JPH0778126A - Microcomputer for ic card - Google Patents

Abstract

PURPOSE:To obtain a microcomputer for an IC card capable of securing the secrecy of a program. CONSTITUTION:An one-chip MPU including a RAM, a mask ROM and an EEPROM has a read limiting circuit 46 also. Since the reading of a program in a specific area of the mask ROM is inhibited by the circuit 46, the secrecy of program constitution is secured and data recorded in the mask ROM are prevented from being decoded. The circuit 46 has a read limitation flag generating circuit 15 for selectively setting up the execution of inhibition, a judging circuit 1 for judging the existence of a program stored in the EEPROM, a judging circuit 2 for judging the existence of a read instruction and a judging circuit 3 for judging the existence of an access to a user reference enabled area in the mask ROM, and when all conditions are satisfied, a read limiting signal is outputted from an AND circuit 18.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a microcomputer for an IC card, and in particular, in order to maintain the confidentiality of data stored in the IC card, it is stored in a specific area in the microcomputer. I with a read-restriction function that prohibits reading of program data
The present invention relates to a microcomputer for a C card.

[0002]

2. Description of the Related Art Conventionally, an ID as a private card
Cards are commonly used. For example, a bank card, a credit card, etc. A magnetic recording type magnetic card is often used in these cards. This magnetic card has many advantages such as easy recording / rewriting and low cost. On the other hand, however, it has been pointed out that the storage capacity is small and that the data can be easily read and rewritten, which is a drawback in maintaining confidentiality and security.

An IC as a card capable of overcoming the above-mentioned drawbacks
The card is known. IC cards have a large amount of information,
It has many advantages such as various measures that can be taken to improve the confidentiality and security. However, on the other hand, there is a problem that the price becomes higher than that of the magnetic card. In particular,
This defect is further amplified when the number of manufactured lots is small. As a measure to eliminate such drawbacks, a basic program is built into a one-chip microcomputer, and a part of the electrically rewritable storage element (EEPROM) is opened to the card issuer, thereby increasing the freedom of program development. In addition, the IC card maker needs to develop only the basic program, and the card manager who is the card issuer (user) can freely build his own data and program in the EEPROM. Therefore, while maintaining the above characteristics of the IC card, the flexibility is improved, the range of application is expanded, and the production amount of the IC card for each lot can be increased. Therefore, a cost reduction effect is produced.

On the other hand, however, new problems occur such that data can be easily rewritten. As a countermeasure against this, for example, Japanese Patent Laid-Open No. 3-14052 discloses a portable medium in which access to the EEPROM area is prohibited.

[0005]

[Problems to be Solved by the Invention]
The measure to prohibit access to the EEPROM area is a confidentiality measure in the end market of the IC card, and it can be said that the confidentiality measure in the intermediate market of IC card managers is incomplete. In other words, if an IC card issuer's programmable unique use area is provided by using an EEPROM or the like, in general, in order to use the IC card efficiently, the internal specifications of the microcomputer constituting the IC card are specified in the IC card. It will be necessary to disclose it to the issuer. Even if the internal structure is not partially revealed, it is not so difficult for those skilled in the art to write the program for reading the program data of the mask ROM into the EEPROM of the user use area and decode the contents of the program. This leads to the elucidation of the structure of the "key" constructed to maintain the confidentiality of the data. If the IC card can be partially used freely and the convenience of the IC card is enhanced, the IC card is issued to the IC card manager even if measures are taken to keep the IC card confidential. It is possible that a person's confidentiality measures will be substantially decipherable. This is for limited people
Although it is the disclosure of the contents of the "black box", it is necessary to disclose the contents to more people in order to increase the versatility of the IC card and to expand the range of applications, which causes a contradiction with ensuring confidentiality.

The present invention ensures the confidentiality of data in an IC card including a program unique to an IC card manufacturer and is used for an IC card, and stores a part of the program stored in a mask ROM in the IC card. Releasing to the user,
User-specific programming in EEPROM I
The purpose is to provide a C card.

