Electrical computers and digital processing systems: memory – Storage accessing and control – Control technique
Reexamination Certificate
1999-03-19
2002-07-02
Hudspeth, David (Department: 2651)
Electrical computers and digital processing systems: memory
Storage accessing and control
Control technique
C711S152000, C711S156000
Reexamination Certificate
active
06415370
ABSTRACT:
FIELD OF THE INVENTION
The present invention is related to a semiconductor integrated circuit having a security function for data protection.
BACKGROUND OF THE INVENTION
In recent years, there has been increasing demand for an IC card with a microcomputer and a nonvolatile memory mounted on a plastic card such as a credit card and a banking card which makes it possible to use electronic money or the like.
FIG. 1
is a block diagram showing general configuration of a semiconductor integrated circuit based on a conventional technology in a form of an IC card or the like. The IC card generally has a magnetic stripe or an embossed area provided thereon so as to be shared as a generally used plastic card, hence size and thickness thereof are the same as those of the credit card or banking card.
Accordingly, in order to function as an IC card, a connecting terminal for performing input and output of data in and from a built-in CPU (Central Processing Unit) is located in an area other than the area where the magnetic stripe or the embossing is provided. Although this connecting terminal is standardized as eight external terminals in the ISO (International Standards Organization), two of the terminals are spare ones, and the remaining six terminals have defined functions.
In a semiconductor integrated circuit (IC card)
100
shown in
FIG. 1
, a connecting terminal C
1
is an operation voltage supply terminal for a circuit in the card, and a connecting terminal C
2
is a data-write voltage supply terminal for a memory. Connecting terminal C
3
is a two-directional serial data input/output terminal, and connecting terminal C
4
is an operating-clock supply terminal for a CPU
102
. Connecting terminal C
5
is a reset-signal supply terminal for the CPU
102
, and a connecting terminal C
6
is a ground terminal.
A communication interface
101
converts serial data inputted from the connecting terminal C
3
to parallel data so that the converted data can be used in the CPU
102
. At the manufacturing stage the IC card
100
generally stores an application program for making the card usable in a terminal for electronic money or the like (an application-provider terminal) in a ROM (Read Only Memory)
103
, and the CPU
102
operates according to this application program.
The CPU
102
has a RAM (Random Access Memory)
104
for storing therein results of performing various operations on its running. Nonvolatile memory (e.g., EE-PROM, Flash memory etc.)
105
stores secret data such as information for preventing unauthorized use of the IC card, personal information of the card owner, or information depending on the application, which can be accessed from the CPU
102
through a control bus and an address bus. Input and output of data stored in the nonvolatile memory
105
in and from an external terminal (an application-provider terminal) are performed through a CPU data bus, the CPU
102
and communication interface
101
. In
FIG. 1
, to simplify the description, three discreet IC chips mounted on the IC card are shown corresponding to the communication interface
101
, CPU
102
and nonvolatile memory
105
respectively, but the communication interface
101
, CPU
102
and the nonvolatile memory
105
may be integrated into one chip.
As described above, the secret data stored in the nonvolatile memory
105
is required to be protected from unauthorized access by any terminal other than the application-provider terminal. Therefore, in general, when the IC card
100
is to be used, namely when the IC card
100
is to communicate with the outside, mutual authentication is performed in the IC card
100
as well as the application-provider terminal based on an encryption algorithm such as DES (Data Encryption Standard).
This type of IC card
100
restricts one card to one function, namely to an operation according to a prespecified application program, which may have caused a number of cards to increase. In order to overcome this problem, there has been proposed a multi-application type of IC card with a plurality of application programs stored in a nonvolatile memory thereof to enable combination of various functions in one IC card.
The multi-application type of IC card is, more specifically, a card obtained by integrating functions of a banking card, a credit card, and of a prepaid card or others into a single card. Particularly, in the multi-application type of IC card, application programs can be registered therein not only during manufacture of the IC card but also when the card is issued.
Accordingly, stored in the ROM
103
is only a system program for performing basic operations such as controls for buses such as a control bus, an address bus and the CPU data bus, and controls for communications with the communication interface
101
, and various types of application program are stored in the nonvolatile memory
105
. When the IC card
100
is inserted in a terminal for using applications, the CPU
102
realizes a specified operation by directly executing a corresponding application program in the nonvolatile memory
105
, or by reading a corresponding application program from the nonvolatile memory
105
in the RAM
104
and executing the read-in application program.
However, the multi-application type of IC card as described above is characterized in that various application programs can be registered therein for execution, but it is also possible, for example, to read an unauthorized program used for the purpose of illegally reading out or tampering with data used in other registered application programs into the IC card with an ill will to make the program execute.
Description is made hereinafter for an operation according to an unauthorized program.
FIG. 2
is an explanatory view showing a program for controlling registers in the conventional type of semiconductor integrated circuit. This program comprises instructions for controlling registers in the system program stored in the ROM
103
. As shown in
FIG. 2
, the CPU
102
generally has some registers for processing operations inside thereof, and performs data processing stored in the RAM
104
and nonvolatile memory
105
through these registers.
In Program
1
shown in
FIG. 2
, at first, a value “xx” is written to Acc (accumulator) as one of the registers according to a MOV instruction. Then, the value stored in Acc, namely “xx” is written to reg
1
(register) according to the same MOV instruction.
Although the program stored in the ROM
103
can not directly be tampered with as described above, however in the multi-application type of IC card an application program is read in the RAM
104
and the program can be executed on the RAM
104
, therefore, there may be a case where the program on the ROM
103
as shown in
FIG. 2
can easily be replicated onto the RAM
104
.
FIG. 3
is an explanatory view showing an example of an unauthorized program which can be executed in the conventional type of semiconductor integrated circuit. This program is so configured that the program for controlling registers shown in
FIG. 2
is replicated and an instruction for confirming data write is added to the replicated program. In Program
2
shown in
FIG. 3
, at first, a value “yy” is written to the Acc for the purpose of tampering with the program according to the MOV instruction in place of the value “xx” originally written thereinto.
The value stored in Acc, namely “yy” is written to the reg
1
according to the same MOV instruction. Then, the value stored in the reg
1
is read in again in the Acc according to the MOV instruction, and a result of tampering can be checked by referring to this Acc.
By the way, when the Program
2
is executed and if the reg
1
is write-protected in the system program in the ROM
103
or the application program registered in the nonvolatile memory
105
, the instruction of Line (
2
) in the
FIG. 3
is not accurately executed.
FIG. 4
is an explanatory view showing an operation when an unauthorized program is executed in the conventional type of semiconductor integrated circuit, and shows an operation
Arent Fox Kintner Plotkin & Kahn
Fujitsu Limited
Hudspeth David
Tzeng Fred F.
LandOfFree
Semiconductor integrated circuit does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Semiconductor integrated circuit, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Semiconductor integrated circuit will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2836943