Microcomputer and memory contents change in the microcomputer

Information

  • Patent Application
  • 20020013884
  • Publication Number
    20020013884
  • Date Filed
    December 06, 2000
    24 years ago
  • Date Published
    January 31, 2002
    22 years ago
Abstract
There is provided a microcomputer comprised of: an external apparatus discrimination means for discriminating an external apparatus connected via an IC card interface section, based on a discrimination signal to be transmitted, when a communicatable status is set by feeding a power supply and a clock signal and initializing an operation; and memory contents change means for receiving data from the external apparatus and executing contents change of a memory, thereby finding and modifying a failure of a CPU program.
Description


BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention


[0002] The present invention relates to a microcomputer having an IC card interface section connected communicatably with an external apparatus including an IC card, and a non-volatile memory which stores data including a CPU program executed by a CPU. More specifically, it relates to a microcomputer capable of changing the CPU program and/or data in the non-volatile memory even after production shipping of the microcomputer, and a memory contents change system and a memory contents change method of the microcomputer.


[0003] 2. Description of Related Art


[0004]
FIG. 15 is a block diagram showing a configuration of a conventional microcomputer composed of an IC card interface section connected communicatably with an external apparatus including an IC card, and a non-volatile memory which stores a CPU program executed by a CPU.


[0005] In FIG. 15, reference numeral 100 designates a conventional microcomputer having an IC card interface 190 which connects communicatably with an external apparatus including an IC card, a program memory 120 which stores a CPU program executed by a CPU 110, and the like; 110 designates a CPU which executes the CPU program stored in the program memory 120; 120 designates a program memory which stores a CPU program executed by the CPU 110 and is provided by a non-volatile memory such as EEPROM; 130 designates a data memory which stores data to be used when the CPU program is executed, user data such as personal information and password, control data such as file ID for user data control, and the like, and which is provided by a non-volatile memory such as EEPROM as well as the program memory 120.


[0006] Reference numeral 140 designates a data memory which is a RAM storing temporarily data read from the data memory 130 when the CPU 110 executes the CPU program, or data obtained as an executed result; and 150 designates a ROM storing a boot program which executes a write of the CPU program stored in the program memory 120.


[0007] Reference numeral 160 designates a programming inhibition circuit in which a boot program stored in the ROM 150 is set to a state where the CPU 110 is not available in order to set the CPU program, which is written in the program memory 120 on the production of the microcomputer 100, to “NO CHANGE”; and 170 designates an encryption circuit which verifies with encryption key data and the like as to whether the external apparatus including the IC card connected via a port 180 and an IC card interface 190 corresponds to a predetermined counterpart to be communicated or not.


[0008] Reference numeral 180 designates a port connected communicatably with the external apparatus; 190 designates an IC card interface which is connected communicatably with the IC card and which operates the IC card in synchronization with the microcomputer 100 by supplying power supply and clock signals; and 200 designates a bus including data bus, address bus, and the like, connected to the aforementioned components in the microcomputer 100 to conduct the transmission/reception of control signals and data.


[0009] The operation will be next described below.


[0010] Since the present invention is characterized by setting a CPU program of microcomputers changeable even after these shipping, a write operation of the CPU program on the production of the conventional microcomputer 100 herein will be described.


[0011] The CPU program relating to the aforementioned functions executed by the CPU 110 achieves a function relating to a purpose of the microcomputer 100. The CPU program matching the purpose of the microcomputer 100 is installed in the program memory 120 on the production. The install operation is conducted by executing the boot program in which the CPU 110 reprograms or writes the contents of the program memory 120.


[0012] The above-mentioned operation will be described specifically.


[0013] First, connected with the microcomputer is a program load apparatus (not shown) which transmits the CPU program to be stored in the program memory 120 via the port 180 or IC interface 190. Then, when the CPU 11 executes the boot program stored in the ROM 150, the CPU program and data to be stored in the data memory 130 is received from the program load apparatus. Thus, the received data such as the CPU program is loaded to the program memory 120 and the address of the data memory 130 to be stored. When the storing of the data such as the CPU program to the program memory 120 and the data memory 130 is completed, the boot program operates the programming inhibition circuit 160. The programming prohibition circuit 160 writes status information, which inhibits the use of the boot program, in the program memory 120. As a result, the contents of the program memory 120 will never be changed again. Note that the data memory 130 may be changed from the program written in the program memory 120.


[0014] As described above, when it is set to be unable to reprogram the CPU program which is written on the production of the microcomputer 100, it is intended that the CPU program and information of the data memory 130 cannot be altered with injustice after shipping of the microcomputer 100.


[0015] The operation of the IC card interface 190 will be next described.


[0016]
FIG. 16 is a block diagram showing the IC card interface of the conventional microcomputer as described above. In FIG. 16, reference numeral 210 designates a switch circuit which controls power to be supplied from the power supply 220 of the microcomputer 100 to the IC card. The same reference numerals above denote the same components as those of FIG. 15 and these redundant descriptions will be omitted.


[0017] The summary will be next described.


[0018] The IC card (not depicted) connected with the microcomputer 100 via the IC card interface 190 is supplied with ground potential via GND terminal, and supplied with power supply voltage Vcc from the power supply 220 via the switch circuit 210. Then, the operation clock signal is supplied from CLK terminal for synchronous control of the microcomputer 100, and a reset signal is supplied from RST terminal to initialize the operation of the microcomputer inside the IC card. Thereafter, when the reset status is released by L level of the reset signal, the IC card returns a discrimination signal via an input/output area denoted by I/O, and the microcomputer 100 recognizes the discrimination signal, the microcomputer 100 and IC card are set to a communicatable condition via the input/output area denoted by I/O. The encryption circuit 170 shown in FIG. 15 verifies as to whether that IC card is a predetermined IC card which should communicate with the microcomputer 100 or not. Specifically, The circuit 170 checks as to whether the microcomputer 100 and the above IC card have common encryption key data or not, and determines the IC card as the above predetermined IC card when they have the common encryption key data


[0019] Since the conventional microcomputer with such an arrangement cannot change information of the CPU program and the data memory 130 after shipping of the microcomputer 100, it has a problem that inadequacies of the CPU program and data memory 130 cannot be changed any longer after the shipping with all finding of these inadequacies.


[0020] In addition, there is a problem that even when a version change is provided for the functions of the CPU program, a revision for the microcomputer after shipping cannot be carried out.


[0021] Further, since the microcomputer 100 incorporating the conventional IC card interface 190 does not feed the power supply to the IC card in consideration of the power supply voltage of the microcomputer 100, a drop of the power supply voltage of the microcomputer 100 occurs when the power is supplied to the IC card, so that the operation of the microcomputer 100 becomes probably unstable. Thus, there is a problem that since the verification operation of the IC card, e.g., by means of the encryption circuit 170 becomes unstable, there occurs an inconvenience in which that the microcomputer 100 does not verify even the predetermined IC card


[0022] Specifically, the above-mentioned problem will be described.


[0023]
FIG. 17 is a graph showing relationships between respective power supply voltages of the IC card and the conventional microcomputer, and time of passage from the beginning of feeding the power supply voltage to the IC card at the IC card interface section in FIG. 16. In FIG. 17, a dotted line denoted by symbol “b” designates a power supply voltage value of the microcomputer 100, and a dotted line denoted by symbol “c” designates a power supply voltage value of the IC card.


[0024] As shown in FIG. 17, since the conventional microcomputer 100 does not feed the power supply in consideration of its power supply voltage, the power supply voltage drops in accordance with enhancement of the power supply voltage of the IC card upon feeding of the power supply to the IC card. Such a drop of the power supply causes an unstable operation, resulting in the aforementioned inconveniences.



SUMMARY OF THE INVENTION

[0025] The present invention is implemented to solve the foregoing problems. It is therefore an object of the present invention to provide a microcomputer in which when an external apparatus connected via an IC card interface section is set in a communicatable status, a program load apparatus is discriminated based on a discrimination signal to be transmitted from the external apparatus, and contents of a memory which stores data containing a CPU program may be changed even after shipping.


