`
`Unified Patents Exhibit 1006
`
`
`
`
`U.S. Patent
`
`
`
`Afig. 17, 1993
`
`
`
`
`
`Sheet 1 of 6
`
`
`
`
`
`
`5,237,609
`
`
`
` —
`
`t.E_..omm
`
`Eosmz
`
`_.|||-l..|.l|.m|IIl.I_-
`
`Jxfiw_m
`
`
`
`1lllllllllII“Won.mo<.._mmE_mu<.._mEz_m,_%%m_wwm
`
`
`
`_?m.ow.._.:n:.:oSE20._<z_sEE
`
`RNRfi
`
`—_
`
`OO_OON
`
`Eosm:
`
`
`_W ..T.4nowVONmomDuo
`"mmIul..!__._
`
`ruwIII\sI.i.mnIm._.u._j.8\om..E___
`Iud.'lIN|lIlIIIII|l|III' \VJ!
`
`
`__m:2:._<z__2%.:ézmfixm
`
`
`
`.o_n_
`
`
`
`
`
`
`
`>._._m:ummom<om.Gx><._n_._.mmm.
`
`_
`
`_
`
`Page 2 of 20
`
`Page 2 of 20
`
`
`
`
`
`
`
`U.S. Patent
`
`
`
`Aug. 17, 1993
`
`
`
`
`
`Sheet 2 of 6
`
`
`
`
`
`
`5,237,609
`
`
`
`
`
`mm_!....!........i!.,w!.IIll_
`
`
`
`
`
`.._._:om_uO
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`—O
`
`
`
`
`
`
`
`
`
`om
`
`OO_
`
`
`
`>._._msomm
`
`Eos_m_2
`
`«:38<
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 3 of 20
`
`Page 3 of 20
`
`
`
`
`U.S. Patent
`
`
`
`
`Aug. 17,1993
`
`
`
`
`
`
`Sheet 3 of 5
`
`5,237,609
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`-:85
`' ' '
`
`
`
`5::
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`E
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 4 of 20
`
`Page 4 of 20
`
`
`
`
`
`U.S. Patent
`
`
`
`
`
`Aug. 17, 1993
`
`
`
`
`
`
`sheet 4 of 6
`
`
`
`5,237,609
`
`
`
`
`F|G.4
`
`
`
`
`
`50
`
`’
`50b
`
`
`
`500
`
`
`
`
`
`ExTERNAI_
`
`
`IDENTIFICATION
`
`INFORMATION
`
`
`
`
`
`
`
`II III
`
`
`IOOO0
`
`
`INTERNAL
`IDENTIFICATION
`INFORMATION
`
`
`
`
`
`
`
`
`OOOOO
`
`
`
`
`
`IX
`"‘—“"“"-““‘—'j""'
`
`lfz
`‘ SUPPLY
`
`
`8C’é'.%“"
`
`
`II
`
`3
`
`, v
`3
`
`
`
`
`
`
`
`
`
`
`
`Page 5 of 20
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`_
`
`9
`
`-
`‘
`3
`v~
`£9
`
`62/
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`STORAGE
`
`SECTION
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 5 of 20
`
`
`
`
`U.S. Patent
`
`
`
`Aug. 17, 1993
`
`
`
`
`
`Sheet 5 of 6
`
`
`
`
`
`
`5,237,609
`
`
`
`._<zm:z_
`
`.29.
`
`ozaoamm:.u_z_E3.
`
`mo?
`
`zuma
`
`lg_
`
`I..I.aIa
`
`Ii
`
`m_
`
`OV_
`
`I|/J__
`
`Pm_
`:2#om.
