WO1995024698A1 - Carte a memoire de securite - Google Patents

Carte a memoire de securite Download PDF

Info

Publication number
WO1995024698A1
WO1995024698A1 PCT/IB1994/000031 IB9400031W WO9524698A1 WO 1995024698 A1 WO1995024698 A1 WO 1995024698A1 IB 9400031 W IB9400031 W IB 9400031W WO 9524698 A1 WO9524698 A1 WO 9524698A1
Authority
WO
WIPO (PCT)
Prior art keywords
memory
microprocessor
lock
card
volatile
Prior art date
Application number
PCT/IB1994/000031
Other languages
English (en)
Inventor
Thomas O. Holtey
Peter J. Wilson
Original Assignee
Cp8 Transac
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US07/960,748 priority Critical patent/US5293424A/en
Priority claimed from US07/960,748 external-priority patent/US5293424A/en
Priority to EP93116326A priority patent/EP0596276B1/fr
Application filed by Cp8 Transac filed Critical Cp8 Transac
Priority to PCT/IB1994/000031 priority patent/WO1995024698A1/fr
Priority to KR1019950704967A priority patent/KR100232086B1/ko
Publication of WO1995024698A1 publication Critical patent/WO1995024698A1/fr
Priority to NO954438A priority patent/NO309887B1/no
Priority to FI955307A priority patent/FI955307A/fi

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3576Multiple memory zones on card