[0026] In addition, it is an object of the present invention to provide a microcomputer which can reduce an unstable operation on insertion of an external apparatus via an IC card interface section, when a power supply is fed to an IC card in consideration with a power supply voltage of a microcomputer main body.


[0027] Further, it is an object of the present invention to provide a memory contents change system of a microcomputer in which when an external apparatus connected via an IC card interface section is set in a communicatable status, a program load apparatus is discriminated based on a discrimination signal to be transmitted from the external apparatus, and contents of a memory which stores data containing a CPU program may be changed even after shipping.


[0028] Further, it is an object of the present invention to provide a memory contents change method of a microcomputer in which when an external apparatus connected via an IC card interface section is set in a communicatable status, a program load apparatus is discriminated based on a discrimination signal to be transmitted from the external apparatus, and contents of a memory which stores data containing a CPU program may be changed even after shipping.


[0029] According to a first aspect of the present invention, there is provided a microcomputer comprising: a memory for storing data containing a CPU program executed by a CPU; an IC card interface section connected with an external apparatus including an IC card; a discrimination information storing unit which is set in advance with information associated with a discrimination signal which may assign the external apparatus connected via the IC card interface section; external apparatus discrimination means for discriminating the external apparatus by comparing the discrimination signal with the information associated with the discrimination signal which is set in the discrimination information storing unit, when feedings of a power supply and a clock signal and initializing of an operation are carried out to the external apparatus connected via the IC card interface section to be set in a communicatable status; and memory contents change means for executing the contents change of the memory by receiving the data when the external apparatus discrimination means discriminates that the external apparatus which communicates data associated with the contents change of the memory is connected via the IC card interface section based on the discrimination signal.


[0030] Here, the microcomputer may comprise: a port section connected communicatably with the external apparatus; and port status validation means for, when a connection status of the port section which may correspond to a contents change time of the memory is previously set, discriminating whether there is in the connection status or not, and the memory contents change means may receive the data from the external apparatus which transmits the data associated with the contents change of the memory and executes the contents change of the memory, when the port status validation means discriminates to be in the connection status of the port section corresponding to the contents change time of the memory.


[0031] Here, the microcomputer may comprise delay control means for delaying a timing in which the IC card connected via the IC card interface section starts an operation, by a period of time in which the memory contents change means requires the contents change of the memory.


[0032] Here, the microcomputer may comprise: a reload program storing unit for storing a reload program which may execute a change of the data containing the CPU program stored in the memory; and programming inhibition means for inhibiting use of the reload program, and the memory contents change means may release use inhibition of the reload program due to the programming inhibition means and executes the contents change of the memory based on the reload program, when the external apparatus discrimination means discriminates to be connected with the external apparatus which may transmit the data associated with the contents change of the memory via the IC card interface section based on the discrimination signal.


[0033] Here, the microcomputer may comprise power supply feed means for feeding power in stages up to a power value in which the external apparatus including the IC card and connected via the IC card interface section comes to be operable.


[0034] According to a second aspect of the present invention, there is provided a memory contents change system of a microcomputer comprising: a memory for storing data containing a CPU program executed by a CPU; and an IC card interface section connected communicatably with an external apparatus including an IC card, further including connection means for connecting with the IC card interface section, and a program load apparatus for creating data associated with contents change of the memory to transmit the resultant data to the microcomputer, wherein the microcomputer includes: a discrimination information storing unit which is set in advance with information associated with a discrimination signal which may assign the external apparatus connected via the IC card interface section; external apparatus discrimination means for discriminating the external apparatus by comparing the discrimination signal with the information associated with the discrimination signal which is set in the discrimination information storing unit, when feedings of a power supply and a clock signal and initializing of an operation are carried out to the external apparatus connected via the IC card interface section to be set in a communicatable status; and memory contents change means for executing the contents change of the memory by receiving the data associated with the contents change of the memory from the program load apparatus, when the external apparatus discrimination means discriminates that the program load apparatus is connected via the IC card interface section based on the discrimination signal.


[0035] Here, the microcomputer may include: a port section connected communicatably with the external apparatus; and port status validation means for, when a connection status of the port section which may correspond to a contents change time of the memory is previously set, discriminating whether there is in the connection status or not, and the memory contents change means may receive the data from the external apparatus which transmits the data associated with the contents change of the memory and executes the contents change of the memory, when the port status validation means discriminates to be in the connection status of the port section corresponding to the contents change time of the memory.


[0036] Here, the program load apparatus and microcomputer may include verification means for encrypting data to be transmitted, sharing a cipher key data which may decrypt received data, and verifying a counterpart to transmit/receive data mutually based on the cipher key data, and the memory contents change means may receive and decrypt the data which is associated with the contents change of the memory and in which the program load apparatus encrypts with the cipher key data, and executes the contents change of the memory, when the verification means makes a decision as a counterpart to transmit/receive data with respect to the program load apparatus in which the external apparatus discrimination means discriminates to be connected via the IC card interface section.


[0037] Here, the memory contents change means may reload so as to be applicable to only a mutual certification between the program load apparatus and the microcomputer after changing the contents of the memory.


[0038] Here, the microcomputer may include delay control means for delaying a timing in which the IC card connected via the IC card interface section starts an operation, by a period of time in which the memory contents change means takes to change the contents of the memory.


[0039] Here, the microcomputer may include: a reload program storing unit for storing a reload program which may execute a change of the data containing the CPU program stored in the memory; and programming inhibition means for inhibiting use of the reload program, and the memory contents change means may release use inhibition of the reload program due to the programming inhibition means, and executes the contents change of the memory based on the reload program, when the external apparatus discrimination means discriminates to be connected with the program load apparatus via the IC card interface section based on the discrimination signal.


[0040] According to a third aspect of the present invention, there is provided a memory contents change method of a microcomputer which includes: a memory for storing data containing a CPU program executed by a CPU; and an IC card interface section connected communicatably with an external apparatus including an IC card, the method comprising: a initialization step of setting a communicatable status by feedings of a power supply and a clock signal and initializing of an operation to the external apparatus connected via the IC card interface section; an external apparatus discrimination step of discriminating the external apparatus based on a discrimination signal to be transmitted from the external apparatus at the initialization step; and a memory contents change step of, when a program load apparatus which may transmit data associated with the contents change of the memory is connected via the IC card interface section at the external apparatus discrimination step, receiving the data from the program load apparatus and executing the contents change of the memory.







BRIEF DESCRIPTION OF THE DRAWINGS

[0041]
FIG. 1 is a block diagram showing a configuration of a microcomputer in accordance with an embodiment 1 of the present invention;


[0042]
FIG. 2 is an explanatory diagram timings of data transmission/reception with respect to an external apparatus including an IC card connected with an IC card interface section in the microcomputer in accordance with the embodiment 1;


[0043]
FIG. 3 is a flow chart showing memory contents change operations of the microcomputer in accordance with the embodiment 1;


[0044]
FIGS. 4A and 4B are schematics of a constitution of a memory contents change system in the microcomputer in accordance with the embodiment 1 of the present invention:


[0045]
FIG. 4A shows a general constitution; and


[0046]
FIG. 4B is a circuit diagram showing a level conversion circuit;


[0047]
FIG. 5 is a block diagram showing a configuration of a microcomputer in accordance with an embodiment 2 of the present invention;


[0048]
FIG. 6 is an explanatory diagram timings of data transmission/reception with respect to an external apparatus including an IC card connected with an IC card interface section in the microcomputer in accordance with the embodiment 2;


[0049]
FIG. 7 is a flow chart showing memory contents change operations of the microcomputer in accordance with the embodiment 2;


[0050]
FIG. 8 is a block diagram showing a configuration of a microcomputer in accordance with an embodiment 3 of the present invention;


