United States Patent [19]
`Kimnra
`
`||||l|llllllllllllllllllllllllll||||||lll|l||||Illlllllllllllll||l||Il|||||
`Usoo52316o9A
`
`[111 Patent Number:
`
`5,237,609
`
`[45] Date of Patent:
`
`Aug. 17, 1993
`
`[54] PORTABLE SECURE SEMICONDUCl'OR
`MEMORY DEVICE
`
`FOREIGN PATENT DOCUMENTS
`
`8;-'l984 European Pat. Off.
`0114522
`4/1937 European Pat. Off.
`0216298
`0286-D94 I0/1988 European Pat. Off.
`2503-I23 I0/1932 France .
`53-6-I91
`3ll9':'E Japan.
`2154344 9/1985 United Kingdom .
`
`.
`.
`.
`
`Primary Exorm'ner—David Cain
`Attorney. Agent. or F:‘nn—-—Leydig, Voit & Mayer
`
`[5 7]
`
`A.BSTRACI'
`
`A portable semiconductor memory device for interfac-
`ing with and exchanging information with an external
`terminal. said portable device having a security function
`for controlling access to a main memory. ‘The main
`memory is adapted to exchange data with the external
`terminal by means of an interface bus which includes
`data lines, address lines and control lines. Access con-
`trols means in the portable unit is utilized to control
`access to the main memory. The unit also has a security
`memory comprising two sections. One section stores
`enciphered data which is read out to the external termi-
`nal. deciphered and returned to the unit as the first
`element used in acomparlson. The second section of the
`security memory stores internal identification informa-
`tion. The two elements of identification information are
`provided to a comparator means which enables access
`to the main memory via the interface bus after a match
`is detected.
`
`33 Claims. 6 Drawing sheets
`
`Inventor: Masatoshi Kilnura, Itami, Japan
`[75]
`[73] Assignee:
`l\-litanhlahi Denkl Kaltnshiki Kaisha.
`Tokyo, Japan
`
`[21] App]. No: 498,848
`
`[22] Filed:
`
`Mar. 25, 1990
`
`Foreign Application Priority Data
`[30]
`Mar. 31.1989 [JP]
`Japan
`Mar. 31. 1989 [JP]
`Japan
`
`l-T1979
`l-‘H980
`
`[51]
`[52]
`
`Int. Cl.5 ............................................ .. G11]! 23/28
`LLS. Cl. ........................................ .. 380/3: 38%;’23;
`330/25; 380/19; 235/330
`[58] Field of Search ......................... 380/3. 23, 25, 49;
`235/330. 441, 382. 379. 492. 437
`
`References Cited
`U.S. PATENT DOCUMENTS
`4,317,355
`2.«’l9‘.'7 Moreno .
`4.092.524
`Sr’ 1978 Moreno
`4,102,493
`6/1912 Moreno ... ..
`4,69'?.(l'.l2 9/198'? Kawana
`4,734,569
`3/1988 Kawana et al.
`4.146.788
`5.:-1983 Kawana . ... . . . . . . . . .
`Kawana et al.
`4,730,602 10;’ 1938
`Kawana er al.
`4.794.236 12/ 1988
`1/1939 Hara
`4.197.542
`4,345.35] T/1989 Hara et al.
`5,E!l0.23'u‘ 4/199] Kawana
`5.120.939
`6;'l9'92 Claus et al.
`
`
`
`235/6|
`235K419
`_ . . .. 235/419
`235/380
`235/481‘
`. . . .. 235.3380
`..
`235/330
`235/44]
`235/330
`23-5X49}.
`235/379
`2351382
`
`[561
`
`200
`‘../
`-j__.j._-_;-
`EXTERNAL TERMINAL Unrr
`"
`
`20|
`
`203
`
`204
`
`205
`
`'1
`202
`
`I I
`
`,
`
`‘
`
`INPUT)
`MAIN
`TERMJNAL OUTPUT
`sToI3rA<5E
`INTERFAC
`SEC ION
`?
`
`I
`
`a
`
`1
`I
`
`II
`
`to
`____ .._..__/.Z‘__..._
`I2
`9
`
`F
`I
`
`.362
`
`-I
`
`6""
`
`I
`
`7.}
`*9 ’!'
`3 I‘
`5a
`----------I- — — — H — —-——|
`’'"’—3f'''—50J !
`SECURITY
`V
`SECURITY
`I
`
`2”
`
`III
`I50
`
`24°
`
`a
`
`'
`
`INPUT.’
`OUTPUT
`INTERFACE
`gm,
`207
`
`06
`
`
`2
`
`|
`DISPLA
`
`CRT
`
`Y
`
`
`
`____c2‘:_-____1
`
`1
`
`KINGSTON 1005
`
`KINGSTON 1005
`
`