`
`.._m.O_u_
`
`Page 6 of 20
`
`Page 6 of 20
`
`
`
`
`
`
`U.S. Patent
`
`
`
`Aug. 17, 1993
`
`
`
`
`
`Sheet 6 of 6
`
`
`
`
`
`
`5,237,609
`
`
`
`NO
`
`
`
`300
`
`
`
`
`
`
`
`INSERT CARD
`INTO TERMINAL
`
`
`
`
`
`TERMINAL
`POWER "ON"
`
`
`
`30'
`
`302
`
`
`
`READ ENCIPHERED EXTERNAL
`
`
`INFORMATION FROM
`
`
`NONVOLATILE MEMORY
`
`
`
`303
`
`
`
`
`
`
`
`
`DETERMINE WHETHER THIS SECIRITY CHECK
`
`
`
`
`
`
`YES OPERATION IS PERSONAL IDENTIFICATION
`
`
`
`
`
`
`
`
`
`NUMBER [PIN] KEYIN METHOD OR NOT FROM
`
`
`
`DECIPHERED TEXT
`
`
`
`
`
`
`
`ADD PIN INPUT BY USER TO DECIPHERED
`
`
`DECI PHER STORAGE
`
`
`
`
`TEXT AND DECIPHER STORAGE ADDRESSES
`
`
`ADDRESSES AND
`
`
`
`
`
`
`
`
`_AND READOUT SEQUENCE OF CODE ARRAY
`READOUT SEQUENCE
`
`
`
`
`OF CODE ARRAY
`IN = 8 BITS x 4 I
`
`
`
`
`
`
`
`
`
`
`WRITE CODE ARRAY FROM INTERNAL AREA
`OF NONVOLATI LE MEMORY
`
`
`
`
`(OR CODE ARRAY STORING ROMI
`
`
`
`
`
`
`
`mo COMPARATOR SUCCESSIVELY
`
`
`
`
`
`
`
`
`
`
`
`3040
`
`
`305
`
`
`304
`
`
`
`
`
`
`
`
`DECIPHER comems or com-: ARRAY
`
`
`
`
`m=ex4) FRM DECIPHER TEXT
`
`
`[ADDED PIN
`
`
`
`
`
`WRITE DECIPHERED CODE IN COMPARATOR
`
`
`
`
`
`
`
`EFFECT COMPARISON BETWEEN CODE ARRAY
`
`
`
`
`
`READ OUT FROM NONVOLATILE MEMORY
`
`
`
`
`
`(OR CODE ARRAY STORING ROMI
`
`
`
`
`AND DECIPHERED CODE ARRAY
`
`
`
`
`306
`
`307
`
`
`
`308
`
`
`
`309
`383%
`
`
`ARRAYS
`N0
`MATCH
`
`
`'
`
`
`
`
`
`
`ACCESS
`ALLOWED
`
`3; I
`
`
`
`AccEss
`
`REFUSED
`
`
`
`Page 7 of 20
`
`Page 7 of 20
`
`
`
`
`5,237,609
`
`2
`
`
`
`
`
`
`
`
`
`
`
`select signal line 16, a write enable signal line 17 and an
`output enable signal
`line 18. The address, data, and
`
`
`
`
`
`
`
`
`
`control lines provide access to the semiconductor mem-
`
`
`
`
`
`
`
`ories 4ae:4n in conventional fashion. The card select
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`signal on line 16 is utilized to enable the semiconductor
`
`
`
`
`
`
`
`
`
`memory elements in a manner which will be described
`below.
`
`
`
`1
`
`PORTABLE SECURE SEMICONDUCI‘OR
`
`
`
`MEMORY DEVICE
`
`
`
`I0
`
`
`
`15
`
`
`
`20
`
`
`25
`
`
`
`30
`
`
`
`35
`
`
`
`
`
`45
`
`
`
`50
`
`
`
`55
`
`
`
`
`
`65
`
`
`
`FIELD OF THE INVENTION
`
`
`
`
`This invention relates to portable semiconductor
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`memory devices, and more particularly to such devices
`
`
`
`
`
`
`
`
`which include a security function intended to protect
`
`
`
`
`
`
`
`the information stored in the portable memory.
`BACKGROUND OF THE INVENTION
`
`
`
`
`Memory devices such as memory cards can be
`
`
`
`
`
`
`
`
`thought of as divided into two classes--“smart cards”
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`which have_a microprocessor in addition to a main
`
`
`
`
`
`
`
`
`storage unit, and “memory cards” which have only
`
`
`
`
`
`
`memory but no programmable (or programmed) micro-
`processor.
`Because of the processing capability available in
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`smart cars as a result of the on-board microprocessor,
`
`there are numerous security techniques useful with such
`
`
`
`
`
`
`
`cards for protecting the integrity of the data stored on
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the card. Thus the on-board microprocessor can per-
`
`
`
`
`
`
`
`
`form various functions in checking PIN numbers, hand
`
`
`
`
`
`
`
`
`shaking with a processor in an external terminal, per-
`
`
`
`
`
`
`forming, enciphering and deciphering operations on-
`
`
`
`
`
`
`
`
`
`
`board the smart card, and other techniques all prior to
`allowing access to the main memory on the card. Thus,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`significant capacity is available for insuring the integrity
`of the data in a smart card.
`
`
`
`
`
`
`
`However, in memory cards which do not have the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`power of an on-board microprocessor, the capacity for
`
`
`
`
`
`
`
`performing security checks before allowing access to
`the main memory is substantially more limited. In a
`
`
`
`
`
`
`
`
`
`memory card typically the data, address and control
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`lines of the main memory modules are coupled directly
`
`
`
`
`
`
`
`
`
`
`
`to the card outputs and are thus available for read out
`either in a terminal for which the card is intended or
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`otherwise. Thus, the opportunity is available for some-
`
`
`
`
`
`
`
`
`
`one intending to breach the security of the internal
`
`
`
`
`
`
`
`
`
`memory to directly access the memory device if reason-
`
`
`
`
`
`
`
`
`
`
`able care is taken in interfacing the data, address and
`
`
`
`
`
`
`
`
`
`control lines of the memory elements which are all
`
`
`
`
`
`
`
`
`readily available at the card connection points. Even
`when the card is used in a terminal for which it is in-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`tended, security functions are usually desirable, such as
`
`
`
`
`
`
`
`
`
`
`
`
`insertion of a PIN number by a user, or some means of
`
`
`
`
`
`
`
`
`
`insuring, based on a check of card stored information
`
`
`
`
`
`
`
`
`
`and terminal supplied processing power that the two are
`
`
`
`
`
`
`
`of intended compatability before memory access is al-
`
`lowed.