[0051]
FIG. 9 illustrates a connection status at the port in the microcomputer in accordance with the embodiment 3;


[0052]
FIG. 10 is a flow chart showing memory contents change operations of the microcomputer in accordance with the embodiment 3;


[0053]
FIG. 11 is a timing chart showing process timings with respect to an external apparatus connected via the IC card interface section in the microcomputer in accordance with the embodiment 3;


[0054]
FIG. 12 is a schematic view showing an IC card interface section of a microcomputer in accordance with an embodiment 5 of the present invention;


[0055]
FIG. 13 is a graph showing the relationship between respective power supply voltages of an IC card, a conventional microcomputer, and the microcomputer in accordance with the embodiment 5 and passage of time from the beginning of feeding a power supply voltage to the IC card in the IC card interface section of FIG. 12;


[0056]
FIGS. 14A and 14B are schematics of an IC card information processor employing the microcomputer in accordance with the embodiment 1 of the present invention:


[0057]
FIG. 14A is a view showing an operation on IC card insertion to the IC card information processor; and


[0058]
FIG. 14B is a view showing a constitution of an IC card interface section;


[0059]
FIG. 15 is a block diagram showing a configuration of a conventional microcomputer;


[0060]
FIG. 16 is a block diagram showing an IC card interface of the conventional microcomputer; and


[0061]
FIG. 17 is a graph showing relationships between respective power supply voltages of the IC card and the conventional microcomputer and time of passage from the beginning of feeding the power supply voltage to the IC card at the IC card interface section in FIG. 16.







DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0062] An embodiment of the present invention will be described below.


[0063] Embodiment 1


[0064]
FIG. 1 is a block diagram showing a configuration of a microcomputer in accordance with an embodiment 1 of the present invention. In FIG. 1, reference numeral 1 designates a microcomputer; 2 designates a CPU (external apparatus determining means, memory contents changing means) which executes a CPU program stored in a program memory 3; and 3 designates a program memory (memory) which stores a CPU program executed by the CPU2, and is provided with an electrically reprogrammable, non-volatile memory such as EEPROM. The program memory 3 stores a program change routine for memory contents change (described later) in addition to the CPU program.


[0065] Reference numeral 4 designates a data memory (memory, discrimination information memorizing section) which stores data to be used when the CPU2 executes the CPU program, user data such as personal data and password, control data such as file ID for user data control, and so on. A non-volatile memory is employed for the data memory as well as the program memory 3. Information relating to a discrimination signal which can specify an external apparatus connected via an IC card interface 9 is set previously in the data memory 4.


[0066] Reference numeral 5 designates a data memory including a RAM which stores temporarily data read from the data memory 4 or data obtained as an execution result when the CPU 2 executes the CPU program; 6 designates a ROM which stores a boot program for executing a write of the CPU program stored in the program memory 3; 7 designates an encryption circuit which verifies with encryption key data and the like as to whether the external apparatus including the IC card connected via a port 8 and an IC card interface 9 corresponds to a predetermined counterpart to be communicated or not; 8 designates a port (port section) connected communicatably with the external apparatus; 9 designates an IC card interface (IC card interface section) which is connected communicatably with the IC card and which operates the IC card in synchronization with the microcomputer 1 by supplying power supply and clock signals.


[0067] Reference numeral 10 designates a programming inhibition circuit in which a boot program stored in the ROM 6 is set to a state where the CPU 2 is not available in order to set the CPU program, which is written in the program memory 3 on the production of the microcomputer 1, to “NO CHANGE”; 11 designates a program contents change means (external apparatus determination means, memory contents change means) which is incorporated in the CPU 2, and which discriminates a program load apparatus based on the discrimination signal transmitted from the above external apparatus when the external apparatus connected via the IC card interface 9 is set in a communicatable state, thereby changing the information contents of the program memory 3 storing the CPU program and the data memory even after shipping; and 12 designates a bus including data bus, address bus, and the like, connected to the aforementioned components in the microcomputer 1 to conduct the transmission/reception of control signals and data.


[0068]
FIG. 2 is a schematic showing timings of data transmission/reception to the external apparatus including the IC card connected with the IC card interface section in the microcomputer in accordance with the embodiment 1.


[0069] The operation will be next described.


[0070] First, connected with the microcomputer is a program load apparatus (not shown) which transmits the CPU program to be stored in the program memory 3 via the port 8 or IC interface 9. Then, when the CPU 2 executes the boot program stored in the ROM 6, the CPU program and data to be stored in the data memory 4 is received from the program load apparatus. Thus, the received data such as the CPU program is loaded to the program memory 3 and the address of the data memory 4 to be stored. When the storing of the data such as the CPU program to the program memory 3 and the data memory 4 is completed, the boot program operates the programming inhibition circuit 10. The programming prohibition circuit 10 writes status information, which inhibits the use of the boot program, in the program memory 3.


[0071] The change operation of the CPU program will be next described.


[0072]
FIG. 3 is a flow chart showing memory contents change operations of the microcomputer in accordance with the embodiment 1. Referring to this flow chart together with FIGS. 1 and 2, the description is as follows.


[0073] First, the external apparatus (not shown) connected via the IC card interface 9 is connected with the microcomputer 1 (step ST4-1). Then, a verification operation is conducted via the IC card interface 9 as to whether the above external apparatus is connected therewith via the IC card interface 9 or not (step ST4-2). At this time, the flow goes to Step ST 4-3 when the above external apparatus is connected via the IC card interface, or the verification operation is conducted by returning to step ST4-2 when not connected. At step ST4-2, when the connection of the above external apparatus is verified, as shown in FIG. 2, ground potential, power supply potential, an operation clock signal, and a reset signal which is set to L level are supplied to the above external apparatus (step ST4-3, initialization step) by the CPU 2 in the microcomputer 1, whereby the operation of a microcomputer in the external apparatus is initialized or reset. Subsequently, the reset status is released when the above reset signal is set to “H” level (step ST4-3, initialization step). The microcomputer 1 and the external apparatus are set to a communicatable state through these operations (activation). Thereafter, the above external apparatus returns ATR information, which is a self-specifying discrimination signal, to the microcomputer 1 (step ST 4-5).


[0074] When the external apparatus connected with the microcomputer 1 via the IC card interface 9 is a normal IC card, a specific data as the above ATR information in conformity with ISO (International Standard Organization) standard is returned to the microcomputer 1. When the microcomputer 1 receives the ATR information in conformity with ISO standard which specifies the IC card, the CPU 2 which functions as the external apparatus determination means performs a comparison by reading the ATR information which is information relating to the discrimination signal which specifies the above external apparatus (step ST 4-6, external apparatus determination step). At this time, in case of the ATR information in conformity with the ISO standard, the CPU2 determines the above external apparatus as the IC card to execute a normal mode processing (step ST 4-7).


[0075] On the other hand, when it is determined that the ATR information is not in conformity with the ISO standard, and corresponds to the program load apparatus which transmits data associated with change of contents of the data memory 4 and the program memory 3 set in advance to the data memory 4, it is determined to be connected with the program load apparatus via the IC card interface 9, and then the program change means 11 incorporated in the CPU 2 begins to execute the program change routine stored in the program memory 3 (step ST4-8, memory contents change step). The program change routine is a program, which is provided other than the boot program stored in the ROM 6, so as to execute a change of the memory contents in the microcomputer 1 after shipping thereof.


[0076] In the step ST 4-8, in accordance with the program change routine, the microcomputer 1 receives the data associated with the contents change of the program memory 3 and the data memory 4 from the program load apparatus via the IC card interface 9, and loads the data to an address of a memory (e.g., data memory 5) other than the data memory 4 and program memory 3 set previously in the program change routine, to complete an operation of the memory contents change (step ST4-9). Since the program change routine executed by the program change means 11 incorporated in the CPU 2 is stored in the program memory 3, the above data is written temporarily in the other memory, and the memory contents change is executed via the bus 12 after the download is completed.