`

`S”U
`
`9
`
`W6.,
`
`tnm_0_n_
`
`...d1|InI.I|II|uu....11I....lIn-I...uua|.-.|I.||.I-|1.|..\\.mOO_OON
`
`
`
`
`
`._-Lm._........nvI\.1....|:I~....om.._o~._
`uoqmopmm_Watm.nomuow.._.:n_.So._<z=$_m._.LS_:1._5O¢N
`Eum_.fifiIi—2mnTmI—_...
`_1fln—_H......momSmmom
`
`
`
`
`HA___:m:2:._qz_z$=.:.__.=m§m
`
`.mEmmomm_an.uuEH.E,__muq..EE.z_
`
`
`
`
`.
`
`6..
`m-|I5._._o_~Fu.,m.._.w_m
`
`.53awow_t._m8mmnmqomfixg_
`
`2
`
`
`

`

`P0%NO_L
`
`tHm3
`
`m.......,uA
`
`2w%
`
`9
`
`1!Mhm.___
`
`m:::::::::::::1:Mmm7mm|_2..
`
`:8m_u5.zo:um.m_m
`
`33
`
`3
`
`

`

`M
`
`9
`
`W8mm
`
`2..II.Iu|!..III.|I.5,7-
`.taoma
`
`mm.o_h_
`
`P.
`
`n
`
`m___
`
`‘Ll.I..II..ll.|IIlI.lI..|.l.lII.I.....lII.I|1lI.|...
`
`
`M.4.
`
` ..mE5.8&____.o_mBII-IIM_
`
`IL
`
`53wax.“
`
`20.53
`
`N.
`
`4
`
`
`

`

`US. Patent
`
`Aug. 17, 1993
`
`sheet 4 of 5
`
`5,237,609
`
`F|G.4
`
`,_/50
`
`50b
`
`
`
`500
`
`
`
`
`INTERNAL
`IDENTIFICATION
`INFORMATION
`
`
`
`
`
`EXTERNAL
`IDENTIFICATION
`INFORMATION
`
`
`II III
`
`uoooo
`
`00000
`
`9
`
`_
`
`II-
`‘
`3
`-;....._,,
`
`IR
`I2
`E supm
`
`CHANGE-
`
` OVER
`
`
`
`II
`
`3
`
`i I ! !
`
`5
`
`

`

`U.S. Patent
`
`Aug. 17, 1993
`
`Sheet 5 of 6
`
`5,237,609
`
`Hm
`
`Em
`
`m_
`
`U8
`
`.oo_00_n_
`\.\\o
`
`
`
`.h_z_EH:umdn__2OU.n_z_.=,me
`
`325:2.4255IHI:ISI_
`now8%om.
`
`28
`
`Sum_u.29.-2.505mmP8:.ozaos9o:
`
`6
`
`
`
`
`

