WO1998058305A1 - Security device - Google Patents

Security device Download PDF

Info

Publication number
WO1998058305A1
WO1998058305A1 PCT/GB1998/001705 GB9801705W WO9858305A1 WO 1998058305 A1 WO1998058305 A1 WO 1998058305A1 GB 9801705 W GB9801705 W GB 9801705W WO 9858305 A1 WO9858305 A1 WO 9858305A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
security device
signal
code
means
predetermined code
Prior art date
Application number
PCT/GB1998/001705
Other languages
French (fr)
Inventor
Alexander Roger Deas
Cameron Mccoll
Original Assignee
Memory Corporation Plc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks

Abstract

A computer system (10) comprises computer apparatus (12) incorporating the first and second electronic components (20, 22) and is electrically connected to a security device (14) which is associated with a non-volatile store (16) and components (12 and 14) are interconnected via a security bus (18). The security device (14) is used to protect at least one of the first electronic component (20) and the second electronic component (22) from theft and unauthorised re-use. Typically component (20) is a microprocessor for generating instructions and component (22) is a memory module for receiving instructions and outputting signals in consequence, the components (20, 22) being interconnected by a further bus (24).

Description

Security Device

The present invention relates to a computer system. In particular, the present invention relates to a security device for preventing theft and unauthorised re-use of electronic components forming part of a computer system.

Electronic components, particularly those used in computer systems (such as memory modules, microprocessors, disk drives, and the like) are an attractive commodity to steal. This is because they are valuable, small, light, easily removed, difficult to trace once stolen, physically interchangeable, and difficult to protect from theft.

To prevent theft, the components could be securely fixed in place inside the computer system, and covered with a non-conducting material (such as a glob top) . This has the disadvantage, however, that the components are no longer removable by the owner, which means that the components cannot be easily replaced, for example so as to be upgraded.

It is an object of the present invention to provide a security device for use with a computer system for preventing theft and unauthorised re-use of electronic components forming part of a computer system.

According to a first aspect of the present invention there is provided a security device for use with an electronic component forming part of a computer system, where the electronic component communicates via a plurality of signal-conveying connectors, and the security device comprises : storage means for storing a predetermined code for use as a security code, detection means connected to at least one of the_ signal-conveying connectors for detecting a signal, comparing means responsive to the detection means for evaluating a function of the predetermined code and signals on the at least one of the signal-conveying connectors to determine whether or not that function fulfils an acceptance criterion, and disable means responsive to the comparing means for disabling either the electronic component or the security device.

The comparing means evaluates a function of the predetermined code and the signals detected by the detection means to determine whether or not that function fulfils an acceptance criterion. In its simplest form the function may be the subtraction of respective bits and the acceptance criterion is met if each subtraction results in a binary zero. In a more complicated form the function may be the addition of respective bits. Alternatively, the function may be another logical combination, or even a hashing function.

Preferably, the computer system simultaneously applies the same bit of the predetermined code on a plurality of the signal-conveying connectors to ensure that whichever of the signal-conveying connectors is monitored by the detection means the correct bit from the predetermined code will be detected.

Preferably, the storage means is non-volatile memory such as an EPROM or EEPROM. Alternatively, the storage means is another form of non-volatile storage such as computer hard disk, floppy diskette, CD-ROM, and the like.

Preferably, the detection means is connected to at least one control signal on the signal-conveying connectors to determine when a selected data signal is valid, and to the selected data signal on the signal-conveying connectors to monitor the value of the data signal.

Preferably, the disable means disables the electronic component by applying a fixed voltage to one of the signal- conveying connectors .

Preferably, the disable means disables the security device by disabling the output of the disable means. Preferably, there is a delay between determining that the electronic component should be disabled and actually disabling the electronic component. Conveniently, the delay is variable. This feature has the advantage of hiding the event which caused the disable means to disable the electronic component.

In one mode of operation, the security device comprises timing means for generating a time-out signal after a period of time. The disable means is also responsive to the time-out signal for disabling the electronic device in the event that the predetermined code does not fulfil the acceptance criterion prior to generation of the time-out signal, and for disabling the security device in the event that the predetermined code does fulfil the acceptance criterion prior to generation of the time-out signal.

Preferably, the timing means counts the number of signal changes detected by the detection means until a predetermined number is reached. Alternatively, the timing means is a delay circuit comprising resistive and capacitive elements, or a shift register. Alternatively, the timing means may be a monostable circuit.

Preferably, the detection means, comparing means, timing means and disable means are implemented on an Application Specific Integrated Circuit (ASIC) .