[0007]

In order to achieve the above object, a microcomputer for an IC card according to the present invention has at least a rewritable ROM and a non-rewritable ROM.
A microcomputer for an IC card having: a region specifying means for specifying a predetermined region of a non-rewritable ROM; and a read for determining whether or not a command of a program code of the rewritable ROM is a read command. The instruction discriminating means and the area designated by the read instruction are non-rewritable RO
Area determination means for determining whether or not the area is a predetermined area designated by the area designation means of M, and the program code processed by the microcomputer is effective by the area designation means, the read instruction determination means and the area determination means. Only in this case, the execution of the reading process of the program code of the reading instruction recorded in the rewritable ROM is permitted.

[0008]

In the microcomputer of the present invention, the program code is the code recorded in the rewritable ROM by the area designating means, the read command determining means, and the area determining means, and the read code is in the predetermined area range. Since it is determined whether or not the read instruction includes the inside, execution of the read instruction of the data in the specific area can be prohibited.

[0009]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT An embodiment of a microcomputer for an IC card according to the present invention will be described in detail with reference to the accompanying drawings. Referring to FIG. 1, there is shown an embodiment of an IC card to which the microcomputer of the present invention is applied. There are two methods for limiting the reading of the memory area in the microcomputer, that is, a method using a hardware having a logic circuit configuration shown in FIG. 1 and a method using a software of a program step. Hereinafter, the configuration of the present invention will be described in detail based on the embodiments shown in the drawings.

FIG. 3 shows an example of the configuration of the entire unit of a microcomputer with a read-limited area, in which an EEPROM 70 is provided as a so-called free area for card managers. The IC card is composed of such a one-chip microcomputer (MPU), and the MPU is a CPU.
40, RAM 50, ROM 60 and EEPROM 70.

The CPU 40, which is a central processing unit, is composed of an accumulator (Acc) 41, a register 42, a logical operation processing unit (ALU) 43, an instruction interpreting section 44, a program counter (PC) 45, and a limiting circuit 46. .

The Acc 44 is a temporary storage unit used in the process in which the CPU 40 executes calculation, control and the like.
The register 42 performs the auxiliary function of the Acc 41,
There are a case where it has the same hardware configuration as the cc41 and a case where it has a RAM. The ALU 43 is the arithmetic operation of the CPU 40,
Processing units that perform comparison operations, logical operations, etc. are collectively referred to, and the operations of these processing units form the basic operation of the CPU 40. The instruction interpreting unit 44 classifies the content of the instruction word of the program, for example, a read instruction, a write instruction, a calculation instruction, and the like.
The PC 45 is a counter for managing the execution position of the program. The limiting circuit 46 is a functional unit that is a feature of the present invention, and is a circuit unit that determines an instruction in an area before the CPU 40 starts execution and determines whether the instruction can be executed.

The RAM 50 is a temporary storage unit for data. The stored data is backed up by a battery (not shown).

The ROM 60 is a read-only memory, which is a non-rewritable mask ROM in this embodiment. Therefore, the contents of the program configured in the mask ROM 60 are fixed at the time of factory shipment of the IC card manufacturer. RAM50 or EEPROM7 in this program
The data stored in 0 is coded, and hardware or software measures are taken to ensure confidentiality so that the contents of the data cannot be read or changed.

The EEPROM 70 constitutes an area for the IC card manager, that is, the IC card issuer to write unique data or program. In addition to the non-rewritable program configured in the mask ROM 60, the IC card manager's unique data or program is added using the EEPROM 70 to enhance the flexibility, versatility, and uniqueness of the IC card. You can Writing or erasing new data in the EEPROM 70 is performed using a reader / writer device (not shown).

CPU 40, RAM 50, ROM 60, EE
The PROM 70 is connected to each of the signal lines of a data bus, an address bus and a control signal.

Signal connection between the IC card having the above structure and the reader / writer device or a host device for utilizing the IC card is performed through a connector (not shown). Signals exchanged with the host device and the like are CLK which is a synchronizing signal of signals, RST which is a start signal of MPU, I / O of comprehensive data, and driving power supply Vcc and ground (GND).

FIG. 4 is an address map showing the structure of the memory of the above IC card. As mentioned above, the memory is
It is composed of a register 42, a RAM 50, a ROM 60, and an EEPROM 70. The register 42 is a memory used when the CPU 40 executes a calculation. In the register 42, an area for storing the address of the user referenceable area 602 which is a specific area of the mask ROM 60 is provided. The user referable area 602 is the mask ROM 60.
In the entire program configured in, the IC card manager is an area permitted to read the program contents and use it independently. Further, in the register 42 for storing the area range, U-ADR0 (422) indicates the start point of the user referenceable area 602, and U-ADR1 (423) indicates the end point. It is not permitted for the IC card manager to create a program for accessing the mask ROM areas of the areas 601 and 603 other than the user referenceable area 602.

