1. Field of the Invention
The present invention relates to a microcomputer having an IC card interface section connected so as to be in communication with an external apparatus comprising an IC card, and a non-volatile memory which stores data, including a CPU program to be executed by a CPU. More specifically, it relates to a microcomputer capable of changing the CPU program and/or data stored in the non-volatile memory even after shipping of the microcomputer by the manufacturer after production, and a system and method for changing the memory contents of the memory in the microcomputer.
2. Description of the Related Art
FIG. 15 is a block diagram showing a configuration of a conventional microcomputer composed of an IC card interface section connected so as to be in communication with an external apparatus comprising an IC card, and a non-volatile memory which stores a CPU program executed by a CPU.
In FIG. 15, reference numeral 100 designates a conventional microcomputer having an IC card interface 190 which connects to an external apparatus comprising an IC card, a program memory 120 which stores a CPU program, and other programs; 110 designates a CPU which executes the CPU program stored in the program memory 120; 120 designates a program memory which stores a CPU program executed by the CPU 110; 130 designates a data memory which stores data to be used when the CPU program is executed. For example, data such as personal information and password, control data such as file ID for user data control, and other similar data. The program memory 120 and the data memory 130 are non-volatile memories such as EEPROMs.
Reference numeral 140 designates a data memory which is a RAM temporarily storing data read from the data memory 130 when the CPU 110 executes the CPU program, or data obtained from execution of the CPU and 150 designates a ROM storing a boot program which executes writing, or storing, of the CPU program stored in the program memory 120.
Reference numeral 160 designates a programming inhibition circuit in which a boot program stored in the ROM 150 is set to a state in which the CPU 110 made unavailable to allow the CPU program, which is written in the program memory 120 during the production of the microcomputer 100, to be set to xe2x80x9cNO CHANGExe2x80x9d. Reference numeral 170 designates an encryption circuit which verifies using encryption key data and similar data so as to determine whether or not the external apparatus, connected via a port 180, or an external apparatus, including an IC card connected via an IC card interface 190, corresponds to a predetermined counterpart with which communication can be established.
Reference numeral 180 designates a port connected so as to be in communication with an external apparatus; 190 designates an IC card interface which is connected so as to be in communication with an external apparatus comprising the IC card and which operates the IC card in synchronization with the microcomputer 100 by supplying power supply and clock signals; and 200 designates a bus, including a data bus, an address bus, and similar buses, connected to the aforementioned components in the microcomputer 100 to conduct the transmission/reception of control signals and data.
The operation will be next described below.
Since the present invention is characterized by allowing the CPU program of microcomputers to be changeable even after the microcomputers have been shipped, a write operation of the CPU program during the production of the conventional microcomputer 100 herein will be described.
The CPU program executed by the CPU 110 performs functions relating to the purpose for which the microcomputer 100 was designed. The CPU program matching the purpose of the microcomputer 100 is installed in the program memory 120 during the production of the microcomputer 100. The install operation is conducted by executing the boot program in which the CPU 110 reprograms or writes the contents of the program memory 120.
The above-mentioned operation will be described specifically.
First, connected with the microcomputer is a program load apparatus (not shown) which transmits the CPU program to be stored in the program memory 120 via the port 180 or IC interface 190. Then, when the CPU 11 executes the boot program stored in the ROM 150, the CPU program and data to be stored in the data memory 130 are received from the program load apparatus. Thus, the portion of the received data that is the CPU program is loaded to the program memory 120, and the other data is loaded into the address of the data memory 130 in which it is to be stored. When the storing of the data including the CPU program to the program memory 120 and the data to the data memory 130, is completed, the boot program operates the programming inhibition circuit 160. The programming prohibition circuit 160 writes status information, which inhibits the use of the boot program, in the program memory 120. As a result, the contents of the program memory 120 will never be changed again. Note that the data memory 130 may be changed independently from the program written in the program memory 120.
As described above, when the microcomputer 100 is set such that reprogramming the CPU program (which is written during the production of the microcomputer 100) is not possible, it is intended that the CPU program and information in the data memory 130 cannot be altered inaccurately (i.e., a malicious user cannot change the contents of the program memory 3 and data memory 4) after the microcomputer 100 is shipped.
The operation of the IC card interface 190 will be next described.
FIG. 16 is a block diagram showing the IC card interface of the conventional microcomputer as described above. In FIG. 16, reference numeral 210 designates a switch circuit which controls power to be supplied from the power supply 220 of the microcomputer 100 to the IC card. The same reference numerals above denote the same components as those of FIG. 15 and these redundant descriptions will be omitted.
The summary will be next described.
