Electrical computers and digital processing systems: support – Data processing protection using cryptography – Upgrade/install encryption
Reexamination Certificate
2000-12-06
2004-04-20
Robertson, David L. (Department: 2186)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
Upgrade/install encryption
C713S152000
Reexamination Certificate
active
06725375
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a microcomputer having an IC card interface section connected so as to be in communication with an external apparatus comprising an IC card, and a non-volatile memory which stores data, including a CPU program to be executed by a CPU. More specifically, it relates to a microcomputer capable of changing the CPU program and/or data stored in the non-volatile memory even after shipping of the microcomputer by the manufacturer after production, and a system and method for changing the memory contents of the memory in the microcomputer.
2. Description of the Related Art
FIG. 15
is a block diagram showing a configuration of a conventional microcomputer composed of an IC card interface section connected so as to be in communication with an external apparatus comprising an IC card, and a non-volatile memory which stores a CPU program executed by a CPU.
In
FIG. 15
, reference numeral
100
designates a conventional microcomputer having an IC card interface
190
which connects to an external apparatus comprising an IC card, a program memory
120
which stores a CPU program, and other programs;
110
designates a CPU which executes the CPU program stored in the program memory
120
;
120
designates a program memory which stores a CPU program executed by the CPU
110
;
130
designates a data memory which stores data to be used when the CPU program is executed. For example, data such as personal information and password, control data such as file ID for user data control, and other similar data. The program memory
120
and the data memory
130
are non-volatile memories such as EEPROMs.
Reference numeral
140
designates a data memory which is a RAM temporarily storing data read from the data memory
130
when the CPU
110
executes the CPU program, or data obtained from execution of the CPU and
150
designates a ROM storing a boot program which executes writing, or storing, of the CPU program stored in the program memory
120
.
Reference numeral
160
designates a programming inhibition circuit in which a boot program stored in the ROM
150
is set to a state in which the CPU
110
made unavailable to allow the CPU program, which is written in the program memory
120
during the production of the microcomputer
100
, to be set to “NO CHANGE”. Reference numeral
170
designates an encryption circuit which verifies using encryption key data and similar data so as to determine whether or not the external apparatus, connected via a port
180
, or an external apparatus, including an IC card connected via an IC card interface
190
, corresponds to a predetermined counterpart with which communication can be established.
Reference numeral
180
designates a port connected so as to be in communication with an external apparatus;
190
designates an IC card interface which is connected so as to be in communication with an external apparatus comprising the IC card and which operates the IC card in synchronization with the microcomputer
100
by supplying power supply and clock signals; and
200
designates a bus, including a data bus, an address bus, and similar buses, connected to the aforementioned components in the microcomputer
100
to conduct the transmission/reception of control signals and data.
The operation will be next described below.
Since the present invention is characterized by allowing the CPU program of microcomputers to be changeable even after the microcomputers have been shipped, a write operation of the CPU program during the production of the conventional microcomputer
100
herein will be described.
The CPU program executed by the CPU
110
performs functions relating to the purpose for which the microcomputer
100
was designed. The CPU program matching the purpose of the microcomputer
100
is installed in the program memory
120
during the production of the microcomputer
100
. The install operation is conducted by executing the boot program in which the CPU
110
reprograms or writes the contents of the program memory
120
.
The above-mentioned operation will be described specifically.
First, connected with the microcomputer is a program load apparatus (not shown) which transmits the CPU program to be stored in the program memory
120
via the port
180
or IC interface
190
. Then, when the CPU
11
executes the boot program stored in the ROM
150
, the CPU program and data to be stored in the data memory
130
are received from the program load apparatus. Thus, the portion of the received data that is the CPU program is loaded to the program memory
120
, and the other data is loaded into the address of the data memory
130
in which it is to be stored. When the storing of the data including the CPU program to the program memory
120
and the data to the data memory
130
, is completed, the boot program operates the programming inhibition circuit
160
. The programming prohibition circuit
160
writes status information, which inhibits the use of the boot program, in the program memory
120
. As a result, the contents of the program memory
120
will never be changed again. Note that the data memory
130
may be changed independently from the program written in the program memory
120
.
As described above, when the microcomputer
100
is set such that reprogramming the CPU program (which is written during the production of the microcomputer
100
) is not possible, it is intended that the CPU program and information in the data memory
130
cannot be altered inaccurately (i.e., a malicious user cannot change the contents of the program memory
3
and data memory
4
) after the microcomputer
100
is shipped.
The operation of the IC card interface
190
will be next described.
FIG. 16
is a block diagram showing the IC card interface of the conventional microcomputer as described above. In
FIG. 16
, reference numeral
210
designates a switch circuit which controls power to be supplied from the power supply
220
of the microcomputer
100
to the IC card. The same reference numerals above denote the same components as those of FIG.
15
and these redundant descriptions will be omitted.
The summary will be next described.
The IC card (not depicted) connected with the microcomputer
100
via the IC card interface
190
is supplied with ground potential via a GND terminal, and supplied with power supply voltage Vcc from the power supply
220
via the switch circuit
210
. Then, the operation clock signal is supplied from a CLK terminal for synchronous control of the microcomputer
100
, and a reset signal is supplied from a RST terminal to initialize the operation of the microcomputer inside the IC card. Thereafter, when the reset status is released by a reset signal having a low (“L”) level, the IC card returns a discrimination signal via an input/output terminal denoted by I/O in FIG.
16
.The microcomputer
100
recognizes the discrimination signal, and the microcomputer
100
and IC card are set to be in a condition so as to communicate with one another via the input/output terminal denoted by I/O. The encryption circuit
170
shown in
FIG. 15
verifies whether or not that IC card is a predetermined IC card which should be permitted to communicate with the microcomputer
100
. Specifically, the circuit
170
checks as to whether the microcomputer
100
and the above IC card have common encryption key data or not, and determines that the IC card is the above predetermined IC card when they have common encryption key data.
Since the conventional microcomputer with such an arrangement cannot change information of the CPU program and the data memory
130
after the microcomputer
100
is shipped, it has a problem that inadequacies of the CPU program and data memory
130
cannot be changed when these inadequacies are found after the microcomputer
100
is shipped.
In addition, there is a problem that even when a version change is provided for the functions of the CPU program, a revision for the microcomputer after shipping cannot be carried out.
Further, since the microcomputer
Burns Doane Swecker & Mathis L.L.P.
Renesas Technology Corp.
Robertson David L.
LandOfFree
Microcomputer and method and apparatus for changing the... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Microcomputer and method and apparatus for changing the..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Microcomputer and method and apparatus for changing the... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3259030