The microcomputer of the first embodiment is
As shown in FIG. 1, the read area is limited by the hardware configuration of the logic circuit. This read limiting circuit 46
A read restriction flag generation circuit 15, a determination circuit for determining whether or not the program is stored in the EEPROM 1, a determination circuit for determining whether or not a read instruction 2, a determination circuit 3 for determining whether or not to access a user referenceable area of the mask ROM, And an AND circuit 18 for checking whether all the judgment conditions are satisfied.

The read restriction flag generating circuit 15 is composed of a resistor 16 connected to the Vcc power supply line, and a fuse 17 connected in series to the resistor 16 and the ground line (GRD). The fuse 17 is a wired logic configured in the MPU, and can be blown by applying a predetermined signal to the I / O terminal of the IC card to disconnect the connection with the GND line. The limit flag is "L"
Is treated as non-executable with, and treated as restricted with "H".
The fuse 17 is fixedly configured and is in the non-limiting execution state at the time of manufacturing the MPU, but is blown to be in the limited execution state when the IC card is shipped. The read restriction flag generation circuit 15 can also be replaced by a mask ROM 60, and the UV
-EPROM or EEPROM can be used instead.

The determination circuit 1 for determining whether or not the program is stored in the EEPROM 70 is performed by comparing the stored content of the program address register 11 and the stored content of the EEPROM area register 12 with the comparator 13. The EEPROM area register 12 has an upper limit address E of the EEPROM 70.
-ADRO and E-ADR1, which is the lower limit address, are fixedly stored. When executing the program in the unspecified area, the comparator 13 checks whether the command fetched by the CPU 40 to execute the program is the command stored in the EEPROM 70. This check knows the memory area to which the command belongs from the address data indicated by the program address register 11, and
This is performed by the comparator 13 checking whether it is inside or outside the address area of 70. If the command is stored in the EEPROM area, the comparator 13 outputs the "H" signal.

The circuit 2 for judging whether or not it is a read command judges by the code analyzer 22 whether or not the content stored in the instruction code register 21 for storing the command command word is a read command. In the case of a read instruction, the code analyzer 22 outputs the "H" signal.

The determination circuit 3 for determining whether or not to access the user referenceable area 602 of the ROM includes the ROM area register 32.
The comparator 33 compares U-ADR0, which is the upper limit area and U-ADR1 which is the lower limit area, of the user referable area 602 stored by the source address register 31 with the access destination address. If the access destination address extends outside the user referenceable area 602, the comparator 33
Outputs an "H" signal.

The AND circuit 18 is a 4-input / 1-output AND circuit. The signals of four inputs are the read limit flag generating circuit 15, the comparator 13, the code analyzer 22, and the comparator 33, and when all of these four signals are "H", the AND circuit 18 outputs the "H" signal. Output. When the output signal is "H", it is determined that the command stored in the source address register 31 is not executable, and when it is "L", it is determined that the command is executable.

In another embodiment of the present invention, reading is restricted by the structure of the program. According to the program configuration example shown by the flowchart of FIG. 2, the program code is read (step S11), and four items are checked before execution of the read code.

First, it is determined whether or not there is a restriction flag (step S12). If the restriction flag is present, the process proceeds to step S13. If not, the process proceeds to step S17. Next, it is determined whether the instruction code is in the EEPROM (step S13). If the instruction code is in the EEPROM, the process proceeds to step S14. If not, the process proceeds to step S17. Next, it is determined whether or not the instruction code is a read instruction (step S14). If the instruction code is a read instruction, the process proceeds to step S15, and if not, the process proceeds to step S17. Further, it is judged whether or not the read destination designated by the read command is the unreadable area (step S15), and if it is the unreadable area, the process proceeds to step S16, and if not, the step S15.
Proceed to 17 instruction execution.

If all of the above four items correspond to the check items, pseudo execution (step S16) of outputting "zero data", "error data", etc. is performed, and if any one of the four items is not applicable, , Execute the instructions of the program code (step S17).