[0077] A memory contents change system of the microcomputer according to the embodiment 1 will be next described.


[0078]
FIGS. 4A and 4B are a view showing schematically a constitution of the memory contents change system in the microcomputer: FIG. 4A shows a general constitution; and FIG. 4B is a circuit diagram showing a level conversion circuit. In FIGS. 4A and 4B, reference numeral 13 designates an information processor for IC cards mounted thereon by the microcomputer 1, considered as an IC card reader/writer; 14 designates an IC card-type connector (external apparatus, program load apparatus) corresponding to an IC card insertion section and connected with a level conversion circuit 15 via a signal lien 17.


[0079] Reference numeral 15 designates a level conversion circuit (external apparatus, program load apparatus) which transmits data associated with contents change of the program memory 3 and data memory 4 produced in the personal computer 16; 16 designates a personal computer (external apparatus, program load apparatus) which produces the data associated with the contents change of the program memory 3 and data memory 4 and which transmits/receives data in RS232C form; and 18 designates an input/output terminal of the level conversion circuit 16 which is connected with the data input/output area I/O of the IC card interface 9 of the microcomputer 1 via the IC card-type connector 15.


[0080] Reference numeral 19 designates a power supply for setting data transmitted/received by the level conversion circuit 15 to H level (data of value 1); 20 designates a pull up resistor connected with the power supply 19 and an Nch transistor; 21 designates an Nch transistor for switching the data transmitted/received by the level conversion circuit 15 to H level or L level (data of value 0); 23 and 24 each designate an interface means (MAX232C) and convert serial data from the personal computer 16 and data in RS232C form mutually and switch appropriately a potential level of the data to be transmitted/received to 5 volts or 12 volts.


[0081] Reference numeral 25 designates a reset terminal RST of the level conversion circuit 15 which is connected with the reset terminal RST of the IC card interface 9 of the microcomputer 1 via the IC card-type connector 14; 26 designates a diode for switching the data transmitted/received by the level conversion circuit 15 to H level or L level. Two circuits denoted by symbols A and B, each surrounded by a broken line, may be replaced with each other. The same reference numerals as those of FIG. 1 are denoted by the same components, and these redundant explanations will be omitted.


[0082] The operation will be next described.


[0083] When the IC card-type connector is equipped with the IC card information processor, a verification operation is executed via the IC card interface 9 by the microcomputer 1 as to whether the external apparatus is connected therewith or not. Thus, when the placement of the program load apparatus to the microcomputer 1 is verified, a reset signal with L level is supplied to the program load apparatus. Ground potential, power supply voltage, and an operation clock signal supplied from the microcomputer 1 are transmitted to the interface means 23 and 24 constituting the program load apparatus.


[0084] The reset signal is output to the reset terminal RTS of the personal computer 16 via the RST terminal of the IC interface 9 and the interface means 24. Thereafter, when the microcomputer 1 sets the above reset signal to H level and release the reset status, the reset release is detected to a CPU (not depicted) in the personal computer 16 at the RTS terminal. The personal computer 16 returns ATR information from its data transmission terminal SD by a trigger of that release reset. As the ATR information, used is data such as OOH which is not provided from the IC card in conformity with the ISO standard.


[0085] When the microcomputer receives ATR information from the program load apparatus, the CPU 2 reads ATR information which is set previously in the data memory 4 and which corresponds to the external apparatus connected with the IC card interface 9, and compares the former ATR information with the latter ATR information. Thus, the external apparatus is determined as the program load apparatus, and the program change means 11 executes the program change routine stored in the program memory 3.


[0086] Specifically, the CPU 2 executes the program change routine, and the microcomputer 1 sets the input/output section I/O of the IC card interface 9 via this input/output section in a communicatable status of date associated with contents change of the program memory 3 and the data memory 4, and outputs a signal to permit transmissions of the data to the program load apparatus via this input/output section.


[0087] Such a data transmission permission signal from the microcomputer 1 is input to the personal computer 16 via the input/output terminal I/O 18 and data reception terminal RD of the IC card-type connector 14 which is connected with the input/output section I/O of the IC card interface 9. In such a way, the data associated with the contents change of the program memory 3 and data memory 5 is output from the personal computer is output as serial data to the microcomputer 1 via the RS232C.


[0088] Specifically, the above data output from the data transmission terminal SD of the personal computer 16 is converted to data in RS232C form by the interface means 23 to be input to the level conversion circuit 15. A case where the level conversion circuit 15 is constituted by the circuit A will be described.


[0089] When the data from the data transmission terminal SD is L level, it is inverted to H level by the inverter 22, and inputted to the gate electrode of the Nch transistor 21 to bring it to ON state. In such a way, the I/O 18 given to H level by the power supply 19 and pull-up resistor 20 is grounded and comes to transmit data of L level.


[0090] On the other hand, when the data from the data transmission terminal SD is H level, it is inverted to L level by the inverter 22, and inputted to the gate electrode of the Nch transistor 21 to bring it to OFF state. In such a way, the I/O 18 comes to transmit data of H level by the power supply 19 and pull-up resistor 20.


[0091] With a combination of these operations, the data associated with the contents change of the program memory 3 and data memory 4 from the personal computer 16 is outputted to the microcomputer 1.


[0092] In addition, even when the level conversion circuit B is constituted by the circuit B, the diode 26 instead of the Nch transistor 21 switches H level or L level of the data traveling the I/O 18 and outputs the resultant level to the microcomputer


[0093] When the microcomputer 1 receives the data associated with the contents change of the program memory 3 and data memory 4, it loads the data to an address of a temporarily storable memory (e.g., data memory 5) other than the program memory 3 and data memory 5 designated in the program change routine in advance. The contents of the program memory 3 and data memory 4 may be changed in accordance with the contents in the temoralily storable memory by appropriate readouts.


[0094] The aforementioned embodiment describes the program load apparatus, which is not limited, comprised of the level conversion circuit 15, the personal computer 16, and the like, it is not limited to this embodiment, and the program load apparatus may be an IC card having a program load function.


[0095] The IC card having the program load function must be set in the microcomputer in the IC card in order to return ATR information of a value different from a normal IC card in conformity of the ISO standard after reset release.


[0096] As described above, according to the embodiment 1, there is provided with the program memory 3 and the data memory 5 each storing data containing the CPU program to be executed by the CPU 2, the IC card interface 9 which may connect communicatably with the external apparatus including an IC card, and a discrimination information storing unit which is set previously with information associated with a discrimination signal which may specify the external apparatus connected with the data memory 4 via the IC card interface 9.


[0097] The CPU 2 has a function as an external apparatus determination means which, when the external apparatus connected via the IC card interface 9 is set to a communicatable status by supplying the power supply and clock signals and performing initialization of operations, determines the external apparatus by comparing the discrimination signal transmitted from the external apparatus with information associated with the discrimination signal set in the data memory 4.


[0098] Further, when the CPU 2 determines to connect the external apparatus which transmits data associated with the contents change of the memory via the IC card interface 9 based on the discrimination signal, the CPU 2 also has a function as memory contents change means which may execute the contents change of the memory by receiving the data associated with the contents change of the memory from this external apparatus. Accordingly, the contents of the program memory 3 and data memory 4 may be changed even after shipping of the microcomputer 1 without arranging a particular communication port to the program load apparatus, thereby dealing with amendments to the CPU program found after shipping and version changes of the functions of the CPU program.


[0099] In addition, according to the memory contents change system of the embodiment 1, there is provided with an IC card-type connector 14 which is connected with the IC card interface 9, and the program load apparatus including the level conversion circuit 15 and the personal computer 16 which produce data associated with memory contents change and transmit the data. The microcomputer 1 includes the IC card interface 9a connected communicatably with the external apparatus including the IC card. The information related to the discrimination signal which may assign the external connected via the IC card interface 9 is stored previously in the data memory 4.


