Secure memory card

US 5,293,424 A
Filed: 10/14/1992
Issued: 03/08/1994
Est. Priority Date: 10/14/1992
Status: Expired due to Term

- Alert
- Pin

First Claim

Patent Images

1. A secure memory card for use with a host portable computer, said memory card comprising:

a microprocessor connected for transmitting and receiving address, data and control information to and from said host computer and said microprocessor including;

an addressable non-volatile memory for storing information including a number of key values and configuration information;

an internal bus connected to said microprocessor for transmitting address, data and control information defining memory operations to be performed by said card; and

,at least one non-volatile addressable memory being connected to said internal bus in common with said microprocessor for receiving said address, data and control information, said memory including a non-volatile memory section and a security control section, said memory section containing a memory array organized into a number of blocks, each block having a plurality of addressable locations and control logic means for performing said memory operations and said security control section being connected to said internal bus, to said control logic means and to said memory array, said security control section including;

a number of non-volatile and volatile storage devices for storing at least one of said key values and configuration information associated with said blocks; and

,access control logic means connected to said control logic means and to said storage devices, said access control logic means enabling reading of information stored in addressed ones of said blocks of said memory array as specified by said configuration information only after said microprocessor has determined that a predetermined authentication procedure has been performed with said host computer and has enabled said access control logic means for allowing reading of said information from said memory array according to said configuration information.

View all claims

3 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A secure memory card includes a microprocessor on a single semiconductor chip and one or more non-volatile addressable memory chips. The microprocessor chip and non-volatile memory chips connect in common to an internal card bus for transmitting address, data and control information to such non-volatile memory chips. The microprocessor includes an addressable non-volatile memory for storing information including a number of key values, application specific configuration information and program instruction information. Each chip'"'"'s memory is organized into a number of blocks or banks and each memory chip is constructed to include security control logic circuits. These circuits include a number of non-volatile and volatile memory devices which are loaded with key and configuration information under the control of the microprocessor only after the microprocessor has determined that the user has successfully performed a predetermined authentication procedure with a host computer. Thereafter, the user is allowed to read out information from blocks only as defined by the configuration information.

Citations

26 Claims

1. A secure memory card for use with a host portable computer, said memory card comprising:
- a microprocessor connected for transmitting and receiving address, data and control information to and from said host computer and said microprocessor including;
  
  an addressable non-volatile memory for storing information including a number of key values and configuration information;
  
  an internal bus connected to said microprocessor for transmitting address, data and control information defining memory operations to be performed by said card; and
  
  ,at least one non-volatile addressable memory being connected to said internal bus in common with said microprocessor for receiving said address, data and control information, said memory including a non-volatile memory section and a security control section, said memory section containing a memory array organized into a number of blocks, each block having a plurality of addressable locations and control logic means for performing said memory operations and said security control section being connected to said internal bus, to said control logic means and to said memory array, said security control section including;
  
  a number of non-volatile and volatile storage devices for storing at least one of said key values and configuration information associated with said blocks; and
  