Definitions

  • This invention relates to the field of portable personal computers and more particularly to maintaining systems for data security in a portable digital information environment.
  • the “Smart Card” is a small microcomputer with writable, non-volatile memory and a simple input/output interface, fabricated as a single chip and embedded in a plastic "credit card”. It has exterior pads to allow it to be connected to specially designed equipment.
  • the program contained in the card's microcomputer interacts with this equipment and allows its nonvolatile memory data to be read or modified according to the desired algorithm which may optionally include a password exchange. Special techniques have been implemented to protect the memory information and to allow varied permissions according to the situation. For example, U.S. Patent No.
  • 4,382,279 entitled, "Single Chip Microprocessor with On-Chip Modifiable Memory” discloses an architecture which permits automatic programming of a non-volatile memory which is included on the same chip as a processing and control unit. As in other systems, the microprocessor only protects memory on the same chip.
  • the "Smart Card” has been used both to facilitate the process of identification and to be the actual site of the valued information. In this situation, as in most past situations, physical presence of a "key” as well as some special knowledge has been used as part of the verification or authentication process. In such above cases, identification has been a dialog between the person desiring access and a fixed agency such as a security guard or an automatic teller machine.
  • the flash memory combines the flexibility of random access memory (RAM) with the permanence of disks.
  • RAM random access memory
  • the secure memory card includes a microprocessor on a single semiconductor chip and one or more non-volatile addressable memory chips.
  • the microprocessor chip and nonvolatile memory chips connect in common to an internal card bus for transmitting address, data and control information to such non-volatile memory chips.
  • the microprocessor includes an addressable non-volatile memory for storing information including a number of key values, configuration information and program instruction information for controlling the transfer of address, data and control information on the internal bus.
  • the chip memory is organized into a number of blocks or banks, each block having a plurality of addressable locations.
  • each memory chip is constructed to include security control logic circuits.
  • these circuits include a non-volatile lock memory, a non-volatile lock storage enable element and a volatile access control memory, each being loadable under the control of the microprocessor. More specifically, the microprocessor first loads a lock value into, the non-volatile lock memory and resets the lock storage enable element -5- inhibiting access. Thereafter, the microprocessor loads the access control memory as specified by the configuration information. Such information is loaded only after the microprocessor has determined that the user has successfully performed a predetermined authentication procedure with a host computer.
  • the security logic circuits of each memory enable the reading of information stored in selected addressed blocks of the flash memory as a function of the configuration information loaded into the memory chip's access control memory. Periodically, the user is required to successfully perform an authentication procedure with the host computer, and the user is allowed to continue reading information as allowed by the access control memory.
  • the host computer is coupled to the memory card through a standard interface such as the interface which conforms to the Personal Computer Memory Card International Association (PCMCIA) standards.
  • PCMCIA Personal Computer Memory Card International Association
  • the security logic circuits of the present invention are incorporated into and operate in conjunction with the flash memory in a way that minimizes the amount of changes required to be made to the basic logic circuits of the flapti memory. More specifically, the flash memory can be operated in a secure mode and in a non-secure mode wherein the -6- security logic circuits are bypassed enabling the flash memory to operate as if such circuits had not been installed.
  • the non-secure mode is normally entered when the contents of the flash memory's non-volatile lock memory are cleared. This is generally indicative of an unprogrammed or fully erased flash memory which naturally erases to a predetermined state (i.e. an all ONES state) .
  • the invention eliminates the overhead of encrypting and decrypting data which can be quite time-consuming for large blocks of data.
  • the ACP periodically prompts the user of the system for entry of some form of authentication.
  • This may be a password, a PIN, a specific pen computer "gesture” performed at a specific point on the writing surface, a spoken command or a "voiceprint" of the user.
  • the method varies with the system.
  • the programmable ACP allows the user to alter the specific content of the authentication and the frequency of prompting.
  • the code for authentication and the data required by the lock and access control memories are stored within the ACP's non ⁇ volatile memory which is on the same chip as the ACP and, hence, are protected.
  • a successful authentification causes the ACP to enable, or continue to enable, all or selected blocks of the flash memory for access. Failure causes access to the flash memory to be disabled.
  • the operation is similar to a "dead man throttle" in that any failure to successfully complete authentication will cause the flash memory's data to be protected.
  • a command initiated by the user can also cause access to be disabled. Further, upon first application of power from a powered off condition, access is blocked to protected memory contents until the first authentication is successfully performed.
  • the memory's data is protected from access, either immediately or as soon as the current periodic authentication expires.
  • the memory data is protected from access even if the memory card is opened and probed electronically or the memory chips are removed and placed in another device.
  • Figure 1 shows an overall block diagram of a system which incorporates the memory card constructed according to the present invention.
  • FIG. 2 shows in greater detail, the access control processor (ACP) of Figure 1 including a layout of its non-volatile memory.
  • ACP access control processor
  • FIG. 3 shows a detailed block diagram of a standard flash memory of Figure l modified according to the present invention.
  • Figures 4 and 5 are flow charts used to explain the operation of the memory card of the present invention in carrying out various authentication procedures. DESCRIPTION OF THE PREFERRED EMBODIMENT
  • FIG. 1 is a block diagram of a secure portable hand-held computing system 1 usable as a personal computer or as a transaction processor.
  • System 1 includes a memory card 3 constructed according to the present invention which connects to a host processor 5 by a bus 102.
  • the host processor 5 may take the form of a palm top personal computer, such as the HP 95LX manufactured by Hewlett-Packard.
  • the host processor 5 includes a liquid crystal display (LCD) 5-2, a keyboard 5-4, a microprocessor 5-6, a memory 5-8 and a serial interface 5-10 all coupled in common to a bus 106.
  • the memory 5-8 includes a one megabyte read only memory (ROM) and a 512 Kbyte random access memory (RAM) .
  • bus 102 conforms to the Personal Computer Memory Card International Association (PCMCIA) standard.
  • PCMCIA Personal Computer Memory Card International Association
