1. Field of the Invention
This invention relates to a microcomputer for an IC card and, more particularly, to a microcomputer including a user program for performing various processes and a test program for performing a test (a product test) of the microcomputer.
2. Description of the Related Art
An IC card including a microcomputer of the foregoing type has been disclosed in Japanese Published Patent Application 2-293196. The test program performs a product test to which the microcomputer is subjected, the test program giving access to any arbitrary address of all regions of the microcomputer to perform the function test satisfactorily. The test program is usually used by a manufacturer (of the microcomputer) or an issuer, and execution of the test program and access to the same must be secured by means of collation of passwords or the like after shipment of the IC card in order to prevent abuse of the test program, e.g., giving access to a region of another person's program for copying or falsifying data.
FIG. 13 is a functional block diagram of a conventional microcomputer for an IC card of the foregoing type. Referring to FIG. 13, reference numeral 1 represents a microcomputer for an IC card (hereinafter called a microcomputer for a card), 2 represents a CPU for processing data, 3 represents a mask ROM, a nonvolatile memory in which a variety of programs are stored, 4 represents a RAM, a volatile memory for temporarily storing data, and 5 represents an input/output control circuit for controlling data input to and output from an external device. Reference numeral 6 represents an EEPROM, a write-enable nonvolatile memory for storing data of the results of a process or the like, and 7 represents a bus mutually connecting the foregoing elements. Reference numeral 8 represents a power source terminal (a Vcc terminal), 9 represents a ground terminal (a GND terminal), 10 represents a reset terminal (an RST terminal), 11 represents a clock terminal (a CLK terminal) and 12 represents an input/output terminal (an I/O terminal). The foregoing terminals form a terminal group for establishing electrical contact with an external device.
FIG. 14 is a flow chart of the operation of the conventional microcomputer for a card. FIGS. 15A and 15B illustrate memory maps for the conventional microcomputer for a card. FIG. 15A illustrates a memory map for executing the user program and FIG. 15B is a memory map for executing the test program. Referring to FIGS. 14, 15A, and 15B, a branch routine 34 is performed in step S2 shown in FIG. 14. A user program 31, a test program 32, and a burn-in test program 33 are respectively performed in a user mode (step S3), a test mode (step S5), and a burn-in mode (step S6). A password confirmation routine 35 is performed in a password confirmation routine (step S4). Reference numeral 61 represents a test EEPROM that cannot be accessed from the user mode. The test EEPROM region 61 is realized by using a means for limiting addresses to prevent access thereto in, for example, the user mode. The detailed structure of the test EEPROM region has been disclosed in Japanese Published Patent Application 2-293196. In the password confirmation routine 35, a password to be subjected to a collation with a key code supplied from outside is stored in the test EEPROM region 61. Referring to FIGS. 15A and 15B, the EEPROM 6 and the test EEPROM region 61 are stored in the EEPROM 6, while the branch routine 34, the password confirmation routine 35, the user program 31, the test program 32, and the burn-in test program 33 are stored in the mask ROM 3.
Referring to the flow chart shown in FIG. 14, the microcomputer 1 for an IC card is connected to an external device at the Vcc terminal 8, the GND terminal 9, the RST terminal 10, the CLK terminal 11, and the I/O terminal 12. When a reset signal is received from outside through the RST terminal 10 (step S1), the CPU 2 executes the branch routine 34 previously stored at a predetermined address in the mask ROM 3 (step S2). In the branch routine 34, the branch routine 34 causes branching to the user mode to take place if a user mode execution command has been supplied through the I/O terminal 12 (step S3). In the user mode, serial data supplied from outside is serial/parallel converted by the input/output control circuit 5, the parallel data being then received by the CPU 2 through the bus 7. The CPU 2 processes the data in accordance with the user program 31 so that data that must be temporarily stored is stored in the RAM 4. Data concerning the results of the process or the like, which must always be stored, is stored in the EEPROM 6. Data to be transmitted outside is parallel/serial converted by the input/output control circuit 5 and the serial data being transferred outside through the I/O terminal 12 (step S3).
If a test mode execution command has been received in the branch routine (step S2) through the I/O terminal 12, branching to the test mode (step S5) takes place. Prior to branching to the test mode, the password confirmation routine 35 (step S4) is performed in order to prevent access to the foregoing test program 32. In the password confirmation routine 35, the key code supplied through the I/O terminal 12 and the password previously stored in the test EEPROM region 61 in the EEPROM 6 are collated with each other. If they agree, branching to the test mode (step S5) is permitted so that the test is performed in accordance with the test program 32. The test program 32, as described above, accesses any arbitrary address so that the CPU 2 gives access to each address in accordance with the test program 32 to perform the product test. If the key code and the password do not agree in the password confirmation routine 35 (step S4), branching to the test mode (step S5) cannot be performed and, therefore, the operation of the microcomputer for an IC card is stopped.
If a burn-in mode execution command has been supplied through the I/O terminal in the branch routine (step S2), branching to the burn-in mode (step S6) takes place so that the CPU 2 performs any one of a burn-in test selected from a group consisting of a read-only burn-in test, a write burn-in test, and a dummy write burn-in test by selecting a mode in accordance with the burn-in test program 33.
Since the conventional microcomputer for an IC card has been constituted as described above, the test program can be performed even after the shipment if the test mode execution command has been supplied in the branch routine and if the key code supplied from outside and the password agree by chance in the password confirmation routine. In this case, there arises a problem in that access to data of another person can be obtained through the test program and, therefore, the data can be copied or falsified. Further, similar to the test program, the burn-in test program having access to any arbitrary address in all regions of the microcomputer is provided with no security means against the execution of and access to the burn-in test program. Therefore, branching to the burn-in test program can easily be performed simply by inputting a burn-in mode execution command in the branch routine, causing a problem in that access to data of another person can be given through the burn-in test program.
There arises another problem in that the burn-in mode has no means for detecting whether a mode has been normally selected during the execution of the burn-in test.