[0100] When the system is set up in a communicatable status by feeding the power supply and clock signal and initializing operations with respect to the external apparatus connected via the IC card interface 9, the CPU 2 has a function as external apparatus discrimination means for discriminating the external apparatus by comparing the discrimination signal transmitted from the external apparatus with the information related to the discrimination signal stored in the data memory 4, and further the CPU 2 has another function as memory contents change means which receives data associated with memory contents change from the program load apparatus and executes the memory contents change when the CPU 2 determines a connection of the program load apparatus via the IC card interface 9 based on the discrimination signal.


[0101] In such a way, the same effect as described above is obtained, and further the program load apparatus may be performed by employing the level conversion circuit 15 with a simple constitution, provided with the input/output terminal 18 corresponding to the microcomputer 1 and the RTS terminal for detecting reset release, and the commercially available personal computer 16, thereby building the memory contents change system of the microcomputer 1 in low costs.


[0102] Embodiment 2


[0103] In an embodiment 2, a program load apparatus and a microcomputer shares an encryption key data for encrypting data to be transmitted and decrypting received data, and includes a verification means for verifying whether to transmit and receive mutually data based on the encryption key data.


[0104] When the verification means determines as a counterpart to transmit/receive data with respect to a program load apparatus in which a connection via an IC card interface section is determined by an external apparatus discrimination means, memory contents change means receives and decrypt data associated with the contents change of the memory which are encrypted by use of the encryption key data, thus executing the contents change of the memory.


[0105]
FIG. 5 is a block diagram showing a configuration of a microcomputer according to the embodiment 2 of the present invention. In FIG. 5, reference numeral 7a designates an encryption circuit (verification means) which shares the cipher key data with the external apparatus including the IC card connected via the IC card interface 9 and which verifies as to whether the external apparatus including the above IC card is a predetermined counterpart to be communicated or not based on the cipher key data under the CPU 2 control. The external apparatus which shares the cipher key data with the encryption circuit 7a will be described, as the drawing is omitted, based on one example of an IC card having a program load function including an encryption circuit which may operate in response to the encryption circuit 7a. The same reference numerals above are provided for the same components as those of FIG. 1, and their redundant explanations will be omitted.


[0106]
FIG. 6 is a view showing timings of data transmission/reception with the external apparatus including the IC card and connected via the IC card interface section in the microcomputer according to the embodiment 2.


[0107] The operation will be next described.


[0108] Since the invention of the present application is characterized in that the CPU program of the microcomputer is set to be changeable even after shipping, and the operation which writes the CPU program in the program memory 3 upon production of the microcomputer 1 is the same as the aforementioned prior art, operations of change of the CPU program herein will be described.


[0109]
FIG. 7 is a flow chart showing operations of contents change of a memory in a microcomputer according to the embodiment 2. Referring to the flow chart together with FIGS. 5 and 6, the explanation will be given as follows.


[0110] First, an IC card (not depicted) connected via the IC card interface 9 is connected with the microcomputer 1 (step ST6-1). Next, a validation operation is made whether the IC card is connected with the IC card interface 9 (step ST6-2). Then, if the IC card is connected via the IC card interface 9, the step goes to step ST6-3, while if not connected, the step goes back to step ST6-2 to make the verification operation. When the connection of the IC card is validated at step ST6-2, ground potential, power supply voltage, operation clock signals, and reset signals, which is set to L level, are supplied to the IC card (step ST6-3, initialization step). In such a way, the operation of the microcomputer contained in the IC card is initialized. Subsequently, the reset signal is set to H level to release the reset status (step ST6-4, initialization step). The microcomputer 1 and the IC card are set to a communicatable status with each other (activation). Thereafter, the IC card returns ATR information which is a self-assigning discrimination signal to the microcomputer 1 (step ST6-5).


[0111] Assuming the external apparatus connected via the IC card interface 9 is a normal IC card, the assigned data in conformity with the ISO (International Standard Organization) standard as the ATR information is returned to the microcomputer 1. When the microcomputer 1 receives the ATR information assigning the IC card and in conformity with the ISO standard, the CPU 2 functioning as the external apparatus discrimination means reads the ATR information which is set in the data memory 4 in advance and associated with the discrimination signal assigning the external apparatus, and the comparison is made (step ST6-6, external apparatus discrimination step). Then, when this is the ATR information in conformity with the ISO standard, the CPU 2 determines the IC card as a normal IC card and executes a normal mode process (step ST6-7).


[0112] In order to recognize the IC card having a program load function for the microcomputer 1, ATR information not in conformity with the ISO standard is set previously in the IC card. In such a way, when the microcomputer 1 receives the ATR information by a trigger of reset release, the CPU 2 determines the external apparatus connected via the IC card interface 9 as the IC card having the program load function.


[0113] Thereafter, a mutual verification operation is made between the microcomputer 1 and the IC card having the program load function (step ST6-8). Specifically, as shown in FIG. 6, the encryption circuit 7a shares the public key data and secret key data as the cipher key data with the encryption circuit having the program load function. In addition, these key data has to be set in the corresponding data memory or the like. In this case, the public key data and secret key data are provided by one pair of cipher key data; data encrypted by the public key data can be decrypted or decoded by the secret key data, and vice versa.


[0114] Referring to FIG. 6, the operation will be described.


[0115] First, the encryption circuit 7a of the microcomputer 7a produces a random number 1 to be transmitted to the IC card having the program load function. When the IC card having the program load function receives the random number 1, it encrypts the random number 1 by self-secret key data (signs to the random number 1) and returns the resultant to the microcomputer 1. When the microcomputer 1 receives the random number 1 encrypted by the secret key data of the IC card, the encryption circuit 7a decodes the number 1 by the public key data and determines the conformity with the transmitted random number 1. In such a way, when it is verified to share the cipher key data comprised of the public key data and secret key data of the IC card, to the contrary, the encryption circuit of the IC card having the program load function produces a random number 2 and transmits it to the microcomputer 1. When the microcomputer 1 receives the random number 2, it encrypts the number 2 by the self-secret key data (signs the random number 2), and returns the resultant to the IC card having the program load function. When the IC card receives the random number 2 encrypted by the secret key data, the encryption circuit decrypts the number 2 by the public key data of the microcomputer 1 and determines the conformity with the transmitted random number 2. In such a way, it is verified that the cipher key data comprised of the public key data and secret key data of the microcomputer 1 is shared between the encryption circuit 7a of the microcomputer 1 and the encryption circuit of the IC card having the program load function.


[0116] As described above, when the mutual verification is completed between the microcomputer 1 and the IC card having the program load function, the microcomputer 1 produces session key data of the secret key cipher which is used temporarily when the IC card loads a program, and encrypts and transmits the session key data by the public key data of the IC card. The IC card obtains the session key data by decrypting the received encrypted data with the self-secret key. In such a way, the session key data can decode the encrypted data, and vice versa.


[0117] Thus, when the microcomputer 1 and the IC card having the program load function share the session key data, the IC card encrypts the data associated with contents change of the program memory 3 with the session key data and the data memory 4 and transmits the resultant data to the microcomputer 1 (step ST6-9). When the microcomputer 1 receives the encrypted data, the encryption circuit 7a decrypts it with the self-session key data, and loads the decrypted data to an address of a memory (e.g., data memory 5) other than the program memory 3 and data memory 4 which are set previously in a program change routine. Thereafter, after completion of the download, the memory contents change is completed through appropriate readouts (step ST6-10).


[0118] Incidentally, in the aforementioned embodiment 2, described is one example in which the microcomputer 1 produces the session key data of the secret key cipher, encrypts the session key data with the public key data of the IC card having the program load function, and transmits the encrypted data to the IC card. To the contrary, the session key data may be shared in such a manner that the IC card having the program load function produces the session key data of the secret key cipher, encrypts the session key data with the public key data of the microcomputer 1, and transmits the encrypted data to the microcomputer 1.


