WO1997005618A1 - Module security device - Google Patents

Module security device Download PDF

Info

Publication number
WO1997005618A1
WO1997005618A1 PCT/GB1996/001874 GB9601874W WO9705618A1 WO 1997005618 A1 WO1997005618 A1 WO 1997005618A1 GB 9601874 W GB9601874 W GB 9601874W WO 9705618 A1 WO9705618 A1 WO 9705618A1
Authority
WO
WIPO (PCT)
Prior art keywords
memory
memory module
module
ofthe
module according
Prior art date
Application number
PCT/GB1996/001874
Other languages
French (fr)
Inventor
Alexander Roger Deas
Cameron Mccoll
Original Assignee
Memory Corporation Plc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Memory Corporation Plc filed Critical Memory Corporation Plc
Priority to EP96925917A priority Critical patent/EP0842512A1/en
Priority to JP9507381A priority patent/JPH11510280A/en
Publication of WO1997005618A1 publication Critical patent/WO1997005618A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C11/00Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor
    • G11C11/21Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements
    • G11C11/34Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories

Definitions

  • the present invention relates to memory modules and in particularlto Single In-line Memory Modules (SIMMs) which are used in many common personal computers to extend the dynamic memory ofthe computer. There has been a remarkable increase in the number of incidents of theft of Single
  • SIMMs In-line Memory Modules
  • SIMMs are an attractive commodity to steal for several reasons: they are small and light, which means that there is no difficulty in transporting them; - they are easy to remove from a computer system; they are interchangeable and largely transparent to the user, so there is no great compatibility problem; they are valuable, SIMMs may sell for $75 each; there is a large demand for SIMMs on a world-wide scale; - they are hidden from view in operation so stolen SIMMs are very difficult to trace; modern software requires a large amount of memory to run so they are becoming more desirable;
  • SIMMs are very difficult to secure (physically) from theft; many modern offices have a large number of computers, each containing some SIMMs which means that there are areas with a large concentration of SIMMs.
  • SIMMs Due to the small size and the immediate interchangeability of these devices they are not easy to protect from theft.
  • the SIMMs could be removed from each computer every night and stored in a safe but this is not feasible in a large office because of the trouble involved in removing and reinserting these devices each day.
  • Conventional SIMMs contain a number of memory circuits, frequently DRAM
  • SIMMs are not usually contain any memory management logic or controllers as these would be superfluous. Thus, apart from putting some physical (visible or invisible) mark or tag on each SIMM there would seem to be no way of identifying it.
  • the use of a mark or a tag for security purposes has a number of disadvantages. It would not stop the use of stolen SIMMs since the mark or tag must be seen to enable identification and detection ofthe SIMM as stolen. It would not inform the unwary user ofthe SIMM that the SIMM was in fact stolen. It would be better if there was some method by which any computer could detect that the particular SIMM connected was in fact stolen and then disable operation ofthe SIMM.
  • the present invention provides a memory module containing a plurality of memory circuits, a non-volatile memory which stores a code, control means to intercept access to the module on power-up ofthe computer, such that the correct code needs to be entered to enable the initialisation ofthe memory module.
  • the present invention is most suited to memory modules which utilise partial memory circuits because they already have a controller on the module to redirect accesses to faulty locations. If this controller was by-passed then the module would not work. If the invention was used on a standard memory module then the additional controlling means could be by-passed because the additional controlling means are not needed for normal operation of the module. Thus the security measure could easily be avoided on normal memory modules.
