JP4363829B2 - Game machine control chip - Google Patents

Description

[0001]
[Technical field to which the invention belongs]
The present invention relates to a gaming machine control chip and a gaming machine control method used in a pachinko gaming machine, a revolving gaming machine, and the like.
[0002]
[Prior art]
In a gaming machine control chip used in a conventional gaming machine, the function of checking the signal itself output from the terminal of the chip and the signal input to the terminal is different from the terminal that performs verification and communication with an external device. There was nothing.
[0003]
[Problems to be solved by the invention]
For this reason, even if a person who intends to cheat intentionally short-circuits the outputs, or when a signal that cannot be assumed is input to the external terminal, the signal cannot be identified.
The present invention has been made in view of the problems of the prior art. That is, an object of the present invention is to provide a gaming machine control chip and a gaming machine control method for constantly monitoring (monitoring) an external terminal and stopping the CPU and notifying abnormal information when there is an abnormality.
[0004]
[Means for Solving the Problems]
In the gaming machine control chip and gaming machine control method according to the present invention, output data or expected value data at an external terminal is compared with input data (feedback data). If there is a mismatch, the CPU is stopped or the information is output from the external terminal to be inspected.
[0005]
The invention described in claim 1 is a bus / signal line control means having a function of self-checking input / output of an external terminal, and a gaming machine control chip that has a security function and is incorporated in a gaming machine. / Signal line control means includes: an I / O buffer for strengthening control signal direction control and driving capability; an expected value setting circuit for setting predetermined data values, signal patterns, and the like; and a signal input from an external terminal A mismatch detection circuit for detecting a mismatch by comparing an output signal such as a predetermined data value or signal pattern set by the expected value setting circuit or a control signal for outputting a signal inside the chip to an external terminal; A switching circuit that selects either the signal output to the external terminal or the output signal of the expected value setting circuit and sends it to the mismatch detection circuit, and the control of the output / switching signal of the switching circuit, A switching control circuit that controls detection condition setting of the coincidence detection circuit, and a mismatch determination circuit that determines whether or not the signals of the external terminals sent from the mismatch detection circuit are mismatched, and the mismatch determination The circuit stops the CPU of the gaming machine control chip if the signals do not match.
The invention described in claim 2 is a bus / signal line control means having a function of self-checking input / output of an external terminal, and a gaming machine control chip having a security function and incorporated in a gaming machine. / Signal line control means includes: an I / O buffer for strengthening control signal direction control and driving capability; an expected value setting circuit for setting predetermined data values, signal patterns, and the like; and a signal input from an external terminal A mismatch detection circuit for detecting a mismatch by comparing an output signal such as a predetermined data value or signal pattern set by the expected value setting circuit or a control signal for outputting a signal inside the chip to an external terminal; A switching circuit that selects either the signal output to the external terminal or the output signal of the expected value setting circuit and sends it to the mismatch detection circuit, and the control of the output / switching signal of the switching circuit, A switching control circuit that controls detection condition setting of the coincidence detection circuit, and a mismatch determination circuit that determines whether or not the signals of the external terminals sent from the mismatch detection circuit are mismatched, and the mismatch determination If the signals do not match, the circuit informs the outside of the information of the external terminal to be inspected as an abnormality detection signal.
[0006]
A third aspect of the present invention is the gaming machine control chip according to the first aspect, wherein each circuit constituting the bus / signal line control means is provided for each external terminal, and the mismatch detection circuit Is characterized in that a mismatch detection signal unique to the external terminal is output.
A fourth aspect of the present invention is the gaming machine control chip according to the first aspect, wherein one non-coincidence determination circuit is provided in common for all the external terminals, and a single determination is made when the determination result becomes abnormal. One abnormality detection signal is output.
A fifth aspect of the present invention is the gaming machine control chip according to the second aspect, wherein each circuit constituting the bus / signal line control means is provided for each external terminal, and the mismatch detection circuit Is characterized in that a mismatch detection signal unique to the external terminal is output.
A sixth aspect of the present invention is the gaming machine control chip according to the second aspect of the present invention, wherein the mismatch determination circuit is provided in common for all the external terminals, and when the determination result becomes abnormal, One abnormality detection signal is output.
[0007]
DETAILED DESCRIPTION OF THE INVENTION
In the following, the present invention will be described in detail according to the illustrated embodiments.
[0008]
<Description of Chip Form> The gaming machine control chip according to the present invention is configured as an integrated circuit mounted on a board inside the gaming machine. There are two types of chip types: development chips and mass production chips. The mass production chip and the development chip will be described with reference to FIG. The development chip is a chip that does not have a security determination function, and other than that, it has the same function as a mass production chip. The mass production chip has a security judgment function for judging whether or not the program stored in the built-in storage means is an appropriate one that has passed the test by a third party organization.
Furthermore, the gaming machine control chip according to the present invention has built-in external input / output means having an authentication method of n (n is a natural number of 2 or more, the same shall apply hereinafter) level. Or, by connecting an external device such as a hall computer (hereinafter abbreviated as “external device”), it is possible to perform a chip authenticity inspection at an authentication level suitable for the application and to read information (ID number, etc.) in the chip. Is possible.
[0009]
<Description of Chip for Mass Production> The mass production chip has a user ROM that cannot be erased and rewritten by the user, and the security check result is inconsistent as shown in FIG. Stops the CPU. Moreover, the program execution outside the set address range (the address range indicating the outside of the designated area) cannot be executed by the function for prohibiting running outside the designated area. Here, the user refers to a gaming machine manufacturer that manufactures and sells the gaming machine control chip according to the present invention incorporated in the gaming machine.
[0010]
<Explanation of Development Chip> The development chip has a user ROM that can be erased and rewritten by the user. As shown in FIG. 1B, the development chip is set to the user mode regardless of the result of the security check. Transition. In addition, in the out-of-designated area prohibition function, the settable address range (the address range indicating the designated area) is not limited, so that the user can freely develop and debug.
[0011]
<Description of Operation Mode> The operation mode is a mode for controlling basic operations such as CPU operation control, memory mapping, access rights to various registers built in the chip, and includes a security mode, a user mode, and a program mode. In addition to these modes, a communication mode for communicating with an external device is provided.
[0012]
<Description of Security Mode> In this mode, the boot storage unit is executed, and environment settings and security checks of each function are performed. During the security mode, the internal bus during CPU operation is not output to the external terminal.
[0013]
<Description of Security Check> This is a function for authenticating a user program. At the time of system reset input, recalculation of whether or not the authentication code calculated based on the user program is correct is performed. If the result is NG, the CPU is stopped. The authentication code is written together with the user program when writing to the user storage means.
[0014]
<Description of User Mode> This is a mode in which a legitimate user program that has passed the security check is executed. If the security check in the security mode is not OK, the mode does not change. During the user mode, the internal bus during CPU operation is output to the external terminal as an external bus. Note that the boot storage means cannot be accessed during the user mode.
[0015]
<Description of Program Mode> In this mode, the CPU does not operate and directly reads / writes data to / from the user ROM. After the system reset, the mode is changed according to a predetermined level (for example, high level) of the PRG terminal. Note that writing to the mass production chip can be performed only once, and the development chip can be erased and rewritten.
[0016]
Each functional block built in the gaming machine control chip will be described with reference to FIGS. C1 shown in FIGS. 2 and 3 is a central processing unit (CPU). (Hereafter abbreviated as CPU)
The CPU controls and commands each functional block (hereinafter also referred to as “device” or “circuit” for convenience).
[0017]
<Description of Timer System> Next, the timer system c2 shown in FIGS. 2 and 3 has n (for example, 4) n-bit (for example, 8 and 16-bit) counters and various control registers, and is independent of each other. It is possible to operate in the selected mode. For example, the timer system can be broadly classified into a mode, a timer mode, a counter mode, and the like, and can generate a real-time interrupt and measure time. These functions can be controlled by setting various control registers in the timer system. In addition, a timer input bus for inputting a gate signal or trigger signal for realizing the above function and a timer output bus for outputting various timer output signals generated by the timer system to the outside are provided.
[0018]
<Explanation of Unauthorized Execution Prohibiting Unit> Next, the unauthorized execution prohibiting unit c3 shown in FIG. 2 and FIG. 3 monitors whether or not the user program created by the gaming machine manufacturer is correctly executed in a predetermined designated area. When the user program is executed in other cases, a reset occurs. For example, when the entire memory space is 64 kbytes, in setting the designated area (address range where user program can be executed), the start address of that range is set as the program code start address (PCS), and the end address is the program code end. When the address (hereinafter referred to as PCE) is 1FFF (hexadecimal), even if an illegal program is stored and executed in the range of 2000 (hexadecimal) to FFFF (hexadecimal), it cannot be executed. That is, the unauthorized execution prohibition means is a function for prohibiting instruction execution outside the designated area. When an instruction is executed (opcode fetch) outside the address range (designated area) designated in advance, IAT (Illegal Address Trap) This is a function for generating a signal. A reset is generated by this IAT signal. Information on the designated area is written in the user ROM together with the user program.
