[go: up one dir, main page]

CN1716221A - Method and IC card for controlling access authority of memory logical partition - Google Patents

Method and IC card for controlling access authority of memory logical partition Download PDF

Info

Publication number
CN1716221A
CN1716221A CN 200510088815 CN200510088815A CN1716221A CN 1716221 A CN1716221 A CN 1716221A CN 200510088815 CN200510088815 CN 200510088815 CN 200510088815 A CN200510088815 A CN 200510088815A CN 1716221 A CN1716221 A CN 1716221A
Authority
CN
China
Prior art keywords
memory
password
area
access authority
logical partition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 200510088815
Other languages
Chinese (zh)
Other versions
CN100338589C (en
Inventor
张祥杉
杨敬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Microelectronics Technology Co Ltd
Original Assignee
Datang Microelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Microelectronics Technology Co Ltd filed Critical Datang Microelectronics Technology Co Ltd
Priority to CNB2005100888150A priority Critical patent/CN100338589C/en
Publication of CN1716221A publication Critical patent/CN1716221A/en
Application granted granted Critical
Publication of CN100338589C publication Critical patent/CN100338589C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

一种对存储器逻辑分区访问权限进行控制的方法,包括:(1)在存储器中设置存储器访问权限控制区,在其中设置各逻辑分区的访问权限;(2)根据存储器访问权限控制区中的值,对芯片当前工作状态的判断,完成对各个逻辑分区的访问权限控制;(3)当需要修改逻辑分区的访问权限时,在密码校验通过后,可以改写存储器访问权限控制区中的值,从而改变各个逻辑分区的访问权限。本发明还提供了一种具有对存储器逻辑分区访问权限进行控制功能的IC卡。

Figure 200510088815

A method for controlling the access authority of logical partitions of memory, comprising: (1) setting a memory access authority control area in the memory, in which the access authority of each logical partition is set; (2) according to the value in the memory access authority control area , judge the current working state of the chip, and complete the access control of each logical partition; (3) When the access permission of the logical partition needs to be modified, after the password verification is passed, the value in the memory access control area can be rewritten, Thereby changing the access rights of each logical partition. The invention also provides an IC card with the function of controlling the access authority of the memory logic partition.

Figure 200510088815

Description

对存储器逻辑分区访问权限进行控制的方法和IC卡Method and IC card for controlling access authority of memory logical partition

技术领域technical field

本发明涉及IC卡(集成电路卡)领域,尤其涉及一种对存储器逻辑分区访问权限进行控制的方法以及具有对存储器逻辑分区访问权限进行控制功能的IC卡。The invention relates to the field of IC cards (integrated circuit cards), in particular to a method for controlling the access authority of memory logic partitions and an IC card with the function of controlling the access authority of memory logic partitions.

背景技术Background technique

在现有社会中,人们对信息载体的安全性和可靠性等方面提出了很高要求。而IC卡以其严密的数据安全性、广泛的应用灵活性及强大的功能扩展性,为现代信息的处理和传播提供一种便捷的手段。In the existing society, people put forward high requirements on the safety and reliability of information carriers. The IC card provides a convenient means for the processing and dissemination of modern information with its strict data security, wide application flexibility and powerful function expansion.

本申请人在2003年10月15日提出申请号为200310100411.X的专利申请文件。在该申请文件中,公开了一种优化存储器逻辑分区结构的非CPU集成电路卡。请参阅图1,其为上述专利申请的集成电路卡的结构示意图。由地址计数器、控制器、I/O接口和存储器组成。CLK、RST和IO分别为外部时钟输入信号、复位信号和输入输出信号。The applicant filed a patent application document with the application number 200310100411.X on October 15, 2003. In this application document, a non-CPU integrated circuit card with an optimized memory logical partition structure is disclosed. Please refer to FIG. 1 , which is a schematic structural diagram of the integrated circuit card of the above patent application. It is composed of address counter, controller, I/O interface and memory. CLK, RST and IO are external clock input signal, reset signal and input and output signal respectively.

