1. Field of the Invention
The present invention relates to a process for modifying code sequences and the associated device.
2. Description of Related Art
The present invention relates to computer programs, particularly those intended to be recorded on a medium in such a way that they cannot be modified, at least not easily. These media are integrated into a data processing system comprising, among other things, a central processing unit, a working memory, a nonvolatile memory and input/output means. More specifically, this data processing system can be incorporated into a chip card. In this case, the card contains a circuit comprising at least one microprocessor, a read-only memory containing a program and possibly data, a working memory and a programmable nonvolatile memory. Advantageously, the circuit is designed in monolithic form. The nonvolatile memory can store data and/or code; thus, the microprocessor can execute this code just in the same way as the code stored in read-only memory. Hence, there are two types of memory in one card; the content of the first memory is written when the circuit is manufactured and cannot be modified. The content of the second is initially blank, the values being written during the normal utilization of the object.
These days, chip cards can technically meet many needs. The program incorporated into the card, also called the xe2x80x9coperating system,xe2x80x9d makes it possible to adapt the functions of the card to its end use. Currently, the operating system is stored in a ROM that is etched during the production of the integrated circuit. The modification of the program in order to meet new requirements is a long operation that poses a huge problem when the client is pressed for time. Moreover, this operation is very costly; this discourages many xe2x80x9csmallxe2x80x9d clients who wish to buy several thousand cards, and often they settle for a card that only partially meets their expectations. One solution is comprised of using an existing mask and adding the functions requested by the client into the programmable memory or of modifying the functions existing in ROM.
The capability to input and execute additional code in programmable memory offers the advantage of being easily able to add new functions to an old program or to adapt old functions to specific needs.
Application Ser. No. 08/981,607 filed Dec. 27, 1998, for xe2x80x9cMethod And Device Enabling A Fixed Program To Be Developedxe2x80x9d, which is assigned to the assignee of the present invention describes a specific mechanism for branching a program during the execution of certain instructions. The preceding invention is comprised of establishing polling points and orientation points at certain locations in the ROM, using respective instructions. a polling point is indicated by a number and makes it possible to access a routine in the programmable memory if there is an existing code sequence corresponding to the address indicated by this number. If there is, a flag is set and the branch address is stored in RAM. An orientation point is active if a polling point has previously been executed. If it has, the branch is triggered by having in the normal program execute a jump to the programmed address. The code sequence to be executed can be in programmable memory or read-only memory.
However, this embodiment entails several problems if there are a number of modifications in the execution of the program that must be able to be handled. In this case, it is necessary to implement a large number of orientation points in the read-only memory. In the extreme, if high adaptability is desired, the program contains more code for executing branches than there is code constituting the main program. The multiplicity of these points is a major drawback if the size of the read-only memory is limited. Moreover, the execution time increases in proportion to the number of points. If the number of branch points is limited to adapt to constraints, the embodiment loses flexibility, since it does not make it possible to branch a program during the execution of any instruction whatsoever.
The object of the present invention is to provide a device that makes it possible to correct certain abnormalities in the execution of a fixed program, and thus makes it possible to correctly run, or easily add functionalities to, an existing program, while optimizing the code sequence to be written.
This object is achieved by the fact that the device for modifying code sequences written into a memory of a medium comprising a central processing unit capable of executing these code sequences, said memory containing a main program executable by the central processing unit, which also comprises a second programmable nonvolatile memory, possibly containing new executable code sequences, and a third working memory, is characterized in that a branch table TAB-DER contained in the second programmable memory contains at least one field containing reference data for a new code sequence, branching means allowing a deferred branch from the executed code sequence to the new code sequence written into one of the three memories and means in the new code sequence allowing the return to a point of the code sequence executed before the branch.
Another object of the present invention is to interrupt the normal running of a program prior to the execution of any instruction, even with a limited number of orientation points.
This object is achieved by the fact that the branching means comprise activatable orientation instructions (IORi) previously stored in the memory containing the code of the main program, each orientation instruction being associated with a reference i of the branch table TAB-DER written into programmable memory.
