open Drain. 3. VREF only for STM1403A; VTPU for STM1403B/C. STM1403 Figure 3. QFN16 Connections BLD(2) PFI VCCSW(1) VCC 15 14 RST(2) 1 13 12 VOUT MR 2 11 VBAT SAL(2) 3 10 PFO(2) VSS 4 16 5 6 7 TP1 TP2 TP3 (NH) (NL) (NH) 8 9 TP4 (NL) VREF or VTPU(3) AI09683 Note: See PIN DESCRIPTIONS, page 9 of the full datasheet for details. 1. Normal Mode: Low when VOUT is internally switched to VCC and High when VOUT is internally switched to battery. 2. SAL, RST, PFO, and BLD are Open Drain. 3. VREF only for STM1403A; VTPU for STM1403B/C. 3/9 STM1403 Figure 4. Block Diagram VCC VOUT BAT54J(1,2) VSO VBAT(1) COMPARE VCCSW VINT VRST COMPARE trec Generator MR PFI RST(3) VPFI COMPARE PFO(3) VDET COMPARE @ POWER-UP BLD(3) VTPU(4) 1.237V VREF Generator VHV COMPARE VLV COMPARE TP1 (NH) TP2 (NL) TP3 (NH) TP4 (NL) VREF(4) SAL(3) AI09684 Note: 1. 2. 3. 4. 4/9 BAT54J (from STMicroelectronics) recommended. Required for battery-reverse charging protection. Open Drain VREF only for STM1403; VTPU for STM1403B/C. STM1403 TAMPER DETECTION Physical Supply Voltage There are four (4) high-impedance physical tamper detect input pins, 2 normally set to High (NH) and 2 normally set to Low (NL). Each input is designed with a glitch immunity. These inputs can be connected externally to several types of actuator devices (e.g., switches, wire mesh). A tamper on any one of the four inputs that causes its state to change will trigger the security alarm (SAL) and drive it to active-low. Once the tamper condition no longer exists, the SAL will return to its normal High state. TP1 and TP3 are set Normally to High (NH). They are connected externally through a closed switch or a high-impedance resistor to VOUT (in the case of STM1403A) or VTPU (in the case of STM1403B/ C), A tamper condition will be detected when the input pin is pulled low. If not used, tie the pin to VOUT or VTPU. TP2 and TP4 are set Normally to Low (NL). They are connected externally through a high-impedance resistor or a closed switch to VSS. A tamper condition will be detected when the input pin is pulled high. If not used, tie the pin to VSS. The internally switched supply voltage, VINT (either VCC input or VBAT input) is continuously monitored. If VINT should exceed the over voltage trip point, VHV (set at 4.2V, typical), or should go below the under voltage trip point, VLV (set at 2.0v, typical). SAL will be driven active-low. Once the tamper condition no longer exists, the SAL pin will return to its normal High state. When no tamper condition exists, SAL is normally High. When a tamper is detected, the SAL is activated (driven low), independent of the part type. VOUT can be driven to one of three states, depending on which variant of STM1403 is being used (see Device Options, page 1): ■ ON; ■ High-Z; or ■ Ground (VSS). Note: The STM1403 must be initially powered above VRST to enable the tamper detection alarms. For example, if the battery is on while VCC = 0V, no alarm condition can be detected until VCC rises above VRST (and trec expires). From this point on, alarms can be detected either on battery or VCC. This is done to avoid false alarms when the device goes from no power to its operational state. 5/9 STM1403 PART NUMBERING Table 3. Ordering Information Scheme (see Figure 5., page 7 for Marking Information) Example: STM1403 A T M – Q 6 F Device Type STM1403: Physical, Voltage Tamper Detect VOUT Status (SAL = Active-Low) A: VOUT = ON; Vccsw = Normal Mode B: VOUT = High-Z; Vccsw = High C: VOUT = Ground; Vccsw = High Reset Threshold Voltage T: VRST = 3.00V to 3.15V S: VRST = 2.85V to 3.00V R: VRST = 2.55V to 2.70V Battery Low Voltage Detect Threshold (VDET) M: VDET = 2.3V (Typ) N: VDET = 2.5V (Typ) O: VDET = 3.2V (Typ) Package Q = QFN16 (3mm x 3mm) Temperature Range 6 = –40 to 85°C Shipping Method F = ECOPACK Package, Tape & Reel For other options, or for more information on any aspect of this device, please contact the ST Sales Office nearest you. 6/9 STM1403 Figure 5. Topside Marking Information 03 XXX(1) YWW(2) AI11878 Note: 1. Options codes: X = A, B, or C (for VOUT) X = T, S, or R (for Reset Threshold) X = M, N, or O (for Battery Low Voltage Detect Threshold) 2. Traceability Codes Y = Year WW = Work Week 7/9 STM1403 REVISION HISTORY Table 4. Document Revision History Date Revision 11-October-04 1.0 First Edition 26-Nov-04 1.1 Corrected footprint dimensions; update characteristics (Figure 2, 3, 4, 5, 6, 7, 8, 9, 27, 28, 31; Table 1, 2, 3, 6, 7) 22-Dec-04 1.2 Update characteristics (Figure 5; Table 6, 7, 3) 03-Feb-05 1.3 Update characteristics (Figure 5; Table 6, 7) 25-Feb-05 1.4 Update temperature trip limits (Table 3) 06-May-05 2.0 v2.0 of DB corresponds to v1.5 of DS 05-Aug-05 3.0 v3.0 of DB corresponds to v2.0 of DS 13-Oct-05 4.0 v4.0 of DB corresponds to v3.0 of DS; addition of datasheet availability 8/9 Description STM1403 Information furnished is believed to be accurate and reliable. However, STMicroelectronics assumes no responsibility for the consequences of use of such information nor for any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of STMicroelectronics. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. STMicroelectronics products are not authorized for use as critical components in life support devices or systems without express written approval of STMicroelectronics. The ST logo is a registered trademark of STMicroelectronics. All other names are the property of their respective owners © 2005 STMicroelectronics - All rights reserved STMicroelectronics group of companies Australia - Belgium - Brazil - Canada - China - Czech Republic - Finland - France - Germany - Hong Kong - India - Israel - Italy - Japan Malaysia - Malta - Morocco - Singapore - Spain - Sweden - Switzerland - United Kingdom - United States of America www.st.com 9/9