HAVA
`oy
`5,237,609
`[45]
`Aug. 17, 1993
`
`Patent Number:
`
`Date of Patent:
`
`US005237609A
`
`.
`.
`.
`
`United States Patent 115;
`Kimura
`
`[54] PORTABLE SECURE SEMICONDUCTOR
`MEMORYDEVICE
`
`Inventor:
`[75]
`[73] Assignee:
`
`[56]
`
`FOREIGN PATENT DOCUMENTS
`0114522
`8/1984
`European Pat. Off.
`Masatoshi Kimura, Itami, Japan
`0216298
`4/1987
`European Pat. Off.
`0286094 10/1988
`European Pat. Off.
`Mitsubishi Denki Kabushiki Kaisha,
`2503423 10/1982 France .
`53-6491
`3/1978 Japan .
`Tokyo; Japan
`2154344 9/1985 United Kingdom .
`[21] Appl. No.: 498,848
`Primary Examiner—David Cain
`[22] Filed:
`Mar, 26, 1990
`Attorney, Agent, or Firm—Leydig, Voit & Mayer
`[30]
`Foreign Application Priority Data
`57)
`ABSTRACT
`Mar. 31,1989 [JP]
`Japan cece. 77979
`A portable semiconductor memory device for interfac-
`Mar. 31, 1989 [JP]
`Japan 2... .csescsessesscccsessereeseeere 177980
`«in With and exchanging information with an external
`FSi) Wet WSccc G11B 23/28
`terminal, said portable device havinga security function
`[52] WS. CMe cecesssssecessesssssssssnsesnsensein 380/3; 380/23,
`for controlling access to a main memory. The main
`380/25; 380/19; 235/380
`[58] Field of Search .......cscsssssseseee 380/3, 23, 25, 49;|memory is adapted to exchange data with the external
`235/380, 441, 382, 379, 492, 487
`terminal by means of an interface bus which includes
`?
`data lines, address lines and control lines. Access con-
`References Cited
`trols means in the portable unit is utilized to control
`U.S. PATENT DOCUMENTS
`access to the main memory. The unit also has a security
`memory comprising two sections. One section stores
`peley eee Moree .
`eet enciphered data whichis read out to the externa! termi-
`
`4,102,493
`6/1978 MOrEnO cecescecssecevseveesererrereve 235/419
`nal, deciphered and returned to the unit as the first
`4,697,072 9/1987 Kawana......
`we 235/380
`element used in a comparison. The second sectionof the
`
`3/1988 Kawana et al.
`seve 235/487
`4,734,569
`security memory stores internal identification informa-
`4,746,788
`5/1988 Kawana ons seciccscniccnieen 235/380
`tion. The two elements ofidentification information are
`
`Kawanaetal. ....
`it
`we 235/380
`4,780,602 10/1988
`
`provided to a comparator means which enables access
`Kawana et al.
`....
`«» 235/441
`4,794,236 12/1988
`
`to the main memory via the interface bus after a match
`1/1989 Hara wee
`vue 235/380
`4,797,542
`csccscsssesecesssersere 235/492
`~_—«s detected.
`4,845,351
`7/1989 Hara et ale
`5,010,237
`4/1991 Kawana.....
`seuee 235/379
`5,120,939
`
`33 Claims, 6 Drawing Sheets
`
`TERMINAL
`STORAGE
`SECTION
`
`6/1992 Claus et al. vsecssscrssssesneee 235/382 MAIN
`
`Ee. aeoea
`
`
`KEYBOARD
`
`SECURITY
`
`Y
`
`Te el
`
`1
`
`KINGSTON 1005
`
`KINGSTON 1005
`
`

`

`U.S. Patent Tie
`
`Aug. 17, 1993
`
`Sheet 1 of 6
`
`5,237,609
`
`!
`
`2
`
`Old
`
`002
`
`ogE-
`
`
`
`LINATWNINYSLTIWNYSLX3
`
`