In another mode of operation, the security device comprises delay means for generating a blanking interval on initiation of power to the security device, so that operation of the security device is inhibited until after the blanking interval has elapsed. Preferably, the delay means counts the number of signal changes detected by the detection means until a predetermined number is reached. Alternatively, the delay means uses a monostable circuit, or a clock, or, the delay means waits until a predetermined state or condition is reached. According to a second aspect of the present invention there is provided a method of disabling an electronic component having signal-conveying connectors if a predetermined code is not received, the method comprising the steps of: storing a predetermined code for use as a security code, detecting a signal on at least one of the signal- conveying connectors, evaluating a function of the predetermined code and signals on the at least one of the signal-conveying connectors to determine whether or not that function fulfils an acceptance criterion, and consequently disabling either the security device or the electronic device.

The method may further comprise the step of generating a time-out signal after a period of time if the acceptance criterion is not met.

Alternatively, or additionally, the method may further comprise the step of generating a delay on initiation of power to the security device, so that operation of the disable means is inhibited until after the delay has elapsed .

It will be understood that the host may be, for example, a computer, a motherboard, or some other component or components to which the electronic component is connected .

These and other aspects of the present invention will become apparent from the following specific embodiments, given by way of example, when taken in combination with the accompanying drawings, in which:

Fig 1 is a block diagram illustrating the electronic interconnection of computer apparatus and a security device;

Fig 2 is a block diagram of an embodiment of the present invention where a memory module is to be protected from unauthorised use;

Fig 3 is a block diagram of an embodiment of the present invention where a microprocessor is to be protected from unauthorised use;

Fig 4 is a schematic diagram in two parts (Figs 4a and 4b) showing a specific implementation of the embodiment of Fig 2. The line A-A shows where the original schematic diagram was cut to produce Figs 4a and 4b; and

Fig 5 is an alternative embodiment of a detail of Fig 4.

Fig 1 shows part of a computer system 10 comprising computer apparatus 12, electrically connected to a security device 14, the device 14 having an associated non-volatile store 16, where the apparatus 12 and security device 14 are connected via a security bus 18. The apparatus 12 comprises a first electronic component 20 for generating instructions, which is typically a microprocessor, and a second electronic component 22 (which may be a memory module) for receiving instructions and outputting signals in response to the instructions, the first and second components 20,22 being connected by a bus 24.

The security device 14 is used to protect at least one of the first and second components 20,22 from theft and unauthorised re-use .

The non-volatile store 16 may be internal to the security device 14 or it may be external, as shown.

The bus 24 comprises a plurality of signal conveying conductors, for example insulated wire connectors or tracks disposed on a printed circuit board, typically for conveying a plurality of data signals, a plurality of address signals, a plurality of control signals, one or more power signals and one or more electrical ground signals .

The security bus 18 typically has fewer signal- conveying conductors than the bus 24, but this is not necessarily the case, and the individual conductors in the' security bus 18 are permanently connected to selected individual conductors in the bus 24.

As will be explained in more detail, one or more selected conductors on the bus 24 are used to deliver a code, issued by the first component 20, to the second component 22. The code is in the form of a sequence of n data bits applied to the selected conductor (s) , where n is, for example, 64.

If the security device 14 is used to prevent unauthorised re-use of the second component 22 then at least part of the device 14 is physically connected to the second component 22 (for example, they may be mounted on a common substrate) ; whereas, if the device 14 is used to prevent unauthorised re-use of the first component 20 then at least part of the device 14 is physically connected to the first component 20. In either case, the security device 14 can operate in either of two modes.

In the first mode of operation, the device 14 monitors the selected conductor (s) immediately power is received by the device 14 at switch-on of the system 10. The device 14 then evaluates a function of the n bit predetermined code stored in non-volatile store 16 and bits derived from bus 24 to determine whether or not an acceptance criterion is fulfilled prior to a predetermined time interval having elapsed .

It will be understood that the predetermined time interval may be determined exactly by a clock function, or it may be determined on a variable basis in relation to the operation of the device by detecting the state of _an electronic component such as a monostable, or by counting the number of occurrences of a particular event cycle on the bus 24.

It will also be understood that the security device 14 continuously monitors bits on the bus 24; however, bits are only derived from the bus 24 when a code criterion is met'. The code criterion may be, for example, the logical state of one or more signals on the bus 24.

When the code criterion is fulfilled, the bits derived from bus 24 may be read directly and the logical value of the bits used as the code, or the bits read may be operated on to produce the n bit code. There are a number of ways in which the bits read may be operated on, for example, bits from the bus 24 may be operated on by a function to produce different bits, or a bit pattern may be detected to produce a single bit, or a hashing function may be applied to the bits from the bus 24.

It will also be understood that the bits from the bus 24 which are taken to form the code are not necessarily adjacent bits from the bus 24.

It will also be understood that the acceptance criterion may be fulfilled when the received code is identical to the predetermined code stored in non-volatile store 16; or it may be that acceptance criterion is some function of the predetermined code; or the acceptance criterion may be fulfilled by a predetermined condition or state being attained when the two codes are compared.

If the acceptance criterion is fulfilled then the security device 14 disables itself. If, however, the predetermined time interval has elapsed during which time the acceptance criterion is not fulfilled, then the device 14 sets one or more of the conductors in the bus 24 to a fixed voltage, thereby disabling operation of the selected component (either 20 or 22) without damaging the other component (22 or 20 respectively) or the bus 24.