  • the interface 102 provides a path for transferring address, control and data information between host processor 5 and the memory card system 3 via a standard interface chip 104 and a memory card bus 105.
  • Each of the buses 102, 105 and 106 include a data bus, a control bus and an address bus and provide continuous signal paths through all like buses.
  • bus 105 includes address bus 105a, data bus 105b, and control bus 105c.
  • the PCMCIA bus standard has evolved from a standard which supports disk emulation on memory cards to a substantially different standard which allows random access to memory data.
  • the memory card of the present invention provides a protection •technique which supports this new standard by providing rapid access to random -9- memory locations without resort to encryption techniques. By controlling the data paths which carry the data from the memory array to the host, the memory card of the present invention protects the data without imposing any time-consuming buffering, decryption or other serial processing in this path.
  • a user operates system 1 from the keyboard 5-4 to perform the typical operations such as spreadsheet and database functions which display information on display 5-2 and update information stored in files in memory card 3.
  • the host processor 5 sends address information over bus 102 to retrieve information and if desired, updates the information and sends it, along with the necessary address and control information back to memory card 3.
  • the memory card 3 of the present invention includes an access control processor (ACP) 10 coupled to bus 105 and a number (n) of CMOS flash memory chips 103a through 103n, each coupled to bus 105.
  • ACP 10 is typically the same type of processing element as used in the "Smart Card”.
  • the CMOS flash memories 103a through 103n may take the form of flash memory chips manufactured by Intel Corporation. For example, they make take the form of the Intel flash memory chip designated as Intel 28F001BX IM which includes eight 128KBYTE x 8 CMOS flash memories.
  • FIG. 2 shows in block diagram form, the access control processor (ACP) 10 of the preferred embodiment.
  • ACP 10 includes a protected non-volatile memory 10-2, a random access memory (RAM) 10-4, a microprocessor 10-6, an interval counter 10-8 and an interface block 10-10 connected to bus 105.
  • Non ⁇ volatile memory 10-2 dedicates a number of addressed locations in which to store authentication information and programs. More specifically, memory locations 10-2a store one or more personal identification numbers (PINs) , protocol sequences or other identification information for verifying that the user has access to the system, and for identifying the blocks in flash memories 103a through 103n that the user may access in addition to a time interval value used for re- authentication.
  • PINs personal identification numbers
  • Memory locations 10-2b store the key values used for protecting each of the flash memories 103a through 103n or the codes used to protect the individual blocks of each of the flash memories 103a through 103n.
  • Memory locations 10-2c store the program instruction sequences for performing the required authentication operations and for clearing the system if the preset conditions for failure are met.
  • Certain program instructions enable the user to control the setting of the interval counter 10-8 which establishes when user re-authentication takes place.
  • the re- authentication interval defines the time between interruptions and for sending an interrupt to the host processor 5 requiring verification of the user's identity by having the user reenter the PIN or other password.
  • the interval counter 10-8 receives clock -11- pulses from the host processor 5 over bus 102 and can be set by the user according to the work environment. For example, at home, the user may turn the timer off (i.e., set it to a maximum value) , or set the time interval to one hour. On an airplane the user may set it for ten minutes for increased protection. As described herein, the user is prompted to re-examine the setting of this interval at every "power on" thereby forcing periodic re-authentications to enforce security.
  • FIG. 3 is a detailed block diagram of flash memories 103a through 103n. Only the detailed logic circuits of memory 103a are shown since memories 103b through 103n are constructed identically to memory 103a.
  • the flash memory 103a basically comprises two sections, a section containing the security access control circuits of the present invention and another section containing the basic or standard logic circuits of the flash memory.
  • the security control circuits of the present invention include a 32-bit key register, a 32-bit volatile lock register 33, a 12-bit delay counter 32, a comparator circuit 39, an all ONES detected signal circuit 38, a non-volatile lock memory 35, a one-bit non-volatile lock storage enable element 36, a volatile access control memory 43, an access modification allow AND gate 34 and an output OR gate 45 arranged as shown.
  • this section receives command control signal? designated by various hexadecimal values (e.g. 31H through 38H) from a command -12- register 50 included in the basic logic section. These signals indicate the different data values of the set of commands received by the command register 50 from the ACP 10 via data bus 105b.
  • the standard flash memory commands take the form of the commands utilized by the 28F001BX flash memory. Those commands are described in the publication entitled, "Memory Products,” published by Intel Corporation, referenced herein. The commands used by the present invention are described in Table 1.
  • the first command shown is a load lock memory command which is used to initially load a random number generated lock value into non-volatile lock memory (LM) 35 in each memory 103a through 103n.
  • LM non-volatile lock memory
  • Each memory 103a through 103n may have a different lock value or the same lock value depending on the security needs of the users.
  • the lock value is loaded into LM 35 through key (K) register 31 under control of the one bit, non-volatile storage element 36.
  • K key
  • the reset lock storage enable command of Table 1 is used to reset storage element 36. This prevents the lock value stored in LM 35 from being changed since storage element 36 once reset by the reset lock storage enable command cannot be set.
  • the non-volatile contents of LM 35 are transferred to the L register 33 on power-up.
  • lock memory 35 is design dependent.
  • memory 35 could be implemented as an extension to memory array 54.
  • the load key register command of Table 1 is used to load the key register 31 and set the delay counter 32.
  • the decrement delay counter command is used by the ACP 10 to decrement by one, the .contents of the delay counter 32.
  • the read allow memory bank and read disable -13- memory bank commands are used by the ACP 10 to enable or disable access to the different memory blocks of memory array 54 during loading of the access control memory 43.
  • This command copies the contents of the key register 31 into the non-volatile lock memory 35 if and only if the lock storage enable 36 output signal is TRUE.
  • This command resets the lock storage enable logic element 36, thus inhibiting loading or changing the lock storage memory 35.
  • This command shifts the prior contents of the key register 31, one byte (LSB toward MSB) and loads "Key Value” from ACP 10 into the key register LSB. -14- Further, it sets the Delay Counter 32 to its maximum value, e.g., all ONES. Decrement Delay Counter (35H)
  • This command decrements the delay counter 32 by ONE.
  • the delay counter must equal ZERO to allow subsequent reading of the memory array 54.
