Electronic device and data processing system
(57) Abstract:The invention relates to an electronic processing unit. The technical result consists in increasing protection against unwanted access to memory. The device includes a processing unit (CPU), a bus, a storage device (ROM, EEPROM), a coding unit (VE), Comparer (V) stored secret key (Key1, Key2) with user-entered key word (SW) and switchgear (SE; MUX), allowing the encoding of the input data and decoding the data entered only upon a positive result of the comparison. 2 c. and 6 C.p. f-crystals, 2 Il. The invention relates to an electronic processing unit with a data processing unit such as a microprocessor, at least one storage device and placed between the storage device and the data processing unit bus. In addition, the invention relates to electronic data processing system with such electronic processing unit.The appropriate type of electronic device data is often used in security critical applications. In the storage device are entered confidential data, f is LASS="ptx2">Since the memory device contains information that shouldn't be access from the outside, it is necessary to take protective measures against manipulation with the electronic processing unit.When the appropriate type of electronic device, data processing is executed in the form of an integrated circuit, it is possible to cover different pestiviruses layers. This pestiviruses layers are superimposed so that the removal pestiviruses layer leads to the destruction of the storage device. In addition, the storage device can be immersed in the underlying layers of the integrated circuit so that access to it was difficult.Another possibility for protecting an electronic device from data from unwanted manipulation is to use sensors that read the operating modes of the electronic device data. As soon as the read sensor value exceeds the normal value, begin to act proper security measures, leading to deactivation of the electronic device, data processing or cleaning of the storage device.In addition, there are also sensitive elements appeal to targeted areas closed mode according to the purpose. In addition, you can control the correctness of the access sequence.Finally, it is also known that in a certain mode process can limit the allowed access memory of the data processing unit in the storage device special device hardware, for example, break the connecting paths.Despite the above precautions in the appropriate type of electronic device data may accidentally be unwanted manipulation.Therefore, the object of the invention is to implement appropriate type of electronic device and a data processing system, which is or which has improved protection against unwanted changes and/or understandings of the memory contents.The problem is solved with the help of electronic data processing in accordance with subparagraph.1 and 7. Expedient embodiments of the given in the dependent claims.In accordance with these paragraphs electronic processing unit has a data processing unit connected to the bus at least one storage device which contains the secret key code and at least substantially all of the security data stored in the storage device or devices is or are introduced to them in an encoded form. The comparator entered the secret key code with a user-entered keyword controls the locking device, which controls the encoding unit so that the decoding of the data entered is only possible in case of positive result of the comparison.The invention is based on the discovery that by using new techniques facilitated the possibility of manipulating made in the form of integrated circuits electronic devices for data processing. Therefore, from the point of view of manipulating electronic data processing in the integrated schema should be considered not only as the chip in its entirety, and as consisting of individual components on a silicon carrier system, in which you can have separate access to the components.Therefore, there is a possibility by monitoring the data transfer bus or by reading a storage device to make a conclusion about the stored information, so that the manipulation is facilitated and you can have access to top secret stored content of the storage device.In accordance with another opening in accordance with the invention, many manipulation of the electronic Ustream to follow and you do not want to understand the program in the processing unit.In a possible embodiment, a coding unit is made so that data transfer on the data bus can be encoded using the encoding algorithm. Designed in such a way encoding unit has the advantage that in case of mass production requires less cost. Currently, however, the encoding algorithm is very time consuming, as it requires a lot of calculations in the processing unit.In another embodiment, a coding unit is made so that data transfer on the data bus can be encoded using the encoding hardware. It is coded very simple technical means is the device data in accordance with the invention in real time, namely, as when access to read and write in the storage device.In accordance with the invention, the coding of technical means can be performed using the coding block, which is made in such a way that the significance of each bit of data can be selectively changed. In this case, there are bits that are stored in the storage device is a, which has at least a XOR circuit.In the following a possible embodiment, a coding unit is made so that it is possible to selectively change the sequence of connection of the data lines of the data bus. This is expressed in such a way that individual lines of bits of