  ,access control logic means connected to said control logic means and to said storage devices, said access control logic means enabling reading of information stored in addressed ones of said blocks of said memory array as specified by said configuration information only after said microprocessor has determined that a predetermined authentication procedure has been performed with said host computer and has enabled said access control logic means for allowing reading of said information from said memory array according to said configuration information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The memory card of claim 1 wherein said microprocessor and said non-volatile memory are included on separate semiconductor chips.
  - 3. The memory card of claim 1 wherein said card further includes interface circuit means coupling said card to said host computer and wherein said interface circuit means and said microprocessor are included on the same semiconductor chip.
  - 4. The memory card of claim 1 wherein said non-volatile memory and said non-volatile storage devices are flash memories.
  - 5. The memory card of claim 1 wherein one of said non-volatile storage devices is a lock memory for storing a lock value corresponding to said one key values and a second one of said non-volatile devices is a lock storage enable element which connects to said lock memory, said lock memory being initially loaded with said lock value and said lock storage enable element being switched to a state which inhibits modification of said lock value under control of said microprocessor.
  - 6. The memory card of claim 2 wherein storage of said lock value and switching of said lock storage enable element takes place during initial fabrication of said memory card.
  - 7. The memory card of claim 5 wherein one of said volatile storage devices is an addressable access control memory having a plurality of locations corresponding in number to said number of blocks of said memory array for storing said configuration information, said access control memory being connected to said internal bus and to said access control logic means, said access control memory being loaded under control of said microprocessor only after said microprocessor has determined that said predetermined authentication procedure initially has been successfully performed with said host computer causing enabling of said access control memory by said access control logic means.
  - 8. The memory card of claim 7 wherein said lock value loaded into said lock memory is all ONES and wherein said security control section further includes an all ONES detector circuit connected to said lock memory, said detector circuit in response to said lock value of all ONES generating a signal which effectively bypasses said security control section enabling said non-volatile memory to operate as if said security control section had not been included.
  - 9. The memory card of claim 7 wherein performance of said predetermined authentication procedure initially takes place when said memory card is first connected to communicate with said host computer.
  - 10. The memory card of claim 9 wherein said access control means includes a lock register connected to receive said lock value from said lock memory, a comparator circuit, a key register for storing a key value transferred to said key register by said microprocessor, a delay counter for storing a count defining a predetermined time interval and gating means connected to said access control memory, to said comparator and to said delay counter, said comparator circuit being connected to said lock and key registers and to said gating means and said gating means being connected to said delay counter for generating an access modification allowed signal in response to said comparator circuit signalling an identical comparison between said lock code value loaded into said lock register when said delay counter has signalled an end of said predetermined time interval, said access modification allow signal conditioning said access control memory for loading said configuration information.
  - 11. The memory card of claim 10 wherein said control logic means includes circuits for generating command signals in response to a predetermined set of commands used by said microprocessor in controlling the operation of said security control section of each memory chip.
  - 12. The memory card of claim 11 wherein said control logic means in response to a first one of said predetermined set of commands generated by said microprocessor, generates a first signal for loading said lock code value into said lock memory, said first one of said predetermined commands being generated during initial fabrication of said card.
  - 13. The memory card of claim 12 wherein said control logic means in response to a second one of said predetermined set of commands generated by said microprocessor generates a second signal for switching said lock storage enable element to a predetermined state which inhibits said reading or said modification to said lock value stored in said lock memory.
  - 14. The memory card of claim 12 wherein said control logic means in response to a third one of said predetermined set of commands generated by said microprocessor, generates a third signal for loading said key register with a predetermined one of said key values, said third one of said predetermined set of commands being generated by said microprocessor only after said microprocessor has determined that said predetermined authentication procedure has been successfully performed.
  - 15. The memory card of claim 14 wherein said third signal generated by said control logic means simultaneously forces said delay counter to a predetermined count for establishing a start of said predetermined time interval and wherein said control logic means in response to each fourth one of said predetermined set of commands generated by said microprocessor decrements by one, said predetermined count, said delay counter signalling said end of said time interval following execution of a predetermined number of said fourth ones of said set of predetermined commands.
  - 16. The memory card of claim 11 wherein said control logic means in response to a number of fifth and sixth ones of said predetermined set of commands by said microprocessor, generates fifth and sixth signals for setting and resetting locations in said access control memory according to said configuration information for defining which ones of said blocks from which information is allowed to be read out.

17. A secure memory card installable in a host portable computer for establishing communication with said host computer, said memory card comprising:
- a microprocessor contained on a single semiconductor chip, said microprocessor being connected for transmitting and receiving address, data and control information to and from said host computer and said microprocessor including;
  
  an addressable non-volatile memory for storing information including a number of key values defining user accessibility to memory areas, and memory configuration information defining memory read out accessibility to said memory areas;
  
  an internal bus for transmitting address, data and control information defining memory operations to be performed by said card; and
  
  ,at least one non-volatile addressable memory chip being connected to said internal bus in common with said microprocessor for receiving said address, data and control information, said memory chip including a memory section and a security section, said memory section containing a non-volatile memory array having a data output and being organized into a number of blocks, each having a plurality of addressable locations and control logic means for performing said memory operations, said security section being connected to said internal bus, to said control logic means and to said data output and said security section including;
  
  a non-volatile lock memory coupled to said internal bus for initially receiving and permanently storing a predetermined lock value which matches one of said number of key values;
  
  access control logic means connected to said control logic means and to said lock memory for generating an enabling signal upon detecting when said predetermined lock code value identically matches a selected one of said key values applied by said microprocessor to said internal bus; and
  
  ,an addressable volatile access control memory having a plurality of locations corresponding in number to said number of blocks of said memory array for storing said memory configuration information defining said read out accessibility, said access control memory being connected to said control logic means, to said memory array data output, to said internal bus, and to said access control logic means, said access control logic means enabling reading of information stored in addressed ones of said blocks of said memory array as specified by said memory configuration information only after said microprocessor has determined that a predetermined authentication procedure has been successfully performed with said host computer and has transferred said predetermined one of said memory key codes causing said access control logic means to generate said enabling signal for application to said data output for enabling reading out said information to said data output as specified by said access control memory configuration information.

18. A secure memory card including a number of non-volatile memory chips, each memory chip including a memory array organized into blocks of addressable locations, having a capability of operating in a number of modes, said card comprising:
- a lock memory for storing a lock value;
  
  control means for generating first and second commands and a predetermined key value;
  
  a key register coupled to said control means and responsive to said first command for storing said predetermined key value;
  
  a comparator coupled to said lock memory and to said key register, said comparator generating a compare signal whenever said lock value and said predetermined key value are equal;
  
  a delay counter coupled to said generating means and responsive to said first command for setting said counter to a maximum count value, and responsive to a sequence of successive second commands for generating a zero count signal when said delay counter has been decremented to zero;
  
  logic circuit means coupled to said comparator and to said delay counter, said logic circuit means responsive to said compare signal and said zero count signal for generating an access modification allowed signal;
  
  said control means for generating a third command, and first address signals and subsequent address signals identifying a first of said blocks and subsequent blocks respectively; and
  