请参阅图2,其为200310100411.X专利的存储器逻辑分区的一种示意图。它共划分为若干逻辑分区:制造商代码、发行数据区、存储器访问权限控制区以及用户数据区。制造商代码、发行数据区和存储器访问权限控制区的访问权限都固定为只读,其中,发行商可在存储器访问权限控制区中写入对各用户数据区的访问权限控制字,用户数据区的访问权限由各自独立的一位或两位的控制字来确定,可分别设定为不可访问、只读、可读写、可读可擦写等访问权限中的一种。Please refer to FIG. 2 , which is a schematic diagram of memory logical partitions in the 200310100411.X patent. It is divided into several logical partitions: manufacturer code, issue data area, memory access control area, and user data area. The access rights of manufacturer code, issue data area and memory access control area are all fixed as read-only. Among them, the issuer can write the access control words for each user data area in the memory access control area, and the user data area The access authority is determined by an independent one or two-digit control word, which can be set as one of the access authority of inaccessible, read-only, readable and writable, readable and rewritable.

请参阅图3,其为200310100411.X专利申请文件中公开的控制器结构示意图。它包括地址译码器31、逻辑分区选择器32、存储器访问权限控制器33、存储器访问权限寄存器34以及存储器访问类型判决器35。Please refer to Fig. 3, which is a structural schematic diagram of the controller disclosed in the 200310100411.X patent application document. It includes an address decoder 31 , a logical partition selector 32 , a memory access authority controller 33 , a memory access authority register 34 and a memory access type determiner 35 .

地址译码器31,对ADDR信号译码,产生存储器的行地址和列地址,同时将译码结果信号送往逻辑分区选择器32;The address decoder 31 decodes the ADDR signal to generate the row address and the column address of the memory, and simultaneously sends the decoded result signal to the logic partition selector 32;

逻辑分区选择器32:根据译码结构信号,判断其所属的逻辑分区,使地址所指向的逻辑分区的指示信号有效,并送到存储器访问权限控制器33;Logical partition selector 32: judge the logical partition to which it belongs according to the decoding structure signal, make the indication signal of the logical partition pointed to by the address valid, and send it to the memory access authority controller 33;

存储器访问类型判决器35:根据CLK和RST的不同组合形式,产生不同的操作指示信号,输出到存储器访问权限控制器33;Memory access type determiner 35: according to different combinations of CLK and RST, different operation indication signals are generated and output to the memory access authority controller 33;

存储器访问权限寄存器34:用于读取存储器访问权限控制区的控制字并将其锁存,即该寄存器继承了存储器访问权限控制区的数值,寄存器中的某一位或某两位规定了对应逻辑分区的访问权限;Memory access authority register 34: used to read the control word of the memory access authority control area and latch it, that is, this register inherits the value of the memory access authority control area, and a certain bit or two bits in the register specify the corresponding Access permissions for logical partitions;

存储器访问权限控制器33:对分区指示信号、操作指示信号以及存储器访问权限寄存器的值进行逻辑运算,控制相应的写使能信号WE、擦使能信号ER及读使能信号RE的产生。Memory access authority controller 33: perform logic operations on partition indication signal, operation indication signal and memory access authority register value, and control the generation of corresponding write enable signal WE, erase enable signal ER and read enable signal RE.

控制器根据分区指示信号、操作指示信号以及寄存器中相应控制位的值进行逻辑运算,控制对各用户数据区的操作使能信号的产生。上述发明通过将用户数据区划分为多个,并可以进行访问权限的设定,从而获得不同访问权限的用户数据区。The controller performs logical operations according to the partition indication signal, the operation indication signal and the value of the corresponding control bit in the register, and controls the generation of the operation enable signal for each user data area. In the above invention, user data areas with different access rights can be obtained by dividing the user data area into multiple areas and setting access rights.

