Circuitry and method for authentication of the content of the memory area
The invention relates to a device and method for authentication of the content of the memory. The technical result is to provide reliable authentication of the stored data. The device contains at least one non-volatile electrically erasable and rewritable memory, the addressing scheme, the source voltage programming, the memory flag, the authentication scheme data. The method describes the operation of the specified device. 2 S. and 1 C.p. f-crystals, 1 Il. The invention relates to circuitry for at least one non-volatile electrically erasable and re-writable memory area with the addressing scheme associated with the said memory and associated through address buses, and a voltage source programming associated with the said memory through a bus programming. The invention also relates to a method of authenticating the contents of non-volatile electrically erasable and re-writable memory.Such circuitry and a similar method is known from the document DE 4439266 A1. The contents of the specified memory area contained in the portable media Dan is obsessed memory area may increase or decrease. In such devices, especially in the case of sums of money, but also with other data, there is the risk of fraud and manipulation of the recorded data.Therefore, most applications of such data carriers provides as a condition not only the validity of the card and the terminal, and the authentication data stored. Therefore, the media data that includes protected from access memory, require the use of shutdown logic, which allows access to protected memory or prohibits such access. Such logic in a simple scenario, you may perform verification code, as described, for example, in the application WO 95/16238, or in more complex embodiments, requires authentication of the terminal, change the contents of memory before turning off the access. Then access should be guaranteed at least during the time required for transfer to map a certain amount of data.The possibility of manipulating data stored on the card can be realized, however, that the transmission of data after shutdown of the protected area is entered false data, or map with uninterrupted power supply, for example, used the Chennai terminal and may be issued an appropriate alarm, however, the distortion of the data by means of false terminal cannot be prevented. If you are not using a network connection all terminals that hardly can always provide you the opportunity to receive benefits through the use of distorted data to another terminal.Known decision prohibiting manipulation after disabling protected memory, consisting in the fact that the data be saved in encrypted form using a signature. However, in General it does not provide any copy protection status of importance.The task of the invention consists in the creation of the circuitry and method of the type defined above and which provide a more reliable authentication data stored in the minor circuit and time.The problem is solved by circuitry according to paragraph 1 of the formula of the invention and the method according to paragraph 2 of the claims.In accordance with this corresponding to the invention, the circuitry uses a continuous cell storing flags or complexes of cells, which indicate whether associated with them memory of the authenticated data. If petsa using the appropriate flag by setting this flag. After you finish editing the data memory area that can occur both by writing and by erasing should be performed authentication this memory area terminal, in which a corresponding flag is reset. Cell flag according to a preferred variant embodiment of the invention used in connection with the authentication of the respective memory areas, however, it is also possible to poll the status of the memory cells of flags at a different point in time. However, for reasons of protection against manipulation this must be done in an encrypted form that, in General, associated with higher costs. Through such a flag, variable internal to the card, you can also check whether the data has been interrogated region modified with an authorized terminal.These memory cells can be implemented through minor cost of additional hardware. The frequency of the authentication data may, depending on the size of the memory area to be set more flexibly than in the above-mentioned method using a signature, at least with regard to schemes without a controller. Due to the smaller number of authentications can viliame, an increased level of reliability can be applied to cells of the flags, without creating gaps in reliability for chip. Uncancelled flags, in addition, indicate premature violation programming card, so you do not need this information any other way.The invention is illustrated below by the example implementation illustrated by the drawing, which shows a block diagram corresponding to the invention of the circuitry.The block diagram represents a device with a nonvolatile electrically erasable and rewritable memory, which is subdivided into a number n of regions SB1. ..SBn memory. Memory addressing is done through a scheme AS addressing, which is divided into a decoder BD region, the decoder ZD-line decoder SD column. Through decoder BD region scheme AS addressing can be choose tire BL1. ..BLn areas SBl...SBn memory. Accordingly, through decoder ZD, SD rows and columns on tires ZL lines and buses SL columns selecting the corresponding memory cell in the corresponding memory area. Data can be recorded by Shin DL data in the field SB1...SBn memory and respectively read from these areas.