[0019]
<Description of Runaway Monitoring Unit> Next, c4 shown in FIGS. 2 and 3 is a runaway monitoring unit. The configuration of the runaway monitoring means c4 will be described in more detail with reference to FIG. The runaway monitoring unit c4 includes a clock selection unit c4a, an n-bit counter c4b, a runaway monitoring control unit c4c, an operation mode control unit c4d, a control word setting unit c4e, and an output control unit c4f.
The runaway monitoring means c4 is automatically activated when transitioning to the user mode, and generates a timeout signal when the timeout time elapses. By receiving this timeout signal, a user reset is generated, and the user program is re-executed from the reset address (for example, address 0) of the user program.
Further, by various settings of the operation mode control means c4d and control word setting means c4e,
(1) Setting / changing timeout time,
(2) Count clear & restart,
(3) Operation permission / prohibition,
Etc. can be set.
[0020]
<Explanation of Clock Selection Unit> The clock selection unit c4a includes each divided clock CLKO / m including the system clock sent from the clock generation unit c9. ⁰ ... CLKO / m ⁿ Is selected and sent to the n-bit counter c4b.
[0021]
<Description of n-bit Counter> The n-bit counter c4b counts the time-out period using the divided clock sent from the clock selection means c4a as a counter clock.
[0022]
<Description of Runaway Monitoring Control Unit> The runaway monitoring control unit c4c performs control for setting a timeout time, prohibiting operation to the n-bit counter, clearing, restarting, and the like.
[0023]
<Description of Operation Mode Control Unit> The operation mode control unit c4d can select a count clock for setting a timeout time, control operation permission / prohibition, and change the timeout time. Note that once the timeout period is changed, it may not be changed until the next system reset occurs.
[0024]
<Description of Control Word Setting Unit> The control word setting unit c4e sets clearing, restarting, and prohibition of timeout time. For example, when the control word (for example, CC (hexadecimal)) is written in the control word setting unit c4e, the runaway monitoring unit is disabled. This setting may be possible only once after the system reset, for example. The timeout time can be extended by clearing and restarting (counting again) by 55 (hexadecimal) → AA (hexadecimal) → 33 (hexadecimal). It is not necessary to write the control word continuously for 3 bytes.
[0025]
<Description of Operation of Runaway Monitoring Unit> The runaway monitoring unit c4 is automatically activated by transitioning to the user mode. The timeout time is set by the operation mode control means c4d, and the default value is set to the longest timeout time. The setting can be performed only once after the system reset, and the resetting cannot be performed without the system reset. When the time-out is reached, a time-out signal is output from the output control means c4f, and the operation of the runaway monitoring means c4 is continued as it is.
[0026]
<Description of Reset / Interrupt Control Unit> Next, the reset / interrupt control unit c5 shown in FIGS. 2 and 3 will be described with reference to FIGS. The reset / interrupt control means c5 controls various resets, interrupt requests from the outside, and interrupt requests from a built-in peripheral circuit (timer system). FIG. 7 shows an internal block diagram of the reset / interrupt control means c5.
[0027]
<Description of System Reset> The system reset is a reset generated by inputting a low level for a certain period to the XSRST terminal. All internal circuits including the CPU excluding a part of the circuit of the external input / output means c14 are initialized, and transit to the security mode or the program mode according to the input level of the PRG terminal. If there is no abnormality in the security mode, the mode is changed to the user mode and the user program is executed from the reset address (for example, address 0) of the user program. The signal input from the XSRST terminal is a signal from which noise such as chattering has been removed by the noise filter c5a and is input to the CPU via the extension circuit c5c. Similarly, as a reset signal to an external device outside the chip, the signal is output from the XRSTO terminal Is output. FIG. 8 shows an example of a timing chart illustrating a relationship in which a signal input to the XSRST terminal is output from the XRSTO terminal to the outside.
[0028]
<Description of User Reset> Next, user reset will be described. As a cause of the user reset, there can be a user reset request by the XURST terminal as an external factor, a reset request by generation of an IAT signal of the unauthorized execution prohibition means c3, a user reset request by a timeout signal of the runaway monitoring means c4, and the like. When a user reset occurs due to these requests and the user reset is accepted, execution of the user program is started from a reset address (for example, address 0). In the user reset, the reset is executed without changing to the security mode or the program mode but staying in the user mode. Similarly to the system reset, the signal input from the XURST terminal is input to the CPU through the extension circuit c5c after removing noise such as chattering by the noise filter c5a. FIG. 9A shows an example of a user reset timing chart based on a signal input to the XURST terminal. FIG. 9B shows an example of a user reset timing chart due to internal factors.
[0029]
<Description of Non-Maskable Interrupt (NMI)> Next, a non-maskable interrupt will be described. A non-maskable interrupt (NMI) is an interrupt that is unconditionally accepted even when the CPU is in an interrupt disabled state, and is processed with the highest priority for all interrupt requests. The non-maskable interrupt by the XNMI terminal is input to the CPU via the noise filter c5a. FIG. 10 is an example of a timing chart showing a relationship between before and after passing through the noise filter c5a. When the XNMI signal is at a low level for a certain period (here, the rising edge of 4 clocks is detected), the signal that has passed through the noise filter c5a becomes an NMI signal and is input to the CPU.
[0030]
<Description of Maskable Interrupt (INT)> A maskable interrupt (INT) is an interrupt that can allow / inhibit acceptance of an interrupt request by a user program, and multiple interrupts can be executed by the INT priority control circuit c5d.
[0031]
<Description of External Maskable Interrupt> An external maskable interrupt is generated by inputting a low level for a certain period to the XINT terminal, and a maskable interrupt by the XINT terminal is input to the CPU via the noise filter c5a. FIG. 10 is an example of a timing chart showing a relationship between before and after passing through the noise filter c5a. When the XINT signal is at a low level for a certain period (here, the rising edge of 4 clocks is detected), the signal that has passed through the noise filter c5a becomes the INT signal and is input to the CPU.
[0032]
<Description of Internal Maskable Interrupt> An internal maskable interrupt is generated by an interrupt request signal from the timer system.
[0033]
<Description of Decoding Unit> Next, the decoding unit c6 shown in FIG. 2 and FIG. 3 decodes each functional block in the chip by the memory mapped I / O method or the I / O mapped I / O method or for an external device. The chip select signal which is the decoding signal is decoded, and the address range of the chip select signal is set. Taking the chip select signal as an example, the chip select signal by the memory mapped I / O method is mapped to FF00 (hexadecimal) to FF19 (hexadecimal) in FIG. 4, and the I / O mapped I / O is shown in FIG. It shows that the chip select signal by O method is mapped to 00 (hexadecimal) to 19 (hexadecimal). Since there are a plurality of chip select signals, these are collectively referred to as an external device decode output bus in this specification for convenience.
[0034]
<Description of Input / Output Means> Next, the input / output means c7 shown in FIG. 2 and FIG. 3 controls the shared function of the input / output port and the chip select signal which is a decoding signal for an external device.
(1) Input / output control means c7a,
(2) function selection means c7b,
It consists of. Furthermore, the input / output control means c7a
(A) Parallel input / output port,
(B) external device decoding,
And has two functions.
The parallel input / output port includes a plurality of input / output ports having different arbitrary bit widths, and the input / output of each port can be set.
One of the functions is selected by the function selection unit c7b and input / output with the outside is performed. As a result, the external terminal functions as either a parallel input / output port or an external device decoding state.
[0035]
<Description of Clock Generation Unit> Next, the clock generation unit c9 shown in FIG. 2 and FIG. Etc.) and is supplied to the CPU and internal circuits. The generated clock is output to the outside from a clock output terminal (corresponding to the CLKO terminal in FIG. 2). Further, it is supplied to the random number generator c8 as a clock source source (s3) to the auxiliary random number generator r19.
[0036]
<Description of Security Means> Next, the security means c10 shown in FIGS. 2 and 3 is not shown.
(1) Authentication check control means,
(2) Unauthorized execution prohibition control means,
(3) mode control means,
(4) Function control means,
(5) storage means control means,
(6) Communication format control means,
It consists of six means.
[0037]
<Description of Authentication Check Control Unit> The authentication check control unit is a function for authenticating a user program (UP). At the time of system reset input, recalculation of whether the authentication code calculated based on the user program is correct is performed. If the result is NG, the CPU is stopped.
[0038]
<Explanation of Unauthorized Execution Prohibition Control Unit> The unauthorized execution prohibition control unit controls a function for prohibiting instruction execution outside the designated area.
(A) Control of prohibition of instruction execution outside the designated area when the illegal execution prohibition means c3 detects illegality;
(B) Control of program execution prohibition on RAM (both external / internal)
(C) control of program execution monitoring in the designated area;
(D) reset control,
I do.
[0039]
<Description of Mode Control Unit>
(A) Program mode,
(B) security mode;
(C) User mode,
The three modes are controlled.
Moreover, the communication mode which communicates with an external apparatus is controlled as other control.
[0040]
<Description of function control means>
(A) Bus / signal line control,
(B) CPU stop control,
(C) random number fault diagnosis function control,
(D) Read / write of user ROM,
To control the function.
[0041]
<Description of Storage Unit Control Unit>
(A) Disconnect the device,
(B) Memory bank switching,
I do.