[0119] As described above, according to the embodiment 2, the program load apparatus and microcomputer 1 encrypt the data to be transmitted, shares the cipher key data for decrypting the received data, and has an encryption circuit 7a which verifies whether this is a counterpart to transmit/receive mutually data, based on the encryption key data; when the CPU 2 as the memory contents change means produces a decision that the encryption circuit 7a is a counterpart to transmit/receive data with respect to the program load apparatus which determines a connection via the IC card interface section, the program load apparatus receives and decrypts the encrypted data associated with contents change of the memory with the cipher key data and executes the contents change of the memory, thereby improving a security function as compare to the embodiment 1, as well as obtaining the same effect as the embodiment 1. The aforementioned system may deal with modifications of the CPU program found after shipping, and version changes of the function of the CPU program.


[0120] Embodiment 3


[0121]
FIG. 8 is a block diagram showing a configuration of a microcomputer according to an embodiment 3 of the present invention. In FIG. 8, reference numeral 8a designates a port (port section) which is connected communicatably with an external apparatus, and which comes to a connection status corresponding to program change from a normal connection one when the contents of a program memory 3 and a data memory 4 are changed; 11a designates a program change means (external apparatus discrimination means, memory contents change means, port status validation means) in which a connection status of the port 8a corresponding to contents change time of the program memory 3 and data memory 4 is set previously, in addition to the operations shown in the embodiment 1, and which determines whether the port 8a is in the connection status or not. The same reference numerals above are provided with the same components as those of FIGS. 1 and 5.


[0122]
FIG. 9 is a view showing one example of a connection status at the port in the microcomputer according to the embodiment 3. In FIG. 9, all ports P0-P7 constituting the port 8 are grounded on normal operations, and a setting of the port 8 is 89H; and reference numeral 27 designates a power supply applying a direct current voltage to the ports P0, P3, and P7. As the external apparatus which shares cipher key data with an encryption circuit 7a, by way of illustrative example (as not depicted, similarly with the embodiment 2), described is an IC card which contains an encryption circuit capable of operating corresponding to the encryption circuit 7a. The same reference numerals above are provided with the same components as those of FIG. 1.


[0123] The operation will be next described.


[0124] Since the invention of the present application is characterized in that the CPU program of the microcomputer is set to be changeable even after shipping, and the operation which writes the CPU program in the program memory 3 upon production of the microcomputer 1 is the same as the aforementioned prior art, operations of change of the CPU program herein will be described.


[0125]
FIG. 10 is a flow chart showing operations of contents change of a memory in a microcomputer according to the embodiment 3. Referring to the flow chart together with FIGS. 8 and 9, the explanation will be given as follows.


[0126] First, an IC card (not depicted) connected via the IC card interface 9 is connected with the microcomputer 1 (step ST8-1). Next, a validation operation is made whether the IC card is connected with the IC card interface 9 (step ST8-2). Then, if the IC card is connected via the IC card interface 9, the step goes to step ST8-3, while if not connected, the step goes back to step ST8-2 to make the verification operation. When the connection of the IC card is validated at step ST8-2, ground potential, power supply voltage, operation clock signals, and reset signals, which is set to L level, are supplied to the IC card (step ST8-3, initialization step). In such a way, the operation of the microcomputer contained in the IC card is initialized. Subsequently, the reset signal is set to H level to release the reset status (step ST8-4, initialization step). The microcomputer 1 and the IC card are set to a communicatable status with each other (activation). Thereafter, the IC card returns ATR information which is a self-assigning discrimination signal to the microcomputer 1 (step ST8-5).


[0127] Assuming the external apparatus connected via the IC card interface 9 is a normal IC card, the assigned data in conformity with the ISO (International Standard Organization) standard as the ATR information is returned to the microcomputer 1. When the microcomputer 1 receives the ATR information assigning the IC card and in conformity with the ISO standard, the CPU 2 functioning as the external apparatus discrimination means reads the ATR information which is set in the data memory 4 in advance and associated with the discrimination signal assigning the external apparatus, and the comparison is made (step ST8-6, external apparatus discrimination step). Then, when this is the ATR information in conformity with the ISO standard, the CPU 2 determines the IC card as a normal IC card and executes a normal mode process (step ST8-7).


[0128] In order to recognize the IC card having a program load function for the microcomputer 1, ATR information not in conformity with the ISO standard is set previously in the IC card. In such a way, when the microcomputer 1 receives the ATR information by a trigger of reset release, the CPU 2 determines the external apparatus connected via the IC card interface 9 as the IC card having the program load function.


[0129] So far, the operation is the same as the embodiment 2.


[0130] In step ST8-6, when the microcomputer 1 recognizes the IC card connected via the IC card interface 9 and having the program load function, the program change means 11a makes an operation that detects a setting of the port 8a in accordance with a program change routine. Specifically, the program change means 11a checks each potential of the ports P0-P7 constituting the port 8a, thereby making a decision whether the ports P0-P7 are a connection status of the port 8a corresponding to contents change time of the program memory 3 and data memory 5 set previously. As shown in FIG. 9, when there is provided with a setting of the port 8a, designated by 89H, which corresponds to contents change time of the program memory 3 and data memory 4 such that in normal operation time the potential of all the ports P0-P7 is not ground level or L level, but in program change time the ports P0, P3, and P7 are H level, the program change means 11a makes a decision in which the contents of the program memory 3 and data memory 4 are changeable (step ST8-8). Here, the setting of the port 8a corresponding to contents change time of the program memory 3 and data memory 4 may be set in the program memory 3 or the data memory 4 as a program change routine so that the CPU 2 can read out the routine appropriately.


[0131] At step ST8-8, when the potential of all the ports P0-P7 is ground potential, which is a port setting in normal operation time, the step goes to step ST8-7 and makes a process to a normal IC card. That is, though recognizing an IC card having a program load function, the microcomputer 1 comes to a status which does not accept data associated with contents change of the program memory 3 and data memory 4. When there is provided with a setting of the port 8a corresponding to contents change time of the program memory 3 and data memory 4, the step goes to the step ST8-9 and makes a mutual certification operation. The following operations from step ST8-9 to step ST8-11 are the same as those of step ST6-8 to step ST6-10 in the embodiment 2.


[0132] As described above, when the connection status of the port 8a is added to conditions for contents change with respect to the program memory 3 and data memory 4 of the microcomputer 1 after shipping, it is required to modify a port-prepared board physically to change its connection status. If the setting of the port 8a corresponding to contents change of the program memory 3 and data memory 4 is unknown, the contents of the program memory 3 and data memory 4 cannot be changed, thereby achieving a further improved security as compared to the embodiment 2.


[0133] Here, a function improving the security will be described below.


[0134]
FIG. 11 is a timing chart showing process timings with respect to an external apparatus connected via the interface section in the microcomputer according to the embodiment 3.


[0135] In FIG. 11, a horizontal axis denotes passage of time from a validation operation whether the external apparatus is connected with the microcomputer via the IC card interface 9 or not, and a vertical axis denotes a level of data exchanged between the microcomputer 1 and the external apparatus. The IC card is connected with the IC card having the program load function via the IC card interface 9, as mentioned above.


[0136] As shown in FIG. 11, when data of H level is input to a reset terminal of the IC card having the program load function to release the reset status, the IC card transmits data associated with contents change of the program memory 3 and data memory 4, to the microcomputer 1 with operating similarly to the aforementioned embodiments. In such a way, data of H level and L level is inputted to the microcomputer 1 via the input/output area I/O of the IC card interface 9 designated by “program change time”. Then, as compared to a case where the normal IC card inputs/outputs to the microcomputer 1 designated by “normal process” via the input/output area I/O of the IC card interface 9, since the microcomputer 1 according to the embodiment 3 makes operations of step ST8-6 to step ST8-10, there occurs a time delay designated by a dotted line during a period of time, i.e. waiting time T, in which data associated with contents change of the memory of, at first, H level is inputted to the microcomputer 1.