`

`5,237,609
`
`Sheet 2 of 6
`
`U.S. Patent
`
`Aug, 17, 1993
`
`3
`
`

`

`U.S. Patent
`
`Aug. 17, 1993
`
`Sheet 3 of 6
`
`5,237,609
`
` aLINDYID
`SRESSaEE
`
`HOLV1
`
`StEE
`
`Z|
`
`4
`
`
`

`

`U.S. Patent
`
`Aug. 17, 1993
`
`Sheet 4 of 6
`
`5,237,609
`
`FIG. 4
`
`lbtt
`
`10000
`
`00000
`
`
`
`
`EXTERNAL
`IDENTIFICATION
`INFORMATION
`
`
`
`
`INTERNAL
`IDENTIFICATION
`
`INFORMATION
`
`°
`
`50b
`
`[-~004
`
`I
`
`—_
`
`1 oe6 yj 52 9 ES
`
`
`
`» SUPPLY
`8—~A
`
`
`
`Pasi
`CHANGE-
`
`OVER
`
`CIRCUIT
`
`5
`
`

`

`U.S. Patent
`
`Aug. 17, 1993
`
`Sheet 5 of 6
`
`5,237,609
`
`40S
`
`||
`
`WOU
`
`vl
`
`60
`
`ONIMOLS|ZG||
`
`“EESVNUALXS
`
`yOLY“NIULNGGI
`oaA"7
`
`
`
`eeail
`
`WOU
`
`i)|
`
`6
`
`
`
`

`

`U.S. Patent
`
`Aug. 17, 1993
`
`Sheet 6 of 6
`
`5,237,609
`
`FIG. 6
`
`INSERT CARD
`
`TERMINAL
`POWER “ON“
`
`300
`
`301
`
`302
`
`304
`
`READ ENCIPHERED EXTERNAL
`INFORMATION FROM
`NONVOLATILE MEMORY
`303-—OETERMINE WHETHER THIS SECURITY CHECK
`YES| OPERATION 1S PERSONAL IDENTIFICATION
`NUMBER (PIN) KEYIN METHOD OR NOT FROM
`
`DECIPHERED TEXT
`
`
`ADD PIN INPUT BY USER TO DECIPHERED
`TEXT AND DECIPHER STORAGE ADDRESSES
`ORDREacesane
`
`AND READOUT SEQUENCE OF CODE ARRAY
`READOUT SEQUENCE
`
`OF CODE ARRAY
`(N= 8BITS x4)
`
`
`|NO
`
`
`3040
`
`
`
`
`WRITE CODE_ARRAY FROM INTERNAL AREA
`
`
`OF NONVOLATILE MEMORY
`(OR CODE ARRAY STORING ROM)
`
`
`INTO COMPARATOR SUCCESSIVELY
`DECIPHER CONTENTS OF CODE ARRAY
`(N84) FROM DECIPHER TEXT
`ADDED PIN
`
`305
`
`306
`
`WRITE DECIPHERED CODE IN COMPARATOR
`
`307
`
`
`EFFECT COMPARISON BETWEEN CODE ARRAY
`READ OUT FROM NONVOLATILE MEMORY
`
`{OR CODE ARRAY STORING ROM)
`
`AND DECIPHERED CODE ARRAY
`
`
`
`
`
`308
`
`30!
`
`YES
`
`ACCESS
`ALLOWED
`
`
`
`31
`
`ACCESS
`REFUSED
`
`7
`
`