The IC card (not depicted) connected with the microcomputer 100 via the IC card interface 190 is supplied with ground potential via a GND terminal, and supplied with power supply voltage Vcc from the power supply 220 via the switch circuit 210. Then, the operation clock signal is supplied from a CLK terminal for synchronous control of the microcomputer 100, and a reset signal is supplied from a RST terminal to initialize the operation of the microcomputer inside the IC card. Thereafter, when the reset status is released by a reset signal having a low (xe2x80x9cLxe2x80x9d) level, the IC card returns a discrimination signal via an input/output terminal denoted by I/O in FIG. 16.The microcomputer 100 recognizes the discrimination signal, and the microcomputer 100 and IC card are set to be in a condition so as to communicate with one another via the input/output terminal denoted by I/O. The encryption circuit 170 shown in FIG. 15 verifies whether or not that IC card is a predetermined IC card which should be permitted to communicate with the microcomputer 100. Specifically, the circuit 170 checks as to whether the microcomputer 100 and the above IC card have common encryption key data or not, and determines that the IC card is the above predetermined IC card when they have common encryption key data.
Since the conventional microcomputer with such an arrangement cannot change information of the CPU program and the data memory 130 after the microcomputer 100 is shipped, it has a problem that inadequacies of the CPU program and data memory 130 cannot be changed when these inadequacies are found after the microcomputer 100 is shipped.
In addition, there is a problem that even when a version change is provided for the functions of the CPU program, a revision for the microcomputer after shipping cannot be carried out.
Further, since the microcomputer 100, incorporating the conventional IC card interface 190, does not feed the power supply to the IC card while taking into consideration the power supply voltage of the microcomputer 100, a drop in the power supply voltage of the microcomputer 100 occurs when power is supplied to the IC card, so that the operation of the microcomputer 100 may become unstable. Thus, there is a problem that since the verification operation of the IC card, e.g., by means of the encryption circuit 170, becomes unstable, there occurs an inconvenience in that the microcomputer 100 can not verify even the predetermined IC card.
Specifically, the above-mentioned problem will be described.
FIG. 17 is a graph showing relationships between respective power supply voltages of the IC card and the conventional microcomputer, and time of passage from the beginning of feeding the power supply voltage to the IC card at the IC card interface section in FIG. 16. In FIG. 17, a dotted line denoted by symbol xe2x80x9cbxe2x80x9d designates a power supply voltage value of the microcomputer 100, and a dotted line denoted by symbol xe2x80x9ccxe2x80x9d designates a power supply voltage value of the IC card.
As shown in FIG. 17, since the conventional microcomputer 100 does not feed the power supply to the IC card by taking into consideration of its own power supply voltage, the power supply voltage drops in accordance with an increase of the power supply voltage to the IC card upon feeding of the power supply to the IC card. Such a drop of the power supply of the microcomputer 100 causes an unstable operation, resulting in the aforementioned inconveniences.
The present invention is implemented to solve the foregoing problems. It is therefore an object of the present invention to provide a microcomputer when an external apparatus connected via an IC card interface section is set so as to be in communication with the microcomputer, a program load apparatus is discriminated, or detected, based on a discrimination signal to be transmitted from the external apparatus, and the contents of memory which stores data, including a CPU program, may be changed even after the microcomputer has been shipped.
In addition, it is an object of the present invention to provide a microcomputer that can reduce unstable operation which may occur upon insertion of an external apparatus via an IC card interface section, when a power supply is fed to an IC card taking into consideration the a power supply voltage of the microcomputer.
Further, it is an object of the present invention to provide a system for changing the memory contents of a microcomputer when an external apparatus connected via an IC card interface section is set so as to be in communication with the microcomputer, a program load apparatus is detected based on a discrimination signal to be transmitted from the external apparatus, and the contents of a memory which stores data containing a CPU program may be changed even after the microcomputer has been shipped.
According to a first embodiment of the present invention, a microcomputer is provided comprising: a memory for storing data, including a CPU program to be executed by a CPU; an IC card interface section adapted to be connected with an external apparatus comprising an IC card; a discrimination information storing unit which is set in advance with information associated with a discrimination signal which may identify the external apparatus connected via the card interface section; external apparatus discrimination means for discriminating the external apparatus when it is connected to the IC card interface section by comparing the discrimination signal with the information associated with the discrimination signal which is set in the information storing unit, when a power supply, a clock signal and initializing of an operation are fed to the external apparatus which is connected so as to be in communication with the microcomputer via the IC card interface section; and memory contents change means for executing the changing contents of the memory by receiving new data from the external apparatus when the external apparatus discrimination means discriminates, based on the discrimination signal, that an external apparatus which is adapted to send data associated with the changing of the contents of the memory is connected via the IC card interface section.
According to this exemplary embodiment of the invention, the microcomputer may comprise: a port section connected so as to be in communication with an external apparatus; and port status validation means for discriminating whether or not the port section is in a connection status corresponding to a time for changing contents of the memory, and the memory contents change means may receive the data from the external apparatus which transmits the data associated with the changing of contents of the memory and executes the changing of the contents of the memory, when the port status validation means discriminates that the port section is in the connection status corresponding to the time for changing contents of the memory.