但是,上述优化存储器逻辑分区结构的非CPU集成电路卡还是存在改进之处。以电话IC卡为例,当运营商在卡的发卡和使用过程中,若允许随意修改控制字,进而修改用户数据区的访问权限,卡的安全性将没有保证,容易发生卡在使用过程的失效。若不允许修改控制字,则每当需要修改用户数据区访问权限时,就需要重新进行芯片设计和芯片制造,不仅增加了运营商的成本,而且也影响业务的迅速推出。However, there is still room for improvement in the above non-CPU integrated circuit card with an optimized memory logic partition structure. Taking the telephone IC card as an example, if the operator allows the control word to be modified at will during the issuance and use of the card, and then modify the access authority of the user data area, the security of the card will not be guaranteed, and it is easy to cause the card to be damaged during the use process. invalidated. If the control word is not allowed to be modified, whenever the access authority of the user data area needs to be modified, chip design and chip manufacturing need to be performed again, which not only increases the cost of the operator, but also affects the rapid launch of services.

发明内容Contents of the invention

本发明的目的在于提供一种对存储器逻辑分区访问权限进行控制的方法及IC卡,以解决现有技术中当运营商在卡的发卡和使用过程中,若允许直接修改用户数据区的访问权限,则无法保证卡的安全性,若不允许修改用户数据区的访问权限,则每次需要修改用户数据区的访问权限时,则必需重新进行芯片设计和芯片制造,不仅增加了运营商的成本,而且也影响业务的迅速推出的技术问题。The purpose of the present invention is to provide a method and IC card for controlling the access authority of the logical partition of the memory, so as to solve the problem in the prior art when the operator is in the process of issuing and using the card, if the operator is allowed to directly modify the access authority of the user data area , the security of the card cannot be guaranteed. If the access authority of the user data area is not allowed to be modified, then every time the access authority of the user data area needs to be modified, the chip design and chip manufacturing must be re-designed, which not only increases the cost of the operator , but also the rapid rollout of technical issues that affect the business.

为解决上述问题,本发明公开了一种对存储器逻辑分区访问权限进行控制的方法,包括:(1)在存储器中设置存储器访问权限控制区,在其中设置各逻辑分区的访问权限;(2)根据存储器访问权限控制区中的值,对芯片当前工作状态的判断,完成对各个逻辑分区的访问权限控制;(3)当需要修改逻辑分区的访问权限时,在密码校验通过后,可以改写存储器访问权限控制区中的值,从而改变各个逻辑分区的访问权限。In order to solve the above problems, the present invention discloses a method for controlling the access authority of logical partitions of memory, including: (1) setting a memory access authority control area in the memory, and setting the access authority of each logical partition therein; (2) According to the value in the access control area of the memory, the current working state of the chip is judged, and the access control of each logical partition is completed; (3) When the access permission of the logical partition needs to be modified, after the password verification is passed, it can be rewritten The value in the memory access authority control area, thereby changing the access authority of each logical partition.

本发明还包括:将逻辑分区的用户数据区中其中一个区设置为存储密码的密码区。The present invention also includes: setting one of the user data areas of the logical partition as a password area for storing passwords.

步骤(3)中所述密码校验具体为:a1:在外部输入信号作用下,地址计数器产生指向密码区的操作地址;a2:在密码存放地址逐位输入密码,控制器将输入的密码与密码区存储的密码进行比较,只有输入密码与密码区存储的密码完全相同时密码校验才通过。The password verification described in step (3) is specifically: a1: Under the action of an external input signal, the address counter generates an operation address pointing to the password area; a2: Input the password bit by bit at the password storage address, and the controller compares the input password with The passwords stored in the password area are compared, and the password verification is passed only when the input password is exactly the same as the password stored in the password area.

步骤(3)的a1和a2之间还包括:判断是否达到预先设定的密码比较触发条件,若是,则进行步骤a2,否则退出。步骤(3)中改写存储器访问权限控制区中的值具体为:b1:在外部输入信号作用下,地址计数器产生指向存储器访问权限控制区的地址信号ADDR;b2:译码器对地址信号ADDR进行译码;b3:依据译码后产生的地址选择存储器访问权限控制区;b4:利用外部输入信号选择的操作类型对存储器访问权限控制区中的值进行读写擦操作;b5:根据外部输入信息修改存储器访问权限控制区对应的值。Step (3) between a1 and a2 also includes: judging whether the preset password comparison trigger condition is met, if yes, proceed to step a2, otherwise exit. In step (3), rewrite the value in the memory access control area specifically as follows: b1: under the action of an external input signal, the address counter generates an address signal ADDR pointing to the memory access control area; b2: the decoder performs an address signal ADDR Decoding; b3: select the memory access authority control area according to the address generated after decoding; b4: use the operation type selected by the external input signal to read, write and erase the value in the memory access authority control area; b5: according to the external input information Modify the value corresponding to the memory access control area.

