WO1991003011A1 - Electronic memories - Google Patents

Electronic memories Download PDF

Info

Publication number
WO1991003011A1
WO1991003011A1 PCT/GB1990/001320 GB9001320W WO9103011A1 WO 1991003011 A1 WO1991003011 A1 WO 1991003011A1 GB 9001320 W GB9001320 W GB 9001320W WO 9103011 A1 WO9103011 A1 WO 9103011A1
Authority
WO
WIPO (PCT)
Prior art keywords
memory system
electronic memory
information
accessing
code
Prior art date
Application number
PCT/GB1990/001320
Other languages
French (fr)
Inventor
Wayne Albert Jonas
Original Assignee
Goldbeam Computing Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Goldbeam Computing Limited filed Critical Goldbeam Computing Limited
Publication of WO1991003011A1 publication Critical patent/WO1991003011A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories

Definitions

  • the present invention relates to electronic memories, and in particular to improving security of electronic memories against unauthorised access.
  • Microcomputer operation and control for various apparatus and devices is well-known and widespread. These days, such microcomputers use semiconductor integrated circuits commonly known as chips.
  • Conventional arrangements include a microprocessor chip; basic-function program control from an operating system chip that is most often a dense-storage read-only memory (ROM) serving to define the available computing capability of the microprocessor chip and which may even be incorporated into the microprocessor chip; an application program chip that is most often a programmably read-only memory (PROM) and can be of erasable and re-writable type (EPROM or EEPROM) serving to define the operation and control actually required by the particular microcomputer controlled apparatus or device concerned; and a memory access control chip that is often a dense-storage ROM or random access memory (RAM) serving to take program instructions as required from at least the application program chip but which is sometimes incorporated into the microprocessor chip.
  • ROM read-only memory
  • RAM random access memory
  • RAM random access memory
  • Electronic memories are prone to unauthorised tampering and that is a particular problem for programmable read only memory chips (PROMs), whose contents can be read by inserting the PROM into equipment no more complicated than of PROM programmer type, which is readily available at low cost and requires little skill to operate. It is thus possible for a third party to read the contents of at least such a memory chip. If the memory device is of erasable and rewritable type, it is, of course, possible for the third party to reprogram the memory. Otherwise, contents read out can be written into another programmable memory.
  • this invention can be implemented by modifying the way that addressing of an application program chip takes place at least for one stage, usually a first stage, of each use of or access to the microcomputer system.
  • that can be relative to performing a check using information abstracted from the application program chip, which information is stored in a way that is unusual or different compared with normal storage, say at memory storage locations requiring accessing non-sequentially, i.e. other than sequentially as is conventional.
  • the abstracted information and/or its order of storage/abstraction to be individual to the apparatus or device concerned.
  • the abstracted information itself may. represent an identifier which serves a control purpose, when compared with the same or related information stored normally, whether locally or at other equipment with which cooperative action is required to be controlled.
  • a preferred way to individualise at least order of storage/abstraction is at or before a first or other designated use of the apparatus or device to be controlled, and can conveniently involve writing to application program storage provision of PROM type in accordance with individual data entered either directly or as something for an algorithm to use, which algorithm may be part of the operating system or part of the application program, or some in each, say with at least necessary part of results stored in PROM type provisions.
  • the access control chip may be replaced by a chip altered so that address locations concerned in unusual read out are so read, preferably further incorporating application program storage that would otherwise be stored in a PROM as aforesaid.
  • such combined access control and application- program chip may be incorporated into a single application specific integrated circuit (ASIC) that may further include the microprocessor if of a type normally provided without requirement for a separate memory access chip. At least using an ASIC it is further preferred for that to include logic circuitry responsive to any deviant access, e.g. sequential, to blow a fuse that permanently disables the ASIC.
  • ASIC application specific integrated circuit
  • each telephone is given its own unique identity code which is usually stored in a programmable read-only memory (PROM), often of erasable and rewritable type (EPROM or EEPRO ).
  • PROM programmable read-only memory
  • EPROM or EEPRO erasable and rewritable type
  • the unique identity code can be the subscriber's telephone number or be derived therefrom, or also from additional identity coding, by an algorithm.
  • switching on the telephone causes a signal to be transmitted to the system base station.
  • the signal is related at least to the unique identity code of the telephone.
  • computer control at the base station checks to confirm whether the received signal is correct for the particular subscriber's telephone number concerned. If so, the caller is allowed access onto the system. Otherwise, access to the telephone system is prevented.
  • the signal received by the base station will be identical to that received from another subscriber, typically that for the telephone tampered with, and the base station will consider that the fraudulent user's telephone is, in fact, the tampered (or another) subscriber's telephone and that subscriber will be billed with the fraudulent user's telephone calls.