`

`1
`
`5,237,609
`
`PORTABLE SECURE SEMICONDUCTOR
`MEMORY DEVICE
`
`FIELD OF THE INVENTION
`
`This invention relates to portable semiconductor
`memory devices, and moreparticularly to such devices
`which include a security function intended to protect
`the information stored in the portable memory.
`BACKGROUND OF THE INVENTION
`
`2
`select signal line 16, a write enablesignalline 17 and an
`output enable signal line 18. The address, data, and
`control lines provide access to the semiconductor mem-
`ories 4a<4n in conventional fashion. The card select
`signal on line 16is utilized to enable the semiconductor
`memory elements in a manner which will be described
`below.
`One further connection is provided from the terminal
`into which the memory card is inserted, and that is a
`supply of power which is coupled to power supply line
`11. A power supply sensing and changeover circuit
`generally indicated at 2 senses the application of power
`Memory devices such as memory cards can be
`thought of as divided into two classes—“smart cards”
`to the line 11, and couples that applied power to the
`which have a microprocessor in addition to a main
`remaining circuitry for operation. It is noted that to
`storage unit, and “memory cards” which have only
`maintain the information in the semiconductor memory
`memory but no programmable (or programmed) micro-
`4 during the substantial intervals when the card is not
`processor.
`inserted in the terminal, a stand-by battery 6 is used to
`Because of the processing capability available in
`supply power to internal power bus 9 via current limit-
`smart cars as a result of the on-board microprocessor,
`ing resistor 7 and a reverse poled charge prevention
`there are numerous security techniques useful with such
`diode 8. However, whenever the card 1 is plugged into
`cards for protecting the integrity of the data stored on
`a terminal and a source of poweris connected to exter-
`the card. Thus the on-board microprocessor can per-
`nal powerbus 11, a sensing module 3 within the power
`form various functions in checking PIN numbers, hand
`supply changeover circuit 2 senses the voltage level on
`shaking with a processor in an external terminal, per-
`the bus 11 and in response thereto switches on a pass
`forming, enciphering and deciphering operations on-
`transistor 12 and thereby couples the external power
`board the smart card, and other techniques all prior to
`source to the internal power bus 9. In addition, the
`allowing access to the main memory on the card. Thus,
`sensing module 3 within the power supply changeover
`significant capacity is available for insuring the integrity
`circuit 2 applies a high logic signal on output line 13
`of the data in a smart card.
`which in turn is coupled to a G input ofa memoryselect
`However, in memory cards which do not have the
`circuit 5, providing a preliminary enabling signal to the
`power of an on-board microprocessor, the capacity for
`circuit 5. Thus, whenever the power applied to the
`performing security checks before allowing access to
`external bus 11 is higher than that supplied by the bat-
`the main memory is substantially more limited. In a
`tery 6, that condition is sensed by the power supply
`memory card typically the data, address and control
`changeover circuit 2 and the sensing module 3 thereof
`lines of the main memory modules are coupled directly
`performs two functions, namely (a) switches on the pass
