[go: up one dir, main page]

EP0329966B1 - Method for securing secret code data stored in a data memory, and circuitry for carrying out this method - Google Patents

Method for securing secret code data stored in a data memory, and circuitry for carrying out this method Download PDF

Info

Publication number
EP0329966B1
EP0329966B1 EP89101292A EP89101292A EP0329966B1 EP 0329966 B1 EP0329966 B1 EP 0329966B1 EP 89101292 A EP89101292 A EP 89101292A EP 89101292 A EP89101292 A EP 89101292A EP 0329966 B1 EP0329966 B1 EP 0329966B1
Authority
EP
European Patent Office
Prior art keywords
data
code
code data
bit
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
EP89101292A
Other languages
German (de)
French (fr)
Other versions
EP0329966A1 (en
Inventor
Hartmut Dr. Schrenk
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Siemens Corp
Original Assignee
Siemens AG
Siemens Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG, Siemens Corp filed Critical Siemens AG
Publication of EP0329966A1 publication Critical patent/EP0329966A1/en
Application granted granted Critical
Publication of EP0329966B1 publication Critical patent/EP0329966B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code

Definitions

  • the invention relates to a method for preventing the unauthorized reading of a secret code, which consists of a number of code data and is stored in a code data memory.
  • Such an integrated circuit represents, for example, an essential element of a so-called chip card, which can be used in security and access systems, in billing or registration systems and in debit and credit systems.
  • the integrated circuit and the data memory are accessed via external contacts on the card surface in a card reader.
  • memory data are stored in a memory area referred to as code data memory on the respective cards and are used as secret code data for identification or authentication of the card user or the card.
  • System security depends on how well this code data is protected against misuse. For this reason, very high demands are placed on the fraud security of cards and readers. Due to the security precautions corresponding to today's experience, however, a direct attempt to analyze the content of the code data memory, which usually consists of an EEPROM memory and in particular a sub-area of said data memory of the card, little chance of success. However, it is possible to draw conclusions about this memory data from the indirect influence of the code data on the code memory outputs or on the connected peripheral logic.
  • US Pat. No. 4,102,493 also discloses a circuit in which secret data are fed from a memory to a comparator device and compared there with control data. However, all secret data from the memory are always shown there. Although these cannot leave the entire device that contains the memory, a fraudster could determine the entire secret code by examining the line between the memory and the comparator device.
  • FR-PS 23 11 360 From FR-PS 23 11 360 it is known to determine an access authorization to provide a certain number of code entries by the operator and to store all inadmissible attempts in a memory provided for this purpose until the entire memory space is occupied. The unit to be protected is then put out of operation.
  • EP-OS 0 127 809 a circuit arrangement is known in which data comparisons are carried out between stored code data and control data entered from outside, the address space of the memory area containing the code data being divided into several subsets, each defined by a selection logic, with several Address lines are connected to an address control unit from which an enable signal can be tapped if at least one address from each subset has been selected in the course of the comparison operation.
  • EP-OS 0 128 362 a circuit arrangement with memory and security logic is known, in which after comparison of an entered control word with a stored code word is written into at least one memory cell of an operation data area, the address of which depends on the comparison result.
  • access attempts registered with incorrect control data entries because, in addition to the access release, the operation data memory is only deleted after the release procedure has been successfully completed. Due to the limited size of the operation data memory, the number of permissible incorrect entries is limited.
  • a comparator device for comparing the code data with control data entered by the user and the code data is transmitted via a data transmission device, e.g. If a data line or a data bus are routed to this comparator device, for example a comparator, the code data could be read on this data transmission device.
  • a data transmission device mentioned above can in particular contain the column lines of the data memory as well as the column decoder and the data bus.
  • An integrated circuit described in EP-OS 0 207 320 contains a non-volatile code data memory, which is in particular of the EE-PROM type and in which a secret code is stored.
  • This code data memory is connected via a data bus to an input of a comparator circuit, the other input of which is provided for the control data to be entered.
  • the output of the code memory or the data bus is in this case equipped with a blocking circuit which can be controlled by a logic circuit in such a way that the outputs of the memory cells, as a rule the column lines of the memory field, are blocked in the normal state with respect to the peripheral logic.
  • the lock is only released for a short period in which the secret data in the peripheral logic is actually required for the data comparison. The possibility of performing an analysis of the code data is therefore limited to a short period of time, but is not absolutely impossible.
  • the output lines of the code data memory to be protected are switched to a defined potential independently of the stored information.
  • the start of a code data memory access is initiated by a write operation in a counter memory which is addressed together with the relevant code word.
  • This counter memory is only reset when the control data corresponding to the code data has been entered correctly and a control process has been completed.
  • the size of the counter memory determines the number of incorrect access attempts.
  • An additional identification memory identifies the cells of the data memory that make up the code data memory, so that the access block is restricted to this area only.
  • a circuit described in this laid-open document limits the task of code data from the code data memory onto the data bus, but analysis of all code data is only made more difficult, not prevented.
  • the object of the invention is to provide a method for absolutely saving secret code data stored in a data memory prior to analysis.
  • Secret code data stored in a data memory which are compared with input control data with the aid of a comparator device and which must be passed from the data memory output to the comparator device via a data transmission device, can be analyzed while they are on the data transmission device.
  • Such an analysis can be prevented by not sending all secret code data from the data memory to the data transmission device after initiating a data comparison, but rather by activating a blocking circuit according to the invention by the first input of control data which do not match the code data further output of code data to the data transmission device prevented.
  • the code data should preferably only be output from the memory to the data transmission device after a comparison process has been registered, for example by writing a counter bit. If the registration is carried out by writing a counter bit, it can also be ensured by an upstream logic circuit that the counter bit described was previously not written to. Said registration, in particular by writing a counter bit, can be provided both for the permanent registration of all access attempts made and for the registration of incorrect access attempts. If the registration is to be carried out using an error counter, a logic circuit must be used to ensure that the error counter can only be reset after the correct data comparison has been carried out.
  • the security of the method can be further increased by the fact that even in the case of byte-by-byte stored code data, these are transferred serially to the data bus and compared bit by bit with the control data. As soon as the first control bit does not match the corresponding code bit, the output of the next code bit to the data transmission device is then prevented.
  • FIG shows in the form of a block diagram a particularly favorable embodiment of an integrated circuit for carrying out a fuse method according to the invention.
  • block 1 represents a data storage device which contains at least one code data storage 1 a and can in particular contain an identification memory.
  • Block 2 contains an enable counter, which can be used in particular as an error counter and which is activated to guide a comparison cycle, in particular by writing a free counter bit.
  • Block 3 contains a control logic circuit which controls whether a counter bit of the release counter 2 was previously unwritten and was then written, and in this case forwards a corresponding release signal to a blocking logic circuit 9 according to the invention.
  • Block 4 contains a blocking circuit which is intended to prevent the code data of the code data memory from being output to a data transmission device 6 and, in particular in the activated state, sets the data outputs of the code data memory or the data lines connected thereto to a fixed potential.
  • Block 5 contains a comparator device which compares the control data entered at input 7 with the code data located on data transmission device 6 and provides the data corresponding to the comparison results at an output 8.
  • a comparator device which compares the control data entered at input 7 with the code data located on data transmission device 6 and provides the data corresponding to the comparison results at an output 8.
  • a blocking logic circuit 9 activates the blocking circuit 4 due to the first negative comparison result at the output 8.
  • the output of the code data from the code data memory 1 a to the data transmission device 6 is made possible in particular by the blocking logic circuit 9 after the write of a previously free enable counter bit by switching off the blocking circuit 4.
  • the blocking logic circuit 9 contains a switch-off logic circuit 10 which, after the comparison of correct control data with the code data of a complete code, causes the blocking circuit 4 to be activated. Because the signal at the output 8a of this switch-off logic circuit 10 is dependent on complete correct control data input, it can also be provided for resetting an error counter and, in addition to the signal at the output 8 of the comparator device 5, as an enable signal for the entire safety circuit.
  • the switch-off logic circuit 10 preferably contains a counter which is reset when the blocking circuit 4 or the release counter 2 is activated, which counts by one for each correct data comparison of the comparator device 5 and which activates the blocking circuit after comparing the last code bit.
  • the control logic circuit 3 monitors whether a counter bit of the release counter 2, which was not previously written, is written to. An output of this control logic circuit 3 is connected to the set input of an RS flip-flop 12, which is in the blocking logic circuit 9 is included. After a counter bit has been correctly written into the release counter 2, this flip-flop 12 is set. The inverted output QN of this flip-flop 12 is connected to the control input of the blocking circuit 4 and deactivates the blocking circuit when the flip-flop is set.
  • the blocking circuit 4 contains, in particular, a switch T for each data line, which switches this data line to a fixed potential when the blocking circuit 4 is activated.
  • Another embodiment of the blocking circuit 4 according to the invention is implemented in such a way that the column decoder of the code data memory 1 a is switched on for all columns when the blocking circuit 4 is activated. As a result, all outputs of the code data memory 1 a are in parallel and an association between the information of the code data to be protected and the information on the data transmission device 6 is not possible.
  • code data from the code data memory 1 a can be transmitted bit by bit or byte via the data transmission device 6 to a first input of the comparator device 5.
  • the comparator device 5 which can in particular consist of a known type of comparator, compares the code data present at its first input with the corresponding control data entered at its second input 7 and preferably outputs the comparison results serially at its output 8.
  • the blocking logic circuit 9 triggered by the output 8 of the comparator device 5 only causes the blocking circuit 4 to be blocked when the corresponding data comparison is the last data comparison of a comparison cycle, that is to say when the last correct data comparison the entire code has been compared with correct control data.
  • a counter circuit 10 counts one unit further, that this counter circuit 10 is reset at the beginning of a comparison cycle, which is partly due to a reset of the counter circuit 10 can be achieved with the activating control signal of the blocking circuit 4 and that the counter circuit 10 outputs a signal at its output 8a when the counter reading, which corresponds to the total number of comparison operations corresponding to the code, which causes the blocking circuit 4 to be activated.
  • an address counter provided in the integrated circuit can also serve as counter circuit 10. The multiple use of such a counter leads to a chip area saving.
  • This signal at the output 8a of the counter circuit 10 can also be provided as a reset signal of an enable counter 2 operated as an error counter and as an enable signal of the code security circuit.
  • This release signal can release any function to be protected and can also enable, for example, the release of a CPU contained in a microprocessor, in particular the release of the program decoder or the data decoder.
  • the first comparison operation of the comparator device 5 with different data already causes the blocking circuit 4 to be activated.
  • the activation of the blocking circuit 4 by the output signal of the switch-off logic circuit 10 and by the output signal of the comparator device 5 in the presence of a negative data comparison can in particular be achieved according to the invention in that the output 8 of the comparator device 5 is connected to an input of a logic gate 11 and the output 8a of the switch-off logic circuit 10 is connected to the other input of this logic gate 11 and that the output signal of this logic gate 11 is provided to act on the reset input of the flip-flop 12 contained in the blocking logic circuit 9.
  • an OR gate fulfills the function of the logic gate 11.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Electric Clocks (AREA)
  • Circuits Of Receivers In General (AREA)
  • Control Of El Displays (AREA)

