Electrical computers and digital processing systems: support – Data processing protection using cryptography – Computer instruction/address encryption
Reexamination Certificate
1998-12-23
2003-02-25
Ellis, Richard L. (Department: 2783)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
Computer instruction/address encryption
C713S152000
Reexamination Certificate
active
06526511
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
At earlier times IC cards have been used for some considerably specific applications, but recently, IC cards are becoming increasingly wide-spread in a variety of applications and are likely to become commonly used. It is noted that the IC cards primarily have a high degree of security.
However, provided that the IC cards are to be utilized as telephone cards, electronic money and the like, a tamper-proof mechanism is strongly required for making it difficult to forge such cards.
The present invention generally relates to a microprocessor system comprising a microprocessor and a program to be executed by the microprocessor, and, in particular, to a microprocessor system which is used in IC cards and which is randomized so as to achieve a tamper-proof property.
The present invention also relates to a method for randomizing the processor system so as to be provided with the tamper-proof property.
Also the present invention relates to an apparatus for carrying out the method.
2. Description of the Related Art
For conventional IC cards, a microprocessor embedded in the IC cards is connected to a memory such as a RAM (random access memory), ROM (read-only memory), EEPROM (electrically erasable programmable read-only memory), flash memory and the like, via an address bus and a data bus. In this case, the microprocessor is similar to a common microprocessor used in a typical microprocessor system. A program to be executed by the microprocessor is at first described using a programming language such as Fortran or C, and then compiled into executable machine codes described in the microprocessor's machine language, using a compiler. Alternatively, the program may be described using an assembler language and then assembled into the executable machine codes described in the machine language. The executable machine codes are sequentially stored in addressable locations in the memory so as to be sequentially executed in a top-down fashion.
In this case, the machine codes are arranged within the memory in an order so as to be sequentially executed by the microprocessor. Thus, if a specification of the machine language is known, the behavior of the microprocessor can be analyzed by monitoring data stored in the memory or data transmitted on the data bus. Consequently, confidential data such as a secret key, which is used for cryptography, stored in the IC card may be taken and the secret key may be utilized to counterfeit the IC card.
Once the behavior of a microprocessor embedded in an IC card system has been analyzed and understood by outsiders, such as hackers, the outsiders may tamper with the IC card system. One approach for minimizing adverse effects caused by this tampering is to replace the current IC card system with another IC card system employing a different microprocessor from that of the current IC card system. In order to replace the current microprocessor used in the IC card system with the different microprocessor with respect to a processor type, it is required that the machine codes suited for the current microprocessor be converted into machine codes suited for the different microprocessor. Furthermore, functions realized by the current IC card system should be reproduced by the new different IC card system. That is to say, the program executed by the current microprocessor must be converted into a new program executed by the different microprocessor such that the functions realized by the current microprocessor and the current program equal those realized by the new different microprocessor and the new converted program. It has been discovered that such a new converted program cannot be easily designed in a short time interval and that, in particular, a verification of equivalence of the functions between the current microprocessor system and the different microprocessor system cannot be achieved rapidly.
FIG. 1
shows a conventional method for designing a system
10
comprising a microprocessor
20
. A process for designing LSI logic such as the microprocessor will be explained with reference to FIG.
1
.
First, in step
101
, function designing for the LSI circuit to be designed, in this case, the microprocessor
20
, is carried out in accordance with a specification of the microprocessor
20
. Subsequently, function description is accomplished in step
102
and logic designing is performed in step
103
. Recently, the function designing has been carried out by functionally describing the behavior of the LSI circuit with a HDL (Hardware Description Language) and verifying whether the specification requirements for the LSI circuit are satisfied by means of a function simulator.
Then, in step
104
, a net list representative of gate levels is created by means of a logic combination tool on the basis of the function description for the microprocessor
20
. The term “net list” is such that it describes a connectivity relation among cells which have a simple logical operation, such as NAND or NOR gates or a flip-flop, and which are included in a cell library. Once the net list has been created, a logic simulation for the microprocessor
20
is performed with the net list and a library for delay elements, and the behavior of the microprocessor
20
is verified. Thereafter, in step
105
, layout designing for the microprocessor
20
is carried out using an place and route tool on the basis of the net list, and a mask pattern for the microprocessor
20
is created in step
106
. Finally, in step
107
, a mask is made in accordance with data derived from the mask pattern and the microprocessor
20
is produced.
The microprocessor system
10
comprising the microprocessor
20
further includes a program
40
to be executed by the microprocessor
20
. In step
111
, a source program is described with a high-level language such as Fortran or C. In step
112
, the described source program is compiled or assembled into a sequence of machine codes, hereinafter also referred to as a “machine code program
40
,” which can be executed by the microprocessor
20
. The microprocessor system
10
further includes a memory for storing the machine code program therein.
Thus, the microprocessor system
10
has the microprocessor
20
and the machine code program
40
being developed and manufactured according to the above-mentioned steps. In general, the microprocessor
20
and the memory
30
are connected via data and address buses. The machine code program
40
is downloaded into the memory
30
by a loader program and the like, or previously is written into the memory
30
. The microprocessor
20
has an access to the memory
30
so as to execute instructions from the machine code program
40
and achieve the functions of the microprocessor system
10
appropriately.
For each type of the microprocessors, it is noted that there is a single set of the function description, the net list and the mask pattern. Also, the compilation of the source program written with the single high-level language will result in a unique machine code program.
An example of such a microprocessor system is an IC card system that has recently come into common use. In the case of the IC card system, a plurality of IC cards of the same type are issued as a group and each IC card belonging to the same group has the same functionality. Each IC card includes an equivalent microprocessor
20
and an equivalent machine code program
40
. It is assumed that one of the IC cards from the group is analyzed by the outsiders with respect to a logical architecture of the microprocessor
20
as well as the machine code program
40
in the memory
30
. As a result, the other IC cards belonging to the same group as said analyzed IC card are subject to a high risk of being tampered with by the outsiders.
Once it is discovered that the logical architecture of the microprocessor
20
and the machine code program
40
stored in the memory
30
have been analyzed by the outsiders, measures should be taken in order to prevent the IC card system from being tampered with by the ou
Fukazawa Tomoo
Takeya Ken
Urano Masami
Ellis Richard L.
Nippon Telegraph and Telephone Corporation
LandOfFree
Apparatus and method for modifying microprocessor system at... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Apparatus and method for modifying microprocessor system at..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Apparatus and method for modifying microprocessor system at... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3173463