1. Field of the Invention
The invention relates to a circuit configuration having at least one nonvolatile, electrically erasable and writable memory area. An addressing circuit is assigned to the memory area and connected thereto through address lines. A programming voltage source is connected to the memory area through a programming line. The invention additionally relates to a method for authenticating the content of a nonvolatile, electrically writable and erasable memory area.
Such a circuit configuration and such a method are disclosed in German Published, Non-Prosecuted Patent Application DE 44 39 266 A1, corresponding to U.S. Pat. No. 5,889,266. In that document, the content of the memory area which is contained in a portable data carrier, for example a smart card, represents a cash value which can be increased or decreased by changing the memory area content. There is a risk of fraud and manipulation, particularly in the case of data representing cash values, but also in the case of other data.
Therefore, most applications of such data carriers demand not only the genuineness of the card and terminal but also the authenticity of the stored data. Data carriers which contain an access-protected memory area therefore require a release logic which allows or does not allow access to the protected area. In a simple case, such logic can carry out the verification of a code, as is described in International Publication No. WO 95/16238, or, in complex implementations, as in German Published, Non-Prosecuted Patent Application DE 44 39 266 A1, corresponding to U.S. Pat. No. 5,889,266, such logic can demand, prior to a release, the authentication of the terminal altering the memory content. Access must then be granted at least until a specific volume of data has been able to be transferred to the card.
A possibility of manipulating the card data arises when the data transfer is corrupted after the release of the protected area or the card is transferred to a fraudulent terminal with the voltage supply being maintained, for example through the use of a battery. Although that manipulation may be recognized and recorded by the releasing terminal, the corruption of the data by the fraudulent terminal can nevertheless not be prevented. If, in an application, there is no networking of all terminals, which can hardly be presupposed, there is the possibility of obtaining an advantage with the falsified data at a different terminal.
One solution for preventing data manipulation after the release of the protected area resides in storing the data in an encrypted manner with a signature. However, that cannot afford protection against a replay of a valuable state.
It is accordingly an object of the invention to provide a circuit configuration and a method for authenticating the content of a memory area, which overcome the hereinafore-mentioned disadvantages of the heretofore-known devices and methods of this general type and which allow reliable authentication of stored data and at the same time require little in the way of circuitry and time.
With the foregoing and other objects in view there is provided, in accordance with the invention, a circuit configuration, comprising at least one nonvolatile, electrically erasable and writable memory area. An addressing circuit is associated with the at least one memory area. Address lines are connected between the at least one memory area and the addressing circuit. A programming line is connected between a programming voltage source and the at least one memory area and is also connected between the at least one flag memory and the programming voltage source. At least one nonvolatile, electrically writable and erasable flag memory is respectively assigned to the at least one memory area. An address line is connected between the at least one flag memory and the at least one memory area. A data line is connected between the authentication circuit and the at least one memory area. An authentication line is connected between the at least one flag memory and the data authentication circuit. Upon an alteration in a content of a memory area, a state of the assigned flag memory is changed and, after authentication of a programmed memory area content, the assigned flag memory is returned to a basic state.
With the objects of the invention in view, there is also provided a method for authenticating a content of a nonvolatile, electrically writable and erasable memory area, which comprises simultaneously changing a state of a nonvolatile, electrically writable and erasable flag memory associated with to the memory area, when the memory area is changed. The flag memory returns to a basic state after authentication of the content of the memory area.
Accordingly, the circuit configuration of the invention uses permanent flag memory cells or cell complexes which indicate whether or not memory areas assigned thereto contain authenticated data. If the release operation is followed by access to a memory area which alters the data thereof, then this is recorded in the associated flag by the flag being set. Once the alteration of the data of a memory area is concluded, which can be effected both by writing and by erasure, authentication of this memory area by the terminal must be effected, which resets the assigned flag as a result.
In accordance with a concomitant mode of the invention, the flag cells are incorporated in the authentication of the corresponding memory areas. It is also possible to interrogate the state of a flag memory at a different point in time. However, for reasons of manipulation security, this should be effected in encrypted form, although this results in a greater complexity. Thus, this flag which can only be changed internally in the card can be used to check whether or not the data of an area in question has been altered by an authorized terminal.
The above-mentioned flag cells can be realized by little additional outlay on hardware. The frequency of the data authentications can be handled more flexibly, depending on the memory area size, than in the case of the above-mentioned signature method, at least as far as circuit configurations without controllers are concerned. By virtue of the smaller number of authentications, the complexity for an authentication can be made higher and the method can thus be made more secure. Furthermore, the increased security level can optionally be used by the flag cells without thereby opening up a security gap in the chip. In addition, non-erased flags point to a premature termination of the card programming, so that this information does not have to be obtained elsewhere.
Other features which are considered as characteristic for the invention are set forth in the appended claims.
Although the invention is illustrated and described herein as embodied in a circuit configuration and a method for authenticating the content of a memory area, it is nevertheless not intended to be limited to the details shown, since various modifications and structural changes may be made therein without departing from the spirit of the invention and within the scope and range of equivalents of the claims.
The construction and method of operation of the invention, however, together with additional objects and advantages thereof will be best understood from the following description of specific embodiments when read in connection with the accompanying drawings.