`to the card outputs and are thus available for read out
`transistor 12 in order to supply external power to the
`either in a terminal for which the card is intended or
`internal bus 9 and (b) couples a high logic enabling
`otherwise. Thus, the opportunity is available for some-
`signal to the control line 13 providing the preliminary
`one intending to breach the security of the internal
`enabling signal to the memoryselection circuit 5.
`memory to directly access the memory deviceif reason-
`It is seen that the memory selection signal 5 has a
`able care is taken in interfacing the data, address and
`series of outputs S;-S, which are coupled respectively
`contro! lines of the memory elements which are all
`as enabling inputs 192-19n to associated semiconductor
`readily available at the card connection points. Even
`when the card is used in a terminal for which it is in-
`memory devices 4a-4n. A selected one of those output
`lines is individually driven low depending upon the
`tended, security functions are usually desirable, such as
`address signal coupled to the address inputs A, of the
`insertion of a PIN number by a user, or some means of
`selector module 5. Thus, the higher order address bits
`insuring, based on a check of card stored information
`from the address bus 15, which are coupled to the indi-
`and terminal supplied processing powerthat the two are
`vidual lines of address input A, are used to select which
`of intended compatability before memory access is al-
`lowed.
`of the semiconductor memory devices 4a «4n will be
`active at any given time. It is noted that the address
`With only hard wired logic elements at most avail-
`inputs and G input of selector 5 are provided with
`able on a memory card for performing the security
`pullup resistors 10 to assure that all memory devices
`function, insofar as applicant is aware, the techniques
`4a <4n are disabled except when the inputs are inten-
`which have been made available for securing the stored
`information are not as reliable as could be desired.
`tionally driven low.
`A final input to the memory select circuit 5 is the G
`The security issue will be further developed with
`which is coupled to the card select signal line 16 which
`reference to FIG. 7 which showsa configuration of a
`is an elementof the control lines of the interface bus 40.
`conventional memory card having on-board semicon-
`Thus, whenever the particular memory card1is se-
`ductor memory which is substantially non-secure. The
`lected, the external terminal couples a low logic signal
`portable semiconductor memory card 1 of FIG. 7
`to the line 16, and thus provides an enabling signal to
`carries an on-board semiconductor memory 4, usually
`the G inputofselector 5.
`comprised of an array of semiconductor memory de-
`vices 4a-4n, The address lines of the semiconductor
`In summary, when poweris applied to the external
`memory devices 4a<4n are coupled together to form
`bus 11, the G input ofselect circuit 5 is driven high.
`an address bus 14, and the data lines coupled together to
`Subsequently, when the card select input 16 is driven
`form a data bus 15. The address bus 14 and data bus 15
`low, the G input ofselect circuit 5 is driven low, thus
`enabling the outputsofselect circuit 5 to respond to the
`are elements of an interface bus 40 comprising address
`lines 14, data lines 15, and control lines including a card
`logic levels on the address inputs. Thus, the external
`
`10
`
`40
`
`45
`
`50
`
`35
`
`65
`
`8
`
`