`With only hard wired logic elements at most avail-
`
`
`
`
`
`
`
`
`able on a memory card for performing the security
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`function, insofar as applicant is aware, the techniques
`
`
`
`
`
`
`
`
`
`which have been made available for securing the stored
`information are not as reliable as could be desired.
`
`
`
`
`
`
`
`
`
`The security issue will be further developed with
`
`
`
`
`
`
`
`reference to FIG. 7 which shows a configuration of a
`
`
`
`
`
`
`
`
`
`conventional memory card having on-board semicon-
`
`
`
`
`
`
`
`
`
`
`
`
`ductor memory which is substantially non-secure. The
`
`
`
`
`
`
`
`
`portable semiconductor memory card 1 of FIG. 7
`
`
`
`
`
`
`
`carries an on-board semiconductor memory 4, usually
`
`
`
`
`
`
`
`comprised of an array of semiconductor memory de-
`vices 40-411. The address lines of the semiconductor
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`memory devices 4ae:4n are coupled together to form
`
`
`
`
`
`
`
`
`
`
`
`an address bus 14, and the data lines coupled together to
`form a data bus 15. The address bus 14 and data bus 15
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`are elements of an interface bus 40 comprising address
`
`
`
`
`
`
`
`
`
`
`
`lines 14, data lines 15, and control lines including a card
`
`
`
`
`
`
`Page 8 of 20
`
`One further connection is provided from the terminal
`
`
`
`
`
`
`
`into which the memory card is inserted, and that is a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`supply of power which is coupled to power supply line
`
`
`
`
`
`
`
`
`11. A power supply sensing and changeover circuit
`
`
`
`
`
`
`
`
`
`generally indicated at 2 senses the application of power
`
`
`
`
`
`
`
`
`
`
`
`to the line 11, and couples that applied power to the
`
`
`
`
`
`
`
`
`
`remaining circuitry for operation. It is noted that to
`
`
`
`
`
`
`
`maintain the information in the semiconductor memory
`
`
`
`
`
`
`
`
`
`
`4 during the substantial intervals when the card is not
`
`
`
`
`
`
`
`
`
`
`
`inserted in the terminal, a stand-by battery 6 is used to
`
`
`
`
`
`
`
`
`
`supply power to internal power bus 9 via current limit-
`
`
`
`
`
`
`
`
`ing resistor 7 and a reverse poled charge prevention
`
`
`
`
`
`
`
`
`
`diode 8. However, whenever the card 1 is plugged into
`
`
`
`
`
`
`
`
`
`
`a terminal and a source of power is connected to exter-
`
`
`
`
`
`
`
`
`
`
`nal power bus 11, a sensing module 3 within the power
`
`
`
`
`
`
`
`
`
`supply changeover circuit 2 senses the voltage level on
`
`
`
`
`
`
`
`
`
`
`
`the bus 11 and in response thereto switches on a pass
`
`
`
`
`
`
`
`
`transistor 12 and thereby couples the external power
`
`
`
`
`
`
`
`
`
`
`source to the internal power bus 9. In addition, the
`
`
`
`
`
`
`
`
`sensing module 3 within the power supply changeover
`
`
`
`
`
`
`
`
`
`
`
`circuit 2 applies a high logic signal on output line 13
`
`
`
`
`
`
`
`
`
`
`
`which in turn is coupled to a G input of a memory select
`
`
`
`
`
`
`
`
`
`circuit 5, providing a preliminary enabling signal to the
`
`
`
`
`
`
`
`
`
`circuit 5. Thus, whenever the power applied to the
`
`
`
`
`
`
`
`
`
`
`external bus 11 is higher than that supplied by the bat-
`
`
`
`
`
`
`
`
`
`
`tery 6, that condition is sensed by the power supply
`
`
`
`
`
`
`
`
`
`changeover circuit 2 and the sensing module 3 thereof
`
`
`
`
`
`
`
`
`
`performs two functions, namely (a) switches on the pass
`
`
`
`
`
`
`
`
`
`
`transistor 12 in order to supply external power to the
`
`
`
`
`
`
`
`
`
`
`internal bus 9 and (b) couples a high logic enabling
`
`
`
`
`
`
`
`
`
`signal to the control line 13 providing the preliminary
`
`
`
`
`
`
`
`
`enabling signal to the memory selection circuit 5.