[0042]
<Description of Communication Format Control Unit> The communication format control unit controls various communication formats (initial communication, authentication communication, test communication, verification communication) when performing communication with an external device.
[0043]
<Description of Storage Means> Next, the storage means c11 shown in FIGS. 2 and 3 will be described with reference to FIGS. 4 shows a specific example of a memory map of the entire chip, FIG. 5 shows a specific example of an area in the user ROM, (a) shows a specific example of a program management area, and (b) shows an I / O FIG. 5 is a specific example diagram of a built-in register and an decode area of an external output bus by an O mapped I / O method.
[0044]
The storage unit c11 includes an ID storage unit c11a, a boot storage unit c11b, and a user storage unit c11c.
[0045]
<Description of ID Storage Unit> The ID storage unit c11a includes
(A) Date of test date,
(B) Date of manufacture date,
(C) manufacturing location,
(D) manufacturing plant,
(E) production line,
(F) Production lot,
(G) serial number,
(H) User management number,
(I) serial number,
Can be stored as n different ID numbers, and mass production (for example, 10 million) can be managed by providing these ID numbers. In addition to the ID number, secret information is stored, which is information that allows only a chip manufacturer / seller who cannot be known by a third party or a user to specify a chip. Specific examples of confidential information may include detailed information on material management (such as a wafer management number), a code number related to a subcontract factory, and the like.
[0046]
<Description of Boot Storage Unit> The boot storage unit c11b
(A) Boot ROM,
(B) Boot RAM,
(A) In the boot ROM,
(B) Security check program,
(B) Failure diagnosis program,
(C) Environment setting program,
(D) Authentication / verification program,
Etc. are stored. Further, (b) the boot RAM is used as a work area (data area, stack area, etc.) of the boot program.
[0047]
<Description of User Storage Unit> The user storage unit c11c
(A) User ROM,
(B) User RAM
Consists of.
[0048]
<Description of User ROM> The user ROM stores a program (user program) created by the user. The user ROM has a predetermined designated area, and (a) a program code / data area and (b) a program management area are allocated. (A) The program code / data area is an area for storing a user program. (B) The program management area is an area for storing information necessary for the CPU to execute the user program, and values are set on the user side. Selection of the user RAM size (for example, 256/512 bytes) is also performed in this area.
[0049]
<Description of Data to be Set in Program Management Area> As shown in FIG.
(1) “Header (HDR)” for setting a code string indicating the start of the program management area (for example, mapping from 1F80 (hexadecimal) to 1F87 (hexadecimal)),
(2) “Manufacturer code (MCD)” for setting a manufacturer code (for example, mapping from 1F88 (hexadecimal) to 1F8A (hexadecimal)),
(3) “Product code (PCD)” for setting the product code (mapping from 1F8B (hexadecimal) to 1F92 (hexadecimal) as an example),
(4) “Program code end address (PCE)” for setting the final address of the program code area of the user program (for example, mapping from 1F93 (hexadecimal) to 1F94 (hexadecimal)),
(5) “RAM size selection (RSS)” for setting the size of the user RAM (for example, mapping to 1F95 (hexadecimal)),
(6) “Terminal function selection” for setting whether to use a terminal as a chip select for a parallel input / output port or an external device (mapping to 1F96 (hexadecimal) as an example),
(7) “Random number initial value selection” for setting a random number initial value (mapping to 1F97 (hexadecimal) as an example),
(8) “random number initial value data address” (mapped to 1F98 (hexadecimal) to 1F99 (hexadecimal) as an example) for setting the address when the value of the designated user RAM is selected in the random number initial value selection,
(9) “User designated address (area) for user to read” (example 1FA0 (16) for setting user RAM address for external device to read data information stored in area designated by user) Hex) to 1FBF (hexadecimal)).
[0050]
<Description of User RAM> The user RAM is used as a work area (data area, stack area, etc.) of the user program. The RAM size can be changed (for example, switching between 512/256 bytes) according to user settings. The user RAM has a backup function. When using the backup function, V _BB By supplying a separate power supply between the terminal and the GND terminal, the chip power supply (V ⁺ ) Even after disconnection, the data in the RAM can be retained (backed up).
[0051]
<Description of Storage Monitoring Unit> Next, the storage monitoring unit c12 shown in FIGS. 2 and 3 monitors reading and writing of the storage unit c11, and the address range of the predetermined storage unit c11 is set as the monitoring range in the security mode. The
[0052]
<Description of Bus / Signal Line Control Unit> Next, the bus / signal line control unit c13 (FIGS. 2 and 3) will be described in more detail with reference to FIGS.
The bus / signal line control means c13 is a bus interface that enhances the interface function between the external bus and the internal bus of the chip, the address bus, the data bus, and the direction control and drive capability of each control signal. In addition, it has a function of monitoring the state of each terminal to which the signal is input.
[0053]
<Description of Each Terminal> The address bus designates an address for data transmission / reception with a memory or an I / O device. The data bus performs data transmission / reception. XM1 indicates a machine cycle. XMREQ is a request signal to the memory space and indicates a memory access period. XIORQ is a request signal to the I / O space and indicates an access period of the I / O space. XRD indicates a read cycle. XWR indicates a write cycle. XRFSH is a refresh signal to a dynamic memory or the like outside the chip. XHALT is a signal indicating the state in which the CPU is executing the HALT instruction. The halt state is not executed during the halt state, and the halt state is canceled by a reset signal or an interrupt to resume the CPU operation. To do.
[0054]
The bus / signal line control means c13 includes an I / O buffer c13a, an expected value setting circuit c13b, a switching circuit c13c, a switching control circuit c13d, a mismatch detection circuit c13e, and a mismatch determination circuit c13f.
The I / O buffer c13a reinforces the direction control and driving capability of each control signal that inputs a signal input from an external terminal into the chip or outputs a signal inside the chip to an external terminal.
The expected value setting circuit c13b sets a predetermined data value, signal pattern, and the like.
The switching circuit c13c selects either the signal output to the external terminal or the output signal of the expected value setting circuit c13b and sends it to the mismatch detection circuit c13e.
The switching control circuit c13d controls the output / switching signal of the switching circuit c13c and the detection condition setting of the mismatch detection circuit c13e.
The mismatch detection circuit c13e includes a signal input from an external terminal,
(1) Compare the output signal such as a predetermined data value or signal pattern set by the expected value setting circuit c13b, or (2) each control signal for outputting a signal inside the chip to an external terminal. Inconsistency detection is performed.
The mismatch determination circuit c13f determines whether or not the signals of the external terminals sent from the mismatch detection circuit c13e are mismatched. If they do not match, the CPU is stopped or the external terminal to be inspected is checked. Information is notified to the outside as an abnormality detection signal.
FIG. 26 is a block diagram showing a first embodiment for detecting inconsistency for each terminal of the bus / signal line control means c13 of the present invention. In this embodiment, each circuit constituting the bus / signal line control means c13 is provided for each terminal, and as a result (for example, the mismatch detection circuit 1 outputs an external terminal 1 mismatch signal). Each mismatch detection circuit outputs a mismatch signal specific to the external terminal.
FIG. 27 is a block diagram showing a second embodiment in which a plurality of terminals of the bus / signal line control means c13 of the present invention are simultaneously judged to be inconsistent. In this embodiment, one mismatch determination circuit c13f is provided in common for all the terminals, and when the determination result becomes abnormal, a single abnormality detection signal is output to notify the outside.
[0055]
<Description of Random Number Generator> Next, the random number generator c8 shown in FIGS. 2 and 3 will be described with reference to FIGS. FIG. 11 is a block diagram showing a circuit configuration for random number generation. The update cycle setting data holding circuit r1 is a circuit that holds setting data for designating an interval cycle for the user to perform random number updating at an arbitrary interval cycle, and a reference interval for designating a reference interval cycle. The cycle designation circuit r1a and a constant cycle set value storage circuit r1b for performing settings for designating an interval cycle for performing an actual random number update based on the reference interval cycle. The data designated by the circuit r1 is loaded into the update cycle setting circuit r2.
[0056]
The update cycle setting circuit r2 is a circuit for setting an interval cycle for performing random number update at a fixed cycle, and a reference for generating an interval cycle serving as a reference corresponding to the data specified by the reference interval cycle specifying circuit r1a. A reference interval period count for counting the reference interval period based on the number of count data designated by the constant period set value storage circuit r1b based on the interval period generation circuit r2a and the reference interval period clock supplied from the circuit r2a A circuit r2b and a reload timing generation circuit r2c for generating a reload timing for designating update / continuation of the interval period when the number of count data designated by the fixed period set value storage circuit r1b is reached. Therefore, the interval period set by the update period setting circuit r2 is supplied to the random number update trigger selection circuit r6.
[0057]
For example, assuming that the frequency division of the system clock is the reference interval period (assuming I), the clock divided based on the data specified by the reference interval period specifying circuit r1a (for example, data specifying 128 division) is the reference interval period. It becomes. If the settable range of the fixed cycle set value storage circuit r1b is 8 bits, the settable interval cycle for updating the random number at the actual fixed cycle is “128 × system clock × 1 to 128 × system clock × An interval period of “up to 256” can be set. If the set value specified by the fixed cycle set value storage circuit r1b is “5”, the set value is similarly loaded into the reload timing generation circuit r2c, and reaches “128 × system clock × 5” in the circuit. In this case, reload timing for updating / continuing the interval cycle again is supplied to the reference interval cycle count circuit r2b.