`

`5,237,609
`
`3
`terminal couples address signals to the high orderbits
`on the address bus 15 which serve to individually select
`the outputs S)-S, of the selector 5 and in turn individu-
`ally enable the semiconductor memory devices 4a—4n.
`When enabled, a semiconductor memory device re-
`sponds to address signals on the address bus 15, to write
`or read signals and enable signals on the controllines 17,
`18 to either write information into the addressed semi-
`conductor memory location from the data bus 15 or
`read the information stored in the addressed location
`out onto the data bus 15, both for interfacing with the
`external terminal.
`With that understanding of a conventional memory
`card 1, it will be appreciated that the semiconductor
`memory 4 is in a relatively non-secure state. The data
`lines of the semiconductor memory,the addresslines of
`the semiconductor memory and the control
`lines
`(read/write and enable) of the semiconductor memory
`are all available at
`the card output. Typically, such
`control signals will be directly available at the card
`contacts which are intended to interface with an exter-
`nal terminal. Even in the case where the card receives a
`seria] message whichis stored in a register orthelike for
`coupling to a semiconductor memory,
`there is little
`security associated with the serial receiver or serial to
`parallel converter, and thus the terminals of the mem-
`ory devices themselves can be considered as being
`available to the outside world. While smart cards hav-
`ing on-board microprocessors can provide the desired
`security,
`it has been found impractical to provide an
`effective amount of security for the on-board memory
`using only hard wired logic elements.
`It will also be apparent that one can utilize such a
`semiconductor memory device in a terminal designed to
`accept it whether or not the individual possessing the
`card is indeed authorized to use it. There is no security
`check provided, it is simply necessary to couple the
`appropriate voltage levels or signals to the card, and the
`individual memory devices are directly addressed for
`writing or reading as desired.
`Even without a compatible terminal, it is relatively
`easy to access the contents of the memory 4.It is simply
`necessary to couple powerto the external powerbus 11,
`appropriate control signals, address signals and data
`signals to the interface bus 40, and the internal memory
`is directly accessible. Thus, an unauthorized individual,
`even without access to a compatible terminal, can ac-
`cess the memory and read out information which had
`been intended to be secure. As a further example, an
`unauthorized individual can write information into the
`semiconductor memory, and a subsequent user will be
`unawarethat the security of the stored information has
`been breached. If security is at all a factor in using a
`portable memory device, the limitations of the device
`illustrated in FIG. 7 will now be apparent.
`SUMMARY OF THE INVENTION
`
`In view of the foregoing, it is a general aim of the
`present invention to provide a portable memory device
`of inexpensive construction, and requiring no on-board
`microprocessor unit, but exhibiting a comparatively
`high degree of security provided in large measure by
`logic elements resident on board the card.
`In that regard, it is an object of the present invention
`to provide a portable memory device in which the on-
`board memory is accessible to the outside only after
`completion of a security check which matches informa-
`tion stored in a separate section of memory on the card,
`
`4
`in which the security information available to the out-
`side is in enciphered form.
`Stated differently, an object of the present invention
`is to provide a portable memory device in which exter-
`nal access is allowed to the on-board semiconductor
`memory only after a security check, which includes
`matching an identification code maintained internal to
`the card with a code deciphered by an external terminal
`from enciphered information received from the card.
`According to a more detailed aspect of the invention,
`it is an object to provide a security memory on a porta-
`ble memory card in which the security memory is parti-
`tioned in such a way that only enciphered security in-
`formation is available to an interface bus while addi-
`tional security information which need not be enci-
`phered is maintained in a partition of memory whichis
`accessible only within the card.
`According to one aspect of the invention, an object is
`to provide a secure portable semiconductor memory
`device in which security is provided by utilization of
`security codes stored in a partitioned on-board security
`memory, one partition of the memory containing enci-
`phered security information which is accessible to an
`interface bus, and the other partition containing security
`information which need not be enciphered but is avail-
`able only within the card andis isolated from theinter-
`face bus.
`In accordance with the invention there is provided a
`portable semiconductor memory unit for interfacing
`with and exchanging information with an external ter-
`minal. The unit includes a main memory and an inter-
`face bus for coupling the main memory to the external
`terminal. Enabling means selectively allows access to
`the main memory via the interface bus. The enabling
`means includes a security memory having a first section
`for storing enciphered external data and a second sec-
`tion for storing internal data whichis isolated from the
`interface bus. The enabling means further includes a
`comparator having a first input for receiving deci-
`phered external data from the external terminal which
`results from deciphering of the enciphered external data
`received from the card via the interface bus. The com-
`parator has a second input for receiving internal data
`from the second section of the security memory. Fi-
`nally, the comparator has an output which causes the
`enabling means to allow access between the external
`terminal and the main memory upon detection of a
`match between the internal and externaldata.
`It is a feature of the invention that any security infor-
`mation which is not in enciphered form is isolated from
`the interface bus so that the only security information
`available outside the card is enciphered. A further fea-
`ture of the invention is partitioning of the security mem-
`ory in such a way as to prevent read out of the section
`containing the non-enciphered information to the inter-
`face bus.
`A furtherfeature of the inventionis the storage on the
`card of two independent identification codes, an inter-
`nal identification code which need not be enciphered
`but whichis isolated from the interface bus so thatit is
`not ascertainable from outside, and an external identifi-
`cation code which is intended to be accessed by an
`external terminal, but which is enciphered and thus
`cannot readily reveal the internal identification code. In
`a preferred embodimentofthe invention,it is a further
`feature that
`the enciphered external
`information in-
`cludes address identification information used to ad-
`dress locations in the security memory at which the
`
`— 0
`
`15
`
`20
`
`25
`
`35
`
`45
`
`50
`
`35
`
`60
`
`65
`
`9
`
`