According to this exemplary embodiment of the invention, the microcomputer may comprise delay control means for delaying the start of an operation by the IC card connected via the IC card interface section starts an operation, for the period of time in which the memory means requires to change the contents of the memory.
According to this exemplary embodiment of the invention, the microcomputer may comprise: a reload program storing unit for storing a reload program which when executed changes the CPU program stored in the memory; and programming inhibition means for inhibiting use of the reload program; and memory contents change means capable of releasing the inhibition of the reload program set by the programming inhibition means and executing the changing of the contents the memory based on the reload program, when the external apparatus discrimination means discriminates, based on the discrimination signal, that an external apparatus which may transmit the data associated with the changing of the contents of the memory is connected to the microcomputer via the IC card interface section.
According to this exemplary embodiment of the invention, the microcomputer may comprise power supply feed means for feeding power in stages up to a power value in which the external apparatus including the IC card and connected via the IC card interface section starts to be operable.
According to a second embodiment of the present invention, a system for changing memory contents of a microcomputer is provided comprising: a memory for storing data containing a CPU program executed by a CPU; and an IC card interface section connected so as to be in communication with an external apparatus including an IC card, further including connection means for connecting the microcomputer with the IC card interface section, and a program load apparatus for creating data associated with a changing of the contents of the memory to transmit the created data to the microcomputer, wherein the microcomputer includes: a discrimination information storing unit which is set in advance with information associated with a discrimination signal which may identify the external apparatus connected via the IC card interface section; external apparatus discrimination means for discriminating the external apparatus when it is connected to the IC card interface section by comparing the discrimination signal with the information associated with the discrimination signal which is set in the discrimination information storing unit, when a power supply, a clock signal and initializing of an operation are fed to the external apparatus which is connected so as to be in communication with the microcomputer via the IC card interface section; and memory contents change means for executing the changing of the contents of the memory by receiving the data associated with the changing of the contents of the memory from the program load apparatus, when the external apparatus discrimination means discriminates that the program load apparatus is connected via the IC card interface section based on the discrimination signal.
According to this exemplary embodiment of the invention, the microcomputer may include: a port section connected so as to be in communication with the external apparatus; and port status validation means for discriminating whether or not the port section is in a connection status corresponding to a time for changing contents of the memory is previously set, and the memory contents change means may receive the data from the external apparatus which transmits the data associated with the changing of the contents the memory and executes the changing of the contents of the memory, when the port status validation means discriminates that the port section is in the connection status corresponding to the time for changing contents of the memory.
According to this exemplary embodiment of the invention, the program load apparatus and microcomputer may each include verification means for encrypting data to be transmitted, sharing cipher key data which may decrypt received data, and verifying a counterpart to transmit/receive data with one another based on the cipher key data, and the memory contents change means may receive and decrypt the data which is associated with the changing of the contents of the memory and wherein the program load apparatus encrypts with the cipher key data, and executes the changing of the contents of the memory, when the verification means verifies that the program load apparatus which the external apparatus discrimination means determines is connected to the microcomputer via the IC card interface section is a counterpart with which data can be transmitted/received.
According to this exemplary embodiment of the invention, the memory contents change means may reload so as to be applicable to only a mutual verification between the program load apparatus and the microcomputer after changing the contents of the memory.
According to this exemplary embodiment of the invention, the microcomputer may include delay control means for delaying starting of an operation by the IC card connected via the IC card interface section, by a period of time in which the memory contents change means takes to change the contents of the memory.
According to this exemplary embodiment of the invention, the microcomputer may include: a reload program storing unit for storing a reload program which may execute a change of the data containing the CPU program stored in the memory; and programming inhibition means for inhibiting use of the reload program, and the memory contents change means may release use inhibition of the reload program set by the programming inhibition means, and executes the changing of the contents of the memory based on the reload program, when the external apparatus discrimination means discriminates, based on the discrimination signal, that a program load apparatus is connected to the microcomputer via the IC card interface section.
According to a third embodiment of the present invention, a method for changing memory contents of a microcomputer is provided which includes: a memory for storing data containing a CPU program executed by a CPU; and an IC card interface section connected so as to be in communication with an external apparatus including an IC card, the method comprising: an initialization step of setting a status of the external apparatus to be in communication with the microcomputer by feeding a power supply, a clock signal and initializing of an operation to the external apparatus connected via the IC card interface section; an external apparatus discrimination step of discriminating whether the external apparatus is connected to the microcomputer based on a discrimination signal to be transmitted from the external apparatus after the initialization step; and a step of changing the memory contents, when a program load apparatus, which may transmit data associated with the changing of the contents of the memory, is discriminated to be connected via the IC card interface section at the external apparatus discrimination step, receiving the data from the program load apparatus and executing the changing of the contents of the memory.