Field of the Invention
The invention relates to a method and circuit for protecting circuit configurations having an electrically programmable non-volatile or read-only memory that is partly used as a non-volatile counter, against boundary-value, marginal, ambiguous, or non-definite programming of the memory region forming the counter, in which an access check is provided in the circuit configuration by comparison of a check code to be fed in with a secret code stored in the non-volatile memory.
As is well-known, integrated circuits having an electrically programmable non-volatile memory, of the EPROM or EEPROM type, are used on chip cards. As a protection against unauthorized misuse of the chip cards, the chip cards often have a security logic that makes certain user functions such as readout, writing, erasure or comparison of the memory contents dependent on the use of a data comparison, which is internal to the chip, between code data stored in non-volatile fashion in the memory and secret check data, which for instance are to be fed in by a user at a terminal.
In many cases, it is desirable for security reasons to make each use of this secret code detectable, so that even if the secret code is divulged or used in an unauthorized fashion, control over access to the memory is maintained. This makes it possible to detect unauthorized use and to limit the number of unauthorized attempts to use it.
German Patent DE-PS 26 21 269 discloses a data carrier configuration having a data memory, in which the writing-in of data into the data memory or the readout of data from the data memory is enabled only after positive comparison of a code stored in a code data memory of the data carrier configuration with a check code that is to be entered separately, and in which the readout of the code contained in the code data memory to the comparison device is possible, but any change in the code data memory contents is impossible.
German Published, Non-Prosecuted Application DE-OS 33 15 047, corresponding to U.S. Pat. No. 4,680,736, for instance, discloses an integrated circuit in which the erasure of a EEPROM memory range remains non-volatile and always remains detectably stored in a counter that records in non-volatile fashion.
Published European Application No. 0 128 362 discloses a circuit configuration having a memory and a security logic in which the usage authorization must be proved by the input of the check data. These check data are compared in the circuit configuration with code data stored in memory, and the usage authorization is made dependent on the correct data comparison. In order to prevent discovery of the secret code by frequent trial and error, the security logic is constructed in such a way that each attempt is recorded in a memory used in the form of an error counter, the counting range of which limits the number of possible unsuccessful attempts at access. An erasure of the corresponding memory cells, or a resetting of this counter is only possible after a correct input of check data.
In circuits according to German Published, Non-Prosecuted Application DE-OS 33 15 047, corresponding to U.S. Pat. No. 4,680,736, the number of total attempts at access, and in circuits according to Published European Application No. 0 128 362, the number of attempts at access with incorrect control data, are limited by the counter range of a check counter.
In other words, the goal for a defrauder is to manipulate the counter memory in order to attempt to misappropriate the secret code of a circuit configuration of this kind by trial and error. In circuit configurations having a non-volatile data memory in which the memory contents can be decreased, such as smart debit cards, a direct manipulation of the non-volatile data memory of this circuit configuration is attractive to a defrauder.
Such a manipulation can be made by boundary-value programming of bits in a non-volatile memory, in particular a data memory or a counter memory, in such a way that they appear either as "zero" or as "one", as a function of operating parameters such as voltage, temperature, and so forth. Such boundary-value, ambiguous programming is possible in principle by reducing the programming voltage or the programming time.
In the case of boundary-programmed counter bits that can be evaluated as either zero or one, it is possible to circumvent the limitation of the number of attempts at access, which is dictated by the counting range of an enable counter or error counter, such as may be provided in circuits according to German Published, Non-Prosecuted Application DE-OS 33 15 047, corresponding to U.S. Pat. No. 4,680,736 or Published European Application Nos. 0 128 362, 0 127 809, 0 224 639 or 0 214 390.
Especially when using chip cards, if a defrauding user of the card can attain advantages by manipulation of usage units or erasure events, the boundary-value programming represents a weak link in the security chain.