  • a first aspect of the present invention comprises an electronic memory for storing information in a plurality of address locations, and accessing means for reading the address locations containing the information in a predetermined order different from that usually used by programming equipment, which is normally sequential.
  • the electronic memory concerned advantageously comprises part of an application specific integrated circuit (ASIC).
  • ASIC application specific integrated circuit
  • a method 'of storing information electronically in a plurality of address locations of an electronic memory comprises inserting the information into address locations of the memory in a predetermined order different from that normally used by programming equipment so that latter cannot extract meaningful information.
  • an electronic memory device comprises an electronic memory for storing information, a code generator for generating an electronic verification code which is derived from at least a portion of the stored information, an electronic memory for storing the verification code and verification means for comparing the stored information with the verification code.
  • Such a system may further comprise output means which permit the information to be output upon verification of the stored information, and which prevent the information from being output when verification has not occurred.
  • output means may comprise a fuse which is adapted to be blown upon non-veri.fication.
  • a method of verifying electronically stored information in a memory system comprises comparing the electronically stored information with an electronically stored verification code which is derived from at least part of the electronically-stored information.
  • an electronic memory system comprises an electronic memory for storing information in a plurality of address locations, accessing means for sampling the address locations containing the information in a predetermined order and verification means for verifying the correctness of the information.
  • the verification means may comprise a verification code derived from the stored information and means for comparing the stored information with the verification code.
  • a method of storing and retrieving information electronically comprises storing information electronically in a plurality of address locations, accessing the address locations in a predetermined order and verifying the correctness of the information.
  • the verification may comprise comparison of the stored information with a verification code derived from the stored information.
  • Fig. 1 is a schematic representation of a first embodiment of electronic memory system in accordance with the present invention.
  • Fig. 2 is a schematic representation of a second embodiment of electronic memory system in accordance with the present invention.
  • Fig. 3 is a flow diagram of the operation of the systems of Fig. 1 and Fig. 2 during a first power-up;
  • Fig. 4 is a flow diagram of the operation of the embodiments of Figs. 1 and 2 during subsequent power- ups;
  • Fig. 5 is. a schematic representation of a third embodiment of electronic memory system in accordance with the present invention.
  • Fig. 6 is a schematic representation of application of the invention generally to computer controlled apparatus.
  • the memory system illustrated is that of a cellular telephone, but is not restricted to such, and may indeed be applied in respect of any electronically- stored information.
  • the system is in the form of an application specific integrated circuit (ASIC) 10 which in use is connected to a central processing unit (CPU) 12 which is in turn controlled by the operating system software illustrated generally at 14.
  • ASIC application specific integrated circuit
  • CPU 12 and the operating system are contained within the telephone on manufacture, and the ASIC is inserted as a separate unit, as will be explained.
  • the ASIC 10 comprises application software ROM 16, a PROM section containing an identification code section 18 and a verification code section 20, a verification logic ROM section 22 and two flags F 1 and F2.
  • This particular system is of particular use in, for example, a cellular telephone, where it is necessary to store an identification code which is unique to a particular telephone. • '
  • the identification code is inserted in the PROM shortly after manufacture, and flag F. is then set to prevent subsequent alteration.
  • the identification code is not stored in the address locations sequentially as would normally occur with a conventional programmer, but the software which programs the identification code is adapted to store the code in the address locations of the PROM in a predetermined sequence, and not in the sequence normally used by a conventional programmer.
  • the predetermined sequence and the software are compatible with the operating system software 14 of the system, such that the CPU is adapted to access the address locations of the PROM in the same sequential manner.
  • Fig. 1 the PROM of the ASIC is also used to store a verification code. This is assigned during the first power-up or when the chip is programmed, and the sequence of events is illustrated in Fig. 3, which is appropriate both for the Fig. 1 embodiment and for the Fig. 2 embodiment.
  • Step 24 of the sequence is as described above, in which the ASIC is already programmed with the identification code and F. is set to prevent alteration of this.
  • the CPU 12 is instructed by the operating system software 14 to access the address locations of the stored code in a predetermined sequence at step 26, as defined by the operating system software.
  • the address locations may be accessed in the order 2, 8, 9, 7, 4,... and so on, in a compatible sequence with the identification code programming sequence.
  • the accessing ⁇ sequence may also involve dummy accessing operations, for example the CPU may deliberately access and ignore address locations which do not contain portions of the identification code, or may access and ignore a particular address location on one occasion and read and use a particular address location on another occasion, to make it more difficult for a potential copier to ascertain the correct address location accessing sequence.