[0137] Thus, when the microcomputer 1 is connected with the external apparatus via the IC card interface and data transmission/reception between the external apparatus and the microcomputer 1 is delayed, it is probably guessed that the program load apparatus as the external apparatus is connected with the microcomputer 1.


[0138] In the microcomputer of the embodiment 3, even in normal processing, a timing of process start which executes an order of the CPU program is set to be delayed by only the waiting time T as shown in FIG. 11, which matches a timing between program change operation and normal processing. In such a way, it may be not guessed that the program load apparatus is connected with the microcomputer 1 due to the timing of process start when the CPU 2 functions as delay control means as described above.


[0139] On the other hand, the program change routine has a function that measures a period of time which data is transmitted from the program load apparatus to the microcomputer 1, and based on the measurement results the timing of process start is set, thus determining the aforementioned waiting time T.


[0140] As described above, according to the embodiment 3, the microcomputer 1 is comprised of the port 8a which is connected communicatably with the external apparatus, and of which the status is set previously, and the CPU 2 having the program change means whether the port 2 is put in the previously set status or not. When the CPU 2 which is also the memory contents changing means determines whether the port 8a is put in the connection status corresponding to a contents change time of the program memory 3 and data memory 4, it receives data associated with contents change of the program memory 3 and data memory 4 from the program load apparatus and executes that contents change. In such a way, the same effect as the embodiment 2 may be obtained; in addition, it is required to change the connection status by modifying the physically port prepared board, and if the port 8a setting is unknown, which corresponds to the contents change time of the program memory 3 and data memory 4, the contents of the program memory 3 and data memory 4 is not changeable, thereby improving the security.


[0141] In addition, according to the embodiment 3, since the CPU 2 which is the memory contents change means has a function as delay control means which delays the timing of operation start of the IC card connected via the IC card interface 9 by a time required for the contents change of the program memory 3 and data memory 4, the timings of data transmission/reception match in normal process time and in program change time, which can not guess a difference between these processes, thus improving the security.


[0142] In the embodiment 3, after the contents of the program memory 3 and data memory 4 are changed, the cipher key data such as the public key data and the secret key data may be reprogrammed to be applicable to only the mutual certification between the program load apparatus and the microcomputer 1.


[0143] Specifically, there is a difference in security level with respect to the contents of the program memory 3 and data memory 4, depending on the purpose of the microcomputer 1. For this reason, when a reprogramming function to the microcomputer 1 of high security level is provided in the program change routine, a malicious user cannot change the contents of the program memory 3 and data memory 4, thereby improving the security level. The reprogramming function is to reprogram cipher key data before issuing such as the public key data and secret key data which was used for the contents change of the program memory 3 and data memory 4 so as to be applicable to only the mutual certification between the program load apparatus and the microcomputer 1.


[0144] On the other hand, with respect to the microcomputer 1 of low security level, cipher key data such as public key data and secret key data which was used for the contents change of the program memory 3 and data memory 4 is provided as an operation key data to be used practically in one system, thus revising the version of the CPU program in a field, though there is some danger that a malicious user may change the contents of the program memory 3 and data memory 4. In such a way, since a level may be provided for the security to the contents change of the program memory 3 and data memory 4, memory contents change operations corresponding to a purpose of the microcomputer 1 may be carried out.


[0145] Embodiment 4


[0146] In the embodiments 1 to 3, when it is determined that the program load apparatus is connected via the IC card interface 9, the program change means 11, 11a carry out the memory contents change operations in accordance with the program change routine stored in the program memory 3. On the other hand, in a microcomputer according to an embodiment 4, a memory contents change is carried out by use of a boot program which was used on production of the microcomputer 1. The configuration of the microcomputer 1 according to the embodiment 4 is the same as that shown in FIG. 1 in main parts.


[0147] The summary will be next described.


[0148] As in the embodiments 1 to 3, when the program change means 11, 11a recognize the program load apparatus connected via the IC card interface 9, the program change means 11, 11a release an inhibition operation of the programming inhibition circuit 10 which inhibits the use of the boot program.


[0149] Specifically, the boot program is put in use prohibition status when the programming inhibition circuit 10 reloads status information as to the use of the boot program in the program memory 3 to which the CPU 2 refers upon execution of the order of the CPU program to status information denoting “use inhibition”. Then, when the program load apparatus connected via the IC card interface 9 is recognized, the program change means 11, 11a are provided with a function of reloading the status information denoting “use inhibition” of the boot program to status information denoting “use permission”, and the contents of the program memory 3 and data memory 4 is changed in accordance with the boot program like the production time of the microcomputer 1.


[0150] As described above, according to the embodiment 4, there is provided with the ROM 5 storing the boot program which may execute a change of data including the CPU program stored in the program memory 3 and data memory 4, and the program inhibition circuit 10 which inhibits the used of the boot program. When the program change means 11 determines that the program load apparatus is connected via the IC card interface 9 based on ATR information, the use inhibition of the boot program by the programming inhibition circuit 10 is released to execute the contents change of the program memory 3 and data memory 4 based on the boot program. Accordingly, it is not required to create a specific program routine in the program memory 3 to be stored, thereby obtaining the effect of the embodiments 1 to 3 by use of the existing architecture of the microcomputer 1. Therefore, the microcomputer of the present invention may be reduced in costs.


[0151] Embodiment 5


[0152]
FIG. 12 is a schematic view showing an IC card interface section of a microcomputer according to an embodiment 5 of the present invention. In FIG. 12, reference numeral 28 designates a power supply (power supply means) which is fed from the microcomputer 1; and 29 designates switch means (power supply feed means) which controls the power supply voltage which is fed from the power supply 28 to the IC card connected via the IC card interface section 9.


[0153]
FIG. 13 is a graph showing the relationship between respective power supply voltages of the IC card, a conventional microcomputer, and the microcomputer according to the embodiment 5 and passage of time from the beginning of feeding a power supply voltage to the IC card in the IC card interface section of FIG. 12. In FIG. 13, a first dotted line denoted by symbol “a” designates power supply voltage value of the microcomputer 1; a second dotted line denoted by symbol “b” designates power supply voltage value of the microcomputer 100; a third dotted line denoted by symbol “c” designates power supply voltage value of the IC card connected with the microcomputer 100; and a fourth dotted line denoted by symbol “d” designates power supply voltage value of the IC card connected with the microcomputer 1.


[0154] The summary will be next described.


[0155] Since the conventional microcomputer 100 does not feed power supply the IC card in view of self power supply voltage, the power supply voltage drops in accordance with enhancement of the power supply voltage of the IC card on feeding the power supply voltage to the IC card (see dotted lines b, c). The drop of the power supply voltage of the microcomputer 100 may cause operation failures to hinder normal operations of the security function.


[0156] For this reason, in the embodiment 5, there is provided in the IC card interface 9 with the switch means 29 which is controlled by the CPU 2, and the CPU program stored in the program memory 3 is set so as to prevent the power supply voltage of the microcomputer 1 from dropping, for example, to enhance this voltage to the power supply voltage level of the IC card in stages around several hundreds mV/sec (see dotted lines a, d). In this manner, there may be provided a microcomputer which has no occurrence of the voltage drop on feeding the power supply to the IC card.


[0157] As described above, according to the embodiment 5, since there is provided with power supply feed means which feeds in stages the power up to a power value which enables the external apparatus including the IC card to operate, there is no occurrence of the voltage drop on feeding of the power supply to the power supply apparatus including the IC card, thereby reducing instability of operation, and further improving the security function in the memory contents change operation.


[0158] In addition, the following constitution may be applied.


[0159]
FIG. 14A is a view showing an operation on insertion of an IC card to an IC card information processor; and FIG. 14B is a view showing a constitution of an IC card interface section. In FIGS. 14A and 14B, reference numeral 9a designate an IC interface (IC interface section) having two input ports 29a, 29b; 13 designates an IC card information processor incorporating the microcomputer 1, assumed by an IC card read/writer and the like.