  • the present invention provides a memory module containing a plurality of memory circuits, a non-volatile memory which stores a predetermined code, counting means to count up (down) to (from) a predetermined value on power-up ofthe module, and control means to disable the module if the predetermined code is not received by the module before the predetermined count is reached.
  • Figure 1 shows both sides of a memory module (in this example a SIMM).
  • Figure 1 A shows the front side ofthe module 1 populated with DRAM circuits 2 and Figure IB shows the rear of the module which contains a control circuit 3 and a non-volatile memory 4.
  • control circuit and non-volatile memory could be on the opposite side of a SIMM to the memory circuits, the control circuit and non- volatile memory could be on the same side of the module as the memory circuits or the system could be arranged in any other convenient way.
  • Using a code to disable operation of a SIMM is not trivial. This is because there is a problem in interrupting the host computer which holds the SIMM during its initialisation cycle. The host computer must be allowed to perform the initialisation function on power-up. However, once the memory is initialised it would not be easy to disable it.
  • the present invention overcomes this problem by using a counter which increments (or decrements) on power-up ofthe module. If the module has not received a certain code or sequence of codes before the counter reaches its predetermined value then the control mechanism on the module disables the module, for example by disabling the data buffer, thus causing an error in the computer.
  • the counter used may count clock cycles, the number of refresh cycles, the number of read or write cycles or some other operation, for example the number of times that the Column Address Strobe (CAS) goes active (or inactive).
  • CAS Column Address Strobe
  • the code or sequence of codes is stored in the non- volatile memory on the module.
  • the code or sequence of codes will be entered by the BIOS (Basic Input/Output System) or from software, for example from the initialisation files of the computer.
  • BIOS Basic Input/Output System
  • the code or sequence of codes may even have to be entered manually by the user.
  • the code or sequence of codes would be entered in a similar way to a password.
  • the code may even be linked to the keystroke speed, e.g. the "time wa ⁇ ed" interval between characters of the user' s password.
  • non-volatile memory and the control mechanism will be in the same device (an Application Specific Integrated Circuit).
  • the output ofthe memory circuits could be disabled by disabling the output enable of these memory circuits or ofthe memory device.
  • the advantage ofthe present invention is that the control mechanism waits for the memory module to be initialised before it requires a security code to enable or disable the module.
  • the code would preferably be entered manually each time the computer was booted- up, although it could be entered using one ofthe initialisation files (e.g. the autoexec.bat file in a personal computer), but this has the disadvantage that the files can be duplicated and examined to retrieve the code.
  • An alternative, to avoid this problem is to add the code to a FLASH boot EPROM or encode the file using a password. For example, on installation ofthe Memory Module a setup or installation program prompts the user for a password, which the installation software encodes along with the key needed to enable the memory security device.
  • a program is then added to the config.sys, autoexec.bat or other initialising batch program to prompt the user for the password, which is then used to decrypt the key file and write this to the controller on the memory module. Failure to provide the correct password would result in the counter timing out and the memory ofthe computer becoming inoperable.