  • the code may be in the address location sequence 2, 8, 9, 7, 4 ... and the CPU may access the.address locations in the following order, the address locations which are actually read and used being underlined: 2, 1, 7, 8 , 3, 2, 10, £, 7, 1, 4, 3, 8,
  • the CPU may be arranged to access the relevant address locations only, i.e. 2, 8, 9, 7, 4, ..., without any dummy accessing.
  • the application software ROM is arranged upon initial power-up at step 27 to generate a verification code which is a function of the identification code, i.e. which is derived from the identification code characteristics.
  • the verification code may be a sequence of address locations relating to the identification code, and may conveniently be arranged to be the beginning of the sequence of address location accessing, e.g. 2, 8, 9, 7.
  • This verification code is then stored in the PROM at step 28, and flag F 2 is set to prevent alteration of the verification code.
  • the verification logic ROM 22 thereafter confirms at step 28 that the identification code which has been read by the CPU 12 under control from the operating system software 14 is compatible with the verification code which was generated from that identification code. If this is held to be the case (which it will be on the first power-up) then the identification code is fed at step 29 from the ASIC 10 to the CPU 12 and thereafter to the system of which the CPU 12 forms a part.
  • step 32 power-up is requested, and the CPU is directed at step 33 by the operating system software 14 to access the identification code held in the PROM in the predetermined order as defined in the operating system software 14.
  • the identification code is then extracted from the information read (if dummy addresses are included in the sequence) at step 34 and is then compared with the verification code in the verification logic ROM 22 at step 35. If the identification code and verification code are compatible (i.e. if the identification code has not been altered form that from which the verification code was derived) then at step 36 the verification logic ROM allows the identification code to output to the CPU 12. If the verification logic ROM 22 decides that the identification code and verification code are not compatible, i.e. that the identification code which has been read is not that from which the verification code was derived, then the identification code is not output to the CPU 12 at step 37.
  • the ASIC can be provided with an internal fuse X (illustrated schematically) so that if the identification code and verification code are held to be incompatible, not only is the identification code not output to the CPU, but the verification logic ROM is arranged to blow the fuse within the ASIC to render the ASIC unusable.
  • fuse X illustrated schematically
  • FIG. 2 A variation of the Fig. 1 embodiment is illustrated in Fig. 2, and the same items are indicated with the same reference numerals but with the addition of a dash.
  • the main difference is that the identification code and verification code are held in random access memory (RAM) rather than PROM, and the application software ROM 16' may be arranged to set flag F. once the identification code has been input.
  • RAM random access memory
  • the application software ROM 16' may be arranged to set flag F. once the identification code has been input.
  • the operation of the system is otherwise identical to that described for the first embodiment.
  • the advantage of having the identification code and verification code in RAM rather than RPM is that if the ASIC were removed in an attempt to read the identification code and/or verification code (even though these in themselves would not be sufficient to enable entry to the system to be gained) then the identification code and verification code would immediately be lost since the power supply to the ASIC would necessarily be cut.
  • the invention has been described with reference to protection of the identification code stored electronically in a cellular telephone, but it is not restricted to such an application. Rather the invention relates to all electronic memories where it is necessary to read information form the memory from time to time..
  • Fig. 6 shows one typical apparatus or device central system using a microprocessor chip 62 and associated operating system chip 64 together with and application program PROM or EPROM chip 66 read by way of an access control ROM or RAM chip 68.
  • application program chip 66 and the access control chip 68 are replaced by an ASIC further including protection logic (not shown).
  • an electronic memory system comprising application program storage for use by associated microprocessor means with related operating system, and access control storage for check or identifier information requiring accessing in a coded non-standard way to obtain said check or identifier information correctly, preferably further with means responsive to incorrect accessing of said check or identifier information for denying access to said application program storage, preferably including logic means for disabling the memory system, advantageously all on a single integrated circuit preferably further affording memory access control if not also microprocessor provisions.
  • the fuse may be arranged to wipe the information from the identification code and/or verification code memories.
  • the verification logic ROM can check that the original identification code has not been altered.
  • one or both of the flags F., F 2 to be activated by a further code, so that authorised access to the identification and/or verification codes would be permitted to an authorised user.
  • verification procedure occurs during the power-up sequence, but rather the verification might occur during any desired routine of the system.
  • verification code there may be more than one verification code, each with its own verification logic within the verification logic ROM 22.
  • the identification code memory and the application software ROM are shown as separate. However, the identification code memory may alternatively be implemented in the application software ROM.