[0058]
The software update trigger generation circuit r3 generates a software trigger signal by performing write access to the data (address, data generated by decoding the predetermined data, etc.) combined with a predetermined condition by an instruction from the CPU. To do.
[0059]
The operation start instruction circuit r4 designates stop, restart, continuous operation, etc. of the random number update operation.
[0060]
The random number update trigger selection information holding circuit r5 is an automatic update method that uses an interval period for updating a random number at a constant period generated by the update period setting circuit r2 in updating a random value, or a software update trigger generation circuit. Either of the manual update methods using the trigger signal generated by the software generated at r3 is selected.
[0061]
The random number update trigger selection circuit r6 selects one of the interval cycle clock generated by the update cycle setting circuit r2 or the trigger signal generated by the software generated by the software update trigger generation circuit r3, and the update control circuit to r7.
[0062]
The update control circuit r7 performs control such as stopping, restarting, and continuing the random number update operation.
[0063]
The random number generation circuit r8 includes a plurality of n-th order generation polynomials or n-bit counters for generating different random number sequences according to predetermined settings.
[0064]
The bit scramble setting circuit r9 replaces or transposes the bits of random number data output from the random number generation circuit r8, and includes a bit scramble request circuit r9a, a bit scramble key generation circuit r9b, and a bit scramble circuit r9c. . The bit scramble request circuit r9a is a circuit that designates a request to scramble the random number data output from the random number generation circuit r8 at the timing updated by the update means selected by the random number update trigger selection circuit r6. The bit scramble key generation circuit r9b is used to perform arrangement / transposition of random number data based on the auxiliary random number for generating the bit scramble key generated from the auxiliary random number generation means r19 and the data value from the bit scramble request circuit r9a. This circuit selects a bit scramble table. The bit scramble circuit r9c is a circuit that arranges and transposes bits of random number data based on the bit scramble table selected by the key data designated by the bit scramble key generation circuit r9b. Whether or not to scramble can be selected by the user using the bit scramble request circuit r9a, but the bit scramble key is changed by a random number round end signal S1 output from the random number generation circuit r8. Even if there is the bit scramble request signal S2 output from the bit scramble request circuit 9a, if there is no random number round end signal S1, the bit scramble key is not changed. This makes the probability for each round of random numbers constant.
[0065]
The random number maximum value storage circuit r10 is a circuit for storing the maximum value of the random number period arbitrarily set by the user. For example, if the random number generation range is from 1 to 4095, the user only needs random numbers from 1 to 36. If 36 is set as the maximum value in the circuit r10, random numbers from 1 to 36 can be obtained. It is.
[0066]
The random number maximum value comparison circuit r11 compares the maximum value of the random number cycle arbitrarily set by the user and the random value generated by the random number generation circuit r8 with the output value that the bit scramble circuit r9c has scrambled, and the output value is the maximum. If larger than the value, the random number generation circuit r8 is instructed to generate the next random number. If it is less than the maximum value, it is stored in the random value holding circuit r12.
[0067]
The random value holding circuit r12 holds scrambled random data when the random number is less than or equal to the maximum value of a random number period arbitrarily set by the user. That is, it is a circuit that holds random number data until the maximum period is reached.
[0068]
The random value request circuit r13 makes a request for the user to read random number data, and can also output a request by an external trigger input and information when there is a request as an interrupt signal to the outside. .
[0069]
The random value reading circuit r14 is a circuit for the user to read random number data.
[0070]
The ROM program management area r15 is an area for designating an operating environment setting set by the user for performing operation designation, control, etc. of the random number generator, and is a random number that is the first start value for generating a random number sequence. When it is desired to use the initial value selection constant r15a and the initial value of the random number sequence for generating the data stored at a predetermined RAM address, the RAM address designation for the purpose of sending the data to the random number initial value selection circuit r17 r15b. When the random number initial value is selected as the RAM value by the initialization program, the RAM value at the address indicated by the RAM address designation is stored in the random number initial value selection circuit r17.
[0071]
The software operation r16 indicates an operation for performing a random number update process or a control for loading a predetermined initial value, and is assigned to the random number generator, a fixed value r16a that is a value of the random number generator itself. Operations such as addition / subtraction / multiplication / division based on the ID number r16b which is a unique number for recognizing itself, the RAM value r16c which is the value specified by the RAM address specification r15b, and the data of all addresses in the RAM It consists of a RAM operation value r16d which is a processed value and a RAMr16e which is a data area for program control.
[0072]
The ID number r16b is the same as the chip ID number stored in the ID storage unit c11a described above. The ID of the chip described above identifies the chip itself, and the ID number of the random number generator sets the initial value of the random number for each chip. Therefore, the difference between them is only a difference in specifications, and the actual ID numbers may be different or the same. Accordingly, some of the information data items (a) to (i) indicated by paragraph number 0045 can be used as ID numbers for initial random numbers. The random number initial value selection circuit r17 selects one of a fixed value r16a, an ID number r16b, a RAM value r16c, and a RAM operation value r16d as a random number initial value and loads the initial value to the random number generation circuit r8.
[0073]
The random number initial value storage circuit r18 is a circuit for storing the initial value selected by the random number initial value selection circuit r17 or the random number generated by the auxiliary random number generation means r19 as an initial value. The random number initial value can be updated by the random number initial value storage circuit r18 from the auxiliary random number generation means r19 every time the random number value generated by the random number generation circuit r8 makes a round.
[0074]
The auxiliary random number generation means r19 generates random numbers by means different from the random number generation apparatus.
[0075]
Next, random number generation will be described with reference to FIG. FIG. 13 is a block diagram showing an outline of the auxiliary random number generation means r19.
(1) when there is no external trigger input bus (see Figure 2)
(2) is when there is an external trigger input bus (see Figure 3)
Shows about. As a means of generation
(A) random number generation by CPU command control,
(B) random number generation due to thermal noise,
(C) random number generation by another clock,
(D) Trigger input from outside the chip,
4 cases of random number generation by.
[0076]
(A) Random number generation by instruction control of the CPU uses data obtained by counting information and the like of instructions executed by the CPU (held in the instruction execution count circuit r21) as random numbers.
[0077]
(B) Random number generation by thermal noise uses random noise components such as thermal noise generated from resistors and diodes, and analog noise generated from a thermal noise generation circuit r22 incorporating these thermal noise generators. The component converted into digital data by the A / D conversion circuit r23 is used as a random number.
[0078]
(C) Random number generation using another clock is to generate a random number using a clock different from the clock used in the random number generation device.
[0079]
(D) Random number generation by trigger input from outside the chip is to generate random numbers by trigger input arbitrarily set by the user. The trigger signal input from the trigger input bus is supplied to the external trigger control means r25, and the means r25 performs control such as selection of each input trigger signal and enable / disable.
[0080]
The random numbers generated by the methods (a), (b), (c), and (d) are supplied to the bit scramble key generation circuit r9b or the random number initial value storage circuit r18 as a random number initial value. Become. As a supply method, the above (a), (b), (c), and (d) are appropriately combined.
[0081]
In (c) above, as a clock to be supplied to the counter circuit r24,
When there is no external trigger input bus of (1), a clock source source (s3) having a frequency division ratio different from the clock supplied to each functional block is supplied from the clock generation means c9.
When there is an external trigger input bus of (2), a clock different from the EX terminal is supplied from the OSC terminal. In order to avoid synchronization with a predetermined interval period as a clock to be supplied, for example, a frequency (for example, 11 MHz) different from a frequency (for example, 12 MHz) supplied to the EX terminal is supplied. It goes without saying that it is also good.
[0082]
Next, the bit scramble table will be described with reference to FIG. FIG. 14 is a specific explanatory diagram of the bit scramble setting circuit r9 of the random number generator. The bit scramble table is a bit scramble table indicating a bit replacement pattern (hereinafter referred to as “conversion table” or “conversion pattern” for convenience). The bit arrangement / transposition position is determined based on this conversion table. For example, if the data length is 8 bits and the original arrangement is D0-D1-D2-D3-D4-D5-D6-D7 in order from the least significant bit
(1) D0-D1-D2-D3-D4-D5-D6-D7
(2) D3-D0-D5-D1-D7-D2-D4-D6
The description from (3) to (255) is omitted.
(256) D7-D5-D2-D4-D1-D6-D0-D3
Thus, there are 256 conversion patterns when the original conversion is not performed. FIG. 14A is a schematic image of this situation.
[0083]
However, if the conversion pattern is to be realized by hardware rather than software, the circuit scale increases and the number of gates increases.
[0084]
Therefore, the feature of the bit scramble setting circuit r9 is that by reducing the number of conversion tables, the circuit scale can be reduced and 256 conversion patterns can be secured without causing an increase in the number of gates. FIG. 14B is a schematic image of the principle. The principle will be described below. For convenience, the data length is assumed to be 8 bits.