In the second mode of operation, when power is applied to the device 14 at switch-on of the system 10, the device 14 waits for a blanking interval. During this blanking interval, operation of device 14 is inhibited, for example, by arranging that the disable means is disabled. When the blanking interval has elapsed the device 14 then evaluates a function of the n bit predetermined code stored in nonvolatile store 16 and bits derived from bus 24 when the code criterion is fulfilled to determine whether the acceptance criterion is fulfilled. If the acceptance criterion is fulfilled then the security device 14 disables itself. If, however, the acceptance criterion is not fulfilled then the device 14 sets one or more of the conductors in the bus 24 to a fixed voltage, thereby disabling operation of the selected component (either 20 or 22) without damaging the other component (22 or 20 respectively) or the bus 24.

Fig 2 is a block diagram of a memory module 30 which incorporates components 14, 16, 18, 22, and 24 of Fig 1, and where the security device 14 operates in the first mode (described above) , with the comparing means evaluating the function of subtracting or comparing sequential bits, and the acceptance criterion being that each subtraction or comparison should produce a binary zero. The module 30 is for connection to a host computer, which is the first component 20 of Fig 1.

Memory modules are particularly vulnerable to theft because they are designed to be easily removed, they are designed to be interchangeable, and multiple modules may be used in each computer system. Memory modules are circuit boards which are populated with memory circuits to provide additional memory for a host computer, and which have a row of connectors along one side to connect to a computer motherboard. The memory circuits are equivalent to the electronic component 22 of Fig 1.

The module 30 incorporates the security device 14, the non-volatile memory 16, the security bus 18, the second component 22, and the bus 24. Generally, memory modules connect to a motherboard via a connector, so there is a bus 24 on the module 30 and also on the motherboard.

The security device 14 in Fig 2 is implemented as an ASIC with eight input/output connections (pins) . One pin 31 (the connections of which are not shown internally to the security device 14) is used to receive power (Vdd), one pin 32 (the connections of which are not shown internally to the security device 14) is used to receive electrical ground (Vss), one pin 34 to receive a data bit from the bus 24, three pins 36,38,40 to receive control signals from the bus 24 (relating to the one data bit to which pin 34 is connected) , one pin 42 to receive data from the nonvolatile store 16, and one pin is unused.

Pin 34 is connected to data bit 9, although pin 34 could be connected to any other data bit, or any other suitable bit such as an address bit or control bit. Pin 36 is connected to the control conductor which is used to indicate when data bit 9 contains valid data, thus pin 36 is connected to RASO. Similarly, pin 38 is connected to the column address strobe (CAS) signal for data bit 9 (CAS1) . Pin 40 is connected to the write enable (WE) signal. Pins 31, 32, 34, 36, 38 and 40 comprise the security bus 18. Pins 36, 38, and 40 are active when data bit 9 contains valid data; that is, these pins (36,38,40) convey active signals when the host 20 is writing data to the memory circuits 22 on data bit 9. If a data bit other than data bit 9 was used, the pins 36,38,40 would be connected to the appropriate signals which define a write cycle for the data bit chosen. This information (the signals which, when active, define which particular data bits contain valid data) is available from standard data books (published by memory module suppliers) and text books relating to memory modules. The non volatile store 16 is a one-time programmable ROM which is programmed with a predetermined 64 bit code. In other embodiments the predetermined code may be longer or shorter than 64 bits. The predetermined code is entered into a computer program for installing in the computer 20 connected to the module^ 30.

In use, the module 30 and computer program containing the predetermined 64 bit code are installed in the computer system 10; thereafter, the computer system 10 is switched on. When the computer 20 receives power, the microprocessor within the computer 20 executes an initialisation procedure, during which the computer 20 determines, amongst other things, how much memory is present. During at least part of the initialisation procedure the memory module 30 will be accessed by the computer 20 and the computer 20 may write data to the module 30.

When power is first applied to the security device 14, timing means 52 is used to ensure that the security device 14 will disable the module 30 if the correct code is not received within a predetermined time limit (in accordance with the first mode of operation of device 14 previously explained) . This has the advantage that there is only a limited amount of time in which unauthorised users can attempt to generate the correct code. The timing means 52 is connected to detection means 50 for counting the number of refresh cycles using pins 36 and 38, and generates a time-out signal 53 once a predetermined count value is reached .

Once the computer 20 has finished at least part of the initialisation procedure (which may take several minutes for some systems) then the program storing the predetermined code is executed. This program is accessed by the computer 20 from a store within the computer 20 during the initialisation procedure, and causes the computer 20 to write the predetermined code to the memory module 30 via bus 24. The computer 20 simultaneously writes the same bit of the 64 bit code on each data conductor in the bus 24 to ensure that whichever conductor on the bus 24 is monitored by the device 14, at any given moment in time, the correct bit from the predetermined code will be seen. Thus, the first bit of the code is written on each data conductor, then the second bit of the code is written on each data conductor, and so on until all 64 bits of the code have been written on all of the data conductors, so that whichever data conductor is monitored the correct sequence of 64 bits will be detected. This obviates any problems which may arise due to the computer 20 scrambling the data prior to outputting the data to the data conductors on the bus 24.