In step 12, "Is there a restriction flag?"
It is confirmation whether or not to execute the check routine.
If the check is unnecessary, the following checks are unnecessary, the remaining three items are not checked, and the code command is executed. The limit flag can be configured by a program, but the limit operation can be surely performed by fixedly setting it by the wired logic as in the first invention.

In step 13, "Instruction in EEPROM?"
It is a confirmation whether or not the read code is recorded in the EEPROM 70. This is because the instruction in the mask ROM 60 does not need to be checked.

The "read command?" In step 14 confirms whether or not the instruction content of the code is a read command. This is because the commands other than the read command do not affect the confidentiality of the contents of the mask ROM 60.

In step 15, "Is the area impossible?", If the code is a read instruction, the read storage area is a mask ROM.
Check whether inside or outside the user referenceable area 602 of. If the address designated for reading is within the user read storage area, it is determined as "NO", and if it is outside, it is determined as "YES".

In order to ensure its effectiveness, the above-mentioned read restriction program is preferably provided in the main routine in which the steps are always followed and outside the user referenceable area.

Although the above-described embodiment is a preferred embodiment of the present invention, the present invention is not limited to this, and various modifications can be made without departing from the gist of the present invention. For example, not limited to the configurations of the above two embodiments,
It is also effective to use both of them redundantly or to partially mix the two.

Further, the microcomputer for the IC card of the present invention enables / disables the read restriction process when the card manufacturer performs the read restriction process on the specific area of the rewritable ROM of the microcomputer at the time of manufacturing the IC card. When the read restriction processing is enabled by the setting means (read restriction execution flag generating means), the rewritable ROM is used as an IC card microcomputer opened to the user, and the read operation is performed. When the limiting process is invalid, the rewritable ROM can be used as a microcomputer for an IC card that is not open to the user for each purpose, and a microcomputer with high versatility can be provided. It is possible.

[0035]

As is apparent from the above description, in the microcomputer for the IC card of the present invention, the program code is the code recorded in the rewritable ROM, the read command, or the read including the outside of the predetermined area. Since it is determined whether the command is an instruction, by prohibiting the reading process of the data in the specific area, the decryption of the data processed by the program in the specific area can be prevented, and the confidentiality of the data can be maintained. Therefore, it is possible to give the user the freedom to manufacture an inexpensive original IC card.

[Brief description of drawings]

FIG. 1 is a block diagram showing an embodiment of a microcomputer for an IC card according to the present invention.

FIG. 2 is a flowchart showing the operation of the microcomputer for the IC card according to the present invention.

FIG. 3 is a block diagram showing a configuration example of an entire unit in which a microcomputer for an IC card according to the present invention is applied to an IC card.

FIG. 4 is an address map showing a memory configuration of a microcomputer for an IC card according to the present invention.

[Explanation of symbols]

 1, 2 and 3 Judgment circuit 11 Program address register 12 EEPROM area register 13, 33 Comparator 15 Read restriction flag generation circuit 16 Resistor 17 Fuse 18 AND circuit 21 Instruction code register 22 Code analyzer 31 Source address register 32 ROM area register 46 Read limit circuit

Claims (3)

[Claims] 1. A microcomputer for an IC card having at least a rewritable ROM and a non-rewritable ROM, wherein the microcomputer includes area designating means for designating a predetermined area of the non-rewritable ROM. A read instruction determining means for determining whether the instruction of the program code of the rewritable ROM is a read instruction, and an area designated by the read instruction is designated by the area designating means of the nonrewritable ROM. And a program code processed by the microcomputer is valid by the area designating means, the read command determining means, and the area determining means. Only for executing the reading process of the program code of the reading instruction recorded in the rewritable ROM. Microcomputer for IC cards and permits. 2. The microcomputer for the IC card according to claim 1, wherein the microcomputer further generates a read restriction execution flag for setting valid / invalid of the read restriction process for selecting whether or not the read process is possible. A microcomputer for an IC card, further comprising means, wherein whether or not the read restriction process is possible can be selected by the flag generated by the read restriction execution flag generation means. 3. The microcomputer for an IC card according to claim 1 or 2, wherein the read restriction execution flag generating means is circuitally configured inside the microcomputer, and the circuit is provided to the microcomputer. A microcomputer for an IC card, characterized in that the read limiting process is enabled by applying a predetermined signal, and the enabled state is set irreversibly.