Abstract

A memory module containing a plurality of memory circuits, a non-volatile memory which stores a predetermined code, counting means to count up (down) to (from) a predetermined value on power-up of the module, control means to disable the module if the predetermined code is not received by the module before the predetermined count is reached.

Description

Module Security Device
The present invention relates to memory modules and in particularlto Single In-line Memory Modules (SIMMs) which are used in many common personal computers to extend the dynamic memory ofthe computer. There has been a remarkable increase in the number of incidents of theft of Single
In-line Memory Modules (SIMMs) from computers. SIMMs are an attractive commodity to steal for several reasons: they are small and light, which means that there is no difficulty in transporting them; - they are easy to remove from a computer system; they are interchangeable and largely transparent to the user, so there is no great compatibility problem; they are valuable, SIMMs may sell for $75 each; there is a large demand for SIMMs on a world-wide scale; - they are hidden from view in operation so stolen SIMMs are very difficult to trace; modern software requires a large amount of memory to run so they are becoming more desirable;
SIMMs are very difficult to secure (physically) from theft; many modern offices have a large number of computers, each containing some SIMMs which means that there are areas with a large concentration of SIMMs.
Due to the small size and the immediate interchangeability of these devices they are not easy to protect from theft. The SIMMs could be removed from each computer every night and stored in a safe but this is not feasible in a large office because of the trouble involved in removing and reinserting these devices each day. Conventional SIMMs contain a number of memory circuits, frequently DRAM
(Dynamic Random Access Memory) circuits, on a small printed circuit board (pcb). On power-up of a computer, the processor within that computer tests whether any SIMMs are present in the appropriate connector slot ofthe computer. SIMMs do not usually contain any memory management logic or controllers as these would be superfluous. Thus, apart from putting some physical (visible or invisible) mark or tag on each SIMM there would seem to be no way of identifying it. The use of a mark or a tag for security purposes has a number of disadvantages. It would not stop the use of stolen SIMMs since the mark or tag must be seen to enable identification and detection ofthe SIMM as stolen. It would not inform the unwary user ofthe SIMM that the SIMM was in fact stolen. It would be better if there was some method by which any computer could detect that the particular SIMM connected was in fact stolen and then disable operation ofthe SIMM.
The present invention provides a memory module containing a plurality of memory circuits, a non-volatile memory which stores a code, control means to intercept access to the module on power-up ofthe computer, such that the correct code needs to be entered to enable the initialisation ofthe memory module. The present invention is most suited to memory modules which utilise partial memory circuits because they already have a controller on the module to redirect accesses to faulty locations. If this controller was by-passed then the module would not work. If the invention was used on a standard memory module then the additional controlling means could be by-passed because the additional controlling means are not needed for normal operation of the module. Thus the security measure could easily be avoided on normal memory modules.
The present invention provides a memory module containing a plurality of memory circuits, a non-volatile memory which stores a predetermined code, counting means to count up (down) to (from) a predetermined value on power-up ofthe module, and control means to disable the module if the predetermined code is not received by the module before the predetermined count is reached.
For a better understanding of the present invention. and to show how it may be carried into effect reference will now be made, by way of example, to the accompanying drawings in which: Figure 1 shows both sides of a memory module (in this example a SIMM).
Referring to the drawing, Figure 1 A shows the front side ofthe module 1 populated with DRAM circuits 2 and Figure IB shows the rear of the module which contains a control circuit 3 and a non-volatile memory 4.
It is not necessary to have the control circuit and non-volatile memory on the opposite side of a SIMM to the memory circuits, the control circuit and non- volatile memory could be on the same side of the module as the memory circuits or the system could be arranged in any other convenient way.
Using a code to disable operation of a SIMM is not trivial. This is because there is a problem in interrupting the host computer which holds the SIMM during its initialisation cycle. The host computer must be allowed to perform the initialisation function on power-up. However, once the memory is initialised it would not be easy to disable it. The present invention overcomes this problem by using a counter which increments (or decrements) on power-up ofthe module. If the module has not received a certain code or sequence of codes before the counter reaches its predetermined value then the control mechanism on the module disables the module, for example by disabling the data buffer, thus causing an error in the computer.
The counter used may count clock cycles, the number of refresh cycles, the number of read or write cycles or some other operation, for example the number of times that the Column Address Strobe (CAS) goes active (or inactive).
The code or sequence of codes is stored in the non- volatile memory on the module. At the user end ofthe computer the code or sequence of codes will be entered by the BIOS (Basic Input/Output System) or from software, for example from the initialisation files of the computer. The code or sequence of codes may even have to be entered manually by the user. The code or sequence of codes would be entered in a similar way to a password. The code may even be linked to the keystroke speed, e.g. the "time waφed" interval between characters of the user' s password.
In some embodiments the non-volatile memory and the control mechanism will be in the same device (an Application Specific Integrated Circuit).
The output ofthe memory circuits could be disabled by disabling the output enable of these memory circuits or ofthe memory device. The advantage ofthe present invention is that the control mechanism waits for the memory module to be initialised before it requires a security code to enable or disable the module.
The code would preferably be entered manually each time the computer was booted- up, although it could be entered using one ofthe initialisation files (e.g. the autoexec.bat file in a personal computer), but this has the disadvantage that the files can be duplicated and examined to retrieve the code. An alternative, to avoid this problem is to add the code to a FLASH boot EPROM or encode the file using a password. For example, on installation ofthe Memory Module a setup or installation program prompts the user for a password, which the installation software encodes along with the key needed to enable the memory security device. A program is then added to the config.sys, autoexec.bat or other initialising batch program to prompt the user for the password, which is then used to decrypt the key file and write this to the controller on the memory module. Failure to provide the correct password would result in the counter timing out and the memory ofthe computer becoming inoperable.
It will be appreciated that various modifications may be made to the above described embodiment within the scope ofthe present invention.