[0085]
First, 16 kinds of conversion tables are generated by KEY_A (4 bits) of the bit scramble key generation circuit r9b. That is, the first 16 conversion patterns are individually the original patterns. (Temporarily O1-O16)
[0086]
Next, the above 16 original patterns are further individually converted by KEY_B (2 bits). Ie
Since the addition values are from (O1 × 4 ways) to (O16 × 4 ways), a total of 64 conversion patterns are realized. Therefore, the 64 conversion patterns as described above are individually the original patterns. (Temporarily OH1-OH4)
[0087]
Next, similarly to the above, 64 patterns are further individually converted with KEY_C (2 bits). That is, since it is an addition value from (OH1 × 4 ways) to (OH4 × 4 ways), the final summation results in the realization of 256 conversion patterns.
[0088]
Therefore, although 256 conversion tables are originally required, only 24 conversion tables are prepared by the above method, so that 256 conversion patterns are substantially realized, and the circuit scale is reduced.
[0089]
In addition, since the logic circuit of the conversion pattern of the above method can be designed with only a gate circuit without using a shift register, the processing speed for exchanging the next conversion pattern does not require one cycle of the system clock for operating the gaming machine.
[0090]
FIG. 15 is a block diagram showing the internal configuration of the update cycle setting data holding circuit r1 and the update cycle setting circuit r2.
[0091]
Next, the operation of the random number generator will be described in order according to the outline flow shown in FIG. FIG. 16 is a flowchart showing initialization routine processing for setting environment settings for the random number generator to perform a desired operation. When a system reset that initializes the entire gaming machine is input, the initial random number used first
(1) Fixed value of random number generator,
(2) ID number of the random number generator,
(3) RAM value,
(4) RAM operation value,
After the selection of what to use and the setting of the environment for initialization processing such as other internal circuits of the random number generator, the mode is changed to a user mode that can be used by the user, and a user reset is awaited. Note that the above processing is not initialized by a user reset.
[0092]
Next, a description will be given with reference to the outline flow of FIG. FIG. 17 is a flowchart showing an operation setting process for the user to freely read a random number after the random number generator finishes the initialization process shown in FIG. When an initialization of each peripheral device connected by the user and a user reset for returning to the start address of the game control program created by the user are input, a fixed cycle for the interval operation is started. An update trigger condition is set as to whether to use update at regular intervals or manual update (update by software). When manual update is set, random update by software update trigger is performed. Next, when the random number reading timing such as the start sensor input of the gaming machine is determined and the acquisition trigger by software is used, the random number value held in the random number holding circuit is captured and disturbed by accessing the random value request circuit Loaded into the numerical readout circuit. Thereafter, the user performs an application operation such as a lottery process based on the read random number.
[0093]
Next, a description will be given with reference to the outline flow of FIG. FIG. 18 shows an example of a flowchart of random number update and random number read processing of the random number generator. (A) is a random number update process by automatic update (fixed period) and manual update (software), and (b) is an external trigger. 3 is a flowchart showing random number reading processing by an acquisition trigger by software.
[0094]
When the random number is updated, the bit scramble process of the random number value is performed by the bit scramble table indicated by the bit scramble key data. If the random value is updated again. Next, it is determined whether or not the generation of random numbers has been completed, and if it has been completed, it is determined whether or not there is a request for changing the bit scramble, and if there is a request, update processing of the bit scramble key data is performed. Do.
[0095]
The fetching of the random number value means a process of determining whether or not to send the generated random number from the random number holding circuit r12 to the random value reading circuit r14 accessible by the user. When a random number update trigger with a fixed period is used, the random number value is automatically fetched. By selecting whether or not to perform this random number acquisition process, the user can
(1) Whether to use random values automatically generated continuously by the update cycle setting circuit
(2) It is possible to select a game preference for using a random number value updated and read at an arbitrary time.
[0096]
Therefore, in order for the user to actually acquire the random number, the random number value generated by the random number generation device at that time can be acquired by accessing the random value request circuit r13.
[0097]
In addition, the user can freely change the setting of the above operation designation condition for each user reset input
(1) Maximum value setting,
(2) Update trigger condition setting,
Once set, it cannot be changed.
[0098]
Next, FIG. 3 will be described. FIG. 3 is almost the same as the configuration of FIG. 2 showing the embodiment. In FIG. 2, a dedicated signal (s3) is input from the clock generation unit c9 to the random number generator c8. In the configuration of FIG. 3, the random number generator c8 has an input trigger input bus for taking in a trigger signal from the outside of the chip, and an OSC terminal for supplying a different clock in addition to the EX terminal. , Random number request trigger, auxiliary random number request trigger, etc. can be taken in from the outside.
[0099]
Next, FIG. 12 will be described. FIG. 12 is substantially the same as the configuration of FIG. 11, but in the configuration of FIG. 12, an external output control means r20 is further provided, and random number data output from the random value holding circuit r12 is externally input / output by a switch by software operation. It is a block diagram which shows the circuit structure of the random number generation which showed embodiment sent to the means c14. The switch by software operation cannot be accessed or operated by the user. For example, a signal obtained by encrypting a command or a control sequence by a predetermined algorithm is input to the external input / output means c14, and the signal is input by the CPU. It starts when it is recognized. When this switch is activated, the random number data in the random value holding circuit r12 is sent to the external input / output means c14 in real time regardless of the winning state or the gaming state of the chip. That is, all the generated random number data is output, and it is possible to check the uniformity of the appearing random numbers at a third party.
[0100]
Note that the random number value is normally read out in a timely manner when the random number is necessary, so that the random number update content and the random number sequence are not output on the external bus. However, if it is necessary to output all random numbers on the data bus and perform a check, every time the software update trigger is used, the random number value read circuit 14 reads the random number data and the CPU reads all the random number values. It is possible to output to the bus. FIG. 19 shows a flowchart of random number reading processing and random number output processing of the random number generation device irrespective of the winning state.
[0101]
Further, since the random number output from the random number maximum value comparison circuit r11 is not directly connected to the data bus, the random number data does not get on the data bus every time it is updated as in the above or software random number. That is, update control is automatically performed on the bus in the random number generator regardless of the CPU read command or read cycle. Accordingly, the update timing of the random number and the arrangement of the random number sequence (the mathematical formula for generating the random number sequence) cannot be predicted by an unauthorized person.
[0102]
<Description of External Input / Output Unit> Next, the external input / output unit c14 shown in FIGS. 2 and 3 will be described. The external input / output means c14 is for connecting an external device and the chip and inspecting the authenticity of the chip. Enables n-level authentication communication method, and after each level of authentication communication is established, transitions to verification communication method, outputs information inside the chip to the outside, authentication, verification, inspection regardless of the gaming state of the chip Control. Also, the authentication data exchanged during authentication communication and the data during verification communication are all encrypted, and encrypted communication based on random numbers is used for data used in communication, encryption and decryption. The authentication key or the like to be used is different every time communication is performed, making it difficult for an unauthorized person to decipher. There is also a test communication function. The external input / output means c14 monitors the SC terminal and the BRC terminal. When a signal such as a clock is supplied to the BRC terminal, the external input / output means c14 enters a state of waiting for authentication with the external device, and when receiving a predetermined signal from the SC terminal, Authentication control is performed on the received signal.
[0103]
Next, with reference to FIG. 20, FIG. 21, FIG. 22, FIG. 23, FIG. 24 and FIG. 25, the relationship between the contents and method of communication between the gaming machine control chip and the external device will be described.
[0104]
FIG. 20 is a conceptual flowchart relating to the authentication method / collation method. Here, among the external devices, devices called inspection devices and verification devices are used for the SC terminal and the BRC terminal (FIG. 2, FIG. 3 is a device that performs communication by connecting via the external input / output means c14 shown in FIG. Authentication or verification processing by an external device starts from an initialization request for communication start, and requests authentication method / verification method, and then starts each level of authentication or verification communication. When the chip receives an initialization request command for starting communication from an external device, the chip performs initialization (initial communication), requests authentication method / collation method in preparation for authentication communication, and waits for the request. When receiving an authentication method / collation method request from an external device, the chip identifies the authentication method and starts communication in an authentication sequence according to the request. Each time level 1, level 2,..., Level n becomes higher, deeper level authentication or verification is performed. A low level of authentication or verification places restrictions on the content. After each level of authentication or verification communication is started, it is determined whether or not to perform the authentication or verification of that level. If the authentication / collation determination at each level is NG, an initialization request is made to the external device, but if it is OK, a transition is made to the collation communication prepared for each authentication level / collation level.
[0105]
FIG. 21 shows an outline sequence of communication with an external device. Beginning with the TDTY test, the communication with the external device is started through the test of the clock input to the BRC terminal and the detection of the clock input to the BRC terminal. When communication is started between the external device and the chip, first, initial communication is executed. Then, after completing the initial communication, the authentication communication or the test communication is executed. In the authentication communication, the verification communication is executed after the authentication communication at each level is completed.
[0106]
Hereinafter, the contents of the communication outline sequence will be described in detail.
[0107]
<Description of TDTY Inspection> After the system reset is first canceled, a self-terminal loopback inspection using the CPU opcode fetch in the security mode as a trigger is performed at the SC terminal (hereinafter referred to as “TDTY inspection”).
<Inspection of Clock Input to BRC Terminal> Next, when the TDTY inspection is OK, the input condition of the communication clock input from the BRC terminal is monitored and inspected.