  • This command sets the bit corresponding to the memory bank address (MBA) in the access control memory 43 if and only if the access modification allowed signal 37 is TRUE. This allows read access to the selected bank.
  • MCA memory bank address
  • 38H Read-Disable Memory Bank
  • This command resets the bit corresponding to the memory bank address in the access control memory
  • Table 1 also shows the bus cycle operations for each of the added commands.
  • the command register 50 receives an 8-bit command generated by ACP 10, sent via the data bus 105a of bus 105 and an input buffer 51.
  • Command register 50 conditions the selected logic element to receive from data bus 105b, the information required to execute the command during a second bus cycle.
  • the second bus cycle is designated not applicable (N/A) since the reset lock storage enable and decrement delay counter commands need only one cycle for execution.
  • the K register 31 is loaded with the key value received from memory locations 10-2b by a load key register command and delay counter 32 is set to its maximum value.
  • Delay counter 32 is decre ented to all ZEROS in response to successive decrement delay counter commands received from the ACP 10 and generates a zero count output signal 41 which is applied as an input to AND 34.
  • Each delay counter 32 limits the number of tries or attempts which can be made to access the flash memories 103a through 103n in the case where a thief removes the chips and places them upon the "outlaw card" and programs a processor or equipment to repeatedly try to guess each memory chip's key. Stated differently, counter 32 ensures that a significant number of tries or attempts must be made in order to gain illegal access to the flash memories.
  • the key and delay counter sizes are selected to require such testing to take an unreasonable amount of time.
  • the Key Register 31 stores approximately 4 billion (2 32) different combinations.
  • the delay counter 32 is a twelve-bit counter. Assuming the delay counter 32 is decremented once each microsecond, it will require 2 12 or 4 milliseconds per attempt at guessing the key value. The ACP 10, knowing the correct key value, incurs only a four millisecond delay in the initial setup. Random attempts to guess the key value will require 2 31 tries for a 50% chance of success. This would require 2 31 x 2 12 microseconds or 102 days to guess the key value. This time is sufficient to deter most thieves. Of course, a longer or shorter time could be provided by modifying the sizes of the key and delay counter 32.
  • the ACP 10 limits the number of cries by the thief to guess the PIN by known techniques. Such techniques may include locking access or destroying data if a threshold of incorrect guesses is exceeded.
  • a key value is loaded into the 32 bit K register 31 in response to four successive load key register commands (i.e., data bus 105b is a byte wide bus) .
  • Delay counter 32 is forced to its maximum count of (ALL ONE'S) and decremented by the ACP 10 sending decrement delay counter commands on successive first bus cycles.
  • the delay counter 32 is decremented to ZERO, it generates the zero count signal 41 which is applied to one input of AND gate 34.
  • compare logic 39 applies an equals compare signal 42 to another input of AND gate 34. This causes AND gate 34 to generate an access modification allowed signal 37 at its output, which enables writing to access control memory 43, under the control of ACP 10. This, in turn, subsequently allows the reading of memory array 54.
  • the access control memory 43 contains volatile storage of one bit for each block/bank of the memory array 54. These bits are cleared to ZERO as part of the flash memory's power up sequence. In order for data to be read from the memory 103a, the bit corresponding to the addressed memory block must be at logical ONE. These bits are set by the ACP 10 issuing read-allow memory bank commands if and only if the access modification allowed signal 37 is TRUE.
  • the three (3) high order address bits of the selected memory bank of memory -17- array 54 are sent over address bus 105c as well as a repeat of the hexadecimal command identifier being sent over the data bus 105a to command register 50. This results in a ONE being written into the addressed bit location in access control memory 43.
  • the read-allow memory bank command sequence is repeated eight times since the memory array 54 is organized into eight banks of 16K bytes each.
  • the ACP 10 may restrict access to selected banks by issuing a sequence of read-disable memory bank commands in a similar manner.
  • the output of the access control memory 43 of the present invention is applied as an enabling input to output buffer 52 during each flash memory read cycle when the contents of a location of any bank of memory array 54 is being read out. That is, a read cycle may occur, however, the data read out is inhibited from passing through output buffer 52 in the absence of the appropriate bank's access control memory gating signal.
  • access control memory 43 includes eight individually addressable bit storage elements, an input address 3 to 8-bit decoder connected to the input of each storage element and a 1 to 8 output multiplexer circuit connected to the output of each storage element. The three high order address bits of each address are decoded and used to select the storage element for the block whose contents are to be changed. Similarly, the same three bits are used to select the output of the storage element for the block containing the flash memory location being read.
  • the output buffer 52 is always -18- enabled. That is, when lock register 33 contains "ALL ONES," this generates a signal from ALL ONES detector element 38 to the OR gate 45 to enable the output buffer 52.
  • such circuits include a memory array 54, a command register 50, input/output logic circuits 60, an address latch 56, a write state machine 61, erase voltage system 62, an output multiplexer 53, a data register 55, input buffer 51, output buffer 52 and a status register 58, as shown.
  • the basic logic circuits of flash memory 103a takes the form of the type of circuits included in the flash . memory designated as 28F001BX manufactured by Intel Corporation. Since such circuits are conventional, they will only be described to the extent necessary. For further information regarding such circuits, reference may be made to pages 3-109 through 3-134 of the publication entitled, "Memory Products," Order Number 210830, published by Intel Corporation, dated 1992.
  • the flash memory basic circuits receive a number of input signals (A0-A16) , address, data signals (D00-D07) and control signals (CE, WE, OE, PWD and VPP) . These signals are described below in Table 2. -19- Table 2. Signal Descriptions
  • A0-A16 ADDRESS INPUTS for memory addresses. Addresses are internally latched during a write cycle.
  • DOO-D07 DATA INPUTS/OUTPUTS Inputs data and commands during memory write cycles; outputs data during memory and status read cycles.
  • the data pins are active high and float to tri- state off when the chip is deselected or the outputs are disabled. Data is internally latched during a write cycle.
  • OE OUTPUT ENABLE Gates the device's outputs through the data buffers during a read cycle. OE is active low. -20- WE WRITE ENABLE. Controls writes to the command register and array blocks. WE is active low. Addresses and data are latched on the rising edge of the WE pulse.
  • Vpp ERASE/PROGRAM POWER SUPPLY for erasing blocks of the array or programming bytes of each block. Note: With Vpp ⁇ Vppl Max, memory contents cannot be altered.