`

`U.S. Patent
`
`Aug. 17, 1993
`
`Sheet 6 of 6
`
`5,237,609
`
`INSERT CARD
`
`TERMINAL
`POWER "ON"
`
`3°°
`
`30'
`
`302
`
`READ ENCIPHERED EXTERNAL
`INFORMATION FROM
`NONVOLATILE MEMORY
`
`303
`
`N0
`
`DETERMINE WHETHER THIS sscunmr CHECK
`was OPERATION IS PERSONAL IDENTIFICATION
`NUMBER [PIN] warm METHOD on NOT mom
`DECIPI-IERED TEXT
`
`304
`
`
`
`
`
`
`ADD PIN INPUT BY user: To DECIPHERED
`TEXT AND DECIPHER STORAGE ADDRESSES
`'3,ES}§gH5%'Es5Tfi%AGE
`
`_AND READOUT SEQUENCE OF CODE ARRAY
`READOUT SEQUENCE
`
`NF 8 BITS X 4}
`OF CODE ARRAY
`
`3040
`
`
`
`
`
`WRITE CODE ARRAY FROM INTERNAL AREA
`
`
`OF NDNVOLATI LE MEMORY
`{OR CODE ARRAY STORING ROM)
`
`
`INTO COMPARATOR SUCCESSIVELY
`
`DECIPHER CONTENTS OF CODE ARRAY
`IN‘ OX4} FRM DECIPHER TEXT
`ADDED PIN
`
`305
`
`305
`
`WRITE DECIPHERED CODE IN COMPARATOR
`
`307
`
`EFFECT COMPARISON BETWEEN CODE ARRAY
`READ OUT FROM NONVOLATILE MEMORY
`IOR CODE ARRAY STORING ROM}
`AND DECIPHERED CODE ARRAY
`
`308
`
`
`
`ACCESS
`ALLOWED
`
` BOTH
`CODE
`ARRAYS
`MAICH
`'
`
`
`
`309
`
`NO
`
`3| 1
`
`ACCESS
`REFUSED
`
`7
`
`

