STM1404 3V FIPS-140 Security Supervisor with Battery Switchover DATA BRIEFING FEATURES ■ ■ ■ ■ STM1404 SUPPORTS FIPS-140 SECURITY LEVEL 4 – 4 High-Impedance Physical Tamper Inputs – Over/Under Operating Voltage Detector – Security Alarm (SAL) on Tamper Detection – Over/Under Operating Temperature Detector – Over/Under Temperature Thresholds are Customer-Selectable and FactoryProgrammed SUPERVISORY FUNCTIONS – Automatic Battery Switchover – RST Output (Open Drain) – Manual (Push-button) Reset Input (MR) – Power-fail Comparator (PFI/PFO) Vccsw (VCC SWITCH OUTPUT) – Low When Switched to VCC – High When Switched to VBAT (BATT ON Indicator) BATTERY LOW VOLTAGE DETECTOR (POWER-UP) Figure 1. Package QFN16, 3x3mm (Q) OPTIONAL VREF (1.237V) (Available for STM1404A only) LOW BATTERY SUPPLY CURRENT (5.3µA Typ) SECURE LOW PROFILE 16-PIN, 3x3mm, QFN PACKAGE RoHS COMPLIANCE Lead-free components compliant with the RoHS directive ■ ■ ■ ■ Table 1. Device Options VREF (1.237V) Option VOUT Status, During Alarm Vccsw Status, During Alarm ✔ ✔ ON Normal Mode(2) ✔ ✔ Note 3 High-Z High ✔ ✔ Note 3 Ground High STM704 Functions(1) Physical Tamper Inputs STM1404A ✔ ✔ ✔ STM1404B ✔ ✔ STM1404C ✔ ✔ Over/Under Over/Under Voltage Temperature Alarms Alarms Note: 1. SAL, RST, PFO, and BLD are Open Drain. 2. Normal Mode: Low when VOUT is internally switched to VCC and High when VOUT is internally switched to battery. 3. Pin 9 is the VREF pin for STM1404A. It is the VTPU pin for STM1404B/C. January 2006 For further information contact your local ST sales office. Rev 4.0 1/9 STM1404 SUMMARY DESCRIPTION The STM1404 family of security supervisors are a low power family of intrusion (tamper) detection chips targeted at manufacturers of POS terminals and other systems, to enable them to meet physical and/or environmental intrusion monitoring requirements as mandated by various standards, such as Federal Information Processing Standards (FIPS) Pub 140 entitled “Security Requirements for Cryptographic Modules,” published by the National Institute of Standards and Technology, U.S. Department of Commerce), EMVCo, ISO, ZKA, and VISA PED. STM1404 will target the highest security level 4 and include both physical and environmental (voltage and temperature) monitoring. The STM1404 include Automatic Battery Switchover, RST Output (Open Drain), Manual (Push-button) Reset Input (MR), Power-fail Comparator (PFI/PFO), Physical and/or Environmental Tamper Detect/Security Alarm, and Battery Low Voltage Detect features. The STM1404A also offers a VREF (1.237V) as an option on pin 9. On STM1404B/C this pin is VTPU (internally switched VCC or VBAT). VOUT Pin Modes The STM1404 is available in three versions, corresponding to three modes of the VOUT pin (Supply Voltage Out), when the SAL (Security Alarm) is asserted (active-low) upon tamper detection: STM1404A. VOUT stays ON (at VCC or VBAT) when SAL is driven low (activated). STM1404B. VOUT is set to High-Z when SAL is driven low (activated). STM1404C. VOUT is driven to Ground when SAL is activated (may be used when VOUT is connected directly to the VCC pin of the external SRAM that holds the cryptographic codes). All variants (see Table 1., Device Options) are pincompatible and available in a security-friendly, low profile, 16-pin QFN package. Table 2. Signal Names Figure 2. Logic Diagram VREF BLD(3) or VBAT VCC VTPU(1) VCCSW(2) VOUT Vccsw(1) VCC Switch Output MR Manual (Push-button) Reset Input PFI Power-fail Input TP1 - TP4 Independent Physical