`It is seen that the memory selection signal 5 has a
`
`
`
`
`
`
`
`
`
`
`
`series of outputs S1—S,, which are coupled respectively
`
`
`
`
`
`
`
`
`as enabling inputs 1911-1911 to associated semiconductor
`
`
`
`
`
`
`
`memory devices 4a—4n. A selected one of those output
`
`
`
`
`
`
`
`
`
`lines is individually driven low depending upon the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`address signal coupled to the address inputs A,. of the
`
`
`
`
`
`
`
`
`
`selector module 5. Thus, the higher order address bits
`
`
`
`
`
`
`
`
`
`
`from the address bus 15, which are coupled to the indi-
`
`
`
`
`
`
`
`
`
`
`vidual lines of address input A, are used to select which
`
`
`
`
`
`
`
`
`
`of the semiconductor memory devices 4ae:4n will be
`
`
`
`
`
`
`
`
`
`
`active at any given time. It is noted that the address
`
`
`
`
`
`
`
`
`
`inputs and G input of selector 5 are provided with
`
`
`
`
`
`
`
`
`pullup resistors 10 to assure that all memory devices
`
`
`
`
`
`
`
`
`4ae:4n are disabled except when the inputs are inten-
`
`
`
`tionally driven low.
`A final input to the memory select circuit 5 is the G
`
`
`
`
`
`
`
`
`
`
`
`
`which is coupled to the card select signal line 16 which
`
`
`
`
`
`
`
`
`
`
`
`is an element of the control lines of the interface bus 40.
`
`
`
`
`
`
`
`
`
`
`
`
`Thus, whenever the particular memory card 1 is se-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`lected, the external terminal couples a low logic signal
`
`
`
`
`
`
`
`
`
`
`to the line 16, and thus provides an enabling signal to
`
`
`
`
`
`
`the 5 input of selector 5.
`In summary, when power is applied to the external
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`bus 11, the G input of select circuit 5 is driven high.
`Subsequently, when the card select input 16 is driven
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`low, the G input of select circuit 5 is driven low, thus
`enabling the outputs of select circuit 5 to respond to the
`
`
`
`
`
`
`
`
`
`
`
`logic levels on the address inputs. Thus, the external
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 8 of 20
`
`
`
`3
`
`
`
`
`
`
`
`
`
`terminal couples address signals to the high order bits
`on the address bus 15 which serve to individually select
`
`
`
`
`
`
`
`
`
`
`the outputs S1-S,, of the selector 5 and in turn individu-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ally enable the semiconductor memory devices 4-a—4n.
`
`
`
`
`
`
`When enabled, a semiconductor memory device re-
`
`
`
`
`
`
`
`
`
`
`sponds to address signals on the address bus 15, to write
`
`
`
`
`
`
`
`
`
`
`or read signals and enable signals on the control lines 17,
`18 to either write information into the addressed semi-
`
`
`
`
`
`
`
`
`conductor memory location from the data bus 15 or
`
`
`
`
`
`
`
`
`
`read the information stored in the addressed location
`
`
`
`
`
`
`
`
`out onto the data bus 15, both for interfacing with the
`
`
`
`
`
`
`
`
`
`
`
`external terminal.
`
`
`With that understanding of a conventional memory
`
`
`
`
`
`
`
`card 1, it will be appreciated that the semiconductor
`
`
`
`
`
`
`
`
`
`memory 4 is in a relatively non-secure state. The data
`
`
`
`
`
`
`
`
`
`
`lines of the semiconductor memory, the address lines of
`
`
`
`
`
`
`
`
`
`the semiconductor memory and the control
`lines
`
`
`
`
`
`
`
`(read/write and enable) of the semiconductor memory
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`are all available at the card output. Typically, such
`
`
`
`
`
`
`
`
`
`control signals will be directly available at the card
`contacts which are intended to interface with an exter-
`
`
`
`
`
`
`
`
`nal terminal. Even in the case where the card receives a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`serial message which is stored in a register or the like for
`
`
`
`
`
`
`
`
`coupling to a semiconductor memory,
`there is little
`
`
`
`
`
`
`
`
`
`security associated with the serial receiver or serial to
`
`
`
`
`
`
`
`
`parallel converter, and thus the terminals of the mem-
`
`
`
`
`
`
`
`
`ory devices themselves can be considered as being
`available to the outside world. While smart cards hav-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ing on-board microprocessors can provide the desired
`
`
`
`
`
`
`
`
`
`security, it has been found impractical to provide an
`
`
`
`
`
`
`
`
`effective amount of security for the on-board memory
`
`
`
`
`
`
`using only hard wired logic elements.