`

`1
`
`5,237,609
`
`2
`select signal line 16, a write enable signal line 17 and an
`output enable signal line 13. The address, data, and
`control lines provide access to the semiconductor mem-
`ories Ilac:-fln in conventional fashion. The card select
`signal on line 16 is utilized to enable the semiconductor
`memory elements in a manner which will be described
`below.
`
`One further connection is provided from the terminal
`into which the memory card is inserted, and that is a
`supply of power which is coupled to power supply line
`11. A power supply sensing and changeover circuit
`generally indicated at 2 senses the application of power
`to the line 11. and couples that applied power to the
`rernaining circuitry for operation. It is noted that to
`maintain the information in the semiconductor memory
`4 during the substantial intervals when the card is not
`inserted in the terminal, a stand-by battery 6 is used to
`supply power to internal power bus 9 via current limit-
`ing resistor ‘! and a reverse poled charge prevention
`diode 8. However, whenever the card 1 is plugged into
`a terminal and a source of power is connected to exter-
`nal power bus ll, a sensing module 3 within the power
`supply changeover circuit 2 senses the voltage level on
`the bus 11 and in response thereto switches on a pm
`transistor 12 and thereby couples the external power
`source to the internal power bus 9. In addition, the
`sensing module 3 within the power supply changeover
`circuit 2 applies a high logic signal on output line 13
`which in turn is coupled to a G input ofa memory select
`circuit 5, providing a preliminary enabling signal to the
`circuit 5. Thus, whenever the power applied to the
`external bus 11 is higher than that supplied by the bat-
`ter)? 6. that condition is sensed by the power supply
`changeover circuit 2 and the sensing module 3 thereof
`performs two functions, namely {a} switches on the pass
`transistor 12 in order to supply external power to the
`internal bus 9 and (b) couples a high logic enabling
`signal to the control line 13 providing the preliminary
`enabling signal to the memory selection circuit 5.
`It is seen that the memory selection signal 5 has a
`series of outputs S;-5,, which are coupled respectively
`as enabling inputs 19a-19:: to associated semiconductor
`memory devices 49-43:. A selected one of those output
`lines is individually driven low depending upon the
`address signal coupled to the address inputs A, of the
`selector module 5. Thus. the higher order address bits
`from the address bus 15. which are coupled to the indi-
`vidual lines of address input A, are used to select which
`of the semiconductor memory devices -I-aa:4n will be
`active at any given time. It is noted that the address
`inputs and G input of selector 5 are provided with
`pullup rmistors 10 to assure that all memory devices
`do «in are disabled except when the inputs are i.nten-
`tionally driven low.
`A final input to the memory select circuit 5 is the 5
`which is coupled to the card select signal line 16 which
`is an element of the control lines of the interface bus 40.
`Thus, whenever the particular memory card 1 is se-
`lected, the external terminal couples a low logic signal
`to the line 16, and thus provides an enabling signal to
`the 3 input of selector 5.
`In summary, when power is applied to the external
`bus 11, the G input of select circuit 5 is driven high.
`Subsequently, when the card select input 16 is driven