Abstract

The invention relates to a method and circuitry for securing code data stored in a code data memory (1a) prior to analysis, in which the signals at the code data memory outputs provide an indication of the contents of the code data memory. According to the invention, a blocking circuit (4), controlled by a blocking logic circuit (9), is provided at the code data memory outputs, which it blocks as soon as entered control data fails to match the code data. <IMAGE>

Description

Die Erfindung betrifft ein Verfahren zum Verhindern des unberechtigten Lesens eines geheimen Codes, der aus einer Anzahl von Code-Daten besteht und in einem Code-Datenspeicher abgespeichert ist.The invention relates to a method for preventing the unauthorized reading of a secret code, which consists of a number of code data and is stored in a code data memory.

Ein solches Verfahren sowie eine integrierte Schaltung zur Durchführung des Verfahrens sind aus der EP-OS 0 207 320 prinzipiell bekannt.Such a method and an integrated circuit for carrying out the method are known in principle from EP-OS 0 207 320.

Eine derartige integrierte Schaltung stellt beispielsweise ein wesentliches Element einer sogenannten Chipkarte dar, die in Sicherheits- und Zugriffssystemen, in Abrechnungs- oder Registriersystemen und in Debit- und Kreditsystemen eingesetzt werden kann. Auf die integrierte Schaltung und den Datenspeicher wird über Außenkontakte auf der Kartenoberfläche in einem Kartenlesegerät zugegriffen.Such an integrated circuit represents, for example, an essential element of a so-called chip card, which can be used in security and access systems, in billing or registration systems and in debit and credit systems. The integrated circuit and the data memory are accessed via external contacts on the card surface in a card reader.