< the erase to the voltage Vpp, the high e with respect to the normal supply voltage and referred to as programming voltage. This programming voltage is provided using source PSQ voltage programming bus PL programming.In accordance with the invention, with each region SB1...SBn memory mapped corresponding memory FS1...FSn flag. Each memory FS1...FSn flag associated with the corresponding bus BL1...BLn region, so that addressing a specific area of memory at the same time addresses the corresponding memory flag. In addition, each memory FS1...FSn flag is connected through a bus PL programming source PSQ voltage programming. Thus, by selecting the memory and voltage application programming automatically programmed corresponding memory flag. Thus any change to the contents of the memory area is recorded in the corresponding memory flag and, therefore, can be registered.When authorized to change data in the field SBi memory after such changes check if there is any valid data. For this modified data back data on the bus DL data and processed in the scheme of DAS and encrypted. The same process is performed in the terminal (not shown), which forwards the received signature to the map (indicated by the arrow Pf), where it is compared with a certain there signature. If the data matches, then the corresponding memory FSi flag controlled by schema DAS authentication data bus AL authentication so that the programmed before this memory FSi flag again erased and thereby authenticates the modified content data. The erased memory FS1.. . FSn flag means so that the corresponding content data of all memory blocks authenticated, while the set flag indicates that there were unauthenticated change the data in the corresponding memory areas.The preferred image memory flag is translated in the calculation of the signature or authentication, the terminal must come from the recorded state, as the data has been changed. Therefore, the terminal must have information about whether the recorded state of the programmed or erased state.The invention is described above in relation to device, in which when the data in memory is programmed SSA. However, it is also possible that the memory flag when changing the memory is erased and programmed after authentication.In the present example, each area SB1...SBn memory mapped memory FS1. ..FSn flag. This is ensured by the fact that the memory FS1...FSn flag associated with the tire BL1...BLn of the memory areas. However, it is also possible that only a single cell of the memory area reserved by the memory flag from unauthorized access, along with appropriate tires SL, ZL columns and rows are also connected to the memory FS1...FSn flag and accordingly contact the relevant bus BL1...BLn memory.
Claims1. Device for authentication of the content area of memory containing at least one non-volatile electrically erasable and rewritable memory area (SB1. . . SBn), the addressing scheme (AS; SD, ZD, BD), correlated with memory and associated with it by the tire addressing (SL, ZL, BL1. . . BLn), and the source voltage programming (PSQ), connected to a memory through a bus programming (PL), characterized in that each memory area (SB1. . . SBn) correlated non-volatile electrically Sepia (PL) and tires authentication (AL) associated with the corresponding memory area (SB1. . . SBn), the source voltage programming (PSQ) and the authentication scheme data (DAS) connected via a data bus (DL) with memory, so that when the contents of the memory area (SB1. . . SBn) changes the state of the corresponding memory flag (FS1. . . FSn), and after authenticating the programmed contents of the field memory flag (FS1. . . FSn) newly translated in its Prime condition.2. Authentication method the contents of nonvolatile electrically writable and erasable memory (SB1. . . SBn), which includes the following steps: a) change in the status memory area (SB1. . . SBn), (b) simultaneous change of state of the corresponding nonvolatile electrically writable and erasable memory flag (FS1. . . FSn), correlated with the above-mentioned memory area (SB1. . . SBn) to indicate change the contents of that memory location (SB1. . . SBn), (C) authenticating the contents of memory after the data changes d) the return referred to nonvolatile electrically writable and erasable memory flag (FS1. . . FSn), correlated with the above-mentioned memory area (SB1. . . SBn), the ground state when a positive authentication.3. The method according to p. 2, wherein the security memory.
FIELD: computers, data protection.
SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.
EFFECT: higher efficiency.