  • the Chip Enable (CE) , Write Enable processor (WE) and Output Enable (OE)) signals are applied to command register 50 and I/O logic 60 from host processor 5, via bus 102 and control bus 105b and are dispersed to control specified logic blocks.
  • a powerdown (PWD) signal is also applied to command register 50 for enabling the flash memory to perform the operations specified in Table 2. This signal can be used to clear the volatile storage elements of the flash memory's security control section as desired thereby enforcing user reauthentication when normal operation is again resumed.
  • the basic logic elements of the flash memory operate in the following manner.
  • Information is stored in memory array 54 via data bus 105a, input buffer 51 and data register 55 at an addressed location of one of the memory blocks specified by the address received by an address logic 56 from address bus 105c.
  • Information is read from a specified address location of a bank of memory array 54 and is sent to host processor 5 via an output multiplexer 53, output buffer 52, data bus 105a and bus 102.
  • Status register 58 is used for storing the status of the write state machine, the error -21- suspend status, the erase status, the program status and the Vpp status.
  • the write state machine 61 controls the block erase and controls program algorithms.
  • the program/erase voltage system 62 is used for erasing blocks of the memory array 54 or the programming bytes of each block as a function of the level of Vpp (i.e., when Vpp is at a high level programming can take place; if Vpp is at a low level, memory array 54 functions as a read only memory) .
  • the ACP 10 sets the lock value for each of the memory chips on the memory card. It does this by loading the key value into the lock memory of Figure 3. These values are stored in the ACP's protected non-volatile memory 10-2 (i.e., keys 1-n in Figure 2) .
  • the lock storage enable elements 36 are then set to ZEROs to inhibit further changing or reading of lock memory contents. As these elements are nonvolatile, they cannot be changed unless the entire flash memory chip is cleared.
  • the memory card can then be loaded with its data or software application.
  • the ACP 10 is then loaded with information pertaining to the memory's bank -22- structure and the degrees of protection which are to be applied to each memory bank.
  • the user establishes parameters for the frequency and mode of authentication and specific data required (e.g., personal identification numbers (PINs)) .
  • PINs personal identification numbers
  • the "key register”, "access modification allowed” signal and "access control memory” are initialized so as to inhibit access to data or writing to access control memory 43.
  • the first authentication dialog is initiated.
  • the ACP 10 using the services of its host processor 5, prompts the user and receives authentication information. If authentication is unsuccessful, no operation is performed; if successful, the key register of each memory chip is loaded with the value stored in the ACP's memory. During this operation, the delay counter 32 is used to inhibit chip operation for a period of time following loading to make random tries an unproductive process. Loading of the key registers causes the "access modification allowed" signal to be true in each chip. The ACP 10 then establishes access by loading the access control memories according to the stored information configuration.
  • the ACP 10 prompts an additional user authentication (reauthentication) .
  • the ACP 10 forces all memory chips to their power on states, thus inhibiting any access to the memories' data by clearing the access control memory 43 and clearing the contents of the key register 31.
  • Blocks 402 and 401 show the two startup conditions.
  • the user inserts the memory card 3 in the previously powered-up host processor 5.
  • the user powers up host processor 5 with memory card 3 already installed.
  • block 402 the ACP 10 and its interfaces are initialized in a conventional manner, and block 403 clears all of the 'n' K registers 31 and the 'n' access control memories 43 as part of the flash memories 103a through 103n internal initialization sequence. This prevents any data from being read out of memories 103a through 103n since output buffer 52, in each memory, is disabled.
  • the lock value is loaded into the 'n' L registers 33 from the respective LMs 35 as a result of power on.
  • ACP 10 sends an interrupt signal to host processor 5 which responds by requesting the PIN or other identifying information from the user.
  • ACP 10 by means of the program stored in memory locations 10-2a, checks that the PIN or other identifying information matches the information stored in memory locations 10-2a. If no match, then decision block 406 counts an error and ACP 10 branches to block 404 to repeat the test. If the test fails a preset number of times, then decision block 406 branches to block 407 to cause ACP 10 to either lock up or destroy the contents of the memories 103a through 103n.
  • block 406 If in decision block 406 there is a match indicating a successful authentication then in block 408, the ACP 10 via a load key register command loads each K register 31 from memory locations 10-2b with the appropriate key value. Also block 409 repeatedly decrements the contents of delay counter 32 issuing successive the decrement delay counter commands toward a binary zero count which causes the generation of the zero count signal 41 in Figure 3.
  • each access control memory 43 location is loaded with information by means of the read-allow memory bank command to allow access to the selected banks of the corresponding flash memory 103a through 103n.
  • the ACP 10 awaits the end of the preset time interval established by information stored in memory locations 10-2a signalled by interval counter 10-8 before requesting user re-authentication. Then, in block 412, the ACP 10 interrupts the host processor 5 to request the user to re-enter the PIN or other required identificatio . Decision block 413 checks the PIN or other information received from the host processor 5 against the information stored in memory locations 10-2a and the interval timer 10-8 output is recorded. The user has a preset time interval of typically 30 seconds in which to enter the authentication information into host processor 5. While the clock is running, if the decision block 413 test fails, then block 414 records the test as an error.
  • Block 415 it checks, if a maximum number of errors was received and branches to repeat blocks 412 -25- and 413. If the number of errors equals the maximum number, then in block 415, APC 10 clears the flash memory K register 31 by means of successive load key register commands, and clears the access control memories 43 with successive read-disable memory commands. Block 415 then branches to block 404 to allow a new "First Authentication" operation to take place.
  • the K register 31 remains unchanged (i.e., contains the key value previously loaded by the ACP) enabling the user to continue to operate the system 1.
  • the ACP 10 clears the K register 31 and the access control memory 43 as before.
  • Figure 5 is a flow diagram which illustrates how host processor 5 responds to an interrupt request from APC 10 for authentication in response to blocks 404 and 412 of Figure 4.
  • decision block 501 is waiting for an interrupt from the ACP 10 requesting that the user re-enter the PIN or other information.
  • Decision block 501 branches to block 502 when it receives the interrupt from blocks 404 or 412.
  • Block 502 displays the request for the PIN or other information on host display 5-2.
  • Block 503 accepts the information from the keyboard and block 504 interrupts ACP 10.
  • Block 5 sends the PIN to ACP 10.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