In vielen Anwendungsfällen sind in einem als Code-Datenspeicher bezeichneten Speicherbereich auf den jeweiligen Karten Speicherdaten abgelegt, die als geheime Code-Daten zur Identifikation oder Authentifikation des Kartenbenützers oder der Karte verwendet werden. Die Systemsicherheit hängt davon ab, wie gut diese Codedaten gegen eine mißbräuchliche Analyse geschützt werden. Deshalb werden an die Betrugssicherheit der Karten und Lesegeräte sehr hohe Anforderungen gestellt. Aufgrund der dem heutigen Erfahrungsstand entsprechenden Sicherheitsvorkehrungen hat jedoch ein direkter Analyseversuch des Inhaltes des Code-Datenspeichers, der in der Regel aus einem EEPROM-Speicher besteht und insbesondere einen Teilbereich des besagten Datenspeichers der Karte ausmacht, kaum Aussicht auf Erfolg. Es besteht jedoch die Möglichkeit, aus dem indirekten Einfluß der Code-Daten auf die Code-Speicherausgänge bzw. auf die angeschlossene Peripherielogik Rückschlüsse auf diese Speicherdaten zu ziehen.In many applications, memory data are stored in a memory area referred to as code data memory on the respective cards and are used as secret code data for identification or authentication of the card user or the card. System security depends on how well this code data is protected against misuse. For this reason, very high demands are placed on the fraud security of cards and readers. Due to the security precautions corresponding to today's experience, however, a direct attempt to analyze the content of the code data memory, which usually consists of an EEPROM memory and in particular a sub-area of said data memory of the card, little chance of success. However, it is possible to draw conclusions about this memory data from the indirect influence of the code data on the code memory outputs or on the connected peripheral logic.

Auch die US-A 4,102,493 offenbart eine Schaltung, bei der geheime Daten aus einem Speicher einer Vergleichereinrichtung zugeführt und dort mit Kontrolldaten verglichen werden. Allerdings werden dort immer alle geheimen Daten aus dem Speicher ausgewiesen. Diese können zwar die Gesamteinrichtung, die den Speicher enthält, nicht verlassen, ein Betrüger könnte den gesamten geheimen Code jedoch durch Untersuchen der Leitung zwischen dem Speicher und der Vergleichereinrichtung ermitteln.US Pat. No. 4,102,493 also discloses a circuit in which secret data are fed from a memory to a comparator device and compared there with control data. However, all secret data from the memory are always shown there. Although these cannot leave the entire device that contains the memory, a fraudster could determine the entire secret code by examining the line between the memory and the comparator device.

Aus der FR-PS 23 11 360 ist zur Ermittlung einer Zugriffsberechtigung bekannt, eine bestimmte Anzahl von Code-Eingaben durch die Bedienperson vorzusehen und alle unzulässigen Versuche in einem dafür bereitgestellten Speicher so oft abzuspeichern, bis der gesamte Speicherraum belegt ist. Daraufhin wird die zu schützende Einheit außer Betrieb gesetzt.From FR-PS 23 11 360 it is known to determine an access authorization to provide a certain number of code entries by the operator and to store all inadmissible attempts in a memory provided for this purpose until the entire memory space is occupied. The unit to be protected is then put out of operation.

Aus der EP-OS 0 127 809 ist eine Schaltungsanordnung bekannt, bei der Datenvergleiche zwischen gespeicherte Code-Daten und von außen eingegebenen Kontrolldaten durchgeführt werden, wobei der Adreßraum des die Code-Daten aufnehmenden Speicherbereichs in mehrere, von einer Auswahllogik festgelegte Teilmengen mit jeweils mehreren Adreßleitungen mit einer Adreßkontrolleinheit verbunden sind, an der ein Freigabesignal abgreifbar ist, wenn im Verlauf der Vergleichsoperation mindestens eine Adresse aus jeder Teilmenge angewählt wurde.Aus der EP-OS 0 128 362 ist eine Schaltungsanordnung mit Speicher- und Sicherheitslogik bekannt, bei der nach Vergleich eines eingegebenen Kontrollwortes mit einem abgespeicherten Codewort mindestens in eine Speicherzelle eines Operationsdatenbereiches geschrieben wird, deren Adresse vom Vergleichsergebnis abhängt. Hierbei werden Zugriffsversuche mit fehlerhaften Kontrolldateneingaben registriert, weil neben der Zugriffsfreigabe auch das Löschen des Operationsdatenspeichers nur nach erfolgreichem Abschluß der Freigabeprozedur erfolgt. Durch den begrenzten Umfang des Operationsdatenspeichers ist somit die Zahl der zulässigen Falscheingaben beschränkt.From EP-OS 0 127 809 a circuit arrangement is known in which data comparisons are carried out between stored code data and control data entered from outside, the address space of the memory area containing the code data being divided into several subsets, each defined by a selection logic, with several Address lines are connected to an address control unit from which an enable signal can be tapped if at least one address from each subset has been selected in the course of the comparison operation. From EP-OS 0 128 362 a circuit arrangement with memory and security logic is known, in which after comparison of an entered control word with a stored code word is written into at least one memory cell of an operation data area, the address of which depends on the comparison result. Here are access attempts registered with incorrect control data entries because, in addition to the access release, the operation data memory is only deleted after the release procedure has been successfully completed. Due to the limited size of the operation data memory, the number of permissible incorrect entries is limited.

In den zuvor beschriebenen Schaltungsanordnungen werden jedoch die im Datenspeicher abgelegten Codedaten weitgehend ungeschützt zur Vergleichereinrichtung, in der sie mit eingegebenen Kontrolldaten verglichen werden, übertragen.In the circuit arrangements described above, however, the code data stored in the data memory are largely unprotected to the comparator device in which they are compared with input control data.

Insbesondere wenn zum Vergleich der Codedaten mit vom Benutzer eingegebenen Kontrolldaten eine Vergleichereinrichtung vorgesehen ist und die Codedaten über eine Datenübertragungseinrichtung, wie z.B. eine Datenleitung bzw. einen Datenbus zu dieser Vergleichereinrichtung, beispielsweise einem Komparator, geführt werden, könnten die Codedaten auf dieser Datenübertragungseinrichtung gelesen werden. Eine oben erwähnte Datenübertragungseinrichtung kann insbesondere die Spaltenleitungen des Datenspeichers sowie den Spaltendecoder und den Datenbus beinhalten.In particular if a comparator device is provided for comparing the code data with control data entered by the user and the code data is transmitted via a data transmission device, e.g. If a data line or a data bus are routed to this comparator device, for example a comparator, the code data could be read on this data transmission device. A data transmission device mentioned above can in particular contain the column lines of the data memory as well as the column decoder and the data bus.