`

`5,237,609
`
`6
`board input/output 205. The main terminal storage
`section 203 includes a main semiconductor memory
`which is used for storing a program of instructions for
`operating the processing unit 201, for storing informa-
`tion whichis to be coupled to the portable memory unit
`100 and for storing information received from the porta-
`ble memory unit 100. The storage section 203in effect
`serves as the main memory for the external terminal
`200. It can be configured as a single unit or in individual
`blocks, as desired. The main terminal 200 also includes
`a clock generating circuit 202 which provides clock
`signals for the CPU 201 and additionally controls the
`timing of signals which are coupled to the portable
`memory unit 100 when such unit is connected.
`The input/output interface 204 is coupled to and
`therefore drives a CRT display unit 206 for displaying
`information to a user of the external terminal. Similarly,
`the input/output interface 205 is coupled to a keyboard
`207 to receive information keyed into the keyboard by
`such a user. Thus, the terminal unit 200 can be consid-
`ered relatively conventional as including the major
`elements familiar to those working in this art. However,
`the main terminal storage section 203, as will be de-
`scribed below,also includes a program module capable
`of receiving enciphered external information from the
`security memory of the portable semiconductor device
`100, deciphering such information and causing the CPU
`201 to drive its address, data and controllines in such a
`way as to cause a security check to be completed in the
`portable semiconductor unit 100. Such program module
`principally deciphers the enciphered external informa-
`tion, writes the deciphered identification information
`into a comparator in the portable semiconductor mem-
`ory, and uses address identification information derived
`from the deciphered information to address a security
`memory in the portable semiconductor memoryunit for
`reading out into the comparatorthe internal identifica-
`tion code for comparison with the deciphered external
`identification code.
`Directing attention then to the structure of the porta-
`ble semiconductor device 100, it is seen, like the prior
`art semiconductor device, to include a main memory 4
`having an internal power bus 9 supplied with stand-by
`power from a battery 6 via current limiting resistor 7
`and charge protection diode 8. The internal power bus
`9 is connected via power supply changeover circuit 2 to
`an external power bus 111. As with the prior portable
`memory device, when the power bus 111 is supplied
`with powerat a voltage higher than that of the internal
`battery 6, the changeover circuit 2 senses that condi-
`tion, couples the external power source to the internal
`bus 9 and couples a high enabling signal to enabling line
`13 which is coupled in turn to input Gl of the memory
`selection circuit 5a. -
`The main memory 4 is shown to have an interface bus
`140, which is illustrated as a single bus in FIG. 1, but
`which includes data lines, address lines and control lines
`as will be described in greater detail below. Those lines
`are coupled directly to the main memory4, but in prac-
`ticing the invention are not allowed to directly access
`the main memory until after successful completion of a
`security check routine which is controlled by informa-
`tion in the portable device 100,at least some of whichis
`inaccessible to the interface bus and therefore practi-
`cally inaccessible outside the card.
`In practicing the security aspects of the invention, a
`security memory 50, preferably a non-volatile memory,
`is provided for storing security related information. A
`
`10
`
`20
`
`30
`
`45
`
`50
`
`55
`
`65
`
`5
`internal identification code is stored, so that the value
`and sequenceofthe identification codes provide a fur-
`ther measure ofsecurity for the portable semiconductor
`memory,
`As a further feature of the invention, a PIN identifica-
`tion number input by a user into an external terminal
`can be combined with the external security information
`in order to provide further security and further limit
`access to only those whoare in possession of the PIN
`number.
`Other objects and advantages will become apparent
`upon references to the following detailed description
`when taken in conjunction with the drawings in which:
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG.1 is a block diagram showing a secure memory
`system including an external terminal unit coupled via
`an interface bus to a portable memory device;
`FIG. 2 is a block diagram illustrating additional de-
`tails of the security aspects of the portable memory
`device of FIG. 1;
`FIG. 3 is a block diagram illustrating additional de-
`tails of a comparator circuit useful in connection with
`the embodiments of the present invention;
`FIG. 4 is a diagram illustrating memory partitioning
`for the security memory of the system of FIG. 1;
`FIG. 5 is a block diagram illustrating a second exem-
`plary portable memory device exemplifying the present
`invention;
`FIG. 6 is a flowchart illustrating the operation of the
`secure memory system according to the present inven-
`tion; and
`FIG. 7 is a block diagram illustrating a memory card
`exemplifying the prior art.
`While the invention will be described in connection
`with certain preferred embodiments, there is no intent
`to limit it to those embodiments. On the contrary, the
`intent
`is to cover all alternatives, modifications and
`equivalents included within the spirit and scope of the
`invention as defined by the appended claims.
`DETAILED DESCRIPTION OF THE
`PREFERRED EMBODIMENTS
`
`Turning now to the drawings, FIG. 1 showsa porta-
`ble memory card 100 exemplifying the present inven-
`tion and interfaced to an external terminal 200. The
`electrical connection between the devices is schemati-
`cally illustrated by connector 150. In practice, the exter-
`nal terminal will preferably include a slot or other close
`fitting receptacle into which the memory device 100 is
`inserted and which will cause mating of electrical
`contacts between the portable card 100 and the external
`terminal 200, such mating beingillustrated by the afore-
`mentioned connector 150. As illustrated in FIG. 1, the
`connections include those madeto an interface bus 140
`as well as a power bus 111. It is seen that the external
`terminal includes a similar power bus 211 and interface
`bus 240 coupled to the connector 150, such that the
`terminal unit 200 supplies DC power to the portable
`card 100. In addition, the coupling of busses 140, 240
`causes the connection of data lines, address lines and
`control lines between the portable memory card 100
`and the external terminal 200.
`The external terminal will be not described in great
`detail as its structure can be relatively conventional. It is
`shownto include a central processing unit 201 coupled
`by meansofan internal bus 210 to a main terminal stor-
`age section 203, a display input/output 204 and a key-
`
`10
`10
`
`