Une carte à mémoire de sécurité comprend un microprocesseur situé sur une puce unique à semi-conducteurs et une ou plusieurs puces à mémoire adressable rémanente. La puce du microprocesseur et les puces de la mémoire rémanente se raccordent à un bus de carte interne afin de transmettre l'adresse, les données et les informations de commande à de telles puces de mémoire rémanente. Le microprocesseur comprend une mémoire rémanente adressable destinée à enregistrer des informations contenant un nombre de valeurs clé, des informations de configuration spécifique des applications et des informations d'instructions de programme. Chaque mémoire à puce est organisée en un nombre de blocs ou banques et chaque puce de mémoire est structurée de façon à comprendre des circuits logiques de commande à sécurité. Ces circuits comprennent un certain nombre de dispositifs à mémoire rémanente et non rémanente, chacun d'eux étant chargé d'informations sur les valeurs clé et la configuration sous la commmande du microprocesseur, uniquement après que le microprocesseur ait déterminé que l'utilisateur a réalisé avec succès une procédure d'authentification prédéterminée avec un ordinateur central. Ensuite, l'utilisateur est autorisé à lire les informations à partir des blocs uniquement tel que spécifié par les informations de configuration.
PCT/IB1994/000031 1992-10-14 1994-03-07 Carte a memoire de securite WO1995024698A1 (fr)