所述密码区可以作为数据区,进行读写擦操作,通过该区对应的控制位的值设置所述区作为数据区还是作为密码区。并且,设置的密码校验的操作地址与密码区相邻的数据区的地址不连续,它们之间存在地址跳跃。The password area can be used as a data area for reading, writing, and erasing operations, and the value of the control bit corresponding to the area can be used to set whether the area is used as a data area or as a password area. Moreover, the operation address of the set password verification is not continuous with the address of the data area adjacent to the password area, and there is an address jump between them.

步骤(2)具体为:Step (2) is specifically:

c1:在外部输入信号作用下,地址计数器产生地址信号ADDR;c1: Under the action of an external input signal, the address counter generates an address signal ADDR;

c2:译码器对地址信号ADDR进行译码;c2: The decoder decodes the address signal ADDR;

c3:依据译码后产生的地址选择访问的逻辑分区;c3: Select the logical partition to access according to the address generated after decoding;

c4:根据外部输入信号的组合类型,判断操作类型;c4: According to the combination type of external input signals, determine the operation type;

c5:根据存储器访问权限控制区的设定值,确定是否能对选择的逻辑分区进行读写擦操作。c5: According to the setting value of the memory access control area, determine whether the selected logical partition can be read, written and erased.

一种IC卡,具有对存储器逻辑分区访问权限进行控制功能,包括地址计数器、划分为多个逻辑分区的存储器、I/O接口及控制器,所述存储器的逻辑分区中包含一个可写入访问权限控制字的存储器访问权限控制区以及若干由所述控制字的不同控制位分别确定访问权限的用户数据区,An IC card has the function of controlling the access authority of logical partitions of memory, including an address counter, a memory divided into multiple logical partitions, an I/O interface and a controller, and the logical partition of the memory contains a write-accessible The memory access authority control area of the authority control word and several user data areas whose access authority is respectively determined by different control bits of the control word,

所述用户数据区中包含一个密码区;The user data area includes a password area;

所述控制器,用于根据存储器访问权限控制区中的控制位的值,控制器对芯片当前工作状态的判断,完成对各个逻辑分区的访问权限控制,以及当需要修改逻辑分区的访问权限时,在密码校验通过后,可以修改各个控制位的值,从而改变各个逻辑分区的访问权限。The controller is used to complete the access control of each logical partition according to the value of the control bit in the memory access control area and the controller's judgment on the current working state of the chip, and when the access permission of the logical partition needs to be modified , after the password verification is passed, the value of each control bit can be modified, thereby changing the access rights of each logical partition.

所述控制器包括地址译码器、逻辑分区选择器、存储器访问权限控制器、存储器访问权限寄存器、存储器访问类型判决器,其中存储器访问权限控制器用于对分区指示信号、操作指示信号以及存储器访问权限寄存器的值进行逻辑运算,控制相应的写使能信号、擦使能信号及读使能信号的产生:若逻辑分区禁止所述访问操作,则不产生相应的使能信号,否则产生相应的使能信号,在密码校验过程中读使能信号无效,密码区中的密码只能用于内部比较,若输入密码与其相同则可以对逻辑分区访问权限控制区的值进行改写,从而改变各个逻辑分区的访问权限。IC卡还包括地址变换器,地址变换器通过控制器连接地址计数器,在控制器的指示下进行地址跳跃,并将跳跃后的地址发送至地址译码器。The controller includes an address decoder, a logical partition selector, a memory access authority controller, a memory access authority register, and a memory access type determiner, wherein the memory access authority controller is used for partition indication signals, operation indication signals, and memory access The value of the authority register performs logical operations to control the generation of the corresponding write enable signal, erase enable signal and read enable signal: if the logical partition prohibits the access operation, the corresponding enable signal will not be generated, otherwise the corresponding Enable signal, the read enable signal is invalid during the password verification process, the password in the password area can only be used for internal comparison, if the input password is the same as it, the value of the logical partition access control area can be rewritten, thereby changing Access permissions for logical partitions. The IC card also includes an address converter. The address converter is connected to the address counter through the controller, jumps the address under the instructions of the controller, and sends the jumped address to the address decoder.