The computer program in this embodiment ensures that the predetermined code is applied as an unbroken sequence, for example, by ensuring that the code is not broken by interrupt servicing. However, in other embodiments, the code may be interrupted by design, in which case the security device is arranged to filter the received signals to restore the unbroken code.

If more than one module 30 is used in a computer system 10 then there is a corresponding number of security devices 14, each with a different code. The predetermined codes (one for each security device) are written in sequence by the computer 20, thus the first predetermined code is written, then the next predetermined code is written, and so on until all of the predetermined codes have been written. If a particular security device 14 receives a block of 64 bits which does not match the predetermined code, then the device 14 ignores that block and waits to receive another block of 64 bits for comparing with the predetermined code. Thus, the various security devices 14 may receive any number of incorrect codes before each device 14 receives the correct code, provided the correct code is received prior to the respective timing means 52 generating the time-out signal 53. When the computer 20 writes the predetermined code to the module 30, the detection means 50 detects that a write operation has been initiated because of the state of the electrical signals on pins 36, 38 and 40. The output of detection means 50 then responds by controlling comparing means 54, which comprises a 64 bit shift register 56 and a comparator 58, so that the shift register 56 receives and stores data from pin 34. The comparator 58 independently receives and stores bits from the non-volatile store 16 which are sent serially via pin 42. The comparator 58 then compares in parallel the bits from the non-volatile store 16 with the bits from the shift register 56 on a bit by bit basis and, at the end of each 64 bit sequence, outputs a single comparison bit 60. The single comparison bit 60 is input to disable means 62. The time-out signal 53 is also connected to the disable means 62.

If the time-out signal 53 goes active (indicating that the predetermined count has been reached) prior to the comparison bit 60 going active, then the disable means 62 sets its output 64 to Vdd, ensuring that there will be a memory failure when the computer 20 attempts to write a logic zero onto data bit 9.

If the single comparison bit 60 goes active (indicating that there is a match between the predetermined code and the code written by the computer program) prior to the time-out signal 53 going active, then the disable means 62 is disabled so that data bit 9 is not affected by the security device 14.

When power is removed from the computer system the security device 14 is reset so that when power is reapplied the device 14 must again receive the correct code before the device 14 will be disabled.

If the security device 14 is connected to a circuit board then the device 14 should be mounted in such a way as to make removal or bypassing of the device extremely difficult. For example, the device 14 and connections (particularly pin 34) may be covered with a material which is difficult to remove, for example a glob top, or the connections to the security device may be made by tracks routed through the centre of the circuit board.

Table 1 gives an example of a computer program for use with the above embodiment, which may be used to write a predetermined code to the device 22.

Fig 3 is a block diagram of an embodiment of the present invention where a microprocessor is to be protected from unauthorised use. The first component 20 is a microprocessor, the second component 22 may be a memory module, motherboard, or the like. The microprocessor 20, the security device 14, the non-volatile store 16, and the security bus 18 are incorporated into a custom microprocessor 66. Within the custom microprocessor 66, there are similar components to the components described for the Fig 2 embodiment, like numerals relate to like components. The main difference between the embodiments of Figs 2 and 3 is that pins 36, 38 and 40 (which connect to WE, RAS, and CAS control signals in the Fig 2 embodiment) connect to different control signals (WE) in the Fig 3 embodiment .

Fig 4 shows a specific implementation of the embodiment of Fig 2. There is a 68 bit shift register 70 for receiving and storing the predetermined code from the non-volatile store (not shown) via pin 42. 64 bits of the output 72 (which comprises the predetermined code output 73) of the shift register 70 are connected to the comparator 58. The remaining four bits are connected elsewhere in the circuit, as will be described below.

The comparator 58 is an array of 64 exclusive NOR logic gates 74 (only one is shown for clarity) with additional logic at the 64 outputs of the XNOR gates 74 to generate a single output 75 from the 64 outputs. The other input to the comparator 58 is from the output of the 64 bit shift register 56. The shift register 56 receives data from data line 9 via pm 34.

The detection means 50 comprises logic gates to detect the state of pins 36, 38 and 40 which exists when a write cycle is being initiated. The timing means 52 comprises logic circuitry to detect when a refresh cycle is being initiated and to count refresh cycles (using a 30 stage counter) . There is also a multiplexor 80 to provide a degree of programmability in the length of time which elapses before the time-out signal 53 is generated.

The multiplexor has three inputs 82 from the 68 bit shift register 70. Thus, the non-volatile store 16 can be programmed with an additional three bits to determine the delay before the time-out signal 53 is generated. This provides flexibility and is useful when the security device is used with computer systems which take longer than usual to initialise (for example, several minutes) .

