ST AN1879 Application note

AN1879

Application note

How to use M41ST87 tamper detect and RAM clear

Introduction

The M41ST87 is a supervisory family circuit that provides the industry with the latest in on­chip security solutions. The tamper detection and RAM clear circuit can be used in any
system to protect sensitive data from tampering. This chip can be used to secure a wide
range of applications from credit card machines and point-of-sale (POS) terminals to electric
data meters. The M41ST87 features the ability to detect and timestamp any tampering of
the system, and corrupt the device memory when the event occurs. This prevents the
intruder from accessing data stored in memory by clearing the device memory and/or
external RAM when the tampering event occurs.

January 2009 Rev 4 1/9

www.st.com

Description AN1879

Description

How it works

The M41ST87 device provides two independent tamper input pins, TP1IN and TP2IN, that
can be used to monitor two separate signals. These two tamper input pins can be set to
indicate that a tamper event has occurred by either 1) closing a switch (normally open) to
ground or V
ground or V
in the tamper registers.

The M41ST87 device includes 128 bytes of internal RAM that the user has the option of
clearing by setting the TEB and CLR bits in the tamper registers.

Clearing the external memory with the tamper registers

The M41ST87 can also clear the external, battery-backed up SRAM of the device by setting
the TEB and CLR
of the SRAM can be taken to ground. However, certain SRAMs require a significant amount
of time for the memory to be corrupted if V
a reasonable amount of time, one can take V
taking V
conduction mode so that it corrupts the memory.

CC

or 2) opening a switch that was previously closed (normally closed) to

OUT

. The closing and opening of the switch is configurable using bits that are set

OUT

bits in the tamper registers. To clear/corrupt the external memory, VCC

EXT

is simply grounded. To corrupt the memory in

CC

of the SRAM to a negative voltage. By

CC

to a negative voltage, the input protection diode turns on and goes into

Clearing the external memory with an external charge pump

An external charge pump device should be used with the M41ST87 to drive VCC of the
SRAM to a negative voltage during the tamper condition. Figure 1 on page 3 shows how to
connect this circuit. When using the M41ST87 with the charge pump device, the user must
also provide two additional MOSFETs to isolate the V
(OUT) of the charge pump during normal operation, and from V
during the tamper condition. During normal operation the TP
disabling the charge pump. When disabled, the output of most charge pumps will be forced
to Ground. In order to allow proper operation of the SRAM, MOSFET(1) must be “off” to
isolate V

of the SRAM from the charge pump output. At this same time, P-channel

CC

MOSFET(2) will be “on” to provide the supply voltage for the SRAM.

During a tamper condition, the TP

signal will be forced high, controlling the inhibit pin of

CLR

the DC regulator. This will put the regulator in standby mode for t
clear timing where the regulator will be switched off for 1, 4, 8, or 16 seconds, depending on
the setting of the CLRPW1 and CLRPW0 bits in the register. The TP
the charge pump. When the charge pump is enabled, OUT generates a negative voltage on
the V
M41ST87 must be isolated from the V

pin of the SRAM (for a programmable period of time), causing data corruption. The

CC

of the SRAM to avoid data corruption of the

CC

M41ST87 due to forward biasing of the parasitic diode of the M41ST87 V
accomplished by using the TP

signal to turn the N-channel MOSFET(1) “on,” while

CLR

turning the P-channel MOSFET(2) “off.”

of the M41ST87 from the output

OUT

of the M41ST87 device

OUT

signal will be forced low,

CLR

. The t

CLR

CLR

signal also enables

CLR

OUT

is the tamper

output. This is

2/9

AN1879 Description

Figure 1. Circuit connection

Inverting

Charge

Inhibit

V

IN

5V

Regulator

Pump

OUTIN

SHDN

M41ST87Y/W

V

CC

V

CC

TP1

TP2

EX

SCL

WDI

TP

CLR

IN

IN

V

E

OUT

CON

SDA

CAP+ CAP–

C1

C2

(2)

Negative Output

(–1 x VIN)

(1)

V

CC

E

Low-Power

SRAM

Pushbutton

Reset

1. N-channel MOSFET

2. P-channel MOSFET

RSTIN1

RSTIN2

PFI

1

PFI

2

V

SS

V

BAT

RST

SQW/FT

PFO

PFO

IRQ/OUT

F

32k

To RST

To LED Display

1

2

To NMI

To INT

To 32kHz

AI07804

3/9