`low, the 6 input of select circuit 5 is driven low, thus
`enabling the outputs of select circuit 5 to respond to the
`logic levels on the address inputs. Thus, the external
`
`PORTABLE SECURE SEMICONDUCTOR
`MEMORY DEVICE
`
`FIELD OF THE INVENTION
`
`This invention relates to portable semiconductor
`memory devices, and more particularly to such devices
`which include a security function intended to protect
`the information stored in the portable memory.
`BACKGROUND OF THE INVENTION
`
`10
`
`Memory devices such as memory cards can be
`thought of as divided into two classes—“smart cards"
`which have a microprocessor in addition to a main
`storage unit, and “memory cards" which have only
`memory but no programmable (or programmed} micro-
`processor.
`Because of the processing capability available in
`smart cars as a result of the on-board microprocessor,
`there are numerous security techniques useful with such
`cards for protecting the integrity of the data stored on
`the card. Thus the on-board microprocessor can per-
`form various functions in checking PIN numbers, hand
`shaking with a processor in an external terminal, per-
`forming, enciphering and deciphering operations on-
`board the smart card, and other techniques all prior to
`allowing access to the main memory on the card. Thus.
`significant capacity is available for insuring the integrity
`of the data in a smart card.
`However, in memory cards which do not have the
`power of an on-board microprocessor, the capacity for
`perfonning security checks before allowing access to
`the main memory is substantially more limited. In a
`memory card typically the data, address and control
`lines of the main memory modules are coupled directly
`to the card outputs and are thus available for read out
`either in a terminal for which the card is intended or
`otherwise. Thus, the opportunity is available for some-
`one intending to breach the security of the internal
`memory to directly access the memory device ii'reason-
`able care is taken in interfacing the data, address and
`control lines of the memory elements which are all
`readily available at the card connection points. Even
`when the card is used in a terminal For which it is in-
`tended, security functions are usually desirable. such as
`insertion of a PIN number by a user, or some means of
`insuring, based on a check of card stored information
`and terminal supplied processing power that the two are
`of intended compatability before memory access is al-
`lowed.
`With only hard wired logic elements at most avail-
`able on a memory card for performing the security
`function, insofar as applicant is aware, the techniques
`which have been made available for securing the stored
`information are not as reliable as could be desired.
`The security issue will be further developed with
`reference to FIG. 7 which shows a configuration of a
`conventional memory card having on-board semicon-
`ductor memory which is substantially non-secure. The
`portable semiconductor memory card 1 of FIG. 1
`carries an on-board semiconductor memory 4, usually
`comprised of an array of semiconductor memory de-
`vices 40-411. The address lines of the semiconductor
`memory devices 4-ac:-tn are coupled together to form
`an address bus 14, and the data lines coupled together to
`form a data hus 15. The address bus 14 and data bus 15
`are elements of an interface bus 40 comprising address
`lines 14, data lines 15. and control lines including a card
`
`25
`
`30
`
`35
`
`45
`
`50
`
`$5
`
`65
`
`8
`
`