[0160] Reference numeral 13a designates an IC card insertion opening; and 29a designates an input port provided around the IC card insertion opening 13, outputting a signal denoting presence or absence of the IC card to the IC card interface 9a.


[0161] Reference numeral 29b designates an input port provided in a deep position from the IC card insertion opening 13a of the IC card information processor 13, outputting an signal denoting as to whether the IC card is inserted perfectly within the IC card information processor 13 to make an operation or not; 30 designates an IC card which is inserted in the IC card information processor 13; 31a, 31b designate power supplies constituting the input ports 29a, 29b, respectively; and 32a, 32b designate pull-up resistors of the input ports 29a, 29b, respectively.


[0162] The operation will be next described.


[0163] As shown in FIG. 14B, before the IC card is inserted into the IC card information processor 13, the input ports 29a, 29b are in open state, and signals of H level are inputted through the power supplies 31a, 31b and pull-up resistors 32a, 32b to the IC card interface 9a. Here, when the IC card 30 is inserted into the IC card information processor 13, and the IC card 30 comes in contact with the input port 29a prepared around the IC card insertion opening 13a, the input port 29a is in closed state. In such a way, the power supply 31a and the pull-up resistor 32a are grounded, a signal of L level is input to the IC card interface 9a, and the microcomputer may validate the full insertion of the IC card.


[0164] Further, when the IC card 30 is inserted into the IC card information processor 13, and the IC card comes in contact with the input port 29b prepared in a deep position from the IC card insertion opening 13a, the input port 29b is in closed state. In such a way, the power supply 31b and the pull-up resistor 32b are grounded and a signal of L level is inputted to the IC card interface 9a, so that the IC card may validate that the IC card is inserted perfectly in the IC card information processor 13d to be operatable.


[0165] The applications of such a constitution to the embodiments 1 to 5 may carry out accurately a validation operation, i.e. whether the external apparatus is connected with the IC card interface 9a or not.


Claims
  • 1. A microcomputer comprising: a memory for storing data containing a CPU program executed by a CPU; an IC card interface section connected with an external apparatus including an IC card; a discrimination information storing unit which is set in advance with information associated with a discrimination signal which may assign said external apparatus connected via said IC card interface section; external apparatus discrimination means for discriminating said external apparatus by comparing the discrimination signal with the information associated with the discrimination signal which is set in said discrimination information storing unit, when feedings of a power supply and a clock signal and initializing of an operation are carried out to the external apparatus connected via said IC card interface section to be set in a communicatable status; and memory contents change means for executing the contents change of said memory by receiving said data when said external apparatus discrimination means discriminates that the external apparatus which communicates data associated with the contents change of said memory is connected via said IC card interface section based on said discrimination signal.
  • 2. The microcomputer according to claim 1, further comprising: a port section connected communicatably with said external apparatus; and port status validation means for, when a connection status of said port section which may correspond to a contents change time of said memory is previously set, discriminating whether there is in said connection status or not, and wherein said memory contents change means receives said data from said external apparatus which transmits the data associated with the contents change of said memory and executes the contents change of said memory, when said port status validation means discriminates to be in the connection status of said port section corresponding to the contents change time of said memory.
  • 3. The microcomputer according to claim 1, further comprising delay control means for delaying a timing in which the IC card connected via said IC card interface section starts an operation, by a period of time in which said memory contents change means requires the contents change of said memory.
  • 4. The microcomputer according to claim 1, further comprising: a reload program storing unit for storing a reload program which may execute a change of the data containing the CPU program stored in said memory; and programming inhibition means for inhibiting use of said reload program, and wherein said memory contents change means releases use inhibition of said reload program due to said programming inhibition means and executes the contents change of said memory based on said reload program, when said external apparatus discrimination means discriminates to be connected with the external apparatus which may transmit the data associated with the contents change of said memory via said IC card interface section based on said discrimination signal.
  • 5. The microcomputer according to claim 1, further comprising power supply feed means for feeding power in stages up to a power value in which the external apparatus including the IC card and connected via said IC card interface section comes to be operable.
  • 6. A memory contents change system of a microcomputer comprising: a memory for storing data containing a CPU program executed by a CPU; and an IC card interface section connected communicatably with an external apparatus including an IC card, further including connection means for connecting with said IC card interface section, and a program load apparatus for creating data associated with contents change of said memory to transmit the resultant data to said microcomputer, wherein said microcomputer includes: a discrimination information storing unit which is set in advance with information associated with a discrimination signal which may assign said external apparatus connected via said IC card interface section; external apparatus discrimination means for discriminating said external apparatus by comparing the discrimination signal with the information associated with the discrimination signal which is set in said discrimination information storing unit, when feedings of a power supply and a clock signal and initializing of an operation are carried out to the external apparatus connected via said IC card interface section to be set in a communicatable status; and memory contents change means for executing the contents change of said memory by receiving the data associated with the contents change of said memory from said program load apparatus, when said external apparatus discrimination means discriminates that said program load apparatus is connected via said IC card interface section based on said discrimination signal.
  • 7. The memory contents change system of a microcomputer according to claim 6, wherein said microcomputer includes: a port section connected communicatably with said external apparatus; and port status validation means for, when a connection status of said port section which may correspond to a contents change time of said memory is previously set, discriminating whether there is in said connection status or not, and wherein said memory contents change means receives said data from said external apparatus which transmits the data associated with the contents change of said memory and executes the contents change of said memory, when said port status validation means discriminates to be in the connection status of said port section corresponding to the contents change time of said memory.
  • 8. The memory contents change system of a microcomputer according to claim 6, wherein said program load apparatus and said microcomputer includes verification means for encrypting data to be transmitted, sharing a cipher key data which may decrypt received data, and verifying a counterpart to transmit/receive data mutually based on said cipher key data, and wherein said memory contents change means receives and decrypts the data which is associated with the contents change of said memory and in which said program load apparatus encrypts with said cipher key data, and executes the contents change of said memory, when said verification means makes a decision as a counterpart to transmit/receive data with respect to said program load apparatus in which said external apparatus discrimination means discriminates to be connected via said IC card interface section.
  • 9. The memory contents change system of a microcomputer according to claim 8, wherein said memory contents change means reloads so as to be applicable to only a mutual certification between said program load apparatus and said microcomputer after changing the contents of said memory.
  • 10. The memory contents change system of a microcomputer according to claim 6, wherein said microcomputer includes delay control means for delaying a timing in which the IC card connected via said IC card interface section starts an operation, by a period of time in which said memory contents change means takes to change the contents of said memory.
  • 11. The memory contents change system of a microcomputer according to claim 6, wherein said microcomputer includes: a reload program storing unit for storing a reload program which may execute a change of the data containing the CPU program stored in said memory; and programming inhibition means for inhibiting use of said reload program, and wherein said memory contents change means releases use inhibition of said reload program due to said programming inhibition means, and executes the contents change of said memory based on said reload program, when said external apparatus discrimination means discriminates to be connected with the program load apparatus via said IC card interface section based on said discrimination signal.
  • 12. A memory contents change method of a microcomputer which includes: a memory for storing data containing a CPU program executed by a CPU; and an IC card interface section connected communicatably with an external apparatus including an IC card, said method comprising: a initialization step of setting a communicatable status by feedings of a power supply and a clock signal and initializing of an operation to the external apparatus connected via said IC card interface section; an external apparatus discrimination step of discriminating said external apparatus based on a discrimination signal to be transmitted from said external apparatus at said initialization step; and a memory contents change step of, when a program load apparatus which may transmit data associated with the contents change of said memory is connected via said IC card interface section at said external apparatus discrimination step, receiving said data from said program load apparatus and executing the contents change of said memory.
Priority Claims (1)
Number Date Country Kind
2000-210142 Jul 2000 JP