`

`+
`security control circuit 51 is coupled to the interface bus
`140 and performs the function of controlling access to
`the security memory 50, receiving security related in-
`formation which originated from the security memory
`50, and performing a security comparison of internal
`and external security information before allowing ac-
`cess between the interface bus 140 and the main mem-
`ory 4. In FIG. 1, the interface bus 140 is shown inter-
`connecting the security control circuit 51 and security
`memory 50, illustrating that the external terminal has
`the ability for limited access to the security memory in
`performance of the security check. Also shown con-
`necting those modules is an internal bus 152 which is
`provided only between the security memory 50 and
`security contro] circuit 51. Such bus, as will be de-
`scribed in greater detail below, provides a means for
`readoutof security information whichis not necessarily
`enciphered for coupling to the security control circuit
`in performanceof the security check. The fact that the
`bus 152 is internal only and not coupled to the main
`interface bus 140 provides a significant degree of secu-
`rity when it is appreciated that the only information
`which is available to the interface bus is in enciphered
`format, and only external terminals of approved form
`have the ability to utilize the encipher key to decipher
`the enciphered security information.
`The memoryselection circuit 5a is provided,in addi-
`tion to enabling inputs G1 and G, with a second en-
`abling input, labeled G2, and that inputis driven by the
`security controlcircuit 51. A pulldownresistor 52 main-
`tains the input G2 in the low condition at all times ex-
`ceptafter the card is inserted into the compatible exter-
`nal terminal and a security check procedure success-
`fully performed. After successful performance of such
`procedure, the security control circuit 51 provides a
`high logic signal on output line 31, such logic signal
`being coupled to enabling input G2 of the main memory
`of the memory selector circuit. Thus, with a high logic
`level signal applied to terminal G1 of the circuit (as a
`result of the card having positive voltage applied to the
`internal bus 9 as sensed by power supply changeover
`circuit 2), as a result of a low G signal applied by the
`card select input 16, and as a result of the high logic
`signal being applied to input G2 in response to success-
`ful performance of a security check, the memoryselec-
`tor circuit 5a is enabled to respond to address signals on
`address bus14 to individually enable the semiconductor
`memory devices which make up the main memory4. In
`FIG. 1, the main memory 4 is illustrated as a single
`block, but it is pointed out that such block is typically
`made up of individual memory chips 4a <4 as illus-
`trated in connection with FIG. 7, and that such chips
`are individually enabled by individual enablement sig-
`nals 19a-19n, such enabling signals being illustrated in
`FIG. 1 by the multi-conductor bus 19.
`Turning then to FIG. 2, there are illustrated further
`details of the security control circuit 51 of the system of
`FIG.1. The main memory4, associated power compo-
`nents, and memoryselection circuit 5a are enclosed in
`FIG. 1 in a box iabeled 1a, and that box is illustrated in
`FIG. 2 with the internal detail omitted. The only ele-
`ment shown within the block 1a in FIG. 2 is the G2
`input of memoryselectorcircuit 5a,i.¢., the input which
`is driven by the security control circuit in order to
`enable access between the interface bus and the main
`memory after successful performance of a security
`check.
`
`8
`The information which is primarily involved in the
`security check is stored in the security memory 50,
`illustrated at the right of FIG. 2. As noted above, the
`security memory 50 is a non-volatile memory which
`contains two forms of security information, namely,