Abstract

An electronic semiconductor memory system has normal PROM type application program storage replaced by a chip (10) requiring accessing at least in part in a coded manner different from normal access sequencing in order correctly to extract check or identifier information (18). Further use of the memory system will be denied for other than correct extraction of the check or identifier information (18), and the memory system itself can be disabled by hard logic (22) and a fuse (X) should an order of abstraction be attempted other than said coded manner.

Description

_ i _
ELECTRONIC MEMORIES
The present invention relates to electronic memories, and in particular to improving security of electronic memories against unauthorised access.
Microcomputer operation and control for various apparatus and devices is well-known and widespread. These days, such microcomputers use semiconductor integrated circuits commonly known as chips. Conventional arrangements include a microprocessor chip; basic-function program control from an operating system chip that is most often a dense-storage read-only memory (ROM) serving to define the available computing capability of the microprocessor chip and which may even be incorporated into the microprocessor chip; an application program chip that is most often a programmably read-only memory (PROM) and can be of erasable and re-writable type (EPROM or EEPROM) serving to define the operation and control actually required by the particular microcomputer controlled apparatus or device concerned; and a memory access control chip that is often a dense-storage ROM or random access memory (RAM) serving to take program instructions as required from at least the application program chip but which is sometimes incorporated into the microprocessor chip. Oξten, of course, there. will be a requirement or further requirement for random access memory (RAM) capacity, whether overlapping (even replacing) functions of the above items or for variable input data or microprocessor working space additional to its internal registers and other provisions or for additional working program material. Electronic memories are prone to unauthorised tampering and that is a particular problem for programmable read only memory chips (PROMs), whose contents can be read by inserting the PROM into equipment no more complicated than of PROM programmer type, which is readily available at low cost and requires little skill to operate. It is thus possible for a third party to read the contents of at least such a memory chip. If the memory device is of erasable and rewritable type, it is, of course, possible for the third party to reprogram the memory. Otherwise, contents read out can be written into another programmable memory.
As advantageously applied to microcomputer systems as aforesaid, this invention can be implemented by modifying the way that addressing of an application program chip takes place at least for one stage, usually a first stage, of each use of or access to the microcomputer system. Conveniently, that can be relative to performing a check using information abstracted from the application program chip, which information is stored in a way that is unusual or different compared with normal storage, say at memory storage locations requiring accessing non-sequentially, i.e. other than sequentially as is conventional. Moreover, it is particularly preferred and advantageous for the abstracted information and/or its order of storage/abstraction to be individual to the apparatus or device concerned. The abstracted information itself may. represent an identifier which serves a control purpose, when compared with the same or related information stored normally, whether locally or at other equipment with which cooperative action is required to be controlled.
A preferred way to individualise at least order of storage/abstraction is at or before a first or other designated use of the apparatus or device to be controlled, and can conveniently involve writing to application program storage provision of PROM type in accordance with individual data entered either directly or as something for an algorithm to use, which algorithm may be part of the operating system or part of the application program, or some in each, say with at least necessary part of results stored in PROM type provisions.
It is practical for the access control chip to be replaced by a chip altered so that address locations concerned in unusual read out are so read, preferably further incorporating application program storage that would otherwise be stored in a PROM as aforesaid. Moreover, such combined access control and application- program chip may be incorporated into a single application specific integrated circuit (ASIC) that may further include the microprocessor if of a type normally provided without requirement for a separate memory access chip. At least using an ASIC it is further preferred for that to include logic circuitry responsive to any deviant access, e.g. sequential, to blow a fuse that permanently disables the ASIC.
One particular application in which unauthorised access to electronic memories can cause problems concerns cellular telephone systems. In a conventional cellular telephone system, each telephone is given its own unique identity code which is usually stored in a programmable read-only memory (PROM), often of erasable and rewritable type (EPROM or EEPRO ). The unique identity code can be the subscriber's telephone number or be derived therefrom, or also from additional identity coding, by an algorithm. When it is desired to make a telephone call, switching on the telephone causes a signal to be transmitted to the system base station. The signal is related at least to the unique identity code of the telephone. Upon receipt of the signal, computer control at the base station checks to confirm whether the received signal is correct for the particular subscriber's telephone number concerned. If so, the caller is allowed access onto the system. Otherwise, access to the telephone system is prevented.
However, existing cellular telephones are open to abuse by fraudulent users. One way of fraudulently using a cellular telephone system is to remove the PROM or EPROM from a first telephone, and to read the unique identity code stored therein using programmer type equipment. Thus, only short term access to a cellular telephone can permit extraction of the code from the PROM or EPROM. Since the signal which is sent to base station is related to.the code itself related to subscriber's telephone number, and it is possible for a fraudulent user to determine those relations, such a person can then re-program the EPROM of another telephone such that it will reproduce the signal normally sent by the telephone which has been tampered with. Indeed, once those relations have been deduced, it may be possible for other telephone numbers to be made up and subscribers concerned defrauded even though their telephones have not been tampered with. However, algorithms often make that difficult, say by further including date information.
When the fraudulent user uses his own telephone, the signal received by the base station will be identical to that received from another subscriber, typically that for the telephone tampered with, and the base station will consider that the fraudulent user's telephone is, in fact, the tampered (or another) subscriber's telephone and that subscriber will be billed with the fraudulent user's telephone calls. In order to stop such fraudulent use, it has hitherto been necessary firstly to detect that such use is occurring, for example by analysing an itemised telephone statement, and then to re-program the PROM of the telephone being defrauded with a new code. Although this can stop fraudulent use of the tampered or other particular telephone's account, it will not prevent a fraudulent user from repeating the copying with the same or another telephone, or making up other subscribers numbers.
