Generally, with a single-chip microcontroller having a ROM (Read-Only Memory) and a CPU (Central Processing Unit), it is necessary to prevent the data stored in the ROM, for example, game software or management information, from being read by a third party and to prevent the data in the ROM from being rewritten or overwritten externally by a hacker.
During the stages of program development, because an external ROM is connected to the chip and the data is read from the ROM in the chip in order to modify the program contained therein, an input/output port must be enabled so that signals over address and data buses can be transferred externally. Conversely, after the program development is completed, it is necessary to disable any external connection to the data and address buses in the input/output port and set their security. "Setting security" herein means protecting the contents of the ROM (protection against external overwriting of the data) and keeping them confidential or secure (protection against external reading of the data).
To do so, a known conventional method is to set a security bit in a register, and disable the operation of the input/output port when this bit is set, and enter a password when the security is to be reset or cleared, or input a predetermined combination of logic signals to an external terminal. However, this method is rendered meaningless if the password or combination of signals is known to a third party, and such a password or combination may possibly be discovered if it is traced.
Accordingly, the inventor directed its attention to an EPROM (Erasable Programmable ROM) as a storage portion for writing security bit data therein (hereinafter referred to as an "auxiliary storage portion). For example, assuming that a transistor, which is a single floating-gate memory cell of the EPROM, is used to write security bit data, then one power supply terminal (Vdd) and the other terminal (Vss) are connected to a gate and a source of a transistor 10, respectively, as shown in FIG. 5, and a high voltage is applied to the gate of the transistor 10 to store charge on the floating gate. Now, assuming that the read result is defined as "1", then the CPU first reads the security bit data even when the CPU is activated by a third party; because the result is "1", external connection of the data and address buses in the input/output port is disabled or prohibited.
FIG. 6 illustrates the relationship between gate voltage and drain current for the transistor 10, where after the charge on the floating gate is lost due to ultraviolet irradiation, a current flows even when the gate voltage is low; however, during programming, that is, after a high voltage is applied to the gate, no current flows unless the gate voltage is increased. In FIG. 6, an electrical transition is from left to right, but not from right to left. In other words, once the threshold value of the transistor becomes high, it will not drop below that. Thus, once security is set using the EPROM, it cannot be normally reset or cleared.
However, if a voltage that is higher than the high voltage applied to the gate during programming ("V1+a" in FIG. 6) is applied to the gate, current flows through the transistor, and the read result for the security bit data is seemingly "0", thus resulting in a security-reset condition.
Thus, an attempt to use two transistors that comprise memory cells of the EPROM to provide 2-bit security bit data was examined, as shown in FIG. 7. It is assumed here that the results of a read from the memory cell are defined as shown in FIG. 8. That is, the result of a read from the memory cell by the CPU is "0" under conditions where a negative charge on the floating gate of that memory cell is reduced to zero by irradiating ultraviolet rays onto the EPROM, while the result of a read by the CPU is "1" under conditions where a negative charge is stored on the floating gate by programming the memory cell (i.e., applying a high voltage to the gate).
Assuming that the two transistors shown in FIG. 7 are A and B, then the relationship between security bit data read from the transistors A and B and security status is set as shown in FIG. 9. In this case, if security is set when A=1 and B=1 (meaning that the bit data read from transistor A (B) is 1), then the user writes certain programs and data into a main memory, or ROM, when A=0 (1) and B=1 (0), and subsequently sets A=1 and B=1. If so, the EPROM will not electrically shift from "1" to "0" as described with reference to FIG. 6, so that a third party cannot set A=0 (1) and B=1 (0) .
Here, if a memory array that comprises an EPROM as a main memory for storing data such as programs is used and the security bit data is loaded into this memory array, then the programs themselves are lost even if the security may be reset by setting A=0 and B=0 through ultraviolet irradiation, so that they cannot be read out.
However, by applying a higher voltage (V1+a) to the gate as described above, the CPU is allowed to recognize A=0 and B=0 without erasing the contents stored in the main memory. Thus, the case of A=0 and B=0 must correspond to the security-set status; however, this means that the state of A=0 and B=0 remains unchanged even when a chip manufacturer irradiates ultraviolet rays onto the EPROM for shipment to users, so it is in a security-set status.
Thus, the issue is how to reset or clear this security after the chip is shipped to an authorized user. Several methods for resetting the security are conceivable, such as entering a password, and externally applying a predetermined logic signal or voltage to a particular pin of the chip. However, the very idea of writing the security bit data into the EPROM is to be avoided since such approaches for entering the password or inputting the signal to the pin pose problems as described above, so the use of an EPROM itself is less meaningful.