the data bus as would replace each other.Finally, the encoding means in the processing unit in accordance with the invention can be made using the coding block, which is made in such a way that the transfer of data between the data bus and the processing unit and/or between the data bus and the memory device can be realized partially selectively with a time delay. Consequently, the simulated bus data transfer, which has no relation to the instantaneous operating mode of the electronic device processing data in accordance with the invention.This essential feature of the invention consists in that the encoding unit is designed in such a way that the encoding is done selectively. This means not only that the encoding may be performed selectively or not to be. In addition, in accordance with the invention atih. In this case, the mode of operation of the coding unit has a dynamic characteristic.In the electronic processing unit in accordance with the invention with changing keys code provides that the electronic data processing of one batch manufacturing is equipped with different and individual key code. This ensures that even when knowledge of the key code one electronic device processing data, it is impossible to conclude that the key code other electronic devices for data processing. In addition, when stored in ROM for each program uses a different key code. When stored in a programmable permanent memory device such as EEPROM or Flash, in every electronic device data you can enter the individual key code. Of course, in the storage device must be entered in any form, which entered related to the key code data in which the address of the storage devices, and data processing.In a variant of the invention provides a conjugate with coded block register in which, or in which the temporarily stored secret or secret (n) keys code. However, care should be taken that ispolneny preferably as a mass storage device, do not retain information when turned off.In a particularly preferred embodiment of the invention secret (secret) keyword (keywords) is stored in encoded form, and the encoding is done using the so-called one-way functions one-way-function). This represents an encoding, which is not decoded or decoded with great difficulty. On the semiconductor chip, which implements the electronic processing unit is, thus, only the encrypted form of the secret key code, which does not decode stored in encoded form data. Even at very labor intensive and detailed studies of the semiconductor chip, it is impossible to get access to all critical information for misuse.Only after entering the keywords by the user, encoding the key words with the help of diagrams one-way functions in the electronic device data and the positive result of the comparison encoded key words stored in encrypted secret number dekodiranje keyword is written to the register, not with the devices of the electronic device data using the coding block. After turning off the electronic device data key word again is erased.In another embodiment, the electronic device data for different address regions use different key code. For this purpose the address decoder, which stores the corresponding address area and the associated code registers.If you use multiple keys code, the user or system with many users, users must enter a few key words in order to be able to decode the stored data. These keywords are then, after obtaining a positive result of the comparison with the stored coded keys in registers and can get out of them with the help of decoder addresses.The objective function of the processing unit according to the invention is only possible in combination with the reading device, in which a user, for example, using the keypad to enter a keyword. Here the keyword is transmitted to the processing unit installed on the card with the chip.The invention is explained below in detail on the example run using ri is accordance with the invention, and
Fig.2 is a detailed illustration of the electronic processing unit in accordance with the invention.In Fig. 1 schematically illustrates a data processing system with the card reader LG integrated - chip IC. But the invention is not limited to the shape of the card processing unit, and can be implemented with keys or wristwatch. The transmission of information from the reader device to LG card with the IC chip can be carried out both contact and contactless.Reader LG has a keyboard T, in which the user can enter a key word SW. Then the key word SW is transmitted from the reader device to LG card with the IC chip.On the card with the IC chip mounted semiconductor chip, which is implemented by the processing unit in accordance with the invention. The processing unit has a CPU, connected by bus with memory devices ROM, EEPROM. Of course, the bus can be connected and other necessary or preferred for the operation of the microcomputer circuit. With CPU paired encoding unit VE. In memory devices, ROM, EEPROM are stored in an encoded form data, su the ith block VE must first be decrypted using the secret key code. Entered in the storage device, ROM, EEPROM data before input can be encoded by the encoding unit VE.Encoding the VE block encodes and decodes the data using one or more secret keys code CEU, CEU. They are stored in one or more storage devices, ROM, EEPROM. The decoding or the encoding may be performed only after the user enters from the keyboard T reader LG keyword SW and submit it to the electronic device, the data processing card with IC chip. The electronic processing unit is the unit of comparison V, which is entered as a keyword SW and KL