[0108]
<Description of Detection of Clock Input to BRC Terminal> Next, the clock input to the BRC terminal is detected, and the clock input is permitted only when the input condition is satisfied. The input clock passes through a protection circuit (not shown) and enters an initial communication standby state.
[0109]
<Description of Initial Communication> Next, when an initial communication request is received from an external device, initialization and clock synchronization are performed. Further, it is determined at which authentication level the authentication is to be performed, and a transition is made to authentication communication after determination. Similarly, when a test communication request is received, a transition is made to test communication for performing a data loopback test.
As contents of initial communication
(1) Communication request
In accordance with the communication request information sent from the external device, the chip determines the content of the communication after the initial.
(2) Authentication communication request: Request of authentication level 1 to n
(3) Test communication request:
(4) Reset request to the external input / output means c14: It is initialized again to the initial communication standby state. When this block reset request is received even during authentication communication or verification communication, the specified functional block of the external input / output means c14 is immediately initialized, and initial communication standby is performed. When the initial communication ends normally, the chip transitions to an authentication communication standby state.
[0110]
<Description of Authentication Communication> The authenticity of the chip is inspected based on the n-level authentication level. After authentication, transition to verification communication. For example, as an example of level authentication
(1) Level 1 authentication (n ₁ )), The authentication with the external device is performed only once at the security level 1.
(2) Level 2 authentication (n ₂ Is determined m times at security level 2 for authenticity determination with an external device. (M ≧ 1, where n ₂ ≧ n ₁ )
(3) Level 3 authentication (n ₃ ) Is performed m times at security level 3 for authenticity determination with an external device. (M ≧ 2, where n ₃ ≧ n ₂ )
(4) Level 4 authentication (n ₄ ) Is performed m times at security level 4 for authenticity determination with an external device. (M ≧ 2, where n ₄ ≧ n ₃ )
(5) Level 5 authentication (n ₅ ) Is performed m times at security level 5 for authenticity determination with an external device. (M ≧ 2, where n ₅ ≧ n ₄ )
(6) Level n authentication (n _n Is determined m times at security level n. (M ≧ 2, where n _n ≧ n ₅ )
It can be like this. Note that the greater the number, the greater the security strength. Also, different authentication codes are used at each security level. Also, the number of implementations is appropriately adjusted according to the purpose and application at each authentication level. When the authentication level is low, it is considered preferable that the number of implementations is small so as not to give a clue for analysis.
[0111]
Since the authentication communication is mutual authentication between the external device and the chip, each owns the determination result for the authenticity of the other party. When the authentication determination is NG, the transition to the verification communication is not performed, but when the authentication determination is OK, the external device notifies the chip side that the authentication is OK. Further, if the authentication determination on the chip side is OK, it is possible to shift to the verification communication as it is.
It should be noted that an arbitrary number of valid data bytes is given depending on the authentication level, and the transmission data is rearranged and sent to the external device side according to the position information of the random value obtained from the random number generator for external communication c14c. .
[0112]
<Description of verification communication> If the authentication determination is OK through the authentication communication, a transition is made to verification communication. Various commands can be received from an external device according to each authentication level, and information in the chip corresponding to the command can be returned.
[0113]
FIG. 22 is a block diagram showing a detailed configuration example of the external input / output means (c14 shown in FIGS. 2 and 3). As described above, when a signal such as a clock is supplied to the BRC terminal, the chip enters an authentication waiting state with an external device. When a predetermined signal is received from the SC terminal, the chip performs authentication control on the received signal. However, the external input / output means c14 plays an important role in that case.
[0114]
The external input / output unit c14 includes a transmission unit c14a, a reception unit c14b, an external communication random number generation unit c14c, a chip internal data encryption unit c14d, a chip internal data decryption unit c14e, a data control unit c14f, and a communication control unit c14g. . The external input / output unit c14 controls information necessary for communication, performs hardware arithmetic processing such as encryption / decryption of chip internal data, communication status management, and analysis / execution of authentication commands.
[0115]
Of these means, the data control means c14f and the communication control means c14g are connected to BUS1 (system bus) connected to the CPU. BUS2 is a unique hardware bus in the external input / output unit c14 that is independent of the system bus, and includes a transmission unit c14a, a reception unit c14b, an external communication random number generation unit c14c, a chip internal data encryption unit c14d, and a chip. Internal data decoding means c14e, data control means c14f, and communication control means c14g are all connected to this BUS2.
[0116]
<Explanation of Transmitting Unit> Looking more closely at the inside of the transmitting unit c14a of the external input / output means c14,
(1) P / S (parallel / serial) conversion means,
(2) Transmission timing control means,
(3) scramble means,
(4) Encryption means for external communication,
(5) Multiplexing means,
(6) Frame control means,
(7) TDTY inspection means,
Consists of. The transmission unit is a block that transmits data to an external device.
[0117]
<Description of P / S Conversion Unit> The P / S conversion unit converts the parallel data signal sent from the data control unit c14f via the BUS2 into a serial data signal.
[0118]
<Description of Transmission Timing Control Unit> The transmission timing control unit receives a transmission start request and determines the timing until the encrypted data in the chip is converted from parallel data to serial data by the P / S conversion unit. Control the timing of control and frame control.
[0119]
<Description of scramble means> The scramble means performs scramble processing on the encrypted data in the chip converted into serial data by the P / S conversion means. Combined with the descrambling means described later, it plays a role of enhancing the confidentiality of encryption communication.
[0120]
<Description of External Communication Encryption Unit> The external communication encryption unit encrypts data in a chip before transmission using a predetermined algorithm.
[0121]
<Description of Multiplexing Unit> The multiplexing unit performs multiplexing processing on individual frame lengths having different head codes.
[0122]
<Description of Frame Control Unit> The frame control unit controls several types of frames having different head codes.
[0123]
<Description of TDTY Inspection Unit> The TDTY inspection sends out a predetermined pattern (for example, “1010”, etc.) from the SC terminal and monitors the folded pattern to inspect by SC terminal destruction. The TDTY check is triggered by an opcode fetch cycle output from the CPU after the external system reset is released (security mode). When the TDTY inspection is normally completed, a predetermined pattern (for example, “1010” or the like) is completed with only one transmission, but when the returned data is NG, n times (for example, a maximum of 5 times). Will be retried. If it is NG even after n inspections, a TDTYO signal is generated and the CPU is reset. After completion of the TDTY inspection, the input of the BRC clock terminal is released, and the communication clock input is permitted from the external device. Even if the inspection result is NG, the input of the communication clock is permitted.
[0124]
The signal serially converted by the aforementioned P / S conversion means is scrambled, then encrypted by the external communication encryption means, multiplexed by the multiplexing means, and output from the SC terminal. At this time, the frame is controlled by the frame control means.
[0125]
<Description of Receiving Unit> Looking at the inside of the receiving unit c14b of the external input / output unit c14 in more detail,
(1) Pulse detection means,
(2) Communication clock generation means,
(3) Clock loss detection means,
(4) Hardware reset means,
(5) Decoding means for external communication,
(6) Reception timing control means,
(7) scramble release means,
(8) S / P conversion means,
(9) Frame detection means,
(10) Communication error detection means,
Consists of. The receiving unit is a block that receives data from an external device.
[0126]
<Description of Pulse Detection Unit> The pulse detection unit detects pulses such as a start bit, a stop bit, and a head code of a signal input from the SC terminal.
[0127]
<Description of Communication Clock Generating Unit> The communication clock divides the clock input from the BRC terminal and generates a clock for communication. After resetting, synchronization with received data is performed by the initial pulse at the start of communication. The phase matching pulse is synchronized with the BRC clock.
[0128]
<Description of Clock Loss Detection Unit> The clock loss detection unit detects whether or not a communication clock supplied from an external device is supplied. Communication with the external device starts operation by supplying a clock from the external device to the BRC terminal. Therefore, unless the external device is connected, the BRC terminal is fixed at a level (for example, “H” level is fixed). It is recognized as disconnection and is disabled. When an external device is connected, a communication clock is supplied from the BRC terminal, and when a certain detection condition is satisfied, the disabled state recognized as the clock disconnection is canceled, and the communication is enabled.
[0129]
<Description of Hardware Reset Unit> The hardware reset unit resets each block of the external input / output unit c14 when performing initialization processing such as recovery from communication error so as not to affect the user mode. To do. Note that the P / S conversion means, the transmission timing control means, the scramble means, the external communication encryption means, the multiplexing means, the frame control means, the TDTY inspection means, the pulse detection means of the reception section of the external input / output means c14, Each block of the communication clock generation means, clock disconnection means, external communication decoding means, reception timing control means, scramble release means, S / P conversion means, frame detection means, communication error detection means, and communication control means is reset, The blocks of the external communication random number generation means, the chip internal data encryption means, the chip internal data decryption means, and the data control means are not reset.
[0130]
<Description of Decryption Unit for External Communication> The external communication decryption unit performs a process of decrypting data encrypted by a predetermined algorithm sent from an external device.
[0131]
<Description of Reception Timing Control Unit> The reception timing control unit receives a request to start reception until the S / P conversion unit converts the decoded data sent from the external device from serial data to parallel data. The timing is controlled based on a signal from the frame detection means.