Eine in der EP-OS 0 207 320 beschriebene integrierte Schaltung enthält einen nichtflüchtigen Code-Datenspeicher, der insbesondere vom EE-PROM-Typ ist und in dem ein Geheimcode gespeichert ist. Dieser Code-Datenspeicher ist über einen Datenbus mit einem Eingang einer Vergleicherschaltung verbunden, deren anderer Eingang zur Beaufschlagung mit einzugebenden Kontrolldaten vorgesehen ist. Der Ausgang des Codespeichers bzw. der Datenbus ist hierbei derart mit einer durch eine Logikschaltung steuerbaren Sperrschaltung ausgestattet, daß die Ausgänge der Speicherzellen, in der Regel die Spaltenleitungen des Speicherfeldes, im Normalzustand gegenüber der Periferielogik gesperrt sind. Die Sperre wird nur für einen kurzen Zeitraum aufgehoben, in dem die Geheimdaten in der Periferielogik tatsächlich für den Datenvergleich benötigt werden. Die Möglichkeit, eine Analyse der Codedaten durchzuführen, ist daher auf eine kurze Zeitspanne begrenzt, aber nicht absolut ausgeschlossen. Insbesondere sind bei aktivierter Sperre die zu schützenden Ausgangsleitungen des Code-Datenspeichers unabhängig von der gespeicherten Information auf ein definiertes Potential geschaltet.An integrated circuit described in EP-OS 0 207 320 contains a non-volatile code data memory, which is in particular of the EE-PROM type and in which a secret code is stored. This code data memory is connected via a data bus to an input of a comparator circuit, the other input of which is provided for the control data to be entered. The output of the code memory or the data bus is in this case equipped with a blocking circuit which can be controlled by a logic circuit in such a way that the outputs of the memory cells, as a rule the column lines of the memory field, are blocked in the normal state with respect to the peripheral logic. The lock is only released for a short period in which the secret data in the peripheral logic is actually required for the data comparison. The possibility of performing an analysis of the code data is therefore limited to a short period of time, but is not absolutely impossible. In particular, when the lock is activated, the output lines of the code data memory to be protected are switched to a defined potential independently of the stored information.

Um die Anzahl möglicher Analyseversuche weiter einzugrenzen, wird der Beginn eines Code-Datenspeicherzugriffs durch einen Schreibvorgang in einem Zählspeicher eingeleitet, der gemeinsam mit dem betreffenden Codewort addressiert wird. Dieser Zählspeicher wird erst zurückgesetzt, wenn die den Codedaten entsprechenden Kontrolldaten fehlerfrei eingegeben wurden und ein Kontrollvorgang abgeschlossen ist. Dadurch legt der Umfang des Zählspeichers die Anzahl der fehlerhaften Zugriffsversuche fest. Ein zusätzlicher Kennspeicher kennzeichnet die den Code-Datenspeicher ausmachenden Zellen des Datenspeichers, so daß die Zugriffssperre nur auf diesen Bereich beschränkt ist.In order to further limit the number of possible analysis attempts, the start of a code data memory access is initiated by a write operation in a counter memory which is addressed together with the relevant code word. This counter memory is only reset when the control data corresponding to the code data has been entered correctly and a control process has been completed. As a result, the size of the counter memory determines the number of incorrect access attempts. An additional identification memory identifies the cells of the data memory that make up the code data memory, so that the access block is restricted to this area only.

Eine in dieser Offenlegungsschrift beschriebene Schaltung begrenzt zwar zeitlich die Aufgabe von Codedaten aus dem Code-Datenspeicher auf den Datenbus, eine Analyse aller Codedaten wird dadurch aber nur erschwert, nicht unterbunden.A circuit described in this laid-open document limits the task of code data from the code data memory onto the data bus, but analysis of all code data is only made more difficult, not prevented.

Aufgabe der Erfindung ist die Bereitstellung eines Verfahrens zum absoluten Sichern von in einem Datenspeicher abgelegten geheimen Codedaten vor einer Analyse.The object of the invention is to provide a method for absolutely saving secret code data stored in a data memory prior to analysis.

Diese Aufgabe wird durch ein Verfahren nach Patentanspruch 1 gelöst.This object is achieved by a method according to claim 1.

In einem Datenspeicher abgelegte geheime Codedaten, die mit Hilfe einer Vergleichereinrichtung mit eingegebenen Kontrolldaten verglichen werden und hierzu vom Datenspeicherausgang über eine Datenübertragungseinrichtung an die Vergleichereinrichtung geleitet werden müssen, können, während sie sich auf der Datenübertragungseinrichtung befinden, analysiert werden. Eine solche Analyse kann dadurch verhindert werden, daß nach Einleitung eines Datenvergleiches nicht alle geheimen Codedaten aus dem Datenspeicher auf die Datenubertragungseinrichtung gegeben werden, sondern daß erfindungsgemäß durch die erste Eingabe von Kontrolldaten, die nicht mit den Codedaten übereinstimmen, eine Sperrschaltung aktiviert wird, die eine weitere Ausgabe von Codedaten auf die Datenübertragungseinrichtung verhindert.Secret code data stored in a data memory, which are compared with input control data with the aid of a comparator device and which must be passed from the data memory output to the comparator device via a data transmission device, can be analyzed while they are on the data transmission device. Such an analysis can be prevented by not sending all secret code data from the data memory to the data transmission device after initiating a data comparison, but rather by activating a blocking circuit according to the invention by the first input of control data which do not match the code data further output of code data to the data transmission device prevented.

Als besonders günstig erweist es sich, wenn auch nach Abschluß eines korrekten Datenvergleiches aller einen kompletten Code ausmachenden Codedaten eine weitere Ausgabe von Codedaten aus dem Speicher auf die Datenübertragungseinrichtung verhindert wird.It proves to be particularly favorable if, after a correct data comparison of all code data making up a complete code has been completed, further output of code data from the memory to the data transmission device is prevented.

Vorzugsweise sollte erst nach Registrieren eines Vergleichsvorganges, beispielsweise durch Schreiben eines Zählerbits, die Ausgabe der Codedaten aus dem Speicher auf die Datenübertragungseinrichtung ermöglicht werden. Falls die Registrierung durch das Schreiben eines Zählerbits erfolgt, kann außerdem durch eine vorgeschaltete Logikschaltung sichergestellt werden, daß das beschriebene Zählerbit zuvor noch unbeschrieben war. Die besagte Registrierung, insbesondere durch Schreiben eines Zählerbits, kann sowohl der dauerhaften Registrierung aller vorgenommener Zugriffsversuche, als auch zur Registrierung fehlerhafter Zugriffsversuche vorgesehen sein. Soll die Registrierung durch den Einsatz eines Fehlerzählers vorgenommen werden, so ist insbesondere durch eine Logikschaltung sicherzustellen, daß der Fehlerzähler nur nach erfolgtem korrekten Datenvergleich zurückgesetzt werden kann.The code data should preferably only be output from the memory to the data transmission device after a comparison process has been registered, for example by writing a counter bit. If the registration is carried out by writing a counter bit, it can also be ensured by an upstream logic circuit that the counter bit described was previously not written to. Said registration, in particular by writing a counter bit, can be provided both for the permanent registration of all access attempts made and for the registration of incorrect access attempts. If the registration is to be carried out using an error counter, a logic circuit must be used to ensure that the error counter can only be reset after the correct data comparison has been carried out.