`

`3
`terminal couples address signals to the high order bits
`on the address bus 15 which serve to individually select
`the outputs S1—S,,~ of the selector 5 and in turn individu-
`ally enable the semiconductor memory devices 4-a—4n.
`When enabled, a semiconductor memory device re-
`sponds to address signals on the address bus 15, to write
`or read signals and enable signals on the control lines 17.
`18 to either write information into the addressed semi-
`conductor memory location from the data bus 15 or
`read the information stored in the addressed location
`
`out onto the data bus 15, both for interfacing with the
`external terminal.
`
`With that understanding of a conventional memory
`card 1, it will be appreciated that the semiconductor
`memory 4 is in a relatively non-secure state. The data
`lines of the semiconductor memory, the address lines of
`the semiconductor memory and the control
`lines
`{read/write and enable) of the semiconductor memory
`are all available at
`the card output. Typically, such
`control signals will be directly available at the card
`contacts which are intended to interface with an exter-
`nal terminal. Even in the case where the card receives a
`serial message which is stored in a register or the like for
`coupling to a semiconductor memory,
`there is little
`security associated with the serial receiver or serial to
`parallel converter, and thus the terminals of the mem-
`ory devices themselves can be considered as being
`available to the outside world. While smart cards hav-
`ing on-board microprocessors can provide the desired
`security,
`it has been found impractical to provide an
`effective amount of security for the on-board memory
`using only hard wired logic elements.
`It will also be apparent that one can utilize such a
`semiconductor memory device in a terminal designed to
`accept it whether or not the individual possessing the
`card is indeed authorized to use it. There is no security
`check provided, it is sirnply necessary to couple the
`appropriate voltage levels or signals to the card, and the
`individual memory devices are directly addressed for
`writing or reading as desired.
`Even without a compatible terminal, it is relatively
`easy to access the contents of the memory 4. It is simply
`necessary to couple power to the external power bus 11,
`appropriate control signals, address signals and data
`signals to the interface bus 40, and the internal memory
`is directly accessible. Thus, an unauthorized individual,
`even without access to a compatible terminal, can ac-
`cess the memory and read out information which had
`been intended to be secure. As a further example. an
`unauthorized individual can write information into the
`semiconductor memory, and a subsequent user will be
`unaware that the security of the stored information has
`been breached. lf security is at all a factor in using a
`portable memory device, the limitations of the device
`illustrated in FIG. 7 will now be apparent.
`SUMMARY OF THE INVENTION
`
`it is a general aim of the
`In view of the foregoing,
`present invention to provide a portable memory device
`of inexpensive construction, and requiring no on-board
`microprocessor unit, but exhibiting a comparatively
`high degree of security provided in large measure by
`logic elements resident on board the card.
`ln that regard, it is an object of the present invention
`to provide at portable memory device in which the on-
`board memory is accessible to the outside only after
`completion of a security check which matches informa-
`tion stored in a separate section of memory on the card,
`
`10
`
`15
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`5,237,609
`
`4
`in which the security information available to the out-
`side is in enciphered form.
`'
`Stated differently, an object of the present invention
`is to provide a portable memory device in which exter-
`nal access is allowed to the on-board semiconductor
`memory only after a security check. which includes
`matching an identification code maintained internal to
`the card with a code deciphered by an external terminal
`from enciphered information received from the card.
`Awarding to a more detailed aspect of the invention,
`it is an object to provide a security memory on a porta-
`ble memory card in which the security memory is parti-
`tioned in such a way that only enciphered security in-
`formation is available to an interface bus while addi-
`tional security information which need not be enci-
`phered is maintained in a partition of memory which is
`accessible only within the card.
`According to one aspect of the invention, an object is
`to provide a secure portable semiconductor memory
`device in which security is provided by utilization of
`security codes stored in a partitioned on-board security
`memory, one partition of the memory containing enci-
`phered security information which is accessible to an
`interface bus, and the other partition containing security
`information which need not be enciphered but is avail-
`able only within the card and is isolated from the inter-
`face bus.
`In accordance with the invention there is provided a
`portable semiconductor memory unit for interfacing
`with and exchanging information with an external ter-
`minal. The unit includes a main memory and an inter-
`face bus for coupling the main memory to the external
`terminal. Enabling means selectively allows access to
`the main memory via the interface bus. The enabling
`means includes a security memory having a first section
`for storing enciphered external data and a second sec-
`tion for storing internal data which is isolated from the
`interface bus. The enabling means further includes a
`comparator having a first input for receiving deci-
`phercd external data from the external terminal which
`results from deciphering of the enciphered external data
`received from the card via the interface bus. The com-
`parator has a second input for receiving internal data
`from the second section of the security memory. Fi-
`nally, the comparator has an output which causes the
`enabling means to allow access between the external
`terminal and the main memory up-on detection of a
`match between the internal and external data.
`It is a feature of the invention that any security infor-
`mation which is not in enciphered form is isolated from
`the interface bus so that the only security information
`available outside the card is enciphered. A further fea-
`ture of the invention is partitioning of the security mem-
`ory in such a way as to prevent read out of the section
`containing the non-enciphered information to the inter-
`face bus.
`
`A further feature of the invention is the storage on the
`card of two independent identification codes, an inter-
`nal identification code which need not be enciphered
`but which is isolated from the interface bus so that it is
`not ascertainable from outside, and an external identifi-
`cation code which is intended to be accessed by an
`external terminal. but which is enciphered and thus
`cannot readily reveal the internal identification code. In
`a preferred embodiment of the invention, it is a further
`feature that
`the enciphered external
`information in-
`cludcs address identification information used to ad-
`dress locations in the security memory at which the
`
`9
`
`