It is also known for employees of dealers in cellular telephones to illegally pass on full details of the identity code for one or more particular cellular telephones, or at least date and telephone number data. That also can obviate need for reading the program in the PROM or EPROM of a telephone, and permit re-program using another telephone PROM or EPROM in order to obtain free telephone calls by charging those calls to a third party's account. It will be appreciated that there are other applications as indicated above that: use PROMs and EPROMs and where access and copying can result in fraud on or other loss or damage to providers of original equipment. As an example only, so-called arcade computer games are usually specifically configured and controlled by PROM or EPROM memory deviόes and it is commonplace for there to be frequent upgrades or replacements of games by replacement of PROMs or EPROMs. Latest updates and new games can thus be pirated by temporary access to PROMs or EPROMs concerned, reading them out, and programming other devices.
In seeking to provide an electronic memory system whose contents resist being read successfully by conventional programmers, a first aspect of the present invention comprises an electronic memory for storing information in a plurality of address locations, and accessing means for reading the address locations containing the information in a predetermined order different from that usually used by programming equipment, which is normally sequential.
In this way, unless a fraudulent user is able both to read the information contained in the memory and, to ascertain the order in which the address locations are to be read, it will not be possible to discern the information contained in the electronic memory. As indicated above the electronic memory concerned advantageously comprises part of an application specific integrated circuit (ASIC).
In accordance with a second aspect of the present invention, a method 'of storing information electronically in a plurality of address locations of an electronic memory comprises inserting the information into address locations of the memory in a predetermined order different from that normally used by programming equipment so that latter cannot extract meaningful information.
In accordance with a third aspect of the present invention, an electronic memory device comprises an electronic memory for storing information, a code generator for generating an electronic verification code which is derived from at least a portion of the stored information, an electronic memory for storing the verification code and verification means for comparing the stored information with the verification code.
Since the verification code is derived from the stored information, it is possible to ascertain whether the information has been altered. Such a system may further comprise output means which permit the information to be output upon verification of the stored information, and which prevent the information from being output when verification has not occurred. Such output means may comprise a fuse which is adapted to be blown upon non-veri.fication.
In accordance with a fourth aspect of the present invention, a method of verifying electronically stored information in a memory system comprises comparing the electronically stored information with an electronically stored verification code which is derived from at least part of the electronically-stored information. In accordance with a fifth aspect of the present invention, an electronic memory system comprises an electronic memory for storing information in a plurality of address locations, accessing means for sampling the address locations containing the information in a predetermined order and verification means for verifying the correctness of the information.
The verification means may comprise a verification code derived from the stored information and means for comparing the stored information with the verification code.
In accordance with a sixth aspect of the present invention, a method of storing and retrieving information electronically comprises storing information electronically in a plurality of address locations, accessing the address locations in a predetermined order and verifying the correctness of the information.
The verification may comprise comparison of the stored information with a verification code derived from the stored information.
By way of example only, a specific embodiment of the present invention will now be described, with reference to the accompany drawings, in which:-
Fig. 1 is a schematic representation of a first embodiment of electronic memory system in accordance with the present invention.
Fig. 2 is a schematic representation of a second embodiment of electronic memory system in accordance with the present invention;
Fig. 3 is a flow diagram of the operation of the systems of Fig. 1 and Fig. 2 during a first power-up;
Fig. 4 is a flow diagram of the operation of the embodiments of Figs. 1 and 2 during subsequent power- ups;
Fig. 5 is. a schematic representation of a third embodiment of electronic memory system in accordance with the present invention; and
Fig. 6 is a schematic representation of application of the invention generally to computer controlled apparatus.
The memory system illustrated is that of a cellular telephone, but is not restricted to such, and may indeed be applied in respect of any electronically- stored information. The system is in the form of an application specific integrated circuit (ASIC) 10 which in use is connected to a central processing unit (CPU) 12 which is in turn controlled by the operating system software illustrated generally at 14. In the specific example of a cellular telephone, the CPU 12 and the operating system ,are contained within the telephone on manufacture, and the ASIC is inserted as a separate unit, as will be explained. The ASIC 10 comprises application software ROM 16, a PROM section containing an identification code section 18 and a verification code section 20, a verification logic ROM section 22 and two flags F1 and F2.
This particular system is of particular use in, for example, a cellular telephone, where it is necessary to store an identification code which is unique to a particular telephone. •'
The identification code is inserted in the PROM shortly after manufacture, and flag F. is then set to prevent subsequent alteration. The identification code is not stored in the address locations sequentially as would normally occur with a conventional programmer, but the software which programs the identification code is adapted to store the code in the address locations of the PROM in a predetermined sequence, and not in the sequence normally used by a conventional programmer. The predetermined sequence and the software are compatible with the operating system software 14 of the system, such that the CPU is adapted to access the address locations of the PROM in the same sequential manner. In this way, if the ASIC 10 were to be removed and if it were possible for a third party to read the identification code portion 18 of the ASIC, any information obtained would be useless since it would necessary to have details of the address location accessing sequence which is contained in the operating system software.
It will also be noted from Fig. 1 that the PROM of the ASIC is also used to store a verification code. This is assigned during the first power-up or when the chip is programmed, and the sequence of events is illustrated in Fig. 3, which is appropriate both for the Fig. 1 embodiment and for the Fig. 2 embodiment.
Step 24 of the sequence is as described above, in which the ASIC is already programmed with the identification code and F. is set to prevent alteration of this. When the first power-up is requested at step 25, the CPU 12 is instructed by the operating system software 14 to access the address locations of the stored code in a predetermined sequence at step 26, as defined by the operating system software. For example, the address locations may be accessed in the order 2, 8, 9, 7, 4,... and so on, in a compatible sequence with the identification code programming sequence. The accessing sequence may also involve dummy accessing operations, for example the CPU may deliberately access and ignore address locations which do not contain portions of the identification code, or may access and ignore a particular address location on one occasion and read and use a particular address location on another occasion, to make it more difficult for a potential copier to ascertain the correct address location accessing sequence. For example, the code may be in the address location sequence 2, 8, 9, 7, 4 ... and the CPU may access the.address locations in the following order, the address locations which are actually read and used being underlined: 2, 1, 7, 8 , 3, 2, 10, £, 7, 1, 4, 3, 8,