Die Sicherheit des Verfahrens kann dadurch weiter erhöht werden, daß selbst bei byteweise gespeicherten Codedaten diese seriell auf den Datenbus gegeben werden und bitweise mit den Kontrolldaten verglichen werden. Sobald das erste Kontrollbit nicht mit dem entsprechenden Codebit übereinstimmt, wird dann die Ausgabe des nächsten Codebits auf die Datenübertragungseinrichtung unterbunden.The security of the method can be further increased by the fact that even in the case of byte-by-byte stored code data, these are transferred serially to the data bus and compared bit by bit with the control data. As soon as the first control bit does not match the corresponding code bit, the output of the next code bit to the data transmission device is then prevented.

Ist ein Fehlerzähler zum Zählen der fehlerhaften Kontrolldaten vorgesehen, wobei jede fehlerhafte Kontrolldateneingabe erfindungsgemäß das erneute Starten eines Datenvergleiches erfordert, so ist es aus Gründen der Sicherheit von Vorteil, wenn die Anzahl der für einen Vergleichszyklus erforderlichen Vergleichsoperationen möglichst groß ist gegenüber der maximal zulässigen Anzahl von fehlerhaften Kontrolldateneingaben. Mindestens aber sollte die Anzahl der für einen Vergleichszyklus erforderlichen Vergleichsoperation größer sein als die maximal zulässige Anzahl von fehlerhaften Kontrolldateneingaben.If an error counter is provided for counting the erroneous control data, each erroneous control data input requiring the restart of a data comparison according to the invention, it is advantageous for reasons of security if the number of comparison operations required for a comparison cycle is as large as possible compared to the maximum permissible one Number of incorrect control data entries. However, at least the number of comparison operations required for a comparison cycle should be greater than the maximum permissible number of incorrect control data entries.

Die FIG zeigt in Form eines Blockschaltbildes eine besonders günstige Ausführungsform einer integrierten Schaltung zur erfindungsgemäßen Durchführung eines erfindungsgemäßen Sicherungsverfahrens.The FIG shows in the form of a block diagram a particularly favorable embodiment of an integrated circuit for carrying out a fuse method according to the invention.

Hierbei stellt Block 1 eine Datenspeichereinrichtung dar, die mindestens einen Code-Datenspeicher 1a enthält und insbesondere einen Kennspeicher enthalten kann. Block 2 enthält einen Freigabezähler, der insbesondere als Fehlerzähler eingesetzt werden kann und der zur Anleitung eines Vergleichszyklusses aktiviert wird, insbesondere dadurch, daß ein freies Zählerbit geschrieben wird. Block 3 enthält eine Kontroll-Logikschaltung, die kontrolliert, ob ein Zählerbit des Freigabezählers 2 vorher ungeschrieben war und dann geschrieben worden ist und in diesem Falle ein entsprechendes Freigabesignal an eine erfindungsgemäße Sperrlogikschaltung 9 weitergibt. Block 4 enthält eine Sperrschaltung, die die Ausgabe der Codedaten des Code-Datenspeichers auf eine Datenübertragungseinrichtung 6 verhindern soll und insbesondere im aktivierten Zustand die Datenausgänge des Code-Datenspeichers oder die daran angeschlossenen Datenleitungen auf ein festes Potential legt. Block 5 enthält eine Vergleichereinrichtung, die die am Eingang 7 eingegebenen Kontrolldaten mit den auf der Datenübertragungseinrichtung 6 befindlichen Codedaten vergleicht und die den Vergleichsergebnissen entsprechenden Daten an einem Ausgang 8 bereitstellt. Ausführungsformen der in den Blöcken 1, 1a, 2, 3, 4 und 5 enthaltenen Schaltungen und der Datenübertragungseinrichtung 6 sowie deren Funktionsweise sind in der Offenlegungsschrift des europäischen Patentamtes EP-OS 0 207 320 beschrieben.Here, block 1 represents a data storage device which contains at least one code data storage 1 a and can in particular contain an identification memory. Block 2 contains an enable counter, which can be used in particular as an error counter and which is activated to guide a comparison cycle, in particular by writing a free counter bit. Block 3 contains a control logic circuit which controls whether a counter bit of the release counter 2 was previously unwritten and was then written, and in this case forwards a corresponding release signal to a blocking logic circuit 9 according to the invention. Block 4 contains a blocking circuit which is intended to prevent the code data of the code data memory from being output to a data transmission device 6 and, in particular in the activated state, sets the data outputs of the code data memory or the data lines connected thereto to a fixed potential. Block 5 contains a comparator device which compares the control data entered at input 7 with the code data located on data transmission device 6 and provides the data corresponding to the comparison results at an output 8. Embodiments of the circuits contained in blocks 1, 1a, 2, 3, 4 and 5 and of the data transmission device 6 and their mode of operation are described in the published patent application of the European Patent Office EP-OS 0 207 320.

Bei einer monolithisch integrierbaren elektronischen Schaltung, bei der ein Code-Datenspeicher 1a über eine Sperrschaltung 4 und eine Datenübertragungseinrichtung 6 an einen Eingang einer Vergleichereinrichtung 5 geschaltet ist, bei der diese Vergleicher einrichtung 5 einen weiteren Eingang 7 sowie einen die Vergleichsergebnisse bereitstellenden Ausgang 8 aufweist, wird die Ausgabe weiterer Codedaten auf die Datenübertragungseinrichtung 6 dadurch verhindert, daß eine erfindungsgemäße Sperrlogikschaltung 9 aufgrund des ersten negativen Vergleichsergebnisses am Ausgang 8 die Sperrschaltung 4 aktiviert.In the case of a monolithically integrable electronic circuit in which a code data memory 1 a is connected via a blocking circuit 4 and a data transmission device 6 to an input of a comparator device 5, in which these comparators device 5 has a further input 7 and an output 8 providing the comparison results, the output of further code data to the data transmission device 6 is prevented in that a blocking logic circuit 9 according to the invention activates the blocking circuit 4 due to the first negative comparison result at the output 8.

