[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Mass producing chips
I wrote:
> How are they going to produce them at these prices and in that quantity
> given the "baroque activities in the vault" described by Denning?
>
> Doug ([email protected])
>
My point was that given the additional escrow security measures described
by D. Denning, I don't see how these prices or volumes will be possible.
It is possible that:
1) Denning is describing the process incorrectly, or was merely
outlining how the chips would be produced in the best of all
possible worlds.
2) The manufacturer actually has many such vaults, and the escrow agencies
will provide sufficient staff and disposable laptop computers
at no charge to the manufacturer.
3) The chips will not, in fact, be produced in substantial volume
(e.g. >1M / year would require over 3,000 "sessions" per working day)
You responded:
> Assuming that there is some EEPROM, or bipolar fuse PROM (like PALs) they can
> easily be programmed during the final (packaged) test stage. After the device
> passes its tests, give it a number. There are already some PALs that have a
> "silicon signature", a lot number embedded on the chip, which allows process
> or lot tracing of devices that don't work up to spec.
>
> Testing on peripheral controllers is well below 5 seconds each (gross ballpark -
> not giving away any secrets here) CPUs may be more, but a "wire-tap" chip
> should be much easier to test than a CPU. Testers can run close to 24 hours
> a day, and 24*3600/5 is 17,000 chips a day from one test head. QFP trays have
> 50 chips/tray, and since the tester knows when the trays are full, it can easily
> use this to form lot/tray/batch,etc numbers, as well as individual device numbers.
>
(all of which I am familiar with)
I was referring to:
[... from D. Denning's sci.crypt posting ...]
All Clipper Chips are programmed inside a SCIF (secure computer
information facility), which is essentially a vault. The SCIF contains
a laptop computer and equipment to program the chips. About 300 chips
^^^^^^^^^^^
are programmed during a single session. The SCIF is located at
^^^^ suggests only one vault
Mikotronx.
At the beginning of a session, a trusted agent from each of the two key
escrow agencies enters the vault. Agent 1 enters an 80-bit value S1
into the laptop and agent 2 enters an 80-bit value S2. These values
serve as seeds to generate keys for a sequence of serial numbers.
[... technical info on key generation deleted ...]
As a sequence of values for U1, U2, and U are generated, they are
written onto three separate floppy disks. The first disk contains a
file for each serial number that contains the corresponding key part
U1. The second disk is similar but contains the U2 values. The third
disk contains the unit keys U. Agent 1 takes the first disk and agent
2 takes the second disk. The third disk is used to program the chips.
After the chips are programmed, all information is discarded from the
vault and the agents leave. The laptop may be destroyed for additional
^^^^^^^^^^^^^^^
assurance that no information is left behind.
The protocol may be changed slightly so that four people are in the
room instead of two. The first two would provide the seeds S1 and S2,
and the second two (the escrow agents) would take the disks back to
the escrow agencies.