与现有技术相比,本发明具有以下优点:Compared with the prior art, the present invention has the following advantages:

用于控制每个区的控制位都存放在存储器访问权限控制区,它们在通常情况下只能读而不能擦写,只有通过密码校验后才能对它们的值进行擦写修改,以此来改变每个控制位对应用户数据区的读写擦状态,由此增加了卡的安全性,而且也为基于账号IC卡的增值业务的升级和扩展提供了高效、灵活的硬件平台。The control bits used to control each area are stored in the memory access control area. They can only be read but not erased under normal circumstances. Only after passing the password verification can their values be erased and modified. Changing the read/write status of each control bit corresponding to the user data area increases the security of the card, and also provides an efficient and flexible hardware platform for the upgrade and expansion of value-added services based on the account IC card.

考虑到卡的升级和扩展等其它因素,申请人还对密码区做了更为灵活的设定:所述密码区还可以作为数据区,当它作为数据区时,可以和其他数据区一样对其能够进行读写擦操作。Considering other factors such as the upgrade and expansion of the card, the applicant also made a more flexible setting for the password area: the password area can also be used as a data area, and when it is used as a data area, it can be used as the same as other data areas. It can perform read, write and erase operations.

并且,设置的密码校验的操作地址与密码区相邻的数据区的地址不连续,它们之间存在地址跳跃,以此提高卡的安全性。Moreover, the operation address of the set password verification is not continuous with the address of the data area adjacent to the password area, and there is an address jump between them, so as to improve the security of the card.

附图说明Description of drawings

图1是200310100411.X专利申请的集成电路卡的结构示意图;Fig. 1 is a structural schematic diagram of the integrated circuit card of the 200310100411.X patent application;

图2为200310100411.X专利申请的存储器逻辑分区的一种示意图;Fig. 2 is a schematic diagram of the memory logic partition of the 200310100411.X patent application;

图3为200310100411.X专利申请中公开的控制器结构示意图;Figure 3 is a structural schematic diagram of the controller disclosed in the 200310100411.X patent application;

图4为本发明提供的一种对存储器逻辑分区访问权限进行控制的方法的流程图;FIG. 4 is a flow chart of a method for controlling the access authority of a memory logical partition provided by the present invention;

图5为将用户数据区划分为五个分区的示意图;FIG. 5 is a schematic diagram of dividing the user data area into five partitions;

图6为采用本发明的IC卡芯片的电路框图;Fig. 6 is the circuit block diagram that adopts IC card chip of the present invention;

图7为存储器访问权限控制器产生控制信号WE或ER的逻辑示意图;7 is a logical schematic diagram of a memory access authority controller generating a control signal WE or ER;

图8为本发明的包括地址变换器的控制器结构示意图。FIG. 8 is a schematic structural diagram of a controller including an address translator according to the present invention.

具体实施方式Detailed ways

以下结合附图,具体说明本发明。The present invention will be described in detail below in conjunction with the accompanying drawings.

存储器结构含有ROM、PROM和EEPROM三种不同状态。ROM用于存放制造商代码。PROM用于存放发行数据。EEPROM在控制位FG=0时,用于存储用户密码和用户数据。在FG=1时,存储器分为若干区,每一个区由一个控制位来控制该区的读写擦。其中一个区设置为密码区,其操作地址与其相邻的数据区地址不连续,它们之间存在一个跳跃,以便于密码的安全。FG和用于控制每个区的控制位都存放在存储器访问权限控制区,他们在通常情况下只能读而不能擦写,只有通过密码校验后才能对它们的值进行擦写修改,以此来改变每个控制位对应用户数据区的读写擦状态。The memory structure contains three different states of ROM, PROM and EEPROM. ROM is used to store manufacturer's code. PROM is used to store distribution data. EEPROM is used to store user password and user data when the control bit FG=0. When FG=1, the memory is divided into several areas, and each area is controlled by a control bit to read, write and erase the area. One of the areas is set as a password area, and its operation address is not continuous with the address of the adjacent data area, and there is a jump between them to facilitate the security of the password. FG and the control bits used to control each area are stored in the memory access control area. They can only be read but not erased under normal circumstances. Only after passing the password verification can their values be erased and modified. This is to change the read, write and erase status of each control bit corresponding to the user data area.