Alternatively, the CPU may be arranged to access the relevant address locations only, i.e. 2, 8, 9, 7, 4, ..., without any dummy accessing.
The application software ROM is arranged upon initial power-up at step 27 to generate a verification code which is a function of the identification code, i.e. which is derived from the identification code characteristics. For example, the verification code may be a sequence of address locations relating to the identification code, and may conveniently be arranged to be the beginning of the sequence of address location accessing, e.g. 2, 8, 9, 7. This verification code is then stored in the PROM at step 28, and flag F2 is set to prevent alteration of the verification code.
The verification logic ROM 22 thereafter confirms at step 28 that the identification code which has been read by the CPU 12 under control from the operating system software 14 is compatible with the verification code which was generated from that identification code. If this is held to be the case (which it will be on the first power-up) then the identification code is fed at step 29 from the ASIC 10 to the CPU 12 and thereafter to the system of which the CPU 12 forms a part.
On subsequent power-ups the situation is as illustrated in Fig. 4. At step 32, power-up is requested, and the CPU is directed at step 33 by the operating system software 14 to access the identification code held in the PROM in the predetermined order as defined in the operating system software 14. The identification code is then extracted from the information read (if dummy addresses are included in the sequence) at step 34 and is then compared with the verification code in the verification logic ROM 22 at step 35. If the identification code and verification code are compatible (i.e. if the identification code has not been altered form that from which the verification code was derived) then at step 36 the verification logic ROM allows the identification code to output to the CPU 12. If the verification logic ROM 22 decides that the identification code and verification code are not compatible, i.e. that the identification code which has been read is not that from which the verification code was derived, then the identification code is not output to the CPU 12 at step 37.
As a preference for the above system, the ASIC can be provided with an internal fuse X (illustrated schematically) so that if the identification code and verification code are held to be incompatible, not only is the identification code not output to the CPU, but the verification logic ROM is arranged to blow the fuse within the ASIC to render the ASIC unusable.
A variation of the Fig. 1 embodiment is illustrated in Fig. 2, and the same items are indicated with the same reference numerals but with the addition of a dash. The main difference is that the identification code and verification code are held in random access memory (RAM) rather than PROM, and the application software ROM 16' may be arranged to set flag F. once the identification code has been input. There may be a facility for the identification code to be input by means of a keyboard, illustrated schematically at 19' , and this will be particularly useful if this embodiment were used in a cellular telephone which has- facilities for keyboard input. The operation of the system is otherwise identical to that described for the first embodiment. The advantage of having the identification code and verification code in RAM rather than RPM is that if the ASIC were removed in an attempt to read the identification code and/or verification code (even though these in themselves would not be sufficient to enable entry to the system to be gained) then the identification code and verification code would immediately be lost since the power supply to the ASIC would necessarily be cut.
As for the first embodiment, there is the possibility of including a fuse within the verification logic ROM so that an unsuccessful attempt to read the information in the RAM would cause the fuse to blow and render the ASIC unusable.
It is also possible to replace the separate ASIC 10 and the CPU 12 with a single ASIC, and this is illustrated in Fig. 5, where the same components, incorporated into a single ASIC (microcontroller), are given the same reference numerals together with. However, it would"be arranged to work in an identical way to the first and second embodiments.
The invention has been described with reference to protection of the identification code stored electronically in a cellular telephone, but it is not restricted to such an application. Rather the invention relates to all electronic memories where it is necessary to read information form the memory from time to time..
Fig. 6 shows one typical apparatus or device central system using a microprocessor chip 62 and associated operating system chip 64 together with and application program PROM or EPROM chip 66 read by way of an access control ROM or RAM chip 68. In application of this invention, at least the application program chip 66 and the access control chip 68 are replaced by an ASIC further including protection logic (not shown).
In general, there is an electronic memory system comprising application program storage for use by associated microprocessor means with related operating system, and access control storage for check or identifier information requiring accessing in a coded non-standard way to obtain said check or identifier information correctly, preferably further with means responsive to incorrect accessing of said check or identifier information for denying access to said application program storage, preferably including logic means for disabling the memory system, advantageously all on a single integrated circuit preferably further affording memory access control if not also microprocessor provisions.
By requiring that the address locations of the memory be accessed in a predetermined order, casual copiers who would normally use programmers are prevented from obtaining useful information, and it is necessary to have access to expensive test equipment in the hands of an experienced user in order to gain access to the system. Indeed, the provision of the fuse as a preferred option would ensure that any potential copier would only have a single opportunity to tamper with the system, since after the fuse had blown the CPU would not be able to obtain the information from the memory. Indeed, the fuse may be arranged to wipe the information from the identification code and/or verification code memories.
By requiring the code which is read to be verified against a verification code which is itself derived from the initially-stored identification code, the verification logic ROM can check that the original identification code has not been altered. Thus, even if it is possible for an illegal user to get round the first problem identified above, there is still the problem of verification to overcome. Again, this would require very expensive test equipment and great experience in order to overcome these barriers.
Moreover, it would be possible for one or both of the flags F., F2 to be activated by a further code, so that authorised access to the identification and/or verification codes would be permitted to an authorised user. This might be useful if it is desired to alter the identification code (which would therefore also require alteration of the verification code). It is envisaged that this might be in the form of a plug-=in unit which is available only to authorised personnel.
Also, it is not necessary that the verification procedure occurs during the power-up sequence, but rather the verification might occur during any desired routine of the system. Also, there may be more than one verification code, each with its own verification logic within the verification logic ROM 22.
Moreover, in the embodiments described, the identification code memory and the application software ROM are shown as separate. However, the identification code memory may alternatively be implemented in the application software ROM.
Another particularly useful application of the present invention would be for so-called "smart cards" such as cashpoint cards and credit cards which have an onboard electronic memory capable of storing and outputting information. Obviously, it is essential that only authorised personnel should have access to the memory on the smart card, and the present invention would be particularly suitable for use in such circumstances.