Tamper Detect Pins 1 through 4 VOUT Supply Voltage Output RST(2) Active-low Reset Output RST(3) PFO(2) Power-fail Output PFI PFO(3) SAL(2) Security Alarm Output TP1 (NH) SAL(3) BLD(2) Battery Low Voltage Detect VREF(3) 1.237V Reference Voltage VTPU(3) Tamper Pull-up (VCC or VBAT) VBAT Back-up Supply Voltage VCC Supply Voltage VSS Ground MR STM1404 TP2 TP3 (NL) (NH) TP4 VSS (NL) AI09682a Note: 1. VREF only for STM1404A; VTPU for STM1404B/C. 2. Normal Mode: Low when VOUT is internally switched to VCC and High when VOUT is internally switched to battery. 3. SAL, RST, PFO, and BLD are Open Drain. 2/9 Note: See PIN DESCRIPTIONS of the full datasheet for details. 1. Normal Mode: Low when VOUT is internally switched to VCC and High when VOUT is internally switched to battery. 2. SAL, RST, PFO, and BLD are Open Drain. 3. VREF only for STM1404A; VTPU for STM1404B/C. STM1404 Figure 3. QFN16 Connections BLD(2) PFI VCCSW(1) VCC 15 14 RST(2) 1 13 12 VOUT MR 2 11 VBAT SAL(2) 3 10 PFO(2) VSS 4 16 5 6 7 TP1 TP2 TP3 (NH) (NL) (NH) 8 9 TP4 (NL) VREF or VTPU(3) AI09683 Note: See PIN DESCRIPTIONS of the full datasheet for details. 1. Normal Mode: Low when VOUT is internally switched to VCC and High when VOUT is internally switched to battery. 2. SAL, RST, PFO, and BLD are Open Drain. 3. VREF only for STM1404A; VTPU for STM1404B/C. 3/9 STM1404 Figure 4. Block Diagram VCC VOUT BAT54J(1,2) VSO VBAT(1) COMPARE VCCSW VINT VRST COMPARE trec Generator MR PFI RST(3) VPFI COMPARE PFO(3) VDET COMPARE @ POWER-UP BLD(3) VTPU(4) 1.237V VREF Generator VHV COMPARE VLV COMPARE VREF(4) TP1 (NH) TP2 (NL) SAL(3) TP3 (NH) TP4 (NL) High Temp. Sense TA > TH Low Temp. Sense TA < TL Note: 1. 2. 3. 4. 4/9 BAT54J (from STMicroelectronics) recommended. Required for battery-reverse charging protection. Open Drain VREF only for STM1404A; VTPU for STM1404B/C. AI09684a STM1404 TAMPER DETECTION Physical Supply Voltage There are four (4) high-impedance physical tamper detect input pins, 2 normally set to High (NH) and 2 normally set to Low (NL). Each input is designed with a glitch immunity. These inputs can be connected externally to several types of actuator devices (e.g., switches, wire mesh). A tamper on any one of the four inputs that causes its state to change will trigger the security alarm (SAL) and drive it to active-low. Once the tamper condition no longer exists, the SAL will return to its normal High state. TP1 and TP3 are set Normally to High (NH). They are connected externally through a closed switch or a high-impedance resistor to VOUT (in the case of STM1404A or STM1404A) or VTPU (in the case of STM1404B/C), A tamper condition will be detected when the input pin is pulled low. If not used, tie the pin to VOUT or VTPU. TP2 and TP4 are set Normally to Low (NL). They are connected externally through a high-impedance resistor or a closed switch to VSS. A tamper condition will be detected when the input pin is pulled high. If not used, tie the pin to VSS. The internally switched supply voltage, VINT (either VCC input or VBAT input) is continuously monitored. If VINT should exceed the over voltage trip point, VHV (set at 4.2V, typical), or should go below the under voltage trip point, VLV (set at 2.0v, typical). SAL will be driven active-low. Once the tamper condition no longer exists, the SAL pin will return to its normal High state. Temperature The STM1404 has a built-in, bandgap-based sensor to monitor the temperature. If a preset (customer-selectable, factory-programmed) overtemperature