`It will also be apparent that one can utilize such a
`
`
`
`
`
`
`
`
`
`
`
`semiconductor memory device in a terminal designed to
`
`
`
`
`
`
`
`accept it whether or not the individual possessing the
`
`
`
`
`
`
`
`
`
`card is indeed authorized to use it. There is no security
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`check provided,
`it is simply necessary to couple the
`
`
`
`
`
`
`
`
`
`
`appropriate voltage levels or signals to the card, and the
`
`
`
`
`
`
`
`individual memory devices are directly addressed for
`
`
`
`
`
`writing or reading as desired.
`Even without a compatible terminal, it is relatively
`
`
`
`
`
`
`
`
`easy to access the contents of the memory 4. It is simply
`
`
`
`
`
`
`
`
`
`
`
`
`necessary to couple power to the external power bus 11,
`
`
`
`
`
`
`
`
`
`
`appropriate control signals, address signals and data
`
`
`
`
`
`
`
`signals to the interface bus 40, and the internal memory
`
`
`
`
`
`
`
`
`
`
`is directly accessible. Thus, an unauthorized individual,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`even without access to a compatible terminal, can ac-
`cess the memory and read out information which had
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`been intended to be secure. As a further example, an
`unauthorized individual can write information into the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`semiconductor memory, and a subsequent user will be
`unaware that the security of the stored information has
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`been breached. If security is at all a factor in using a
`
`
`
`
`
`
`
`
`portable memory device, the limitations of the device
`
`
`
`
`
`
`
`
`illustrated in FIG. 7 will now be apparent.
`SUMMARY OF THE INVENTION
`
`
`
`
`In view of the foregoing, it is a general aim of the
`
`
`
`
`
`
`
`
`
`
`
`
`present invention to provide a portable memory device
`
`
`
`
`
`
`
`
`of inexpensive construction, and requiring no on-board
`
`
`
`
`
`
`
`microprocessor unit, but exhibiting a comparatively
`
`
`
`
`
`
`high degree of security provided in large measure by
`
`
`
`
`
`
`
`
`
`logic elements resident on board the card.
`
`
`
`
`
`
`
`In that regard, it is an object of the present invention
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`to provide a portable memory device in which the on-
`board memory is accessible to the outside only after
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`completion of a security check which matches informa-
`
`
`
`
`
`
`
`
`
`tion stored in a separate section of memory on the card,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`10
`
`
`
`15
`
`
`
`20
`
`
`
`25
`
`
`
`30
`
`
`
`35
`
`
`
`40
`
`
`
`45
`
`
`
`SO
`
`
`
`55
`
`
`
`
`
`65
`
`
`
`
`5,237,609
`
`4
`in which the security information available to the out-
`
`
`
`
`
`
`
`
`side is in enciphered form.
`'
`
`
`
`
`
`
`
`
`
`
`
`
`Stated differently, an object of the present invention
`
`
`
`
`
`
`
`
`
`is to provide a portable memory device in which exter-
`nal access is allowed to the on-board semiconductor
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`memory only after a security check, which includes
`
`
`
`
`
`
`
`matching an identification code maintained internal to
`
`
`
`
`
`
`
`
`
`
`the card with a code deciphered by an external terminal
`
`
`
`
`
`
`
`from enciphered information received from the card.
`According to a more detailed aspect of the invention,
`
`
`
`
`
`
`
`it is an object to provide a security memory on a porta-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ble memory card in which the security memory is parti-
`
`
`
`
`
`
`
`
`
`tioned in such a way that only enciphered security in-
`formation is available to an interface bus while addi-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`tional security information which need not be enci-
`
`
`
`
`
`
`
`
`
`phered is maintained in a partition of memory which is
`accessible only within the card.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`According to one aspect of the invention, an object is
`
`
`
`
`
`
`
`to provide a secure portable semiconductor memory
`
`
`
`
`
`
`
`
`
`device in which security is provided by utilization of
`
`
`
`
`
`
`
`security codes stored in a partitioned on-board security
`
`
`
`
`
`
`
`memory, one partition of the memory containing enci-
`
`
`
`
`
`
`
`phered security information which is accessible to an
`
`
`
`
`
`
`
`interface bus, and the other partition containing security
`
`
`
`
`
`
`
`
`information which need not be enciphered but is avail-
`
`
`
`
`
`
`
`
`
`
`able only within the card and is isolated from the inter-
`face bus.
