I have a device that once mounted and activated, needs to "self destruct" (well, self disable...) if removed, as a measure of protection so that it will not be stolen and used in some other place. The device is powered by external power, but contains to internal power source. So, this mechanism needs to work even when power is not applied (hmm....). Any ideas?
Ok, how about when you power on the first time, you write a bit in EEPROM or whatever you have available for nonvolatile storage.
On power on, you look for this bit. If it is set, it means you've powered on more than once and might have been moved, so you can require a code of some sort to be entered in order to authenticate the user as the legitimate owner. (disabling *permanently* seems like a bad plan that will result in a lot of returns)
Can you "marry" it with a helper micro that sits on the thing you mount your device on? If you can, you could put a key in the helper micro, and then do a hashed challenge to verify it...?
Hmm... Perhaps I did not explicitly mention - power to the unit is
*expected* to be removed (though not frequently) as part of normal operating process. Removal of power alone does not indicate theft. Secondly, the unit does not have any input devices (like a keypad or something) to enter a code.If the unit had an internal power source, I would say that one of the GPIO pins could be wired to vcc (via an external wire) and if that wire is cut, this could be detected and a bit set. But, as I said, no internal power source.....
As for marrying it with a helper micro, I am sure that would work, but would add to the cost and also complexity of installation...
You could probably get away with one of those 8-legged, $0.30, internal clock things (NXP has some good ones I think). And for installation, initial key exchange could be completely automatic... Just an idea...
Then you need some method to distinguish the normal power cycle, from the abnormal one. If you exclude handshakes, and IDs, then all you have left is the duration of power break, or maybe motion/shock sensor ( eg SuperCAP + tilt switch ) - store = not moved since last power, no volts, = IBM ( I've been moved )
Along with a maintenance/installation mode to reset the detection as with a tilt switch it no doubt will have been moved in transit before installation or swap out for repairs.
Once that mode is known all security is lost.
Without some form of factory ID setting of two parts to match up with each other, or only at factory the ID of the part to be used with is reset so first ID found is used for security, it will be difficult.
Whatever method you use needs a first use/repair method which is its weak link.
--
Paul Carpenter | paul@pcserviceselectronics.co.uk
PC Services
GNU H8 & mailing list info
For those web sites you hate
How secure does this anti-theft method have to be? You could put a reed switch in the device and a magnet in the mounting bracket. This could be easily enough figured out, but it will probably do most of what you want if stolen by the unsophisticated.
Simply potting the whole assembly would be a first step against casual removal of the device. That will have a number of negative consequences on repairability and, perhaps, reliability (heat dissipation problems, etc.).
If the device is surface-mounted, just a good coating of cement over the device will make it difficult to remove.
I don't think any scheme will make your device secure against a talented reverse-engineering specialist with time and an adequate budget. That seems to be the experience of the satellite-TV authorization card folks, at least.
Mark Borgerson
A similar problem was solved for on-windshield RFID toll passes.
Define "removed", and define "some other place", both in a way that is at principally testable, and you'll be a lot closer to a solution than you are now. For starters: what is supposed to happen if it's unmounted and then put back into the *same* place?
I think you'll have to encode information about the one place that is not "some other", into both that place and the device. Think VIN-coded automotive ECUs, or software licences locked to the hardware of a particular PC.
How?
-- Thad
I kind of assumed that this bouquet of keywords would be used to fertilize a Google search, but I realize now that this doesn't lead directly to useful results.
Basically, the device is an RFID tag with an antenna the size of a normal registration sticker (say 3" x 2" or thereabouts). It's a multilayer sticker, with antenna traces on different layers, very much like the "VOID" stickers on videotapes and warranty seals. Peeling it off destroys the interconnects.
Is this stuck on the inside or outside of the window ? ISTR a while ago here, some idjit bureaucrat decided to put Warrents stuck on the outside - Quell Surprise ! - thefts skyrocketed, and they had to change to another design, on the inside.
-jg
If your hardware isn't done yet, you can use the power supply cord for that purpose.
Modulate the supply voltage with a stream of data bits. Encode "unlock" keys into the data stream. Once powered up, your device waits for a key to be received. If there is no key, it won't work (or work in a different operating mode).
The power supply can easily be locked away in a physically secure place, with only the cord available to the operators (and thieves). Use an uncommon connector type to make sure that no other supply is used by accident.
If your device doesn't give signs of life before receiving the key, dumb thieves will just think that their supply is of a wrong voltage or type.
Regards, Marc
Inside. The original application was ID'ing vehicles going into secure areas, hence a design goal that people not be able to move the tag from one vehicle to another.
Have you considered adding a supercap to your part of the hardware? Use it to maintain state data in a something small across power-offs (say, just an SRAM or an RTC), and have it detect the removal. E.g., a reed switch or pressure sensor that opens the supercap circuit if removed, or closes part of the circuit that activates a reset.
Of course, there are still issues of shelf life without power; how it gets initialized in the first place; maintenance where it's removed / re-installed on the same host, etc.
Is there nothing in its environment that it can be matched to once activated?
Cheers, Richard
The non-technical problems can't be solved by any technical means. Besides, it will create the difficulties for the customers and service/repair.
Thus, the first thing to do would be to think of the alternative approaches (economical, legal, etc.).
Vladimir Vassilevsky
DSP and Mixed Signal Design Consultant
Here is one that WILL work : GPS.
-jg
Once it has been configured by installation/repair to know what GPS co-ordinates to use.
This means there has to be a method to set/reset it, which means a way of circumventing it.
--
Paul Carpenter | paul@pcserviceselectronics.co.uk
PC Services
GNU H8 & mailing list info
For those web sites you hate
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.