According to another characteristic, each orientation instruction (IORi) activated triggers the execution of a new code sequence comprising:
means for reading in the table TAB-DER of the programmable memory a time delay xcex94Ti corresponding to the reference of the orientation instruction, this time delay making it possible to defer the triggering of an interrupt that executes a jump to a new code sequence whose address (Adri) is indicated in the table, in association with the time delay,
means for storing the address (Adri) in a memory of the device, and
means for starting a timer of the device, for counting down the time required for the time delay of the jump.
Another object of the present invention is to make it possible to mask certain so-called sensitive operations performed by the central processing unit.
This object is achieved by the fact that the device for modifying code sequences comprises a second table TAB-SEC stored in the memory of the device and associating with each branch point (i) a time interval [xcex94Tmini; xcex94Tmaxi] associated with the time delay xcex94Ti prior to the execution of a new code sequence, and means for verifying that the time delay is authorized by the associated time interval supplied by this table.
According to another characteristic, the device for modifying code sequences comprises means that allow the time delay xcex94Ti to be shifted by the value of the time interval [xcex94Tmini; xcex94Tmaxi].
According o another characteristic, the device for modifying code sequences comprises means for triggering an error message when the time delay xcex94Ti is within the time interval.
According to another characteristic, the device for modifying code sequences comprises, following the end of the time delay (xcex94Ti) when the timer reaches the null value, means for triggering an interrupt, means for storing the current value of a program counter register PC in a stack, then means for branching the program to the address defined in the part of the ROM containing interrupt vectors, which supply the start address of the code sequence of the interrupt, means for verifying that the value Val_PC of the program counter register PC stored in the stack is not an address value of a sensitive sequence contained in a table TAB_SEC, and means for modifying the execution of the operations.
According to another characteristic, either the verification means sense that the value of the program counter register is contained by TAB_SEC in the interval [Adrdeb_i, Adrfin_1] corresponding to an interruption of the program during a sensitive sequence, and the means for modifying the execution of the operations of the card return a message indicating that its security has been breached and are inhibited, or the verification means sense that the value Val_PC of the program counter register is contained in the interval ]Adrfin_i, Adrdeb_i+1 corresponding to an interruption of the program during a nonsensitive sequence, and the means for modifying the execution of the operations then authorize the program to execute the new code sequence whose start address was stored during the execution of the orientation instruction (IORi).
According to another characteristic, the device for modifying code sequences comprises a frequency source for the timer that is different from the frequency source that allows the central processing unit to run the program, the value of the time delay (xcex94Ti) programmed into the branch table TAB_DER being calculated so as to allow the program to be interrupted at a given address, and the TAB-DER comprises, for each value of the time delay, an additional element containing this given address and means for comparing the address of the instruction interrupted by the interrupt to the one indicated in the table, and for triggering an alarm.
According to another characteristic, the device for modifying code sequences comprises alarm triggering means for inhibiting the medium and for indicating an attempted fraud through a write operation in the memory.
According to another characteristic, each new code sequence ends with an orientation instruction for reloading the timer with a new value of the time delay (xcex94Ti).
A final object is a process for modifying fixed code sequences written into a medium comprising a central processing unit and a memory.
This object is achieved by the fact that the process for modifying fixed code sequences written into a medium comprising a central processing unit and a memory is comprised of providing, in at least one fixed code sequence, at least one orientation instruction (IORi) making it possible, through an interrupt deferred by a time delay, to branch the execution of the program contained in the memory to a given address, using a branch table TAB_DER, as a function of a reference i associated with the orientation instruction and within a time delay determined by the content of a line of the table corresponding to the reference i of the orientation instruction, a new code sequence executable during the interrupt generated at the end of the time delay being stored at the address contained in the table (TAB_DER).
According to another characteristic, a step that triggers the interrupt is preceded by a verification step, and the time delay is not included in an interval defined by a second, so-called security table TAB_SEC written into the nonvolatile memory of the medium.