Vorzugsweise wird bei einer solchen Schaltung die Ausgabe der Codedaten aus dem Code-Datenspeicher 1a auf die Datenübertragungseinrichtung 6 insbesondere durch die Sperrlogikschaltung 9 nach dem Schreiben eines vorher freien Freigabezählerbits durch Abschalten der Sperrschaltung 4 ermöglicht.With such a circuit, the output of the code data from the code data memory 1 a to the data transmission device 6 is made possible in particular by the blocking logic circuit 9 after the write of a previously free enable counter bit by switching off the blocking circuit 4.

Als besonders günstig erweist es sich, wenn die Sperrlogikschaltung 9 eine Abschaltlogikschaltung 10 enthält, die nach dem Vergleich von korrekten Kontrolldaten mit den Codedaten eines vollständigen Codes das Aktivieren der Sperrschaltung 4 veranlaßt. Weil das Signal am Ausgang 8a dieser Abschaltlogikschaltung 10 von einer vollständigen korrekten Kontrolldateneingabe abhängig ist, kann es auch zum Rücksetzen eines Fehlerzählers und, neben dem Signal am Ausgang 8 der Vergleichereinrichtung 5, als Freigabesignal der gesamten Sicherheitsschaltung vorgesehen werden. Die Abschaltlogikschaltung 10 enthält vorzugsweise einen Zähler, der bei Aktivierung der Sperrschaltung 4 oder des Freigabezählers 2 zurückgesetzt wird, der bei jedem korrekten Datenvergleich der Vergleichereinrichtung 5 um eins weiterzählt und nach den Vergleichen des letzten Codebits die Sperrschaltung aktiviert.It proves to be particularly favorable if the blocking logic circuit 9 contains a switch-off logic circuit 10 which, after the comparison of correct control data with the code data of a complete code, causes the blocking circuit 4 to be activated. Because the signal at the output 8a of this switch-off logic circuit 10 is dependent on complete correct control data input, it can also be provided for resetting an error counter and, in addition to the signal at the output 8 of the comparator device 5, as an enable signal for the entire safety circuit. The switch-off logic circuit 10 preferably contains a counter which is reset when the blocking circuit 4 or the release counter 2 is activated, which counts by one for each correct data comparison of the comparator device 5 and which activates the blocking circuit after comparing the last code bit.

Im folgenden wird die Funktion einer erfindungsgemäßen Schaltung anhand des in der FIG dargestellten besonders günstigen Ausführungsbeispiels beschrieben.The function of a circuit according to the invention is described below with reference to the particularly favorable exemplary embodiment shown in the FIG.

Die Kontroll-Logikschaltung 3 überwacht, ob ein zuvor nichtbeschriebenes Zählerbit des Freigabezählers 2 beschrieben wird. Ein Ausgang dieser Kontroll-Logikschaltung 3 ist mit dem Set-Eingang eines RS-Flip-Flop 12 verbunden, das in der Sperrlogik schaltung 9 enthalten ist. Nach dem korrekten Einschreiben eines Zählerbits in den Freigabezähler 2 wird dieses Flip-Flop 12 gestetzt. Der invertierte Ausgang QN dieses Flip-Flop 12 ist mit dem Steuereingang der Sperrschaltung 4 verbunden und deaktiviert die Sperrschaltung, wenn das Flip-Flop gestetzt wird. Die Sperrschaltung 4 enthält Insbesondere für jede Datenleitung einen Schalter T, der diese Datenleitung bei aktivierter Sperrschaltung 4 auf ein festes Potential legt. Eine andere erfindungsgemäße Ausführungsform der Sperrschaltung 4 wird derart realisiert, daß der Spaltendecoder des Code-Datenspeichers 1a im aktivierten Zustand der Sperrschaltung 4 für alle Spalten leitend geschaltet ist. Dadurch liegen alle Ausgänge des Code-Datenspeichers 1a parallel und eine Zuordnung zwischen der zu schützenden Information der Codedaten und der Information auf der Datenübertragungseinrichtung 6 ist nicht möglich. Ist die Sperrschaltung 4 deaktiviert, so können Codedaten aus dem Code-Datenspeicher 1a bit- oder byteweise über die Datenübertragungseinrichtung 6 an einen ersten Eingang der Vergleichereinrichtung 5 übertragen werden. Die Vergleichereinrichtung 5, die insbesondere aus einem Komparator bekannter Art bestehen kann, vergleicht die an ihrem ersten Eingang anstehenden Codedaten mit den entsprechenden, an ihrem zweiten Eingang 7 eingegebenen Kontrolldaten und gibt die Vergleichsergebnisse vorzugsweise seriell an ihrem Ausgang 8 aus.The control logic circuit 3 monitors whether a counter bit of the release counter 2, which was not previously written, is written to. An output of this control logic circuit 3 is connected to the set input of an RS flip-flop 12, which is in the blocking logic circuit 9 is included. After a counter bit has been correctly written into the release counter 2, this flip-flop 12 is set. The inverted output QN of this flip-flop 12 is connected to the control input of the blocking circuit 4 and deactivates the blocking circuit when the flip-flop is set. The blocking circuit 4 contains, in particular, a switch T for each data line, which switches this data line to a fixed potential when the blocking circuit 4 is activated. Another embodiment of the blocking circuit 4 according to the invention is implemented in such a way that the column decoder of the code data memory 1 a is switched on for all columns when the blocking circuit 4 is activated. As a result, all outputs of the code data memory 1 a are in parallel and an association between the information of the code data to be protected and the information on the data transmission device 6 is not possible. If the blocking circuit 4 is deactivated, code data from the code data memory 1 a can be transmitted bit by bit or byte via the data transmission device 6 to a first input of the comparator device 5. The comparator device 5, which can in particular consist of a known type of comparator, compares the code data present at its first input with the corresponding control data entered at its second input 7 and preferably outputs the comparison results serially at its output 8.