The time-out signal 53 is connected to the disable means 62. The disable means 62 has an AND gate 90 with an input from the final bit of the 68 bit shift register 70 and an input from an initialisation line 92. The final bit of the 68 bit shift register is used as a disable bit so that the operation of the security device can be permanently disabled by setting the final bit of the shift register 70 to logic zero. The output of the AND gate 90 is used to reset a register 94 which produces output 64. Output 64 is used to drive data bit 9 to a permanent high voltage, thus ensuring incorrect operation of the module.

The security device 14 of the present invention could also be used to protect other types of electronic components. For example, the security device 14 could be used to protect a microprocessor, in which case, the security device 14 may be connected to one or more control lines on the microprocessor and a data line on the microprocessor. The operation of the device would be very similar to that described for Figs 1 to 3. However, the microprocessor would perform the function of both the host 20 and the electronic device 22. This is because microprocessors generate, amongst other things, the addresses and control signals in computer systems. Thus, the microprocessor would be used to generate the predetermined code (from a computer program), and the security device would monitor the appropriate pins (for example, a data pin and the write enable pin) of the microprocessor to determine when the code was being issued by the microprocessor. If the correct code was not detected prior to the time-out signal going active then the security device would drive one of the microprocessor pins to Vdd. This would disable operation of the microprocessor. Alternatively, the security device may be incorporated into the micro-instruction sequencer of a microprocessor; the security device could then disable the microprocessor by changing data in the data path.

Fig 5 shows an alternative circuit for detecting refresh cycles. The circuit of Fig 5 is identical to the timing means 52 of Figs 4a and 4b except for the additional circuitry 100 which is used to exclude the possibility of detecting a certain type of cycle which is not a refresh cycle but which may be detected if the additional circuitry 100 was not present.

In other embodiments of the present invention, the security device 14 operates in the second mode, previously described with reference to Fig 1. In the second mode of operation, delay means is used to ensure that the computer 20 has completed the initialisation procedure before the- security device 14 begins to check for the correct code. Thus, no code is received or stored prior to completion of the initialisation procedure. This is necessary if the security device 14 disables itself once an incorrect code is received (unlike the Fig 2 and Fig 4 embodiments where the security device may receive any number of incorrect codes) provided the correct code is received prior to the time-out signal being generated. The delay means is necessary to ensure that any incorrect code which is inadvertently issued by the host 20 during the initialisation procedure is ignored by the security device 14. The host 20 may inadvertently issue a code by, for example, writing data to a memory location.

The delay means may be determined by use of a clock located within or outside the security device 14. Alternatively, the delay means may be incorporated into the detection means 50 so that when power is first applied to the security device 14, the detection means 50 counts a predetermined number of, for example, refresh cycles. This would provide a delay to ensure that the computer 20 has finished the initialisation procedure before the correct code is sent to the electronic component 22. The number of refresh cycles which are counted (the length of the delay) may be a programmable option.

In other embodiments different means may be used to implement the disable function. For example by electronically disrupting a signal path or by driving a signal (such as data bit 9 in the Figs 2 and 4 embodiments) to a fixed voltage such as electrical ground voltage, or by using logic circuitry to invert a signal or disable a buffer. In embodiments which use a security device to protect a microprocessor the disable means may be used to garble the data generated by the microprocessor.

Pin 34 may be connected to any convenient conductor, for example any data conductor; or to any other convenient^ conductor, for example a conductor conveying an address signal or a control signal. If pin 34 was connected to an address signal then the host 20 would issue an address which would be considered as the code. For example, the security device 14 would monitor an address bit and if the sequence of signals on the address bit did not match the predetermined code then the address bit would be set to Vdd.

In other embodiments, the security device 14 may be incorporated into the electronic device 22 which it is protecting. Where the electronic device 22 is fabricated as an integrated circuit then the security device 14 may be designed as part of the integrated circuit. Where a memory module controller is used for controlling memory redundancy, the security device 14 may be incorporated into the memory module controller; alternatively, the security device may be incorporated into a standard microprocessor.

The eight pin package described in the Fig 2 embodiment is given merely by way of example, other sizes and types of packaging (including no packaging) are possible .

In other embodiments the predetermined code may be embedded into the security device 14 during manufacture to obviate the need for an external non-volatile store 16.

The predetermined code in the above embodiments is a single 64 bit code which is applied to a single data line. However, in other embodiments, a plurality of codes may be applied to a plurality of data lines simultaneously. For example, a first 64 bit code may be applied to one conductor (data bit 9) and a second 64 bit code may be applied simultaneously to a second conductor (data bit 8) . Both conductors would be monitored simultaneously and the codes which are received on the two conductors compared with two predetermined codes which are stored in the nonvolatile store. The codes which are stored in the nonvolatile store may be retrieved as serial data via a single conductor, or there may be two conductors to retrieve the data in parallel. Only if each of the received codes matches the corresponding code from the non-volatile store is the security device disabled. This is a more complex embodiment because, for example, all of the data lines cannot convey the same data at any given time. If there is any scrambling of the data lines then the scrambling algorithm must be known so that the correct data is applied to the correct data line, or the timing sequence of the code requires to be reconstructed using inverse hashing.