Claims

Claims
1. A memory module containing a plurality of memory circuits and a non- volatile memory to store a predetermined code characterised in that it includes counting means to count to a predetermined value on power-up ofthe module and control means to disable the module if the predetermined code is not received by the module before the predetermined count is reached.
2. A memory module according to claim 1 characterised in that the counter means counts the number of read or write cycles.
3. A memory module according to claim 1 characterised in that the counter means counts the number of clock cycles.
4. A memory module according to any preceding claim characterised in that the predetermined code is a sequence of codes.
5. A memory module according to any preceding claim characterised in that the predetermined code is entered manually.
6. A memory module according to any preceding claim characterised in that the control means disables the module by setting the output disable inactive.
7. A memory module according to any preceding claim characterised in that the memory module is a Single In-line Memory Module.
8. A computer system including a memory module according to any one ofthe preceding claims.
PCT/GB1996/001874 1995-08-02 1996-07-31 Module security device WO1997005618A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP96925917A EP0842512A1 (en) 1995-08-02 1996-07-31 Module security device
JP9507381A JPH11510280A (en) 1995-08-02 1996-07-31 Module safety protection device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB9515879.6 1995-08-02
GB9515879A GB2290894A (en) 1995-08-02 1995-08-02 Memory module security

Publications (1)

Publication Number Publication Date
WO1997005618A1 true WO1997005618A1 (en) 1997-02-13

Family

ID=10778671

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB1996/001874 WO1997005618A1 (en) 1995-08-02 1996-07-31 Module security device

Country Status (7)

Country Link
EP (1) EP0842512A1 (en)
JP (1) JPH11510280A (en)
KR (1) KR19990036065A (en)
CN (1) CN1192286A (en)
GB (1) GB2290894A (en)
TW (1) TW293106B (en)
WO (1) WO1997005618A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
USRE42814E1 (en) 1998-10-30 2011-10-04 Acqis Technology, Inc. Password protected modular computer method and device
USRE42984E1 (en) 1999-05-14 2011-11-29 Acqis Technology, Inc. Data security method and device for computer modules
US9529768B2 (en) 1999-05-14 2016-12-27 Acqis Llc Computer system including CPU or peripheral bridge directly connected to a low voltage differential signal channel that communicates serial bits of a peripheral component interconnect bus transaction in opposite directions
USRE48365E1 (en) 2006-12-19 2020-12-22 Mobile Motherboard Inc. Mobile motherboard

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5996096A (en) * 1996-11-15 1999-11-30 International Business Machines Corporation Dynamic redundancy for random access memory assemblies
TWI440424B (en) 2008-10-17 2014-06-01 Sunonwealth Electr Mach Ind Co Thin dissipating fan
EP2295815A1 (en) 2009-08-13 2011-03-16 Sunonwealth Electric Machine Industry Co., Ltd. Miniature fan

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5056140A (en) * 1990-02-22 1991-10-08 Blanton Kimbell Communication security accessing system and process
JPH04173444A (en) * 1990-11-06 1992-06-22 Fujitsu Ten Ltd Security device for on-vehicle tuner
JPH05204766A (en) * 1992-01-24 1993-08-13 Fujitsu Ltd Identity confirming device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5056140A (en) * 1990-02-22 1991-10-08 Blanton Kimbell Communication security accessing system and process
JPH04173444A (en) * 1990-11-06 1992-06-22 Fujitsu Ten Ltd Security device for on-vehicle tuner
JPH05204766A (en) * 1992-01-24 1993-08-13 Fujitsu Ltd Identity confirming device