Sind die Codedaten mit den Kontrolldaten identisch, wobei vorzugsweise bitweise verglichen wird, so veranlaßt die vom Ausgang 8 der Vergleichereinrichtung 5 angesteuerte Sperrlogikschaltung 9 nur dann ein Sperren der Sperrschaltung 4, wenn der entsprechende Datenvergleich der letzte Datenvergleich eines Vergleichszyklusses ist, d.h., wenn mit dem letzten korrekten Datenvergleich der gesamte Code mit korrekten Kontrolldaten verglichen worden ist. Das wird beispielsweise dadurch erreicht, daß bei jedem Vergleichsergebnis eines korrekten Datenvergleiches eine Zählerschaltung 10 um eine Einheit weiter zählt, daß diese Zählerschaltung 10 zum Beginn eines Vergleichszyklusses zurückgesetzt ist, was unter anderem durch ein Zurücksetzen der Zählerschaltung 10 mit dem aktivierenden Steuersignal der Sperrschaltung 4 erreicht werden kann und daß die Zählerschaltung 10 bei Erreichen des Zählerstandes, der der Gesamtzahl der dem Code entsprechenden Vergleichsoperationen entspricht, ein Signal an ihren Ausgang 8a ausgibt, das die Aktivierung der Sperrschaltung 4 veranlaßt. Als Zählerschaltung 10 kann erfindungsgemäß auch ein so wieso in der integrierten Schaltung vorgesehener Adresszähler dienen. Die Mehrfachnutzung eines solchen Zählers führt zu einer Chipflächenersparnis.If the code data is identical to the control data, preferably comparing bit by bit, then the blocking logic circuit 9 triggered by the output 8 of the comparator device 5 only causes the blocking circuit 4 to be blocked when the corresponding data comparison is the last data comparison of a comparison cycle, that is to say when the last correct data comparison the entire code has been compared with correct control data. This is achieved, for example, in that for each comparison result of a correct data comparison, a counter circuit 10 counts one unit further, that this counter circuit 10 is reset at the beginning of a comparison cycle, which is partly due to a reset of the counter circuit 10 can be achieved with the activating control signal of the blocking circuit 4 and that the counter circuit 10 outputs a signal at its output 8a when the counter reading, which corresponds to the total number of comparison operations corresponding to the code, which causes the blocking circuit 4 to be activated. According to the invention, an address counter provided in the integrated circuit can also serve as counter circuit 10. The multiple use of such a counter leads to a chip area saving.

Dieses Signal am Ausgang 8a der Zählerschaltung 10 kann auch als Rücksetzsignal eines als Fehlerzähler betriebenen Freigabezählers 2 sowie als Freigabesignal der Code-Sicherungsschaltung vorgesehen sein. Dieses Freigabesignal kann irgendeine zu schützende Funktion freigeben, kann auch beispielsweise die Freigabe einer in einem Mikroprozessor enthaltenen CPU, insbesondere eine Freigabe des Programmdecoders oder des Datendecoders ermöglichen.This signal at the output 8a of the counter circuit 10 can also be provided as a reset signal of an enable counter 2 operated as an error counter and as an enable signal of the code security circuit. This release signal can release any function to be protected and can also enable, for example, the release of a CPU contained in a microprocessor, in particular the release of the program decoder or the data decoder.

Unterscheiden sich die Codedaten von den entsprechenden Kontrolldaten, so veranlaßt bereits die erste Vergleichsoperation der Vergleichereinrichtung 5 mit unterschiedlichen Daten eine Aktivierung der Sperrschaltung 4.If the code data differ from the corresponding control data, the first comparison operation of the comparator device 5 with different data already causes the blocking circuit 4 to be activated.

Die Aktivierung der Sperrschaltung 4 durch das Ausgangssignal der Abschaltlogikschaltung 10 sowie durch das Ausgangssignal der Vergleichereinrichtung 5 bei Vorliegen eines negativen Datenvergleiches kann erfindungsgemäß insbesondere dadurch realisiert werden, daß der Ausgang 8 der Vergleichereinrichtung 5 an einen Eingang eines Logikgatters 11 und der Ausgang 8a der Abschaltlogikschaltung 10 an den anderen Eingang dieses Logikgatters 11 geschaltet ist und daß das Ausgangssignal dieses Logikgatters 11 zur Beaufschlagung des Reset-Einganges des in der Sperrlogikschaltung 9 enthaltenen Flip-Flop 12 vorgesehen ist.The activation of the blocking circuit 4 by the output signal of the switch-off logic circuit 10 and by the output signal of the comparator device 5 in the presence of a negative data comparison can in particular be achieved according to the invention in that the output 8 of the comparator device 5 is connected to an input of a logic gate 11 and the output 8a of the switch-off logic circuit 10 is connected to the other input of this logic gate 11 and that the output signal of this logic gate 11 is provided to act on the reset input of the flip-flop 12 contained in the blocking logic circuit 9.

Soll die Sperrschaltung 4 bei Vorliegen eines High-Signales am Ausgang 8 der Vergleichereinrichtung 5 sowie am Ausgang 8a der Abschaltlogikschaltung 10 aktiviert werden, so erfüllt beispielsweise ein Oder-Gatter die Funktion des Logikgatters 11.If the blocking circuit 4 is to be activated when there is a high signal at the output 8 of the comparator device 5 and at the output 8a of the switch-off logic circuit 10, an OR gate, for example, fulfills the function of the logic gate 11.

Claims (5)

  1. Method for preventing the unauthorized reading of a complete secret code which comprises a number of code data and is stored in a code data memory (1a), in which the code data memory (1a) is connected via an inhibit circuit (4) by means of a data transmission device (6) to a first input of a comparison device (5), the second input of which receives check data, and in which one output of the comparison device (5) drives the inhibit circuit (4) via an inhibit logic circuit (9), having the following method steps:
    a) outputting a first code bit of the complete secret code from the code data memory (1a) to the data transmission device (6),
    b) comparing the code bit with a corresponding check bit by means of the comparison device (5),
    c) if the code bit read out of the code data memory matches the check bit, a further code bit is read out of the code data memory (1a) and a further check bit is applied to the comparison device (15) and method step b) is then repeated,
    d) if the code bit read out of the code data memory (1a) does not match the check bit, the further reading out of code data is prevented by means of a signal from the comparison device (5) via the inhibit logic circuit (9) to the inhibit circuit (4).
  2. Method according to Claim 1, characterized in that after a correct data comparison has been completed, a further output of code data from the code data memory to the data transmission device (6) is prevented.
  3. Method according to one of Claims 1 or 2, characterized in that the output of the code data from the code data memory (1a) to the data transmission device (6) is enabled only after the writing of a counter bit.
  4. Method according to one of Claims 1, 2 or 3, characterized in that the code data are transmitted serially on a data bus (6).
  5. Method according to one of Claims 1, 2, 3 or 4, characterized in that an error counter (2) for counting the incorrect check data inputs is provided, in that with the aid of said error counter (2) the number of incorrect check data inputs is limited in a known manner, and in that the number of compare operations required for a compare cycle is greater than the maximum permissible number of incorrect check data inputs.
EP89101292A 1988-02-25 1989-01-25 Method for securing secret code data stored in a data memory, and circuitry for carrying out this method Expired - Lifetime EP0329966B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE3805977 1988-02-25
DE3805977 1988-02-25

Publications (2)

Publication Number Publication Date
EP0329966A1 EP0329966A1 (en) 1989-08-30
EP0329966B1 true EP0329966B1 (en) 1995-09-20

Family

ID=6348186

Family Applications (1)