请参阅图4,其为本发明提供的一种对存储器逻辑分区访问权限进行控制的方法的流程图,它包括:Please refer to Fig. 4, which is a flow chart of a method for controlling the access authority of memory logical partitions provided by the present invention, which includes:

S110:在存储器中设置存储器访问权限控制区,在其中设置各逻辑分区的访问权限;S110: setting a memory access authority control area in the memory, and setting the access authority of each logical partition therein;

S120:根据存储器访问权限控制区中的值,对芯片当前工作状态的判断,完成对各个逻辑分区的访问权限控制;S120: According to the value in the memory access control area, judge the current working state of the chip, and complete the access control of each logical partition;

S130:当需要修改逻辑分区的访问权限时,在密码校验通过后,可以改写存储器访问权限控制区中的值,从而改变各个逻辑分区的访问权限。S130: When the access authority of the logical partition needs to be modified, after the password verification is passed, the value in the memory access authority control area can be rewritten, thereby changing the access authority of each logical partition.

本发明可以将用户数据区中其中一个区设置为密码区,并且为了提高安全系数,密码校验的操作地址与密码区相邻的数据区的地址不连续,它们之间存在地址跳跃。In the present invention, one of the user data areas can be set as a password area, and in order to improve the safety factor, the operation address of the password verification is not continuous with the address of the data area adjacent to the password area, and there is an address jump between them.

在存储器访问权限控制区中设置有对应各逻辑分区访问权限的值(如前面所述的控制位);根据存储器访问权限控制区中的值,控制器对芯片当前工作状态进行判断,进而完成对各个逻辑分区的访问权限控制。当需要修改逻辑分区的访问权限时,在密码校验通过后,可以对逻辑分区的访问权限的值进行改写,从而改变各个逻辑分区的访问权限。The value corresponding to the access authority of each logical partition (such as the control bit mentioned above) is set in the memory access authority control area; according to the value in the memory access authority control area, the controller judges the current working state of the chip, and then completes the operation of the chip. Access control for each logical partition. When the access authority of the logical partition needs to be modified, after the password verification is passed, the value of the access authority of the logical partition can be rewritten, thereby changing the access authority of each logical partition.

经过步骤S130修改逻辑分区的值后,控制器根据存储器访问权限控制区中的新的值,进行后续的各个逻辑分区的访问权限控制。控制器可以将用户输入的密码和密码区的密码进行校验,若相同,则允许修改各个逻辑分区的访问权限,不仅包括可以修改数据区的控制值,而且还修改密码区的控制值:根据具体需要将其改为数据区。After modifying the value of the logical partition in step S130, the controller performs subsequent access control of each logical partition according to the new value in the memory access control area. The controller can check the password entered by the user and the password in the password area. If they are the same, the access authority of each logical partition is allowed to be modified, including not only the control value of the data area, but also the control value of the password area: According to Specifically, it needs to be changed to the data area.

本发明所说的值(控制值)是指控制逻辑分区访问权限的控制单元,所述控制单元不仅仅是指严格意义上“位”的概念:它可以由一“位”来表示一逻辑分区的访问权限,也可以由若干“位”或者是一个字甚至是更长的数据单元来表示一逻辑分区的访问权限,而且控制单元可以是控制器能识别的二进制码,而且也可以是控制器能识别的其它命令编码,只要控制器能根据该值能够识别对应逻辑分区的访问权限即可。但是,为了说明方便,本发明在后续的实施例中主要是用一“位”来控制一逻辑分区的访问权限。The value (control value) mentioned in the present invention refers to the control unit that controls the access authority of the logical partition, and the control unit not only refers to the concept of "bit" in the strict sense: it can represent a logical partition by a "bit" The access rights of a logical partition can also be represented by several "bits" or a word or even a longer data unit, and the control unit can be a binary code that the controller can recognize, and it can also be a controller Other command codes that can be identified, as long as the controller can identify the access rights of the corresponding logical partitions according to the value. However, for the convenience of description, in the subsequent embodiments of the present invention, a "bit" is mainly used to control the access authority of a logical partition.