stored secret key code CEU, CEU. Only in case of positive result of the comparison, that is, only when the entered keyword SW corresponds to the secret code Key1, CEO, keyword SW line SWL and through the distribution unit SE, managed Comparer V, is introduced into the encoding unit VE. Unit V comparison may be implemented as a CPU.As is shown in Fig. 2, with coded block VE can be paired registers R1. . .Rj, through the multiplexer MUX is written to a keyword or several keywords with predstavljaet a variant of the switchgear SE in Fig.1. In another embodiment in accordance with the invention, when a few key words in SW, you can select the keyword with the help associated with the CPU of the address decoder AD. To do this, in the address decoder AD is entered address is actually addressed processor CPU memory cell in accordance with data stored in the decoder address, or anywhere else the table is selected, the corresponding register R1...Rj. Stored in the selected register R1...Rj keyword SW is then used by the encoding unit VE to encode or decode.Secret key code CEU, CEU can be stored in unencrypted form, but it is preferable to store them in an encoded form. For coding is applied is preferably a so-called one-way function one-way-function) OWF. Such unidirectional function gives the result that even with the knowledge of the function and the input signal can not be defined or determined only by the huge computing. Since implementing electronic processing unit in accordance with the invention, a semiconductor chip recorded only encoded form of the secret key and the encoded data, the fraud cannot be obtained initially also in Fig.2, transmitted from the reader device LG keyword SW is entered by implementing one-way function scheme OWF in block V. comparison Unit comparing V compares the coded forms of the stored secret key code CEU, Key 2 and key words SW and only in case of positive result of the comparison nekodirovannie form keywords SW is written on the line SWL and through the multiplexer MUX in one of the registers R1...Rj. As already mentioned, the registers R1...Rj does not retain information when turned off, so nekodirovannie form keywords SW is entered into memory only when it permitted the Board mode chip IC and after work is erased.Therefore, with the help of electronic data processing and, accordingly, a data processing system in accordance with the invention, it is possible to protect the data stored in the semiconductor chip card with a chip from unauthorized access using only the allowed decoding and encoding. 1. Made in the form of an integrated circuit electronic device, the data containing (a) a processing unit (CPU), connected to a bus with at least one storage device (ROM, EEPROM), (b) capregen is in storage device or a storage device (ROM, EEPROM), (g) and at least substantially all of the security data is encrypted or encoded in the storage device or devices (ROM, EEPROM), (d) the unit of comparison (V) stored secret key (Key1, Key2) with user-entered key word (SW) and (e) driven unit comparison (V), the control coding unit (VE) switchgear (SE; MUX), allowing the encoding of the input data and decoding the data entered only upon a positive result of the comparison, (W) and entered keyword (SW), controlled switchgear (SE; MUX), sequentially transmitted to the encoding unit (VE) for encoding and decoding.2. Electronic device data under item 1, characterized in that the storage device to a secret key or key code (Key1, Key2) is a storage device, ROM, EEPROM, Flash memory or FRAM.3. Electronic device data under item 1 or 2, characterized in that at least provided related to codereuse unit (VE) register (R1. . . RJ), in which or after which a positive comparison of recorded (written) or written (recorded) secret key or key code (Key1, Key2).4. Electronically the specific function scheme (OWF), through which key word (SW) is entered in the unit of comparison (V), and that the secret key or the key code (Key1, Key2) are stored in memory in coded form using a one-way function (OWF).5. The electronic processing unit according to one of paragraphs.1-4, characterized in that the encoding unit (VE) connected to the address decoder AD, which makes the encoding or decoding data dependent address that was matched from the data processing unit (CPU).6. Electronic device data on p. 5, characterized in that when multiple secret key code (Key1, Key2), you can select the secret key code using the address decoder (AD) depending on the addressed memory cell.7. A data processing system with a processing unit according to one of the preceding paragraphs and the reader (LG) for communication with the processing unit, in which the user enters a key word (SW).8. A data processing system according to p. 7, characterized in that the processing unit is part of a card with a chip (IC).
FIELD: medicine; medical engineering.
SUBSTANCE: method involves collecting information and storing it in single database or several databases representing parameter values of significance to enable one to carry out the procedures on his/her own, and operations for processing the mentioned single database or several databases to show alternative variants for making selection among two or more actions and values corresponding to each of two or more actions. Device has means for making calculations, required for implementing the method, and computer system and machine-readable carrier having program written on it and capable of implementing the method corresponding to the invention, on computer.
EFFECT: wider range of means accessible to end user.
69 cl, 8 dwg, 1 tbl