In other embodiments, the computer program which writes the predetermined code to memory may prompt the user to enter the code manually to avoid it being held in a local store which might be accessible to an unauthorised user who might thereby retrieve the code.

JUMPS

.model small .stack lOO

. code .486D start strt mess CO "this is an is: message", 13, 10, "$' cr : db 13, 10, "$" rl o d: db ."01234567 $

---word: db "0123 $" rbyte: db ••01 $" patl dd OOOOOOOOh pat2 dd Offffffffh pat3 dd OOOOOOOOh pat4 dd OOOOOOOOh patS dd Offffffffh patδ dd Offffffffh pat7 dd OOOOOOOOh pat3 dd OOOOOOOOh pat9 dd OOOOOOOOh patlC ]: dd Offffffffh patl] -: dd Offffffffh patl-J -: dd Offffffffh patl] .: dd OOOOOOOOh patl' 1: dd OOOOOOOOh patl; 3: dd OOOOOOOOh patlf 3: dd OOOOOOOOh patl' 7: dd Offffffffh patl£ J : dd Offffffffh patl? 3: dd Offffffffh pat2C ): dd Offffffffh pat2] .: dd OOOOOOOOh pat22 > : dd OOOOOOOOh pat2I . : dd OOOOOOOOh pat2' 1 : dd OOOOOOOOh pat2f - : dd OOOOOOOOh pat2f :": dd Offffffffh pat2" 1 : dd Offffffffh pat2. : dd Offffffffh pat2S - : dd Offffffffh pat3C ): dd Offffffffh pat3] .: dd OOOOOOOOh pat3- . : dd OOOOOOOOh pat3I : dd OOOOOOOOh pat3' : dd OOOOOOOOh pat3: ) : dd OOOOOOOOh pat3f 5 : dd OOOOOOOOh pac3~ ' : dd Of :rrrzrn pac3£ : dd pat3S > : dd pat4C : dd 0 pa 4 ] : dd 0 :.ι pat 2 0::::::::.ι pa 41 --1-J OOOOOOOOh a 4J : dd OOOOOOOOh pat 45 OOOOOOOOh pat4 : dd OOOOOOOOh oat4" : dd OOOOOOOOh

Table 1 pat48 dd 20

OOOOOOOOh pat49 dd OOOOOOOOh patSO dd Offffffffh pat51 dd Offffffffh pat52 dd Offffffffh pat53 dd Offffffffh pat54 dd Offffffffh pat55 dd Offffffffh pat56 dd Offffffffh pat57 dd OOOOOOOOh pat58 dd OOOOOOOOh pat59 dd OOOOOOOOh pat60 dd OOOOOOOOh patδl dd OOOOOOOOh pat62 dd OOOOOOOOh pat63 dd OOOOOOOOh pat64 dd OOOOOOOOh patβS dd Offffffffh patββ dd Offrrrrfrh pat67 dd Offffffffh pat68 dd Offffffffh pat69 dd Offffffffh pat70 . dd Offffffffh pat71 : dd Offffffffh pat72 : dd Offffffffh prcr: mo dx, offset cr output CR and LΞ mov ah, 9 int 21h ret prl o rd.-mov di, offset El ord ; output 32-bit word rol eax,8 call hex rol eax, 8 call hex

Figure imgf000022_0001
call hex

EOl eax, 8 call hex mov dx, offset rlword mo ah, 9 int 21h ret prword: ffset rword ; output 16-bit WOEC

Figure imgf000022_0002
call hex

EOl ax, 8 call hex mo x, offset rwoEd mo ah, 9 int 21h at p rb yte : mov di, offset rbyte ;αutnut 3 -bit byte call hex mov dx, offset rbyte mov 3n. 9 r. t 21h ret hex : push a:< ; byte0 - hex to asc and ax,0f Table 1 ( continued) cmp ax, Oah jl hexl sub ax, Oah add ax, "A" jmp hex2 hexl : add ax, "0" hex2 : mov dx, ax rol dx, 8 pop ax push a ror ax, 4 and ax, Ofh crttD ax, Oah jl' hex3 sub ax, Oah add ax, "A"

Figure imgf000023_0001
hex4 : add ax, dx mo [di ] , ax add di,2 pop ax ret scr : push ds ;save ds push cs ;make ds same as cs pop ds

mov eax, crO ; output crO call prl ord mov eax, crO ;read control register or eax, 60000000h ;set cache control bits mov crO , eax disable cache mov eax, crO ; check values call prlword wbinvd ; flush cache mov eax, crO ; check values call prlword call prcr mov bx, 50000