  ,access control memory means being coupled to said logic means and to said control means, said access control memory responsive to said access memory enable signal, said address signals and said third command for storing indications signifying when said one of said blocks and said subsequent blocks are enabled for reading.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The system of claim 18 wherein said predetermined value and maximum values are selected to be sufficiently large so as to prevent ease of access to said information stored in said non-volatile memory when said memory card is placed in an unauthorized host computer.
  - 20. The card of claim 18 wherein said control means includes a microprocessor which couples to said memory which, upon successfully performing a first user authentication operation, generates said first, second and third commands.
  - 21. The card of claim 20 wherein said first command is a load key command, said second command is a decrementing command and said third command is a read allow block command.
  - 22. The card of claim 18 wherein said memory further includes command control means for decoding a predetermined set of commands for conditioning said card to perform normal memory operations, and said command control means including means for decoding an additional set of commands including said first, second and third commands for providing security for information stored in said memory.

23. A method of organizing for operation, a secure memory card installable in a host computer which includes a number of non-volatile memory chips, each memory chip including a memory array organized into blocks of addressable locations and control logic circuits for generating command signals for performing memory operations, said method comprising the steps of:
- (a) incorporating a microprocessor into said card which is connected to communicate with said host computer when installed therein, said microprocessor including an addressable non-volatile memory for storing information including a number of key values defining user accessibility to memory areas and memory configuration information defining accessibility to said memory areas;
  
  (b) incorporating security logic circuits into each non-volatile memory chip, said security logic circuits including a non-volatile lock memory for storing a predetermined lock value, access control logic means connected to said lock memory and an addressable volatile access control memory having a plurality of locations corresponding in number to said number of blocks for storing accessibility bit information according to said configuration information;
  
  (c) interconnecting said microprocessor to each memory chip for transferring address, data and control information to said each memory chip;
  
  (d) modifying said control logic circuits to be responsive to a plurality of commands for operating said security logic circuits;
  
  (e) connecting said microprocessor for performing an initial preestablished user authentication operation with said host computer; and
  
  ,(f) connecting said security logic circuits to be enabled by said microprocessor transferring specific ones of said plurality of commands to said each chip only when said authentication operation in step (e) has been successfully performed for allowing said information stored in different ones of said blocks to be read out according to said accessibility bit information stored in said access control memory.
- View Dependent Claims (24, 25)
- - 24. The method of claim 23 wherein said microprocessor non-volatile memory has a number of sections and wherein said key values are provided by generating random values for said key values which are to be loaded into a first one of said number of sections.
  - 25. The method of claim 23 wherein said method further includes the steps of:
    - (g) including an interval counter in said microprocessor;
      
      (h) connecting said interval counter to said microprocessor non-volatile memory and said interval counter being loaded with a value corresponding to a user selected time interval;
      
      (i) connecting said microprocessor for periodically initiating said user authentication operation of step (e) at said user selected time interval; and
      
      ,(j) connecting said security logic circuits to be enabled for continuing to allow said information stored in said blocks to be read out according to said accessibility bit information as long as said authentication operation of step (e) is successfully performed.

26. A method of constructing a secure memory card which includes a number of non-volatile memory chips for storing large quantities of information, each memory chip including a memory array organized into blocks of addressable locations and control logic circuits for generating command signals for performing memory operations, said method comprising the steps of:
- (a) incorporating a microprocessor into said card, said microprocessor including an addressable non-volatile memory for storing information including a number of key values defining user accessibility to memory areas and memory configuration information defining accessibility to said memory areas;
  
  (b) incorporating security logic circuits into each non-volatile memory chip, said security logic circuits including a non-volatile lock memory for storing a predetermined lock value, access control logic means connected to said lock memory and an addressable volatile access control memory having a plurality of locations corresponding in number to said number of blocks for storing user accessibility bit information in accordance with said configuration information;
  
  (c) interconnecting said microprocessor to each memory chip for transferring address, data and control information to said each memory chip; and
  
  ,(d) modifying said control logic circuits to incorporate a plurality of commands for operating said security logic circuits as an extension to a set of commands normally provided by said control logic circuits whereby said security logic circuits protect said information contained in said number of chips from being read out in an unauthorized manner even when said chips are removed from said memory card.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Bull CP8 (SLB)
Original Assignee
Bull HN Information Systems Incorporated (Atos SE)
Inventors
Holtey, Thomas O., Wilson, Peter J.
Primary Examiner(s)
Buczinski, Stephen C.

Application Number

US07/960,748
Time in Patent Office

510 Days
Field of Search

235/380, 235/382, 380/23, 380/24
US Class Current

713/193
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3576   Multiple memory zones on card

G07F 7/1008   Active credit-cards provide...

Secure memory card

First Claim

3 Assignments

Litigations

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Secure memory card

First Claim

3 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links