`
`
`In accordance with the invention there is provided a
`
`
`
`
`
`
`
`
`
`
`
`
`
`portable semiconductor memory unit for interfacing
`with and exchanging information with an external ter-
`
`
`
`
`
`
`
`minal. The unit includes a main memory and an inter-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`face bus for coupling the main memory to the external
`
`
`
`
`
`
`
`terminal. Enabling means selectively allows access to
`the main memory via the interface bus. The enabling
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`means includes a security memory having a first section
`
`
`
`
`
`
`
`
`for storing enciphered external data and a second sec-
`
`
`
`
`
`
`
`
`
`tion for storing internal data which is isolated from the
`
`
`
`
`
`
`
`interface bus. The enabling means further includes a
`
`
`
`
`
`
`
`comparator having a first
`input for receiving deci-
`
`
`
`
`
`
`
`
`phered external data from the external terminal which
`
`
`
`
`
`
`
`
`results from deciphering of the enciphered external data
`received from the card via the interface bus. The com-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`parator has a second input for receiving internal data
`
`
`
`
`
`
`
`
`from the second section of the security memory. Fi-
`
`
`
`
`
`
`
`
`
`nally, the comparator has an output which causes the
`
`
`
`
`
`
`
`
`enabling means to allow access between the external
`
`
`
`
`
`
`
`
`
`terminal and the main memory upon detection of a
`match between the internal and external data.
`
`
`
`
`
`
`
`It is a feature of the invention that any security infor-
`
`
`
`
`
`
`
`
`
`mation which is not in enciphered form is isolated from
`
`
`
`
`
`
`
`
`
`
`the interface bus so that the only security information
`
`
`
`
`
`
`
`
`
`available outside the card is enciphered. A further fea-
`
`
`
`
`
`
`
`
`ture of the invention is partitioning of the security mem-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ory in such a way as to prevent read out of the section
`
`
`
`
`
`
`containing the non-enciphered information to the inter-
`face bus.
`
`
`A further feature of the invention is the storage on the
`
`
`
`
`
`
`
`
`
`
`card of two independent identification codes, an inter-
`
`
`
`
`
`
`
`nal identification code which need not be enciphered
`
`
`
`
`
`
`
`
`but which is isolated from the interface bus so that it is
`
`
`
`
`
`
`
`
`
`
`
`
`not ascertainable from outside, and an external identifi-
`
`
`
`
`
`
`
`cation code which is intended to be accessed by an
`
`
`
`
`
`
`
`
`
`
`external
`terminal, but which is enciphered and thus
`
`
`
`
`
`
`
`
`cannot readily reveal the internal identification code. In
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`a preferred embodiment of the invention, it is a further
`
`
`
`
`
`
`feature that
`the enciphered external
`information in-
`cludes address identification information used to ad-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`dress locations in the security memory at which the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 9 of 20
`
`Page 9 of 20
`
`
`
`
`5,237,609
`
`6
`board input/output 205. The main terminal storage
`
`
`
`
`
`
`
`section 203 includes a main semiconductor memory
`
`
`
`
`
`
`
`which is used for storing a program of instructions for
`
`
`
`
`
`
`
`
`
`
`operating the processing unit 201, for storing informa-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`tion which is to be coupled to the portable memory unit
`100 and for storing information received from the porta-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ble memory unit 100. The storage section 203 in effect
`
`
`
`
`
`
`
`
`
`serves as the main memory for the external terminal
`
`
`
`
`
`
`
`
`
`
`
`200. It can be configured as a single unit or in individual
`blocks, as desired. The main terminal 200 also includes
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`a clock generating circuit 202 which provides clock
`
`
`
`
`
`
`
`
`
`signals for the CPU 201 and additionally controls the
`
`
`
`
`
`
`
`
`
`timing of signals which are coupled to the portable
`
`
`
`
`
`
`
`
`memory unit 100 when such unit is connected.
`
`
`
`
`
`
`
`
`The input/output interface 204 is coupled to and
`
`
`
`
`
`
`
`
`
`therefore drives a CRT display unit 206 for displaying
`information to a user of the external terminal. Similarly,
`
`
`
`
`
`
`
`
`
`the input/output interface 205 is coupled to a keyboard
`
`
`
`
`
`
`
`
`
`207 to receive information keyed into the keyboard by
`
`
`
`
`
`
`
`
`
`such a user. Thus, the terminal unit 200 can be consid-
`
`
`
`
`
`
`
`
`
`
`ered relatively conventional as including the major
`
`
`
`
`
`
`elements familiar to those working in this art. However,
`
`
`
`
`
`
`
`
`the main terminal storage section 203, as will be de-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`scribed below, also includes a program module capable
`of receiving enciphered external information from the
`
`
`
`
`
`
`security memory of the portable semiconductor device
`
`
`
`
`
`
`100, deciphering such information and causing the CPU
`
`
`
`
`
`
`
`201 to drive its address, data and control lines in such a
`
`
`
`
`
`
`
`
`
`
`
`way as to cause a security check to be completed in the
`
`
`
`
`
`
`
`
`
`
`portable semiconductor unit 100. Such program module
`
`
`
`
`
`
`principally deciphers the enciphered external informa-
`
`
`
`
`
`tion, writes the deciphered identification information
`
`
`
`
`
`into a comparator in the portable semiconductor mem-
`
`
`
`
`
`
`
`ory, and uses address identification information derived
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`from the deciphered information to address a security
`memory in the portable semiconductor memory unit for
`
`
`
`
`
`
`
`
`reading out into the comparator the internal identifica-
`
`
`
`
`
`
`
`tion code for comparison with the deciphered external
`
`
`
`
`
`
`
`
`identification code.