`

`5,237,609
`
`5
`internal identification code is stored. so that the value
`and sequence of the identification codes provide a fur-
`ther measure of security for the portable semiconductor
`memory.
`As a further feature of the invention, a PlN identifica-
`tion number input by a user into an external terminal
`can be combined with the external security information
`in order to provide further security and further limit
`access to only those who are in possession of the PIN
`number.
`Other objects and advantages will become apparent
`upon references to the following detailed description
`when talten in conjunction with the drawings in which:
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. I is a block diagram showing a secure memory
`system including an external terminal unit coupled via
`an interface bus to a portable memory device;
`FIG. 2 is a block diagram illustrating additional de-
`tails of the security aspects of the portable memory
`device of FIG. 1;
`FIG. 3 is a block diagram illustrating additional de-
`tails of a comparator circuit useful in connection with
`the embodiments of the present invention;
`FIG. 4 is a diagram illustrating memory partitioning
`for the security memory of the system of FIG. 1;
`FIG. 5 is a block diagram illustrating a second exem-
`plary portable memory device exemplifying the present
`invention;
`FIG. 6 is a flowchart illustrating the operation of the
`Secure memory system according to the present inven-
`tion; and
`FIG. 7 is a block diagram illustrating a memory card
`exemplifying the prior art.
`While the invention will be described in connection
`with certain preferred embodiments, there is no intent
`to limit it to those embodiments. On the contrary, the
`intent
`is to cover all alternatives, modifications and
`equivalents included within the spirit and scope of the
`invention as defined by the appended claims.
`DETAILED DESCRIPTION OF THE
`PREFERRED EMBODIMENTS
`
`Turning now to the drawings, FIG. 1 shows a porta-
`ble memory card 100 exemplifying the present inven-
`tion and interfaced to an external terminal 200. The
`electrical connection between the devices is schemati-
`cally illustrated by connector 150. In practice, the exter-
`nal terminal will preferably include a slot or other close
`fitting receptacle into which the memory device ‘I00 is
`inserted and which will cause mating of electrical
`contacts between the portable card 100 and the external
`terminal 200. such mating being illustrated by the afore-
`mentioned counector 159. As illustrated in FIG. 1. the
`connections include those made to an interface bus 140
`as well as a power bus 111. It is seen that the external
`terminal includes a similar power bus 211 and interface
`bus 241-!) coupled to the connector 150, such that the
`terminal unit 200 supplies DC power to the portable
`card 100. In addition. the coupling of bosses 140, 240
`causes the connection of data lines. address lines and
`control lines between the portable memory card 100
`and the external terminal 200.
`The external terminal will be not described in great
`detail as its structure can be relatively conventional. It is
`shown to include a central processing unit 201 coupled
`by means of an internal bus 210 to a main terminal stor-
`age section 203, a display input/output 204 and a key-
`
`10
`10
`
`6
`board input/output 205. The main terminal storage
`section 203 includes a main semiconductor memory
`which is used for storing a program of instructions for
`operating the processing unit 201, for storing informa-
`tion which is to be coupled to the portable memory unit
`10!] and for storing information received from the porta-
`ble memory tmll. 100. The storage section 203 in effect
`serves as the main memory for the external terminal
`200. It can be configured as a single unit or in individual
`blocks, as desired. The main terminal 200 also includes
`a clock generating circuit 202 which provides clock
`signals for the CPU 201 and additionally controls the
`timing of signals which are coupled to the portable
`memory unit 100 when such unit is connected.
`The input/output interface 204 is coupled to and
`therefore drives a CRT display unit 296 for displaying
`information to a user of the external terminal. Similarly,
`the input/output interface 205 is coupled to a keyboard
`20‘) to receive irtformation keyed into the keyboard by
`such a user. Thus, the terminal unit 200 can be consid-
`ered relatively conventional as including the major
`elements familiar to those working in this art. However,
`the main terminal storage section 203, as will be de-
`scribed below, also includes a program module capable
`of receiving enciphered external information from the
`security memory of the portable semiconductor device
`100. deciphering such information and causing the CPU
`201 to drive its address, data and control lines in such a
`way as to cause a security check to be completed in the
`portable semiconductor unit 100. Such program module
`principally deciphers the enciphered external informa-
`tion. writes the deciphered identification information
`into a comparator in the portable semiconductor mem-
`ory. and uses address identification information derived
`from the deciphered information to address a security
`memory in the portable semiconductor memory unit for
`reading out into the comparator the internal identifica-
`tion code for comparison with the deciphered external
`identification code.
`
`Directing attention then to the structure of the porta-
`ble semiconductor device IIJIJ, it is seen. like the prior
`art semiconductor device, to include a main memory 4
`having an internal power bus 9 supplied with stand-by
`power from a battery 6 via current limiting resistor 7
`and charge protection diode 8. The internal power bus
`9 is connected via power supply changeover circuit 2 to
`an external power bus 111. As with the prior portable
`memory device, when the power bus 111 is supplied
`with power at a voltage higher than that of the internal
`battery 6, the changeover circuit 2 senses that condi-
`tion, couples the external power source to the internal
`bus 9 and couples a high enabling signal to enabling line
`13 which is coupled in turn to input G1 of the memory
`selection circuit 54:.
`-
`The main memory 4 is shown to have an interface bus
`140, which is illustrated as a single bus in FIG. 1, but
`which includes data lines, address lines and control lines
`as will be described in greater detail below. Those lines
`are coupled directly to the main memory 4, but in prac-
`ticing the invention are not allowed to directly access
`the main memory until after successful completion of a
`security check routine which is controlled by informa-
`tion in the portable device 100, at least some of which is
`inaccessible to the interface bus and therefore practi-
`cally inaccesslble outside the card.
`In practicing the security aspects of the invention, a
`security memory 50, preferably a nonvolatile memory.
`is provided for storing security related information. A
`
`10
`
`15
`
`20
`
`25
`
`35
`
`45
`
`55
`
`65
`
`