1?2: mov ex, 72 mov si, offset oatl cli ; disable interr ots mov di, offset rbyte ; output 3 -bit mov [di] , Oaaaaaaaah ;outαut markei mov α , crzse: riworc

l3l mo eax, l si] mov [di; .ax Table 1 (continued) add si, 4 dec ex jnz lpl sti ; enable interrupts

dec b cmp bx,0

]ne 1P2

wbinvd mo eax, crO ; check values call lword call prcr pop ds mov ah , 4 ch ; Return to DOS int 21h end

Table 1 (continued)

Claims

1. A security device for use with an electronic component forming part of a computer system, where the electronic component communicates via a plurality of signal-conveying connectors, and the security device comprises : storage means for storing a predetermined code for use as a security code, detection means connected to at least one of the signal-conveying connectors for detecting a signal, comparing means responsive to the detection means for evaluating a function of the predetermined code and signals on the at least one of the signal-conveying connectors to determine whether or not that function fulfils an acceptance criterion, and disable means responsive to the comparing means for disabling either the electronic component or the security device.
2. A security device as claimed in claim 1 wherein the comparing means evaluates a function of the predetermined code and the signals detected by the detection means to determine whether or not that function fulfils an acceptance criterion, the function being the subtraction of respective bits, and the acceptance criterion is met if each subtraction results in a binary zero .
3. A security device as claimed in either preceding claim wherein the computer system simultaneously applies_ the same bit of the predetermined code on a plurality of the signal-conveying connectors to ensure that whichever of the signal-conveying connectors is monitored by the detection means the correct bit from the predetermined code will be detected.
4. A security device as claimed in either preceding claim wherein the detection means is connected to at least one control signal on the signal-conveying connectors to determine when a selected data signal is valid, and to the selected data signal on the signal-conveying connectors to monitor the value of the data signal.
5. A security device as claimed in either preceding claim wherein the disable means disables the electronic component after a delay between determining that the electronic component should be disabled and actually disabling the electronic component.
6. A security device as claimed in either preceding claim wherein the security device comprises timing means for generating a time-out signal after a period of time and the disable means is also responsive to the time-out signal for disabling the electronic device in the event that the predetermined code does not fulfil the acceptance criterion prior to generation of the time-out signal, and for disabling the security device in the event that the predetermined code does fulfil the acceptance criterion prior to generation of the time-out signal.
7. A security device as claimed in any one of claims 1 - 5, wherein the security device comprises delay means for generating a blanking interval on initiation of power to the security device, so that operation of the security device is inhibited until after the blanking interval has elapsed .
8. A method of disabling an electronic component having signal-conveying connectors if a predetermined code is not received, the method comprising the steps of: storing a predetermined code for use as a security code, detecting a signal on at least one of the signal- conveying connectors, evaluating a function of the predetermined code and signals on the at least one of the signal-conveying connectors to determine whether or not that function fulfils an acceptance criterion, and consequently disabling either the security device or the electronic device.
PCT/GB1998/001705 1997-06-16 1998-06-11 Security device WO1998058305A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US71250597 true 1997-06-16 1997-06-16
US9712505.8 1997-06-16

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
AU8028798A AU8028798A (en) 1997-06-16 1998-06-11 Security device

Publications (1)

Publication Number Publication Date
WO1998058305A1 true true WO1998058305A1 (en) 1998-12-23

Family

ID=24862401

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB1998/001705 WO1998058305A1 (en) 1997-06-16 1998-06-11 Security device

Country Status (1)

Country Link
WO (1) WO1998058305A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1197826A1 (en) * 2000-09-18 2002-04-17 Kabushiki Kaisha Toshiba Secured portable electronic device
US6490667B1 (en) 2000-09-18 2002-12-03 Kabushiki Kaisha Toshiba Portable electronic medium
WO2004027587A2 (en) * 2002-08-21 2004-04-01 Audi Ag Method for protecting at least one motor vehicle component against manipulation in a control device, and control device
US7203842B2 (en) 1999-12-22 2007-04-10 Algotronix, Ltd. Method and apparatus for secure configuration of a field programmable gate array
US7240218B2 (en) 2000-02-08 2007-07-03 Algotronix, Ltd. Method of using a mask programmed key to securely configure a field programmable gate array

