Secure multiple application IC card using interrupt instruction issued by operating system or application program to control operation flag that determines the operational mode of bi-modal CPU

US 5,754,762 A
Filed: 01/13/1997
Issued: 05/19/1998
Est. Priority Date: 01/13/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A control system for a microprocessor, intended for use within an IC card that supporting multiple applications, each said application is associated with a particular custom command, said control system comprising:

bi-modal CPU operation means, changing operation modes between system mode and application mode;

the operation modes of said bi-modal CPU operation means being determined by an operation flag, wherein the changing of the operation flag is dependent upon an interrupt instruction function;

issued by an operating system, an interrupt instruction function effecting a mode change from system mode to application mode places a return address for system mode and an original operation flag for system mode in stack, and clears all registers and working memory unnecessary for the next step in the application mode;

wherein a mode change interrupt instruction function from application mode to system mode restores the operation flag placed in stack for system mode, returns to system with the stacked system address, and clears all working memory and all registers except that holding parameters to be used in said system mode;

application initialization means for initializing in system mode, said initializing including verification of a utilized custom command and setting of memory boundaries in a comparison register as corresponding to a particular application program given authorized access;

verification means for verifying authorized access to both system and application memories requested by the application program given authorized access using said interrupt function, whereby said comparison register corresponding to the particular application program set with the application initialization means is utilized to verify authorized access to the memory requested prior to return to the application program with the requested memory;

wherein any invalid access attempt results in abnormal termination of operation, which effects a hardware interrupt that causes all working memory and all registers which are not required for forwarding of an error signal to be cleared;

wherein said verification means ensure that only memory verified as having authorized access is accessible from a particular application held in said IC card, said application initialization means having ensured said particular application as corresponding to a valid custom command, which together with said bi-modal CPU operation means dependent upon an operation flag changed by said mode change interrupt function associated with clearing of all working memory and all registers unnecessary in the next mode, ensure that comparison registers can not be accessed by any application, thereby securing each of the multiple applications upon an IC card.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Multiple applications upon an IC microprocessor are protected with bi-modal CPU operation, either in application mode or system mode, using an operation flag determining the mode and a functional interrupt with each mode change. Direct subroutine calling is replaced by a software interrupt which clears all working memory and registers except those holding parameters including the return address placed in stack. Access authorization utilizing a comparison register containing application and system memory boundaries according to the particular custom command utilized is associated with a mode change interrupt in application initialization. System subroutine running involves two mode change interrupts, from application to system and back, and includes access authorization. Request of an address beyond the territory assigned to the custom command utilized results in a hardware interrupt which clears all working memory and registers in the system mode and except that necessary to forward a status word indicating abnormal termination. Application completion forwards the result with a status word indicating successful completion. Hard-wired bi-modal CPU operation utilizing a mode change interrupt which saves parameters in stack but clears all other registers and working memory and utilizes a comparison register to authorize the system address prior to return to application mode with the return address held in stack ensures that operation in the application authorized by the custom command utilized will result either in successful completion or abnormal termination without possible access of any other application contained upon the IC card.

109 Citations

View as Search Results

20 Claims

1. A control system for a microprocessor, intended for use within an IC card that supporting multiple applications, each said application is associated with a particular custom command, said control system comprising:
- bi-modal CPU operation means, changing operation modes between system mode and application mode;
  
  the operation modes of said bi-modal CPU operation means being determined by an operation flag, wherein the changing of the operation flag is dependent upon an interrupt instruction function;
  
  issued by an operating system, an interrupt instruction function effecting a mode change from system mode to application mode places a return address for system mode and an original operation flag for system mode in stack, and clears all registers and working memory unnecessary for the next step in the application mode;
  
  wherein a mode change interrupt instruction function from application mode to system mode restores the operation flag placed in stack for system mode, returns to system with the stacked system address, and clears all working memory and all registers except that holding parameters to be used in said system mode;
  
  application initialization means for initializing in system mode, said initializing including verification of a utilized custom command and setting of memory boundaries in a comparison register as corresponding to a particular application program given authorized access;
  
  verification means for verifying authorized access to both system and application memories requested by the application program given authorized access using said interrupt function, whereby said comparison register corresponding to the particular application program set with the application initialization means is utilized to verify authorized access to the memory requested prior to return to the application program with the requested memory;
  
  wherein any invalid access attempt results in abnormal termination of operation, which effects a hardware interrupt that causes all working memory and all registers which are not required for forwarding of an error signal to be cleared;
  