[0132]
<Description of the scramble release means> The scramble release means performs a scramble release process on the data that has been previously scrambled from the decoded data sent from the external device.
[0133]
<Description of S / P Conversion Unit> The S / P conversion unit converts serial data into parallel data.
[0134]
<Description of Frame Detection Unit> The frame detection unit detects a frame having a different frame length depending on each communication. The communication content (authentication level) is determined by this frame length.
[0135]
<Description of Communication Error Detection Unit> The communication error detection unit detects a communication error for accurate data transfer when performing an authentication check, and prevents the following communication error from leaking internal information due to malfunction. Detection is performed.
[0136]
<Description of Communication Error Content> Specific communication errors include the following four errors.
(1) Clock error: This is an error that occurs when the BRC clock is off. While the error occurs, all external input / output means are disabled.
(2) Communication format error: An error in the communication format.
(3) Command error during verification communication: When a transition is made to verification communication, a command is transmitted from an external device. When a code other than a predetermined command is received, all are processed as a command error. As a process when a command error occurs, it is transmitted to an external device.
(4) Verification communication error during user mode: If verification communication is performed during user mode, resetting to the CPU is prohibited, so in verification communication during user mode, when a command is received from an external device Then, a command notifying that the user mode is being used is transmitted to the external device, notifying that the reset to the CPU is impossible, and notifying that communication by hardware of the external input / output means c14 is performed. However, if the received data has caused a communication error, it is notified that there is an abnormality in communication.
[0137]
A signal input from the external device to the BRC terminal is sent to pulse detection means, communication clock generation means, and clock loss detection means. When the clock interruption is detected by the clock interruption detection means, it is sent to the hardware reset means, and a reset signal is sent to each block of the transmission unit / reception part / communication control means of the external input / output means c14 Is done. Based on the BRC signal, the communication clock generating means generates a clock signal, and based on this, the external communication decoding means decodes the signal from the SC terminal. The decoded signal is descrambled by the descrambling means and sent to the S / P conversion means. The S / P conversion means creates a parallel signal in cooperation with the reception timing control means and the frame detection means, and transmits the parallel signal from the BUS2 to the chip side via the data control means c14f. During these transmissions, the communication error detection means monitors signals from the frame detection and S / P conversion means to detect communication errors.
[0138]
<Description of Random Number Generation Unit for External Communication> The random number generation unit for external communication c14c is a random number generation unit provided for communication with an external device, and functions independently of the random number generation device c8. The random number generation method is the same as that of the random number generator c8.
[0139]
<Description of Chip Internal Data Encryption Means> The chip internal data encryption means c14d performs encryption in advance with a predetermined algorithm before transmitting the data inside the chip to an external device. The external communication encryption means functions independently.
[0140]
<Description of Chip Internal Data Decryption Unit> The chip internal data decryption unit decrypts the data in the chip encrypted in advance by a predetermined algorithm. The external communication decoding means functions independently.
[0141]
<Description of Data Control Unit> The data control unit c14f is the data inside the chip sent via the BUS1.
(1) confidential information data,
(2) ID data,
(3) ROM data,
(4) Device information data,
(5) Access information data,
(6) Random number data which is data inside the chip sent via S4,
(7) Steel information data (steal refers to data capture; the same applies hereinafter), which is internal data sent via S5.
Is controlled to send data to the external device, and to send data such as commands from the external device to BUS1.
Further, it also has a buffer for temporarily storing these data, specifically, a register for storing external device data input via the receiving unit c14b, and random number data received by a signal s4 from the random number generator c8. , A register for storing the steal information data received by the signal s5 from the steal information storage means c15, secret information data, ID data, ROM data, device information data, and access information data obtained from other parts of the chip And so on.
The ROM data refers to data stored in the user ROM or boot ROM, and the device information data includes the chip type of the mass production chip / development chip, the CPU type and model number, and the built-in It indicates the type and model number of each device, and the access information data indicates history data of the situation when each built-in device performs access.
[0142]
<Description of Communication Control Unit> The communication control unit c14g performs various controls for mutual authentication between the chip and the external device. FIG. 23 shows a block diagram of the communication control means c14g. The authentication waiting control means, sequence control means, authentication level control means, authentication judgment means, authentication command control means, and communication status control means. Composed.
[0143]
<Description of Authentication Wait Control Unit> The authentication wait control unit performs the first communication process in response to a communication request from an external device, and controls the standby state of the chip itself until the next process request is received from the external device. It is.
[0144]
<Description of Sequence Control Unit> The sequence control unit controls sequences at different authentication levels.
[0145]
<Description of Authentication Level Control Unit> The authentication level control unit performs command control at different authentication levels.
[0146]
<Description of Authentication Determining Unit> The authentication determining unit determines and authorizes commands with different authentication levels.
[0147]
<Description of Authentication Command Control Unit> The authentication command control unit performs control for reading various data in the chip.
[0148]
<Description of Communication Status Control Unit> The communication status control unit stores and controls data of each communication status generated during communication. Possible statuses include checking the parity bit in the received frame, communication error status such as communication format error that occurs when the received data is different from the parity result, status of self-diagnosis information by boot processing, There is a control status of the authentication command.
[0149]
Secret information data, ID data, ROM data, device information data, access information data, random number data, and steal information data inside the chip controlled by the data control means c14f are communication status control means, authentication command control means, authentication determination means. In accordance with the cooperation of the authentication level control means, the sequence control means, and the authentication waiting control means, the chip internal data is sequentially sent to the external device as necessary and according to the authentication procedures of each authentication level. Become.
[0150]
<Description of Steel Information Storage Unit> Next, the steel information storage unit c15 shown in FIGS. 2 and 3 will be described. The steel information storage means c15 stores the information of the data accessed at that time in real time by the CPU accessing the specified area of the data stored in the area specified by the user in the program management area. Is. Further, when the CPU accesses each built-in device, the situation at that time is similarly stored.
[0151]
Next, FIGS. 24 and 25 will be described. FIG. 24 is a flowchart until the information of the area designated by the user is stored in the steel information storage means. FIG. 25 is a flowchart for sending information data in the chip to the external device, and shows a process in which the chip sends information information in the chip when a request for transmission of the information data in the chip is received from the external device. The flowchart shows the operations on the external device side and the chip side in contrast. In this flowchart, description of various error processes that occur during the communication process is omitted. However, for errors that may occur at various stages, error processes such as returning to an appropriate stage are performed.
[0152]
First, as a premise, a steal data storage process starting from the security mode start process and transitioning to the user mode in the operation of the CPU on the chip side will be described with reference to FIG. As described above in the description of the mass-produced chip in FIG. 1, when the chip is booted, it starts from the security mode. When the predetermined boot process is completed and the security check is OK, the mode is changed to the user mode. As one of a series of boot processes in the security mode, “step to read the address (area) specified by the user in the program management area” and “boot the address (area) specified by the user in the program management area” Step for setting as environment setting value of processing "is executed. Here, the “address (area) specified by the user in the program management management area” is the one written in the area starting from “1FA0h” to “1FBFh” in the program management area shown in FIG. Point to. After reading this address (area), it is set as an environment setting value for boot processing. Then, after transitioning to the user mode, it is determined whether or not the CPU has accessed the address (area). When the CPU accesses the address (area), the data on the data bus at that time is stealed and the stealed data is stored in the steal information storage means c15. These processes are performed in cooperation with the CPU, the storage unit c11, the storage monitoring unit c12, and the steel information storage unit c15.
[0153]
Next, a flowchart on the external device side described on the right side of FIG. 25 will be described. The flowchart on the side of the external device described on the right side of FIG. 25 mainly shows the processing from the request for transmitting the chip internal information data to the reception processing. When an external device transmits a request for chip internal information data, it performs a transmission request process to the chip, and when there is a response from the chip, performs a level authentication procedure and clears it, The transmission request process is executed, the reception process and the process of storing the received data in the storage means of the external device are performed. When the reception is completed, the other processes are executed and the process returns. If there is no response from the chip or if the level authentication is not cleared, the process returns to the start point. In addition, if the reception process of the chip internal information data is not completed, the transmission request process is executed again. If the transmission request is made several times and the reception processing of the chip internal information data is not completed, error processing (not shown) is followed.
[0154]
The flowchart on the chip side described on the left side of FIG. 25 is a flowchart on the chip side regarding communication with an external device. If it is determined that there is a request for verification communication from the external device, communication start processing with the external device is executed. If the level authentication can be cleared, the fact is notified to the external device. And it waits for reception of collation communication. When there is a request to retrieve the chip internal information data, the chip internal information data retrieval process is executed, and the data is transmitted to the external device. Thereafter, the process returns to reception of verification communication.
[0155]
As an example of assigning the authentication level to be provided to each institution
(1) Level 1: User A
(2) Level 2: User B
(3) Level 3: Third-party organization A (subordinate)
(4) Level 4: Third Party B (Medium)
(5) Level 5: Third-party organization C (high rank)
………
(6) Level n: Top engine
It seems like.