Priority Applications (6)

Application Number Priority Date Filing Date Title
US07/960,748 US5293424A (en) 1992-10-14 1992-10-14 Secure memory card
EP93116326A EP0596276B1 (fr) 1992-10-14 1993-10-08 Carte à mémoire sécurisée
PCT/IB1994/000031 WO1995024698A1 (fr) 1992-10-14 1994-03-07 Carte a memoire de securite
KR1019950704967A KR100232086B1 (ko) 1994-03-07 1994-03-07 보안성 메모리 카드
NO954438A NO309887B1 (no) 1992-10-14 1995-11-06 Sikkert minnekort
FI955307A FI955307A (fi) 1992-10-14 1995-11-06 Turvallinen muistikortti

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US07/960,748 US5293424A (en) 1992-10-14 1992-10-14 Secure memory card
PCT/IB1994/000031 WO1995024698A1 (fr) 1992-10-14 1994-03-07 Carte a memoire de securite

Publications (1)

Publication Number Publication Date
WO1995024698A1 true WO1995024698A1 (fr) 1995-09-14

Family

ID=26318639

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB1994/000031 WO1995024698A1 (fr) 1992-10-14 1994-03-07 Carte a memoire de securite

Country Status (1)

Country Link
WO (1) WO1995024698A1 (fr)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997015027A1 (fr) * 1995-10-19 1997-04-24 Philips Electronics N.V. Jeton identificateur comportant un circuit electronique et un systeme conducteur exterieur au circuit pour constituer un code identificateur
EP0908855A2 (fr) * 1997-10-09 1999-04-14 Fujitsu Limited Carte portative, méthode pour la gestion de la mémoire de la carte portative, méthode pour l'émission de la carte portative, méthode pour écrire des données de programme dans la carte portative et moyen d'enregistrement lisible par ordinateur avec programme de gestion de mémoire stocké dedans
WO2001013201A2 (fr) * 1999-08-12 2001-02-22 Sarnoff Corporation Protocole d'authentification de l'utilisateur de reseau point-a-point
KR100730903B1 (ko) * 1999-04-07 2007-06-22 소니 가부시끼 가이샤 향상된 호환성을 갖춘 보안형 메모리 장치
US8386786B2 (en) 2006-07-04 2013-02-26 David Irvine File system authentication
US10187904B2 (en) 2008-02-29 2019-01-22 Koninklijke Kpn N.V. Telecommunications network and method for time-based network access

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0077008A2 (fr) * 1981-10-05 1983-04-20 Digital Equipment Corporation Dispositif d'interface dans un système de traitement de données
EP0115348A2 (fr) * 1983-01-28 1984-08-08 Nec Corporation Initialisation à distance de stations de communication interconnectées
EP0212615A2 (fr) * 1985-08-22 1987-03-04 Casio Computer Company Limited Carte à circuit intégré
EP0262025A2 (fr) * 1986-09-16 1988-03-30 Fujitsu Limited Système pour permettre l'accès à l'espace de données d'une carte à circuit intégré pour usages multiples
EP0416211A2 (fr) * 1989-09-08 1991-03-13 International Business Machines Corporation Table d'autorisation d'accès pour anté-memoires de multiprocesseur
EP0437386A1 (fr) * 1990-01-09 1991-07-17 STMicroelectronics S.A. Verrous de sécurité pour circuit intégré
EP0479655A1 (fr) * 1990-10-02 1992-04-08 Gemplus Card International S.A. Circuit intégré pour une carte à microprocesseur conçue pour recevoir des programmes multiples en mémoire programmable
US5293424A (en) * 1992-10-14 1994-03-08 Bull Hn Information Systems Inc. Secure memory card

