The present invention relates to smart cards, and more particularly, to an input circuit for smart cards having an electrically erasable and programmable memory (EEPROM).
Smart cards having an EEPROM, such as phone cards, are well known and commonly use a low-capacity memory of about 300 bits. A part of the memory contains, for example, codes identifying the card and/or its proprietor and/or its manufacturer. Another part of the memory may contain a unit counter, which is the case especially with phone cards.
The addressing of the memory, namely the read and/or write operations, is done sequentially. Three commands are usually enough to manage a memory of this kind. A shift and read command RE shifts the operation from one memory cell to the next memory cell so that the contents of the latter cell can be read. A write command WR is used to program the memory cell in which the operation is located. Finally, an initialization command RST is used to initialize the commands of the memory, namely to take position on the first cell of the memory pending an instruction.
Thus, to program the nth memory cell, the following commands are performed successively: an initialization command RST to take position on a first memory cell, (nxe2x88x921) shift and read commands RE to take position on the nth memory cell, and finally a write command WR to program the nth cell. If several cells of the memory have to be programmed successively, then to limit the number of commands to be performed, the shift and read commands RE and the write command WR could be sequenced without necessarily and systematically carrying out a performance of an initialization command RST after each write command WR. However, the instructions have to be communicated with care by the reader. Indeed, the involuntary programming of certain cells of the memory may put the card out of operation and thus make it unusable. In the prior art, the shift and read command RE, the write command WR and the initialization command RST are encoded in the form of two binary data elements A and B and transmitted to the card in the form of two binary signals SA, SB. These binary signals SA, SB are transmitted by direct contact between output terminals of the reader and corresponding input terminals of the card. For example, the initialization command RST is encoded by A=0 and B=0, the shift and read command RE is encoded by A=0 and B=1 and the write command WR is encoded by A=1 and B=1, the combination A=1 and B=0 being unused.
An input circuit, internal to the card, receives the two binary signals SA, SB and gives the shift and read command RE and/or write command WR and/or initialization command RST to the memory. FIG. 1 shows a conventional structure of an input circuit 100 of this kind comprising five input terminals 101 to 105 to which there are respectively applied the first binary signal SA, a clock signal CLK, the second binary signal SB, a power supply voltage Vcc and a power-on signal POR. To each input terminal of the circuit 100, there corresponds an output terminal of a reader 150. Brushes located on the output terminals of the reader 150 provide the contact with the input terminals of the card when it is inserted into the reader.
The input circuit has a first read circuit 110, a second read circuit 120, and a decoding circuit 130. The supply voltage Vcc powers all the elements of the input circuit 100. The first read circuit 110 has a comparator 115 and a flip-flop circuit 116. The comparator 115 has an input terminal known as a positive (+) terminal connected to the input terminal 101 of the input circuit 100 and an input terminal known as a negative (xe2x88x92) terminal to which a first reference voltage V1 is applied. The comparator 115 also has an output terminal connected to a D input terminal of the flip-flop circuit 116 whose clock input and initialization terminals are connected respectively to the input terminals 102 and 105 of the input circuit 100.
The first read circuit 110 works as follows. The comparator 115 compares the voltage level of the signal SA applied to its positive input terminal (+) with the first reference voltage V1 and gives the result of the comparison at the D input terminal of the flip-flop circuit 116 in the form of a binary data element A. During an active edge of the clock signal CLK, the flip-flop circuit 116 transmits the data element A to its Q output terminal. The binary data element A is for example equal to xe2x80x9c1xe2x80x9d if the voltage level of the binary signal SA is higher than the first reference voltage V1. If not, it is equal to xe2x80x9c0xe2x80x9d. Similarly, the second read circuit 120 has a comparator 125 with a positive input terminal (+) connected to the input terminal 103 and a negative input terminal (xe2x88x92) to which there is applied the first reference voltage V1 . The comparator 125 also has an output terminal connected to a D input terminal of a flip-flop circuit 126 whose clock input and initialization terminals are connected respectively to the input terminals 102 and 105 of the input circuit 100. The second read circuit 120 works similarly to the first read circuit 110: it receives the binary signal SB and produces a binary data element B representing the level of the binary signal SB with respect to the first reference voltage V1. The binary data element B is for example equal to xe2x80x9c1xe2x80x9d if the level of the binary signal SB is higher than the reference voltage V1. If not, it is equal to xe2x80x9c0xe2x80x9d.