Application Number Title Priority Date Filing Date
EP89101292A Expired - Lifetime EP0329966B1 (en) 1988-02-25 1989-01-25 Method for securing secret code data stored in a data memory, and circuitry for carrying out this method

Country Status (6)

Country Link
EP (1) EP0329966B1 (en)
AT (1) ATE128258T1 (en)
DE (1) DE58909440D1 (en)
DK (1) DK169883B1 (en)
ES (1) ES2077566T3 (en)
FI (1) FI100068B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2941361B2 (en) * 1990-06-07 1999-08-25 株式会社東芝 Portable electronic devices
FR2789774B1 (en) * 1999-02-11 2001-04-20 Bull Cp8 SECURE COMPARISON METHOD OF TWO MEMORY REGISTERS, AND SECURITY MODULE IMPLEMENTING SAID METHOD

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3761892A (en) * 1971-07-19 1973-09-25 R Bosnyak Electronic locking system
US3829833A (en) * 1972-10-24 1974-08-13 Information Identification Co Code element identification method and apparatus
FR2311365A1 (en) * 1975-05-13 1976-12-10 Innovation Ste Int SYSTEM FOR TRANSFERRING AND STORING DATA IN A PERSONAL AND CONFIDENTIAL WAY BY MEANS OF PORTABLE INDEPENDENT ELECTRONIC OBJECTS
DE3671119D1 (en) * 1985-07-03 1990-06-13 Siemens Ag INTEGRATED CIRCUIT AND METHOD FOR SECURING SECRET CODE DATA.
JPS6267800A (en) * 1985-09-20 1987-03-27 Hitachi Ltd Semiconductor integrated circuit device

Also Published As

Publication number Publication date
DE58909440D1 (en) 1995-10-26
DK728088D0 (en) 1988-12-29
FI100068B (en) 1997-09-15
FI890900A0 (en) 1989-02-24
ES2077566T3 (en) 1995-12-01
ATE128258T1 (en) 1995-10-15
DK169883B1 (en) 1995-03-20
DK728088A (en) 1989-08-26
EP0329966A1 (en) 1989-08-30
FI890900L (en) 1989-08-26

Similar Documents

Publication Publication Date Title
DE3048365C2 (en)
EP0512542B1 (en) Data-protecting microprocessor circuit for portable record carriers, for example credit cards
DE2621271C2 (en) Portable data carrier
DE2621269C2 (en) Data exchange system with at least one data carrier arrangement
DE2512935C2 (en) Data exchange system
EP0466969B1 (en) Method for preventing unauthorised deviations from an application development protocol in a data exchange system
DE19536169A1 (en) Multifunctional chip card
DE2837201C2 (en)
EP0128362B1 (en) Circuit arrangement comprising a memory and an access control unit
DE2758152A1 (en) MEMORY PROTECTION ARRANGEMENT
EP0224639B1 (en) Method to control the memory access of an ic card and implementing device
EP0935214B1 (en) Smart card with integrated circuit
EP0127809B1 (en) Circuit arrangement comprising a memory and an access control unit
WO1996028795A1 (en) Chip card with protected operating system
DE69101099T2 (en) Method for confirming secret codes in memory cards.
EP0329966B1 (en) Method for securing secret code data stored in a data memory, and circuitry for carrying out this method
DE4042161A1 (en) ROME WITH SAFETY CIRCUIT
DE69116807T2 (en) Smart card reader and recorder
DE19548903C2 (en) Method for performing a secret code comparison on a microprocessor-based portable data carrier
EP0214390A1 (en) Release method and device for a controlled-access user memory
EP0977160B1 (en) Method and data processing device for the reliable execution of instructions
EP0353530A1 (en) Method for differentiating between electronic circuits with non-volatile memories
DE69901318T2 (en) METHOD AND DEVICE FOR CHECKING THE OPERATING CYCLE OF A PORTABLE OBJECT, IN PARTICULAR A CHIP CARD
EP0321728A1 (en) Method and data carrier assembly for validating memory chips
DE69506789T2 (en) Memory card and procedure for managing consecutive entries

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH DE ES FR GB IT LI LU NL SE

17P Request for examination filed

Effective date: 19890925

17Q First examination report despatched

Effective date: 19920310

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE CH DE ES FR GB IT LI LU NL SE

REF Corresponds to:

Ref document number: 128258

Country of ref document: AT

Date of ref document: 19951015

Kind code of ref document: T

REF Corresponds to:

Ref document number: 58909440

Country of ref document: DE

Date of ref document: 19951026

REG Reference to a national code

Ref country code: CH

Ref legal event code: PFA

Free format text: SIEMENS AKTIENGESELLSCHAFT BERLIN UND MUENCHEN TRANSFER- SIEMENS AKTIENGESELLSCHAFT

REG Reference to a national code

Ref country code: ES

Ref legal event code: FG2A

Ref document number: 2077566

Country of ref document: ES

Kind code of ref document: T3

ITF It: translation for a ep patent filed
GBT Gb: translation of ep patent filed (gb section 77(6)(a)/1977)

Effective date: 19951127

ET Fr: translation filed
PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed
PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: AT

Payment date: 20011221

Year of fee payment: 14

REG Reference to a national code

Ref country code: GB

Ref legal event code: IF02

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: NL

Payment date: 20020110

Year of fee payment: 14

Ref country code: GB

Payment date: 20020110

Year of fee payment: 14

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: LU

Payment date: 20020111

Year of fee payment: 14

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: SE

Payment date: 20020117

Year of fee payment: 14

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: BE

Payment date: 20020121

Year of fee payment: 14

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: ES

Payment date: 20020122

Year of fee payment: 14

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20020124

Year of fee payment: 14

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20020318

Year of fee payment: 14

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: CH

Payment date: 20020411

Year of fee payment: 14

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20030125

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20030125

Ref country code: AT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20030125

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20030126

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: ES

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20030127

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20030131

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20030131

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20030131

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20030801

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20030801

EUG Se: european patent has lapsed
REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

GBPC Gb: european patent ceased through non-payment of renewal fee
PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20030930

NLV4 Nl: lapsed or anulled due to non-payment of the annual fee

Effective date: 20030801

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST

REG Reference to a national code

Ref country code: ES

Ref legal event code: FD2A

Effective date: 20030127

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES;WARNING: LAPSES OF ITALIAN PATENTS WITH EFFECTIVE DATE BEFORE 2007 MAY HAVE OCCURRED AT ANY TIME BEFORE 2007. THE CORRECT EFFECTIVE DATE MAY BE DIFFERENT FROM THE ONE RECORDED.

Effective date: 20050125

APAH Appeal reference modified

Free format text: ORIGINAL CODE: EPIDOSCREFNO