Claims

1. Electronic memory system comprising application program storage for use by associated microprocessor means with related operating system, and access control storage for check or identifier information requiring accessing in a coded non-standard way to obtain said check o identifier information correctly.
2. Electronic memory system according to claim 1, further comprising means responsive to incorrect accessing of said check or identifier information for denying access to said application program storage.
3. Electronic memory system according to claim 2, wherein said means for denying access includes logic means for disabling the memory system.
4. Electronic memory system according to any preceding claim, comprising a single semiconductor electronic integrated circuit including said application program storage, said access control storage, and accessing means for all of said storage.
5. Electronic memory system according to claim 4, wherein the same said integrated access further includes said means for denying.
6. Electronic memory system according to claim 5 as appendant to claim 3, wherein said logic means is operative for disabling by blowing fuse means of said single integrated circuit.
7. Electronic memory system according to any preceding claim, wherein said coded non-standard way for correct accessing of said check information is individual to the particular memory system concerned.
8. Electronic memory system according to claim 7, comprising means for generating code for said non- standard way for correct accessing of said checking information at prescribed use of the particular memory system concerned and storing control information concerning said code.
9. Electronic memory system according to any preceding claim, and in apparatus for communicating with other apparatus as part of an overall equipment system, wherein said other apparatus includes enabling and disabling means responsive to correctness of said check information from said storage therefor.
10. Electronic memory system according to claim 10, wherein said apparatus is a cellular telephone hand-set.
PCT/GB1990/001320 1989-08-24 1990-08-24 Electronic memories WO1991003011A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB8919301.5 1989-08-24
GB8919301A GB8919301D0 (en) 1989-08-24 1989-08-24 "electronic memory"

Publications (1)

Publication Number Publication Date
WO1991003011A1 true WO1991003011A1 (en) 1991-03-07

Family

ID=10662081

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB1990/001320 WO1991003011A1 (en) 1989-08-24 1990-08-24 Electronic memories

Country Status (3)

Country Link
AU (1) AU6280590A (en)
GB (1) GB8919301D0 (en)
WO (1) WO1991003011A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0669580A2 (en) * 1994-02-28 1995-08-30 Sega Enterprises, Ltd. Data security apparatus
DE19540428A1 (en) * 1994-10-31 1996-05-02 Ricoh Kk Design for information security systems
US6615167B1 (en) * 2000-01-31 2003-09-02 International Business Machines Corporation Processor-independent system-on-chip verification for embedded processor systems
US6751598B1 (en) * 1996-07-03 2004-06-15 Hitachi, Ltd. Digital content distribution system and protection method
WO2007016395A2 (en) * 2005-08-01 2007-02-08 Intel Corporation Computing system feature activation mechanism
EP0898747B1 (en) * 1996-11-15 2008-01-09 Nxp B.V. A protection method against eeprom-directed intrusion into a mobile communication device that has a processor, and a device having such protection mechanism
US8607328B1 (en) 2005-03-04 2013-12-10 David Hodges Methods and systems for automated system support
US8849717B2 (en) 2009-07-09 2014-09-30 Simon Cooper Methods and systems for upgrade and synchronization of securely installed applications on a computing device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4268911A (en) * 1979-06-21 1981-05-19 Fairchild Camera And Instrument Corp. ROM Program security circuits
EP0154252A2 (en) * 1984-02-23 1985-09-11 Fujitsu Limited Programmable read only memory device and memory system employing the same
US4583196A (en) * 1983-10-28 1986-04-15 Honeywell Inc. Secure read only memory
US4584665A (en) * 1982-05-06 1986-04-22 U.S. Philips Corporation Arrangement for protecting against the unauthorized reading of program words stored in a memory
US4716586A (en) * 1983-12-07 1987-12-29 American Microsystems, Inc. State sequence dependent read only memory