`

`5,237,609
`
`7
`security control circuit 51 is coupled to the interface bus
`140 and performs the function of controlling access to
`the security memory 50. receiving security related in-
`formation which originated from the security memory
`50, and performing a security comparison of internal
`and external security information before allowing ac-
`cess between the interface bus 140 and the main mem-
`ory 4. In FIG. I. the interface bus 14-0 is shown inter-
`connecting the security control circuit 51 and security
`memory 50, illustrating that the external terminal has
`the ability for limited access to the security memory in
`performance of the security check. Also shown con-
`necting those modules is an internal bus 152 which is
`provided only between the security memory 50 and
`security control circuit 51. Such bus, as will be de-
`scribed in greater detail below, provides a means for
`readout of security information which is not necessarily
`enciphered for coupling to the security control circuit
`in performance of the security check. The fact that the
`bus 152 is internal only and not coupled to the main
`interface bus 140 provides a significant degree of secu-
`rity when it is appreciated that the only information
`which is available to the interface bus is in enciphered
`format, and only external terminals of approved form
`have the ability to utilize the encipher key to decipher
`the enciphered security information.
`The memory selection circuit 5:: is provided, in addi-
`tion to enabling inputs G1 and G. with a second en-
`abling input, labeled G2, and that input is driven by the
`security control circuit 51. A pulldown resistor 52 main-
`tains the input G2 in the low condition at all times ex-
`cept after the card is inserted into the compatible exter-
`nal terminal and a security check procedure success-
`fully performed. After successful performance of such
`procedure, the security control circuit 51 provides a
`high logic signal on output line 31, such logic signal
`being coupled to enabling input G1 of the main memory
`of the memory selector circuit. Thus, with a high logic
`level signal applied to terminal G1 of the circuit (as a
`result of the card having positive voltage applied to the
`internal bus 9 as sensed by power supply changeover
`circuit 2), as a result of a low 5 signal applied by the
`card select input 16, and as a result of the high logic
`signal being applied to input (32 in response to success-
`ful performance of a security check, the memory selec-
`tor circuit So is enabled to respond to address signals on
`address bus 14 to individually enable the semiconductor
`memory devices which make up the main memory -1. In
`FIG. 1, the main memory 4 is illustrated as a single
`block, but it is pointed out that such block is typically
`made up of individual memory chips 4-ca:-In as illus-
`trated in connection with FIG. 7, and that such chips
`are individually enabled by individual enablement sig-
`nals 190-19:-1, such enabling signals being illustrated in
`FIG. I by the multi—ccnductor bus 19.
`Turning then to FIG. 2, there are illustrated further
`details of the security control circuit 51 of the system of
`FIG. 1. The main memory I, associated power compo-
`nents. and memory selection circuit 5:: are enclosed in
`FIG. 1 in a box labeled la, and that box is illustrated in
`FIG. 2 with the internal detail omitted. The only ele-
`ment shown within the block la in FIG. 2 is the G2
`
`input of memory selector circuit 50. it-, thc input which
`is driven by the security control circuit in order to
`enable access between the interface bus and the main
`memory after successful performance of a security
`check.
`
`30
`
`8
`The information which is primarily involved in the
`security check is stored in the security memory 58.
`illustrated at the right of FIG. 2. As noted above, the
`security memory 50 is a nonvolatile memory which
`contains two forms of security information, namely,
`external identification information intended to be read
`out to the external tenninal and which is maintained in
`enciphered form, and internal identification information
`which need not be enciphered and is available only
`to within the portable unit 100. For purposes of economy.
`the non-volatile security memory 50 is preferably a read
`only memory, such as an EPROM or EEPROM. In the
`FIG. 2 embodiment, the security memory 50 is a single
`memory device which is memory mapped into upper
`15 and lower addressable sections for storing the respec-
`tive internal and external security information.
`FIG. 2 shows the security control circuit 51 as in-
`cluding a comparator element 60 which serves to com-
`pare internal and external security information. and a
`20 selection circuit 61 which is operable to allow an exter-
`nal ternnnal to control the security memory 50 and
`comparator 60 in performing a security check proce-
`dure. A number of gates and the like, to be described in
`greater detail below, interconnect such elements, and it
`15 will now be appreciated that this security control cir-
`cult is comprised of hard wired logic elements and does
`not require the power or programming of a micro-
`processor in order to provide a substantial degree of
`security protection to the main memory 59.
`The comparator 60 can be considered as divided into
`two sections, an internal
`information section 605 for
`receiving and holding internal identification informa-
`tion directly from the security memory 50. and an exter-
`nal information section 605 for receiving and holding
`35 information which had originated from the security
`memory 50 but which had been transferred to the exter-
`nal terminal, deciphered then returned to the portable
`unit 100. When the information stored in the two halves
`of the comparator circuit matches, an intermediate
`40 comparator section 60: produces a high logic signal on
`the Q output and, as discussed in reasonable detail
`above, such logic signal is coupled by means of line 31
`to the G2 enabling input of the security control circuit
`51 in order to allow access by way of the interface bus
`45 14-0 between the external terminal and the main memory
`4 of the portable unit 100.
`The manner in which those functions are perforated
`will now be described in greater detail. First of all, it is
`seen that the security memory, as is conventional, has
`50 address
`inputs
`for addressing individual
`locations
`within the memory. and data lines which will carry
`logic levels corresponding to the information stored in
`the addressed location in memory. The security mem-
`ory 50 also has a chip enable input CE driven low by a
`55 line 26 whenever information is to be read out of the
`security memory. and