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
DEFRANCESCO ET AL: "intelligent non-volatile memory for smart cards", IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, vol. 32, no. 3, July 1986 (1986-07-01), NEW YORK US, pages 604 - 607, XP002015632 *
PATENT ABSTRACTS OF JAPAN vol. 16, no. 477 (M - 1320) 5 October 1992 (1992-10-05) *
PATENT ABSTRACTS OF JAPAN vol. 17, no. 634 (P - 1649) 24 November 1993 (1993-11-24) *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
USRE42814E1 (en) 1998-10-30 2011-10-04 Acqis Technology, Inc. Password protected modular computer method and device
USRE43119E1 (en) 1998-10-30 2012-01-17 Acqis Llc Password protected modular computer method and device
USRE42984E1 (en) 1999-05-14 2011-11-29 Acqis Technology, Inc. Data security method and device for computer modules
USRE43171E1 (en) 1999-05-14 2012-02-07 Acqis Llc Data security method and device for computer modules
US9529768B2 (en) 1999-05-14 2016-12-27 Acqis Llc Computer system including CPU or peripheral bridge directly connected to a low voltage differential signal channel that communicates serial bits of a peripheral component interconnect bus transaction in opposite directions
US9529769B2 (en) 1999-05-14 2016-12-27 Acqis Llc Computer system including CPU or peripheral bridge directly connected to a low voltage differential signal channel that communicates serial bits of a peripheral component interconnect bus transaction in opposite directions
US9703750B2 (en) 1999-05-14 2017-07-11 Acqis Llc Computer system including CPU or peripheral bridge directly connected to a low voltage differential signal channel that communicates serial bits of a peripheral component interconnect bus transaction in opposite directions
USRE46947E1 (en) 1999-05-14 2018-07-10 Acqis Llc Data security method and device for computer modules
USRE48365E1 (en) 2006-12-19 2020-12-22 Mobile Motherboard Inc. Mobile motherboard

Also Published As

Publication number Publication date
KR19990036065A (en) 1999-05-25
JPH11510280A (en) 1999-09-07
EP0842512A1 (en) 1998-05-20
CN1192286A (en) 1998-09-02
TW293106B (en) 1996-12-11
GB9515879D0 (en) 1995-10-04
GB2290894A (en) 1996-01-10

Similar Documents

Publication Publication Date Title
CN100492318C (en) Method and apparatus for configuring and initializing memory device and memory channel
JP3529800B2 (en) Data protection microprocessor circuit for portable data carrier
US5396609A (en) Method of protecting programs and data in a computer against unauthorized access and modification by monitoring address regions
US7028215B2 (en) Hot mirroring in a computer system with redundant memory subsystems
US5809555A (en) Method of determining sizes of 1:1 and 2:1 memory interleaving in a computer system, configuring to the maximum size, and informing the user if memory is incorrectly installed
US5305460A (en) Data processor
US6453417B1 (en) Microcontroller with secure signature extraction
US5283792A (en) Power up/power down controller and power fail detector for processor
US4332009A (en) Memory protection system
JP3634393B2 (en) Apparatus for determining the configuration of a computer memory
GB2313217A (en) Logging memory fault data in permanent memory
US6775734B2 (en) Memory access using system management interrupt and associated computer system
US5764996A (en) Method and apparatus for optimizing PCI interrupt binding and associated latency in extended/bridged PCI busses
US6536034B1 (en) Method for modifying code sequences and related device
EP0109504A2 (en) Protection system for storage and input/output facilities and the like
EP0842512A1 (en) Module security device
CN1348562A (en) Protection of the core part of a computer against external manipulation
US6829184B2 (en) Apparatus and method for encoding auto-precharge
US5057999A (en) Microprocessor having a protection circuit to insure proper instruction fetching
KR20200037717A (en) Method to issue write protect commands on dynamic random-access memory(dram) cells in a system run-time environment
WO1998058305A1 (en) Security device
JPH04336347A (en) Memory device
GB2308475A (en) Delaying reading of memory comprising chips having dissimilar access times to ensure validity of data read
RU1817096C (en) Device for controlling microprocessor
SU1599862A1 (en) Device for monitoring microprocessor

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 96195969.X

Country of ref document: CN

AK Designated states

Kind code of ref document: A1

Designated state(s): CN JP KR SG US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 1996925917

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 1997 507381

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 1019980700730

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 1996925917

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1019980700730

Country of ref document: KR

WWW Wipo information: withdrawn in national office

Ref document number: 1996925917

Country of ref document: EP

WWR Wipo information: refused in national office

Ref document number: 1019980700730

Country of ref document: KR