`external identification information intended to be read
`out to the external terminal and which is maintained in
`enciphered form, and internal identification information
`which need not be enciphered and is available only
`within the portable unit 100. For purposes of economy,
`the non-volatile security memory 50 is preferably a read
`only memory, such as an EPROM or EEPROM. In the
`FIG. 2 embodiment,the security memory 50 is a single
`memory device which is memory mapped into upper
`and lower addressable sections for storing the respec-
`tive internal and external security information.
`FIG. 2 shows the security control circuit 51 as in-
`cluding a comparator element 60 which serves to com-
`pare internal and external security information, and a
`selection circuit 61 which is operable to allow an exter-
`nal terminal to control the security memory 50 and
`comparator 60 in performing a security check proce-
`dure. A numberofgates and the like, to be described in
`greater detail below, interconnect such elements, and it
`will now be appreciated that this security control cir-
`cuit is comprised of hard wired logic elements and does
`not require the power or programming of a micro-
`processor in order to provide a substantial degree of
`security protection to the main memory 50.
`The comparator 60 can be considered as divided into
`two sections, an internal
`information section 605 for
`receiving and holding internal identification informa-
`tion directly from the seeurity memory 50, and an exter-
`nal information section 606 for receiving and holding
`information which had originated from the security
`memory 50 but which had been transferred to the exter-
`nal terminal, deciphered then returned to the portable
`unit 100. When the information stored in the two halves
`of the comparator circuit matches, an intermediate
`comparator section 60c produces a high logic signal on
`the Q output and, as discussed in reasonable detail
`above, such logic signal] is coupled by means of line 31
`to the G2 enabling input of the security control circuit
`51 in order to allow access by way of the interface bus
`140 between the external terminal and the main memory
`4 of the portable unit 100.
`The manner in which those functions are performed
`will now be described in greater detail. First ofall, it is
`seen that the security memory, as is conventional, has
`address
`inputs
`for addressing individual
`locations
`within the memory, and data lines which will carry
`logic levels corresponding to the information stored in
`the addressed location in memory, The security mem-
`ory 50 also has a chip enable input CE driven low by a
`line 26 whenever information is to be read out of the
`security memory, and also an output enable input OE
`which also must be driven low in order to address and
`read out information from the security memory.
`The addresslines of the security memory 50 are con-
`nected to the address lines 14 of the interface bus 140 so
`that the external terminal has the capability of address-
`ing individual locations within the security memory 50.
`The data lines 62 of the security memory are not di-
`rectly coupled to the interface bus in order to maintain
`security of the internal
`identification information. In-
`stead, the data lines 62 of the security memory are cou-
`pled via a pair of tri-state buffers 63, 64 to two separate
`bus structures. The tri-state buffers are enabled alter-
`
`5,237,609
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`11
`11
`
`

`

`9
`nately, such that when anysetis active, the other set is
`maintained inactive. Thefirst set of tri-state buffers 63
`couples the data lines 62 of the security memory 50 to
`the internal data bus 152 such that data words addressed
`in the security memory can be read into the internal
`latch 60 of the comparatorcircuit 60 at an input data
`terminal DT.