`
`
`Directing attention then to the structure of the porta-
`
`
`
`
`
`
`
`
`ble semiconductor device 100, it is seen, like the prior
`
`
`
`
`
`
`
`
`
`
`art semiconductor device, to include a main memory 4
`
`
`
`
`
`
`
`
`
`having an internal power bus 9 supplied with stand-by
`
`
`
`
`
`
`
`
`
`power from a battery 6 via current limiting resistor 7
`
`
`
`
`
`
`
`
`
`
`and charge protection diode 8. The internal power bus
`
`
`
`
`
`
`
`
`
`9 is connected via power supply changeover circuit 2 to
`
`
`
`
`
`
`
`
`
`
`an external power bus 111. As with the prior portable
`
`
`
`
`
`
`
`
`
`
`memory device, when the power bus 111 is supplied
`
`
`
`
`
`
`
`
`
`with power at a voltage higher than that of the internal
`
`
`
`
`
`
`
`
`
`
`
`battery 6, the changeover circuit 2 senses that condi-
`
`
`
`
`
`
`
`
`tion, couples the external power source to the internal
`
`
`
`
`
`
`
`
`bus 9 and couples a high enabling signal to enabling line
`
`
`
`
`
`
`
`
`
`
`13 which is coupled in turn to input G] of the memory
`
`
`
`
`
`
`
`
`
`
`
`selection circuit 5a. -
`
`
`
`The main memory 4 is shown to have an interface bus
`
`
`
`
`
`
`
`
`
`
`
`140, which is illustrated as a single bus in FIG. I, but
`
`
`
`
`
`
`
`
`
`
`
`
`which includes data lines, address lines and control lines
`
`
`
`
`
`
`
`
`
`as will be described in greater detail below. Those lines
`
`
`
`
`
`
`
`
`
`
`are coupled directly to the main memory 4, but in prac-
`
`
`
`
`
`
`
`
`
`
`ticing the invention are not allowed to directly access
`
`
`
`
`
`
`
`
`the main memory until after successful completion of a
`
`
`
`
`
`
`
`
`security check routine which is controlled by informa-
`
`
`
`
`
`
`
`tion in the portable device 100, at least some of which is
`
`
`
`
`
`
`
`
`
`
`
`inaccessible to the interface bus and therefore practi-
`
`
`
`
`
`
`
`cally inaccessible outside the card.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`In practicing the security aspects of the invention, a
`
`
`
`
`
`
`
`security memory 50, preferably a non-volatile memory,
`is provided for storing security related information. A
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`5
`internal identification code is stored, so that the value
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`and sequence of the identification codes provide a fur-
`
`
`
`
`
`
`
`
`ther measure of security for the portable semiconductor
`memory.
`
`As a further feature of the invention, a PIN identifica-
`
`
`
`
`
`
`
`
`tion number input by a user into an external terminal
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`can be combined with the external security information
`
`
`
`
`
`
`
`
`
`in order to provide further security and further limit
`
`
`
`
`
`
`
`
`
`
`
`access to only those who are in possession of the PIN
`number.
`
`
`
`
`
`
`
`
`Other objects and advantages will become apparent
`upon references to the following detailed description
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`when taken in conjunction with the drawings in which:
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`
`
`
`
`FIG. 1 is a block diagram showing a secure memory
`
`
`
`
`
`
`
`
`
`system including an external terminal unit coupled via
`
`
`
`
`
`
`
`
`an interface bus to a portable memory device;
`
`
`
`
`
`
`
`
`FIG. 2 is a block diagram illustrating additional de-
`
`
`
`
`
`
`
`
`tails of the security aspects of the portable memory
`
`
`
`
`
`
`
`
`
`device of FIG. 1;
`
`
`
`
`FIG. 3 is a block diagram illustrating additional de-
`
`
`
`
`
`
`
`
`tails of a comparator circuit useful in connection with
`
`
`
`
`
`
`
`
`the embodiments of the present invention;
`
`
`
`
`
`
`FIG. 4 is a diagram illustrating memory partitioning
`
`
`
`
`
`
`
`for the security memory of the system of FIG. 1;
`
`
`
`
`
`
`
`
`
`
`FIG. 5 is a block diagram illustrating a second exem-
`
`
`
`
`
`
`
`
`plary portable memory device exemplifying the present
`
`
`
`
`
`
`
`invention;
`
`FIG. 6 is a flowchart illustrating the operation of the
`
`
`
`
`
`
`
`
`
`secure memory system according to the present inven-
`
`
`
`
`
`
`
`tion; and
`
`
`FIG. 7 is a block diagram illustrating a memory card
`
`
`
`
`
`
`
`
`
`exemplifying the prior art.