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4268911A (en) * 1979-06-21 1981-05-19 Fairchild Camera And Instrument Corp. ROM Program security circuits
US4584665A (en) * 1982-05-06 1986-04-22 U.S. Philips Corporation Arrangement for protecting against the unauthorized reading of program words stored in a memory
US4583196A (en) * 1983-10-28 1986-04-15 Honeywell Inc. Secure read only memory
US4716586A (en) * 1983-12-07 1987-12-29 American Microsystems, Inc. State sequence dependent read only memory
EP0154252A2 (en) * 1984-02-23 1985-09-11 Fujitsu Limited Programmable read only memory device and memory system employing the same

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0669580A3 (en) * 1994-02-28 1996-04-17 Sega Enterprises Kk Data security apparatus.
US5668945A (en) * 1994-02-28 1997-09-16 Sega Enterprises, Ltd. Data security apparatus and method
EP0669580A2 (en) * 1994-02-28 1995-08-30 Sega Enterprises, Ltd. Data security apparatus
DE19540428A1 (en) * 1994-10-31 1996-05-02 Ricoh Kk Design for information security systems
US6751598B1 (en) * 1996-07-03 2004-06-15 Hitachi, Ltd. Digital content distribution system and protection method
EP0898747B1 (en) * 1996-11-15 2008-01-09 Nxp B.V. A protection method against eeprom-directed intrusion into a mobile communication device that has a processor, and a device having such protection mechanism
US6615167B1 (en) * 2000-01-31 2003-09-02 International Business Machines Corporation Processor-independent system-on-chip verification for embedded processor systems
US8607328B1 (en) 2005-03-04 2013-12-10 David Hodges Methods and systems for automated system support
WO2007016395A3 (en) * 2005-08-01 2007-06-07 Intel Corp Computing system feature activation mechanism
WO2007016395A2 (en) * 2005-08-01 2007-02-08 Intel Corporation Computing system feature activation mechanism
GB2442904A (en) * 2005-08-01 2008-04-16 Intel Corp Computing system feature activation mechanism
GB2442904B (en) * 2005-08-01 2011-02-16 Intel Corp Computing system feature activation mechanism
US8769295B2 (en) 2005-08-01 2014-07-01 Intel Corporation Computing system feature activation mechanism
US8849717B2 (en) 2009-07-09 2014-09-30 Simon Cooper Methods and systems for upgrade and synchronization of securely installed applications on a computing device
US8880736B2 (en) 2009-07-09 2014-11-04 Simon Cooper Methods and systems for archiving and restoring securely installed applications on a computing device
US10521214B2 (en) 2009-07-09 2019-12-31 Apple Inc. Methods and systems for upgrade and synchronization of securely installed applications on a computing device

Also Published As

Publication number Publication date
AU6280590A (en) 1991-04-03
GB8919301D0 (en) 1989-10-11

Similar Documents

Publication Publication Date Title
US5442645A (en) Method for checking the integrity of a program or data, and apparatus for implementing this method
US5191608A (en) Method for the management of an application program loaded in a microcircuit medium
RU2159467C2 (en) Method and device for loading application software to smart card
US6957338B1 (en) Individual authentication system performing authentication in multiple steps
CA1211542A (en) Security arrangement for and method of rendering microprocessor-controlled electronic equipment inoperative after occurrence of disabling event
US5206938A (en) Ic card with memory area protection based on address line restriction
US5452431A (en) Microcircuit for a chip card comprising a protected programmable memory
CN100394814C (en) Method and apparatus for use in securing an electronic device such as a cell phone
US5504701A (en) Memory card
EP0984404A2 (en) Storing data objects in a smart card memory
CN1091911C (en) Data transfer system with terminal and portable data carrier and process for reloading the portable data carrier by means of the terminal
US6944478B1 (en) Security module
WO1991003011A1 (en) Electronic memories
US20060020549A1 (en) Security module and personalization method for such a security module
JP3125070B2 (en) IC card
CN107688756A (en) Hard disk control method, equipment and readable storage medium storing program for executing
US5902981A (en) Method and system for securing and restoring data of a portable chip-card if lost or stolen
KR100300794B1 (en) How to enter information on the chip card
US20080275917A1 (en) Itso Fvc2 Application Monitor
US20040172370A1 (en) Verfication of access compliance of subjects with objects in a data processing system with a security policy
US20090249085A1 (en) Security module and personalization method for such a security module
US6000606A (en) Method and system for securing and restoring data of a portable chip-card if lost or stolen
CN100395771C (en) Microcircuit card whereof the performances can be modified after customization
KR20000068374A (en) Security module comprising means generating links between main files and auxiliary files
RU2483359C2 (en) Map with integrated circuit having modified operating program and corresponding modification method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AU CA DK FI GB JP KR NO US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FR GB IT LU NL SE

NENP Non-entry into the national phase in:

Ref country code: CA