By design, the comparators 115 and 125 have a hysteresis threshold ranging from a voltage threshold VH of about 2 V to a voltage threshold VL of about 0.8 V. To obtain efficient operation of the comparators 115, 125, preferably a first reference V1 ranging between the threshold voltages VL and VH will be chosen. It should be noted that the flip-flop circuits 116, 126 are not indispensable to the working of the read circuits 110, 120. They simply synchronize the binary data elements A, B arriving at the decoding circuit 130.
The decoding circuit 130 has two input terminals 131, 132 respectively connected to Q output terminals of the flip-flop circuits 116 and 126. At three output terminals 135 to 137, the decoding circuit 130 produces the three signals, namely the shift and read control signal RE, the write signal WR and the initialization signal RST which are applied to the memory 140. With an input circuit of this kind, an instruction given by the reader is thus interpreted by decoding the logic state of the binary signals SA, SB received at the input terminals 101 and 103.
However, the card must be protected against involuntary programming of certain cells of the memory, or else the smart card will be destroyed. For example, when the card is not being used and its input terminals are left floating, the read circuits 110, 120 should not be capable of giving the combination A=1 and B=1 which corresponds to the write command WR.
For this purpose, a protection device may be added to the input circuit which favors a particular combination when the input terminals of the card are left floating, for example A=0 and B is equal to any value, or else A=1 and B=0 which corresponds to the shift and read command. The state A=1 and B=1 corresponding to a write command is thus prevented when the card is unused and the risks of involuntary programming of the card are minimized.
The protection device may for example be a parallel resistor ra such as the one shown in FIG. 1, an input terminal of the resistor ra being connected to the input terminal 101 and its other terminal being connected to the ground. Thus, when the input terminal 101 is left floating, the first read circuit 110 gives the binary data element A=0. The protection device may also comprise a resistor rb as shown in dashes in FIG. 1, which comprises an input terminal connected to the input terminal 101 and another terminal to which the supply voltage Vcc is applied. When the input terminal 101 is left floating, then the first read circuit 110 gives the data element A=1. In this case, care will then be taken to add a resistor rc, connected between the input terminal 103 and the ground, to the protection device to ensure B=0 and thus prevent the combination A=1 and B=1 corresponding to a write command.
The adding of a protection device thus removes the risk of the involuntary programming of the memory of the card when this card is not used. However, the smart cards often operate in difficult environments and the involuntary programming of certain cells of the memory can also occur with a circuit such as the one of FIG. 1, during the use of the card. Such errors of interpretation of instructions appear especially when the contacts between the output terminals of the reader and the corresponding input terminals of the card are of poor quality, when a brush of the reader is defective or else, more frequently, when a contact is slightly oxidized. Indeed, it has been observed that when a contact is poor, a write command WR may be interpreted as a shift and read command RE. Or, conversely, a shift and read command may be interpreted as a write command WR, the consequence of which is an involuntary programming of a cell of the memory and a risk that the card will become incapable of operating.
To eliminate the risk of the card being put out of order through poor contact between the card and the brushes of the reader, the invention provides an integrated circuit card comprising an input circuit and a write accessible memory, the input circuit receiving a first binary signal transmitted by direct contact between the card and a reader and producing a write control signal that is dependent on a first binary data to control the memory. The input circuit includes a first comparator that receives the first binary signal and produces the first data element representing the voltage level of the first binary signal with respect to a first reference voltage, and a control circuit that receives the first binary signal and produces a validation signal that is inactive if the voltage level of the first binary signal is between the first reference voltage and a second reference voltage that is below the first reference voltage. The validation signal is active if the level of the first binary signal is higher than the first reference voltage or if it is lower than the second reference voltage. Also, an inhibition circuit inhibits the write control signal when the validation signal is inactive.