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0077008A2 (fr) * 1981-10-05 1983-04-20 Digital Equipment Corporation Dispositif d'interface dans un système de traitement de données
EP0115348A2 (fr) * 1983-01-28 1984-08-08 Nec Corporation Initialisation à distance de stations de communication interconnectées
EP0212615A2 (fr) * 1985-08-22 1987-03-04 Casio Computer Company Limited Carte à circuit intégré
EP0262025A2 (fr) * 1986-09-16 1988-03-30 Fujitsu Limited Système pour permettre l'accès à l'espace de données d'une carte à circuit intégré pour usages multiples
EP0416211A2 (fr) * 1989-09-08 1991-03-13 International Business Machines Corporation Table d'autorisation d'accès pour anté-memoires de multiprocesseur
EP0437386A1 (fr) * 1990-01-09 1991-07-17 STMicroelectronics S.A. Verrous de sécurité pour circuit intégré
EP0479655A1 (fr) * 1990-10-02 1992-04-08 Gemplus Card International S.A. Circuit intégré pour une carte à microprocesseur conçue pour recevoir des programmes multiples en mémoire programmable
US5293424A (en) * 1992-10-14 1994-03-08 Bull Hn Information Systems Inc. Secure memory card

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997015027A1 (fr) * 1995-10-19 1997-04-24 Philips Electronics N.V. Jeton identificateur comportant un circuit electronique et un systeme conducteur exterieur au circuit pour constituer un code identificateur
EP0908855A2 (fr) * 1997-10-09 1999-04-14 Fujitsu Limited Carte portative, méthode pour la gestion de la mémoire de la carte portative, méthode pour l'émission de la carte portative, méthode pour écrire des données de programme dans la carte portative et moyen d'enregistrement lisible par ordinateur avec programme de gestion de mémoire stocké dedans
EP0908855A3 (fr) * 1997-10-09 2004-02-04 Fujitsu Limited Carte portative, méthode pour la gestion de la mémoire de la carte portative, méthode pour l'émission de la carte portative, méthode pour écrire des données de programme dans la carte portative et moyen d'enregistrement lisible par ordinateur avec programme de gestion de mémoire stocké dedans
KR100730903B1 (ko) * 1999-04-07 2007-06-22 소니 가부시끼 가이샤 향상된 호환성을 갖춘 보안형 메모리 장치
WO2001013201A2 (fr) * 1999-08-12 2001-02-22 Sarnoff Corporation Protocole d'authentification de l'utilisateur de reseau point-a-point
WO2001013201A3 (fr) * 1999-08-12 2001-12-06 Sarnoff Corp Protocole d'authentification de l'utilisateur de reseau point-a-point
US8386786B2 (en) 2006-07-04 2013-02-26 David Irvine File system authentication
US10187904B2 (en) 2008-02-29 2019-01-22 Koninklijke Kpn N.V. Telecommunications network and method for time-based network access

Similar Documents

Publication Publication Date Title
US5293424A (en) Secure memory card
US5442704A (en) Secure memory card with programmed controlled security access control
EP0689702B1 (fr) Carte d'application protegee pour partager des donnees et des procedures d'application dans une pluralite de microprocesseurs
US5841868A (en) Trusted computer system
US5515440A (en) Preboot protection of unauthorized use of programs and data with a card reader interface
US5949882A (en) Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm
US20100088527A1 (en) Memory protection system and method
EP1929422B1 (fr) Procede, appareil et systeme destines a securiser des donnees sur un dispositif de memoire amovible
EP1684182B1 (fr) Méthode et architecture pour l'accès sécurisé amélioré à un dispositif de mémoire.
JPS6325393B2 (fr)
EP1034515A2 (fr) Memoire protegee contre l'acces illicite
JPS63127335A (ja) 機密保護方式
US4819204A (en) Method for controlling memory access on a chip card and apparatus for carrying out the method
WO1995024698A1 (fr) Carte a memoire de securite
JP2003208586A (ja) Eepromへのアクセスを制御する方法および装置、並びに対応するコンピュータ・ソフトウェア・プロダクトおよび対応するコンピュータ読取り可能記憶媒体
KR100606196B1 (ko) 모바일 플랫폼 트랜잭션을 위한 신뢰 입력
KR100232086B1 (ko) 보안성 메모리 카드
CA2162287C (fr) Carte a puce protegee
WO2000016179A1 (fr) Procede et dispositif d'invalidation d'une utilisation illicite d'un ordinateur
CN1129098C (zh) 一种安全存储卡
EP1684152A1 (fr) Méthode et architecture pour limiter accès à un dispositiv de mémoire
WO2001095114A1 (fr) Controleur et memoire de stockage et de traitement de logiciel et de donnees de securite

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 94192020.8

Country of ref document: CN

AK Designated states

Kind code of ref document: A1

Designated state(s): CA CN FI KR NO

WWE Wipo information: entry into national phase

Ref document number: 2162287

Country of ref document: CA

Ref document number: 955307

Country of ref document: FI

Ref document number: 1019950704967

Country of ref document: KR