trip point (TH) or under-temperature trip point (TL) is exceeded, the SAL is asserted low. When no tamper condition exists, SAL is normally High. When a tamper is detected, the SAL is activated (driven low), independent of the part type. VOUT can be driven to one of three states, depending on which variant of STM1404 is being used (see Device Options, page 1): ■ ON; ■ High-Z; or ■ Ground (VSS). Note: The STM1404 must be initially powered above VRST to enable the tamper detection alarms. For example, if the battery is on while VCC = 0V, no alarm condition can be detected until VCC rises above VRST (and trec expires). From this point on, alarms can be detected either on battery or VCC. This is done to avoid false alarms when the device goes from no power to its operational state. 5/9 STM1404 PART NUMBERING Table 3. Ordering Information Scheme (see Figure 5., page 7 for Marking Information) Example: STM1404 A T M D Q 6 F Device Type STM1404: Over/Under Temperature Detect VOUT Status (SAL = Active-Low) A: VOUT = ON; Vccsw = Normal Mode B: VOUT = High-Z; Vccsw = High C: VOUT = Ground; Vccsw = High Reset Threshold Voltage T: VRST = 3.00V to 3.15V S: VRST = 2.85V to 3.00V R: VRST = 2.55V to 2.70V Battery Low Voltage Detect Threshold (VDET) M: VDET = 2.3V (Typ) N: VDET = 2.5V (Typ) O: VDET = 3.2V (Typ) Under (TL)/Over (TH) Temperature Alarm Thresholds (STM1404 only) B: –25/+80°C H: –35/+80°C C: –25/+85°C I: –35/+85°C D: –25/+95°C J: –35/+95°C Package Q = QFN16 (3mm x 3mm) Temperature Range 6 = –40 to 85°C Shipping Method F = ECOPACK Package, Tape & Reel For other options, or for more information on any aspect of this device, please contact the ST Sales Office nearest you. 6/9 STM1404 Figure 5. Topside Marking Information 04 XXXX(1) YWW(2) AI12218 Note: 1. Options codes: X = A, B, or C (for VOUT) X = T, S, or R (for Reset Threshold) X = M, N, or O (for Battery Low Voltage Detect Threshold) X = B, C, D, H, I, or J (for Temperature Alarm Threshold) 2. Traceability Codes Y = Year WW = Work Week 7/9 STM1404 REVISION HISTORY Table 4. Document Revision History Date Version 11-October-04 1.0 First Edition 26-Nov-04 1.1 Corrected footprint dimensions; update characteristics (Figure 2, 3, 4; Table 1, 2) 22-Dec-04 1.2 Update characteristics (Table 3) 03-Feb-05 1.3 Update characteristics 25-Feb-05 1.4 Update temperature trip limits (Table 3) 06-May-05 2.0 v2.0 of DB corresponds to v1.5 of DS 03-Jan-05 3.0 v3.0 of DB corresponds to v2.0 of DS 06-Jan-06 4.0 v4.0 of DB corresponds to v3.0 of DS 8/9 Description STM1404 Information furnished is believed to be accurate and reliable. However, STMicroelectronics assumes no responsibility for the consequences of use of such information nor for any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of STMicroelectronics. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. STMicroelectronics products are not authorized for use as critical components in life support devices or systems without express written approval of STMicroelectronics. The ST logo is a registered trademark of STMicroelectronics. All other names are the property of their respective owners © 2006 STMicroelectronics - All rights reserved STMicroelectronics group of companies Australia - Belgium - Brazil - Canada - China - Czech Republic - Finland - France - Germany - Hong Kong - India - Israel - Italy - Japan Malaysia - Malta - Morocco - Singapore - Spain - Sweden - Switzerland - United Kingdom - United States of America www.st.com 9/9