Preferably, the first comparator comprises a positive input terminal to which the first binary signal is applied and a negative input terminal to which the first reference voltage is applied, the first comparator giving the first data element at an output terminal, the first data element being in a first logic state if the level of the first binary signal is higher than the first reference voltage and being, if not, in a second logic state. The control circuit comprises a second comparator comprising a positive input terminal to which the first binary signal is applied and a negative input terminal to which the second reference voltage is applied. The second comparator gives a second data element at an output terminal, the second data element being in the first logic state if the level of the first binary signal is higher than the second reference voltage and being, if not, in the second logic state. Also, a first logic gate includes two input terminals connected respectively to the output terminals of the first and second comparators and an output terminal to give the validation signal. The validation signal is active if the first and second data elements are in the same logic state, the validation signal being inactive if the first and second data elements are in different logic states.
Preferably again, the control circuit furthermore comprises a flip-flop circuit to store and produce the validation signal when an active edge of a clock signal is received and a second logic gate to keep the validation signal inactive. The flip-flop circuit comprises a D input terminal connected to an output terminal of the second logic gate, a clock input terminal to which the clock signal is applied, an initialization input terminal and a Q output terminal to give the validation signal. The second logic gate has two input terminals respectively connected to the output terminal of the logic gate and to the Q output terminal of the flip-flop circuit.
According to one embodiment, the input circuit also receives a second binary signal and produces a shift and read control signal and an initialization control signal each depending on the first and second binary signals. Preferably, the control circuit in this case comprises a third logic gate to make the validation signal active when a power-on signal is received or when the initialization control signal is produced by the input circuit. The third logic gate comprises two input terminals to which the power-on signal and the initialization control signal are applied respectively, and an output terminal connected to the initialization input terminal of the flip-flop circuit.
According to one embodiment, the inhibition circuit comprises a fourth logic gate comprising two input terminals to which there are respectively applied the write control signal and the validation signal. The fourth logic gate also comprises an output terminal to give either the write control signal if the validation signal is active or a zero control signal if the validation signal is inactive.
Preferably, the integrated circuit card furthermore comprises an output terminal to give the validation signal to the reader of the card. Preferably finally, the integrated circuit card has a protection device comprising a first resistor and a second resistor, the first resistor being connected between the input terminal and the ground, the second resistor being connected between the input terminal and the supply input terminal.
The invention thus proposes to deactivate the functioning of the card, and especially any write operation, if the level of the first binary signal is in a zone of uncertainty ranging between the first and second reference voltages. Indeed, if the level of the first binary signal ranges from the first reference voltage to the second reference voltage, it is considered to be the case that there may be a doubt on the voltage level of the first binary signal received, because its level does not correspond to the level that the reader has truly applied (in the case of poor contact). In this case, the voltage level of the first binary signal is deemed to be incapable of being read and interpreted accurately by the input circuit and it is considered in this case to be preferable to turn the circuit off. For this purpose, the control circuit of the invention produces an inactive validation signal which places the card in off mode and makes the control signals, especially the write control signal, inactive by means of the inhibition circuit. No write operation can take place thereafter. This removes the risks of invalidation of the card due to poor contact, during the use of the card.
The reader then reports an anomaly to the user and suggests that he should remove his card and, if necessary, reinsert it. If the non-functioning of the card is due only to poor contact between the card and the reader, it often suffices to remove the card and then reinsert it into the reader one or more times, if necessary in order to rid the contacts of the fine oxide layer that covers them. The card is therefore no longer non-functional because of poor contact and can be reused.
Conversely, if the voltage level of the first binary signal is higher than the first reference voltage or lower than the second reference voltage, it is deemed to be the case that is no doubt about the voltage level of the first binary signal. In this case, the control circuit produces an active validation signal. The input circuit then works in a standard way.