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0175359A2 (en) * 1984-09-20 1986-03-26 Wang Laboratories Inc. Apparatus for providing security in computer systems
US4864542A (en) * 1987-03-16 1989-09-05 Hitachi Maxell, Ltd. Memory cartridge having stored data protecting function and memory protecting method
EP0425053A1 (en) * 1989-10-27 1991-05-02 Philips Cartes Et Systemes Data processing system having memory card authenticating means, electronic circuit for use in that system and method for using this authentication
DE4120864A1 (en) * 1991-03-05 1992-09-10 Mitac Gmbh Security protection system for computers against unauthorised access - stores password in reference memory to provide values compared against entered value to control gates
DE29519865U1 (en) * 1995-12-14 1997-01-23 Siemens Ag Data processing system with apparatus for controlling the access authorization, which are the components of the data processing system directly associated
EP0798620A2 (en) * 1996-03-28 1997-10-01 Lucent Technologies Inc. Method and apparatus for enhancing security in and discouraging theft of VLSI and ULSI devices
WO1997045780A2 (en) * 1996-05-31 1997-12-04 Alingsås Information System Ab Anti-theft device
JPH1049493A (en) * 1996-08-06 1998-02-20 Nec Niigata Ltd Computer system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0175359A2 (en) * 1984-09-20 1986-03-26 Wang Laboratories Inc. Apparatus for providing security in computer systems
US4864542A (en) * 1987-03-16 1989-09-05 Hitachi Maxell, Ltd. Memory cartridge having stored data protecting function and memory protecting method
EP0425053A1 (en) * 1989-10-27 1991-05-02 Philips Cartes Et Systemes Data processing system having memory card authenticating means, electronic circuit for use in that system and method for using this authentication
DE4120864A1 (en) * 1991-03-05 1992-09-10 Mitac Gmbh Security protection system for computers against unauthorised access - stores password in reference memory to provide values compared against entered value to control gates
DE29519865U1 (en) * 1995-12-14 1997-01-23 Siemens Ag Data processing system with apparatus for controlling the access authorization, which are the components of the data processing system directly associated
EP0798620A2 (en) * 1996-03-28 1997-10-01 Lucent Technologies Inc. Method and apparatus for enhancing security in and discouraging theft of VLSI and ULSI devices
WO1997045780A2 (en) * 1996-05-31 1997-12-04 Alingsås Information System Ab Anti-theft device
JPH1049493A (en) * 1996-08-06 1998-02-20 Nec Niigata Ltd Computer system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PATENT ABSTRACTS OF JAPAN vol. 098, no. 006 30 April 1998 (1998-04-30) *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7203842B2 (en) 1999-12-22 2007-04-10 Algotronix, Ltd. Method and apparatus for secure configuration of a field programmable gate array
US7240218B2 (en) 2000-02-08 2007-07-03 Algotronix, Ltd. Method of using a mask programmed key to securely configure a field programmable gate array
EP1197826A1 (en) * 2000-09-18 2002-04-17 Kabushiki Kaisha Toshiba Secured portable electronic device
US6490667B1 (en) 2000-09-18 2002-12-03 Kabushiki Kaisha Toshiba Portable electronic medium
WO2004027587A2 (en) * 2002-08-21 2004-04-01 Audi Ag Method for protecting at least one motor vehicle component against manipulation in a control device, and control device
WO2004027587A3 (en) * 2002-08-21 2004-04-29 Audi Ag Method for protecting at least one motor vehicle component against manipulation in a control device, and control device

Similar Documents

Publication Publication Date Title
US5465349A (en) System for monitoring abnormal integrated circuit operating conditions and causing selective microprocessor interrupts
US4943966A (en) Memory diagnostic apparatus and method
US6629184B1 (en) Method and apparatus for inhibiting a selected IDE command
US4686621A (en) Test apparatus for testing a multilevel cache system with graceful degradation capability
US5495593A (en) Microcontroller device having remotely programmable EPROM and method for programming
US4965828A (en) Non-volatile semiconductor memory with SCRAM hold cycle prior to SCRAM-to-E2 PROM backup transfer
US5535368A (en) Automatically-configuring memory subsystem
US5832207A (en) Secure module with microprocessor and co-processor
US4899272A (en) Addressing multiple types of memory devices
US5253357A (en) System for determining pluggable memory characteristics employing a status register to provide information in response to a preset field of an address
US5357624A (en) Single inline memory module support system
US5872790A (en) ECC memory multi-bit error generator
US4849927A (en) Method of controlling the operation of security modules
US5809555A (en) Method of determining sizes of 1:1 and 2:1 memory interleaving in a computer system, configuring to the maximum size, and informing the user if memory is incorrectly installed
US5148534A (en) Hardware cartridge representing verifiable, use-once authorization
US6875109B2 (en) Mass storage data protection system for a gaming machine
US5483660A (en) Method and apparatus for performing multiplexed and non-multiplexed bus cycles in a data processing system
US5732245A (en) Multi-memory access limiting circuit for a multi-memory device
US4691126A (en) Redundant synchronous clock system
US5129069A (en) Method and apparatus for automatic memory configuration by a computer
US20070130452A1 (en) Bios protection device
US5606662A (en) Auto DRAM parity enable/disable mechanism
US5206905A (en) Password protected device using incorrect passwords as seed values for pseudo-random number generator for outputting random data to thwart unauthorized accesses
US5377269A (en) Security access and monitoring system for personal computer
FR2776410A1 (en) Device to protect microprocessor card against fraudulent analysis of operations performed by measuring current consumed

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM GW HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: JP

Ref document number: 1999503949

Format of ref document f/p: F

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: CA