`
`
`
`
`While the invention will be described in connection
`
`
`
`
`
`
`
`
`with certain preferred embodiments, there is no intent
`
`
`
`
`
`
`
`
`to limit it to those embodiments. On the contrary, the
`
`
`
`
`
`
`
`
`
`
`intent
`is to cover all alternatives, modifications and
`
`
`
`
`
`
`
`
`equivalents included within the spirit and scope of the
`
`
`
`
`
`
`
`
`
`invention as defined by the appended claims.
`
`
`
`
`
`
`
`DETAILED DESCRIPTION OF THE
`
`
`
`PREFERRED EMBODIMENTS
`
`
`Turning now to the drawings, FIG. 1 shows a porta-
`
`
`
`
`
`
`
`
`
`ble memory card 100 exemplifying the present inven-
`
`
`
`
`
`
`
`
`tion and interfaced to an external terminal 200. The
`
`
`
`
`
`
`
`
`
`electrical connection between the devices is schemati-
`
`
`
`
`
`
`cally illustrated by connector 150. In practice, the exter-
`
`
`
`
`
`
`
`
`nal terminal will preferably include a slot or other close
`
`
`
`
`
`
`
`
`
`fitting receptacle into which the memory device 100 is
`
`
`
`
`
`
`
`
`inserted and which will cause mating of electrical
`
`
`
`
`
`
`
`contacts between the portable card 100 and the external
`
`
`
`
`
`
`
`
`terminal 200, such mating being illustrated by the afore-
`
`
`
`
`
`
`
`
`mentioned connector 150. As illustrated in FIG. 1, the
`
`
`
`
`
`
`
`
`
`connections include those made to an interface bus 140
`
`
`
`
`
`
`
`
`
`as well as a power bus 111. It is seen that the external
`
`
`
`
`
`
`
`
`
`
`
`
`
`terminal includes a similar power bus 211 and interface
`
`
`
`
`
`
`
`
`
`bus 240 coupled to the connector 150, such that the
`
`
`
`
`
`
`
`
`
`
`terminal unit 200 supplies DC power to the portable
`
`
`
`
`
`
`
`
`
`card 100. In addition, the coupling of busses 140, 240
`
`
`
`
`
`
`
`
`
`
`causes the connection of data lines, address lines and
`
`
`
`
`
`
`
`
`
`control lines between the portable memory card 100
`
`
`
`
`
`
`
`
`and the external terminal 200.
`
`
`
`
`
`The external terminal will be not described in great
`
`
`
`
`
`
`
`
`
`detail as its structure can be relatively conventional. It is
`
`
`
`
`
`
`
`
`
`
`shown to include a central processing unit 201 coupled
`
`
`
`
`
`
`
`
`
`by means of an internal bus 210 to a main terminal stor-
`
`
`
`
`
`
`
`
`
`
`
`age section 203, a display input/output 204 and a key-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`10
`
`
`
`15
`
`
`
`20
`
`
`
`25
`
`
`
`30
`
`
`
`35
`
`
`
`
`
`45
`
`
`
`50
`
`
`
`55
`
`
`
`
`
`65
`
`
`
`
`
`Page 10 of 20
`
`Page 10 of 20
`
`
`
`7
`security control circuit 51 is coupled to the interface bus
`
`
`
`
`
`
`
`
`
`140 and performs the function of controlling access to
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the security memory 50, receiving security related in-
`formation which originated from the security memory
`
`
`
`
`
`
`
`50, and performing a security comparison of internal
`
`
`
`
`
`
`
`
`and external security information before allowing ac-
`
`
`
`
`
`
`cess between the interface bus 140 and the main mem-
`
`
`
`
`
`
`
`
`
`ory 4. In FIG. 1, the interface bus 140 is shown inter-
`
`
`
`
`
`
`
`
`
`
`
`connecting the security control circuit 51 and security
`
`
`
`
`
`
`
`
`
`memory 50, illustrating that the external terminal has
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the ability for limited access to the security memory in
`
`
`
`
`
`
`
`performance of the security check. Also shown con-
`
`
`
`
`
`
`
`
`
`
`necting those modules is an internal bus 152 which is
`
`
`
`
`
`
`
`
`provided only between the security memory 50 and
`security control circuit 51. Such bus, as will be de-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`scribed in greater detail below, provides a means for
`
`
`
`
`
`
`
`
`readout of security information which is not necessarily
`
`
`
`
`
`
`
`
`enciphered for coupling to the security control circuit
`
`
`
`
`
`
`
`
`
`
`in performance of the security check. The fact that the
`
`
`
`
`
`
`
`
`
`
`
`bus 152 is internal only and not coupled to the main
`
`
`
`
`
`
`
`
`interface bus 140 provides a significant degree of secu-
`
`
`
`
`
`
`
`
`
`rity when it is appreciated t