[0156]
In addition, as an example of the contents of authentication inspection / collation inspection,
(1) Level 1 (User A):
One type of ID number + user specified area information
(2) Level 2 (User B):
Level 1 + 1 type of ID number + user program
(3) Level 3 (Third Party Institution A):
Level 2 + several types of ID numbers + random number data
(4) Level 4 (Third Party B):
Level 3 + all types of ID numbers + device information data
(5) Level 5 (Third party organization C):
Level 4 + access information data
………
(6) Level n (top-level organization):
All chip internal data
It seems like. It should be noted that the number of times authentication is performed at each level corresponds to that described in paragraph number 0110.
[0157]
The above example is merely an example, and various combinations are conceivable for the assignment of the authentication level provided to each institution and the contents to be specifically inspected / verified.
[0158]
Further, in the authenticity inspection of the chip, the level 1 and the level 2 having a low authentication level are not limited to the inspection device or the verification device, and the hall computer may be provided with a function of an authenticity inspection corresponding to these authentication levels. Needless to say.
[0159]
【The invention's effect】
In the present invention, by incorporating a bus / signal line control means having a function of checking a signal output from the external terminal of the chip itself or a signal input to the external terminal, the outputs are short-circuited maliciously (short-circuited). ), And even if a signal that cannot be assumed to be input to the external terminal is input, it is possible to detect these frauds in advance.
[Brief description of the drawings]
FIG. 1 is an operation mode transition diagram of a chip.
FIG. 2 is a functional block diagram of the entire chip.
FIG. 3 is a functional block diagram of the entire chip when external trigger / clock input and random number data can be output to the outside.
FIG. 4 is a specific example showing a memory map of the entire chip.
FIG. 5 is a specific example showing an area in a user ROM.
FIG. 6 is a block diagram of the runaway monitoring means c4.
FIG. 7 is a block diagram of reset / interrupt control means c5.
FIG. 8 is a timing chart example of system reset.
FIG. 9 is a timing chart example of user reset.
FIG. 10 is a timing chart example of NMI and INT interrupts.
FIG. 11 is a block diagram showing a circuit configuration for random number generation.
FIG. 12 is a functional block diagram of a circuit configuration for random number generation when random number data can be output to the outside.
FIG. 13 is a block diagram showing a specific example of auxiliary random number generation means r19.
FIG. 14 is a conceptual explanatory diagram showing a configuration of a bit scramble table.
FIG. 15 is a block diagram showing an internal configuration of an update cycle setting data holding circuit r1 and an update cycle setting circuit r2.
FIG. 16 is a flowchart showing initialization routine processing for setting environment settings for the random number generation device c8 to perform a desired operation;
17 is a flowchart showing an operation setting process for the user to freely read a random number after the random number generator c8 finishes the initialization process of FIG.
FIG. 18 shows a flowchart of random number update and random number read processing of the random number generation device c8.
FIG. 19 is a flowchart of random number reading processing and random number output processing of the random number generation device c8 regardless of the winning state.
FIG. 20 is a conceptual flowchart related to an authentication method / collation method.
FIG. 21 is a schematic sequence of communication with an external device.
FIG. 22 is a block diagram showing a detailed configuration example of an external input / output unit c14.
FIG. 23 is a block diagram showing details of communication control means c14g in external input / output means c14.
FIG. 24 is a flowchart until information on an area designated by a user is stored in a steel information storage unit;
FIG. 25 is a flowchart for sending information data in a chip to an external device. A flowchart showing a process in which a chip transmits information information inside the chip when an external device requests transmission of information data inside the chip is shown by comparing operations on the external device side and the chip side.
FIG. 26 is a block diagram showing a first embodiment for detecting inconsistency for each terminal of the bus / signal line control means c13 of the present invention.
FIG. 27 is a block diagram showing a second embodiment in which a mismatch determination is simultaneously made for a plurality of terminals of the bus / signal line control means c13 of the present invention.
[Explanation of symbols]
c1 Central processing unit (CPU)
c2 timer system
c3 Unauthorized execution prohibition means
c4 Runaway monitoring means
c4a clock selection means
c4b n-bit counter
c4c Runaway monitoring control means
c4d operation mode control means
c4e Control word setting means
c4f output control means
c5 Reset / interrupt control means
c5a noise filter
c5b OR (logical sum) circuit
c5c extension circuit
c5d INT priority control circuit
c6 decoding means
c7 Input / output means
c7a Input / output control means
c7b Function selection means
c8 random number generator
c9 Clock generation means
c10 Security measures
c11 storage means
c11a ID storage means
c11b boot storage means
c11c User storage means
c12 Memory monitoring means
c13 Bus / signal line control means
c13a I / 0 buffer
c13b Expected value setting circuit
c13c switching circuit
c13d switching control circuit
c13e mismatch detection circuit
c13f mismatch judgment circuit
c14 External input / output means
c14a transmitter
c14b receiver
c14c Random number generating means for external communication
c14d Chip internal data encryption means
c14e Decoding means for chip internal data
c14f data control means
c14g communication control means
c15 Steel information storage means
r1 update cycle setting data holding circuit
r1a reference interval cycle designation circuit
r1b constant cycle set value storage circuit
r2 update cycle setting circuit
r2a reference interval cycle generation circuit
r2b reference interval cycle counting circuit
r2c reload timing generation circuit
r3 software update trigger generation circuit
r4 operation start instruction circuit
r5 random number update trigger selection information holding circuit
r6 random number update trigger selection circuit
r7 update control circuit
r8 random number generator
r9 bit scramble setting circuit
r9a bit scramble request circuit
r9b bit scramble key generation circuit
r9c bit scramble circuit
r10 random number maximum value storage circuit
r11 random number maximum value comparison circuit
r12 random number value holding circuit
r13 random number request circuit
r14 random number reading circuit
r15 ROM program management area
r15a random number initial value selection constant
r15b RAM addressing
r16 software operation
r16a fixed value
r16b ID number
r16c RAM value
r16d RAM operation value
r16e RAM
r17 random number initial value selection circuit
r18 random number initial value storage circuit
r19 Auxiliary random number generator
r20 external output control means
r21 instruction execution count circuit
r22 thermal noise generation circuit
r23 A / D converter circuit
r24 counter circuit
r25 External trigger control means
S1 Random number end signal
S2 Bit scramble request signal
S3 Clock source source with a frequency division ratio different from the clock supplied to each functional block
S4 Random number output data that cannot be accessed by the user
S5 Steel information data
BUS1 system bus
BUS2 Unique hardware bus in external input / output means c14

Claims (6)

A bus / signal line control means having a function of checking the input / output of an external terminal by itself, a security function, and a gaming machine control chip incorporated in a gaming machine,
The bus / signal line control means includes:
An I / O buffer for controlling the direction of the control signal and enhancing the driving capability;
An expected value setting circuit for setting a predetermined data value, signal pattern, etc .;
Compares the signal input from the external terminal with the output signal such as the predetermined data value and signal pattern set by the expected value setting circuit or each control signal that outputs the signal inside the chip to the external terminal, and does not match A mismatch detection circuit for detecting
A switching circuit that selects either the signal output to the external terminal or the output signal of the expected value setting circuit and sends it to the mismatch detection circuit;
A switching control circuit for controlling the output / switching signal of the switching circuit and the detection condition setting of the mismatch detection circuit;
The signal of the external terminal transmitted from the mismatch detection circuit is closed and a mismatch determination circuit for determining whether or not a mismatch, the mismatch determination circuit, if the signal is match, for the game machine control A gaming machine control chip characterized by stopping the CPU of the chip. A bus / signal line control means having a function of checking the input / output of an external terminal by itself, a security function, and a gaming machine control chip incorporated in a gaming machine,
The bus / signal line control means includes:
An I / O buffer for controlling the direction of the control signal and strengthening the driving capability;
An expected value setting circuit for setting predetermined data values, signal patterns, and the like;
Compares the signal input from the external terminal with the output signal such as the predetermined data value and signal pattern set by the expected value setting circuit or each control signal that outputs the signal inside the chip to the external terminal, and does not match A mismatch detection circuit for detecting
A switching circuit that selects either the signal output to the external terminal or the output signal of the expected value setting circuit and sends it to the mismatch detection circuit;
A switching control circuit for controlling the output / switching signal of the switching circuit and the detection condition setting of the mismatch detection circuit;
Have a signal whether Urn line determination mismatch determination circuit not match the external terminal transmitted from the mismatch detection circuit, unless the signal match, the information of the external terminal is its inspected A gaming machine control chip characterized by notifying the outside as an abnormality detection signal . A gaming machine control chip according to claim 1,
Each circuit constituting the bus / signal line control means is provided for each external terminal, and a mismatch detection signal specific to the external terminal is output from the mismatch detection circuit. Chip. A gaming machine control chip according to claim 1,
One mismatch detection circuit is provided in common for all external terminals, and a single abnormality detection signal is output when a determination result becomes abnormal. A gaming machine control chip according to claim 2,
Each circuit constituting the bus / signal line control means is provided for each external terminal, and a mismatch detection signal specific to the external terminal is output from the mismatch detection circuit. Chip. A gaming machine control chip according to claim 2,
One mismatch detection circuit is provided in common for all external terminals, and a single abnormality detection signal is output when a determination result becomes abnormal.

Images