The invention relates to an electronic data processing device, comprising a data processing member, provided for processing first encoded data, obtained by encoding first data, input by a user and second encoded data, read from a carrier comprising a first memory for storing identification data, said data processing member being provided for controlling, based on said first and second data, a secured operation initiated by said user, said device further comprising a second memory accessible by said processing member, said second memory being configurable in order to delimit at least one secured memory part within said second memory, to each of said secured memory parts there being assigned a dedicated address range, said data processing member comprises N (N≧2) processing units of which M (M≦N−1) processing units are provided to process said secured operation and at least one of the remaining N-M processing units is provided for processing application data related to said transfer, to each of said M processing units there is assigned at least one of said secured memory parts, each of said processing units being each time connected to a memory access control member by means of a dedicated internal bus, said second memory being also connected to said memory access control member, which is provided for controlling accesses to said second memory, said memory access control member being provided for storing said memory address ranges assigned to said M processing units and for detecting an access request to said protected memory address, belonging to said ranges, when issued by one of said N-M processing units and for overruling the detected protected address.
Such an electronic data processing device is known from US-A-2003/0018860 and for example used as a transfer terminal for electronic payment placed at a point of sales. The first data is generally input by the user by means of keys or a touch screen and comprises for example the user's PIN code. The second data is stored in the first memory of the carrier, for example a bankcard and identifies the user, for example by his bank account number. Since the PIN code as well as the bank account number are secured data, they should only be processed by a secured operation, which is initiated by the user upon introducing the carrier with his first memory into the terminal. For the execution of the transaction requested by the user, and in particular for the secured operation, the data processing member needs the second memory, where the necessary routines and data, as well as encoding and decoding keys are stored.
As secured operations are executed by the processing member, it is of the utmost importance that the data involved in such an operation are well protected against any attempt to read or retrieve them. For that purpose it is well known to encrypt or encode the data involved in the secured operation and avoid in such a manner that “clear” data could be retrieved from the terminal.
Unfortunately, it is not excluded that persons with bad intentions could reach the keys stored in the second memory and could thus be able to decode the data encoded by means of those keys. Still higher levels of protection are thus required in order to provide the user with an efficient and reliable protection of the secured operation initiated on such electronic data processing devices.
In the device known from US-A-2003/0018860 a plurality of processing units are present and only a restricted number of them is entitled to process secure data. In order to avoid that processing units, which are not entitled to access secure data, could reach this secure data, a memory access control member is used. This memory access control member is provided with an SPM (System Protection Member), which is connected to a traffic control unit. The SPM controls the traffic towards the second memory and prevents that secure data is accessed by non-authorised processing units.
A drawback of the known device is that the SPM monitors a common bus, which is accessible by all processing units. This signifies that one could, via this common bus, get access to the SPM and reconfigure the latter, in order to get access to the secure data.