  wherein said verification means ensure that only memory verified as having authorized access is accessible from a particular application held in said IC card, said application initialization means having ensured said particular application as corresponding to a valid custom command, which together with said bi-modal CPU operation means dependent upon an operation flag changed by said mode change interrupt function associated with clearing of all working memory and all registers unnecessary in the next mode, ensure that comparison registers can not be accessed by any application, thereby securing each of the multiple applications upon an IC card.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. A control system in accordance with claim 1, wherein said application initialization means first recognizes the custom command in said system mode as corresponding to one of the multiple applications and then proceeds through said mode change interrupt function effecting a change in mode from said system mode to application mode wherein the address of the application recognized and necessary parameters are placed in registers, all registers and the working memory which are not used are cleared, the operation flag is changed and the application program is accessed from the register with the return address of the system mode placed in stack.
  - 3. The control system of claim 1, wherein said mode change interrupt instruction function is generated by software utilizing a software interrupt instruction.
  - 4. The control system in accordance with claim 3, wherein said mode change interrupt instruction function from said system mode to said application mode is different than said mode change interrupt instruction function from said application mode to said system mode.
  - 5. The control system in accordance with claim 3, wherein said mode change interrupt instruction function from said system mode to said application mode, and said mode change interrupt instruction function from said application mode to said system mode utilize the same instruction but a different indicator in a parameter.
  - 6. The control system of claim 1, wherein the hardware interrupt is disabled during execution of said mode change interrupt, said hardware interrupt being enabled immediately after the mode change interrupt instruction.
  - 7. The control system of claim 1, wherein the hardware interrupt is disabled during execution of a return from said mode change interrupt, said hardware interrupt being enabled immediately after return from a completed mode change interrupt instruction.
  - 8. The control system of claim 1, wherein said comparison registers are inaccessible by application program, the CPU generating said hardware interrupt when an attempt to modify said comparison register is made under said application mode.
  - 9. The control system of claim 1, wherein said comparison registers contain upper bounds and lower bounds of authorized memory access.
  - 10. The control system of claim 1, wherein said comparison registers are comprised of three types:
    - program memory comparison registers, data memory comparison registers, and working memory comparison registers.
  - 11. The control system of claim 1, wherein a request for a system subroutine in said application mode triggers said mode change interrupt function in which the requested address is placed in a register, parameters necessary for said system mode are placed in registers, and working memory if desired due to insufficient register space, the registers and working memory not utilized are cleared, the original operation flag is saved, and the return address of the application program is placed, in stack, and operation flag is changed.
  - 12. The control system of claim 1, wherein a request for a system subroutine in said application mode triggers said mode change interrupt function followed by verification of access authorization including the steps of accessing the subroutine requested, running said subroutine, and placing the result into registers and into working memory if desired due to insufficient register space.
  - 13. The control system of claim 1, wherein a request for a system subroutine in application mode triggers said mode change interrupt function to allowed by verification of access authorization which is further followed by a return from mode change interrupt in which all said registers and working memory which are not necessary for forwarding the result, operation flag is restored with the stacked operation flag and return to the application program is effected with the stacked return address.
  - 14. The control system of claim 1, wherein said abnormal termination includes the steps of recognizing an invalid access attempt with said comparison register, in which said application boundaries are set, generating a hardware interrupt function and processing a hardware interrupt service routine including return of an error message in a status word to an external interface device and resetting of the CPU effecting clearing of all said registers and working memory.
  - 15. The control system of claim 1, wherein successful application completion is followed by placing the result in said registers and working memory, clearing of unnecessary registers and all working memory, returning from mode change interrupt to said system mode and forwarding to an external interface device the result placed in a register in a status word.
  - 16. The control system of claim 1, wherein any said custom command required by more than one of said application programs may be saved in a root level so that only one copy of code corresponding to each custom command is necessary and memory space upon the microprocessor contained within the IC card thereby conserved.
  - 17. The control system of claim 1, wherein said comparison register is comprised of a table of indexes which point to a list of memory blocks which indicate authorized access, and for which a request which is not present of the list results in a generation of a hardware interrupt terminating operation.
  - 18. The control system of claim 1, wherein a request for a block of said working memory required by the application program must be made by the operating system in order to prevent said hardware interrupt triggered by attempted access of said working memory beyond the boundaries contained in a pertinent comparison register.
  - 19. The control system of claim 18, wherein release of the working memory requested is made prior to application program completion.
  - 20. The control system of claim 18, wherein said release of requested working memory prior to application program completion is ensured by a garbage collection function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kuo, Chih-Cheng, Minwen Lo
Original Assignee
Kuo, Chih-Cheng, Minwen Lo
Inventors
Kuo, Chih-Cheng, Lo, Minwen
Primary Examiner(s)
AN, MENG AI T

Application Number

US08/782,063
Time in Patent Office

491 Days
Field of Search

395/186, 395/187.01, 395/188.01, 395/378, 395/570, 395/580, 395/566, 395/733, 395/734, 395/741, 395/490, 395/491, 395/868, 395/885, 395/800.36, 395/800.37, 395/800.38, 395/800.42, 395/800.43, 380/4, 380/50, 380/23, 380/24, 380/25, 235/490
US Class Current

726/23
CPC Class Codes

G06F 12/1441   for a range

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3576   Multiple memory zones on card

G07F 7/1008   Active credit-cards provide...

Secure multiple application IC card using interrupt instruction issued by operating system or application program to control operation flag that determines the operational mode of bi-modal CPU

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure multiple application IC card using interrupt instruction issued by operating system or application program to control operation flag that determines the operational mode of bi-modal CPU

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links