>tried to get samples, but the price was $300,000 for 10,000 units, How are they going to produce them at these prices and in that quantity given the "baroque activities in the vault" described by Denning? Doug (gumby@wixer.bga.com) Assuming that there is some EEPROM, or bipolar fuse PROM (like PALs) they can easily be programmed during the final (packaged) test stage. After the device passes its tests, give it a number. There are already some PALs that have a "silicon signature", a lot number embedded on the chip, which allows process or lot tracing of devices that don't work up to spec. Testing on peripheral controllers is well below 5 seconds each (gross ballpark - not giving away any secrets here) CPUs may be more, but a "wire-tap" chip should be much easier to test than a CPU. Testers can run close to 24 hours a day, and 24*3600/5 is 17,000 chips a day from one test head. QFP trays have 50 chips/tray, and since the tester knows when the trays are full, it can easily use this to form lot/tray/batch,etc numbers, as well as individual device numbers. I don't like what they're doing, but it all sounds technically feasible to me. Pete Carpenter IC Design Engineer Cirrus Logic Inc. pete@cirrus.com
I wrote:
How are they going to produce them at these prices and in that quantity given the "baroque activities in the vault" described by Denning?
Doug (gumby@wixer.bga.com)
My point was that given the additional escrow security measures described by D. Denning, I don't see how these prices or volumes will be possible. It is possible that: 1) Denning is describing the process incorrectly, or was merely outlining how the chips would be produced in the best of all possible worlds. 2) The manufacturer actually has many such vaults, and the escrow agencies will provide sufficient staff and disposable laptop computers at no charge to the manufacturer. 3) The chips will not, in fact, be produced in substantial volume (e.g. >1M / year would require over 3,000 "sessions" per working day) You responded:
Assuming that there is some EEPROM, or bipolar fuse PROM (like PALs) they can easily be programmed during the final (packaged) test stage. After the device passes its tests, give it a number. There are already some PALs that have a "silicon signature", a lot number embedded on the chip, which allows process or lot tracing of devices that don't work up to spec.
Testing on peripheral controllers is well below 5 seconds each (gross ballpark - not giving away any secrets here) CPUs may be more, but a "wire-tap" chip should be much easier to test than a CPU. Testers can run close to 24 hours a day, and 24*3600/5 is 17,000 chips a day from one test head. QFP trays have 50 chips/tray, and since the tester knows when the trays are full, it can easily use this to form lot/tray/batch,etc numbers, as well as individual device numbers.
(all of which I am familiar with) I was referring to: [... from D. Denning's sci.crypt posting ...] All Clipper Chips are programmed inside a SCIF (secure computer information facility), which is essentially a vault. The SCIF contains a laptop computer and equipment to program the chips. About 300 chips ^^^^^^^^^^^ are programmed during a single session. The SCIF is located at ^^^^ suggests only one vault Mikotronx. At the beginning of a session, a trusted agent from each of the two key escrow agencies enters the vault. Agent 1 enters an 80-bit value S1 into the laptop and agent 2 enters an 80-bit value S2. These values serve as seeds to generate keys for a sequence of serial numbers. [... technical info on key generation deleted ...] As a sequence of values for U1, U2, and U are generated, they are written onto three separate floppy disks. The first disk contains a file for each serial number that contains the corresponding key part U1. The second disk is similar but contains the U2 values. The third disk contains the unit keys U. Agent 1 takes the first disk and agent 2 takes the second disk. The third disk is used to program the chips. After the chips are programmed, all information is discarded from the vault and the agents leave. The laptop may be destroyed for additional ^^^^^^^^^^^^^^^ assurance that no information is left behind. The protocol may be changed slightly so that four people are in the room instead of two. The first two would provide the seeds S1 and S2, and the second two (the escrow agents) would take the disks back to the escrow agencies.
participants (2)
-
Douglas Barnes
-
peteļ¼ cirrus.com