步骤S120可以通过下述步骤完成:Step S120 can be accomplished through the following steps:

b1:在外部输入信号作用下,地址计数器产生地址信号ADDR;b1: Under the action of an external input signal, the address counter generates an address signal ADDR;

b2:译码器对地址信号ADDR进行译码;b2: The decoder decodes the address signal ADDR;

b3:依据译码后产生的地址选择访问的逻辑分区;b3: Select the logical partition to access according to the address generated after decoding;

b4:根据外部输入信号的组合类型,判断操作类型;b4: Determine the operation type according to the combination type of the external input signal;

b5:根据存储器访问权限控制区的设定值,确定是否能对选择的逻辑分区进行读写擦操作。如果允许对所选逻辑分区进行访问,则产生相应的写擦使能信号或芯片读出允许信号,否则对存储器禁止操作,则存储器访问权限控制器进行屏蔽,对逻辑分区不进行读写擦操作。b5: According to the setting value of the memory access authority control area, determine whether the selected logical partition can be read, written and erased. If access to the selected logical partition is allowed, a corresponding write-erase enable signal or a chip read-out enable signal is generated; otherwise, the operation of the memory is prohibited, and the memory access authority controller shields the logical partition from reading, writing and erasing. .

步骤S130可以通过以下步骤完成:Step S130 can be accomplished through the following steps:

a1:在外部输入信号作用下,地址计数器产生指向密码区的操作地址;a1: under the action of an external input signal, the address counter generates an operation address pointing to the password area;

a2:在密码存放地址逐位输入密码,控制器将输入的密码与密码区存储的密码进行比较,只有输入密码与密码区存储的密码完全相同时密码校验才通过。a2: Enter the password bit by bit in the password storage address, and the controller will compare the input password with the password stored in the password area. Only when the input password is exactly the same as the password stored in the password area, the password verification will pass.

并且,为了提高安全系数,还可以预先设定密码比较触发条件,在每次输入密码之前,判断是否达到预先设定的密码比较触发条件,若是,则进行步骤a2,否则退出。密码比较触发条件可以根据具体情况来设定。比如:在密码区的错误计数器中寻找一位为‘1’的位,并在该位执行写操作将其有效写成‘0’,则芯片内部才启动密码比较操作。并且,如果该错误计数器全为‘0’,则密码校验机制将被禁止。Moreover, in order to improve the safety factor, the password comparison trigger condition can also be set in advance, before entering the password each time, it is judged whether the preset password comparison trigger condition is met, if yes, go to step a2, otherwise exit. The password comparison trigger condition can be set according to specific situations. For example: look for a '1' bit in the error counter in the password area, and perform a write operation on this bit to effectively write it as '0', then the password comparison operation will be started inside the chip. And, if the error counters are all '0', the password verification mechanism will be disabled.

基于上述公开的流程,本发明提供了一种IC卡,具有对存储器逻辑分区访问权限进行控制功能,包括地址计数器、划分为多个逻辑分区的存储器、I/O接口及控制器,所述存储器的逻辑分区中包含一个可写入访问权限控制字的存储器访问权限控制区以及若干由所述控制字的不同控制位分别确定访问权限的用户数据区,用户数据区中包含一个密码区;控制器,用于根据存储器访问权限控制区中的控制位的值,控制器对芯片当前工作状态的判断,完成对各个逻辑分区的访问权限控制,以及当需要修改逻辑分区的访问权限时,在密码校验通过后,可以修改各个控制位的值,从而改变各个逻辑分区的访问权限。Based on the process disclosed above, the present invention provides an IC card, which has the function of controlling the access authority of logical partitions of memory, including address counters, memory divided into multiple logical partitions, I/O interfaces and controllers. The logical partition includes a memory access control area in which the access control word can be written and several user data areas whose access rights are respectively determined by different control bits of the control word. The user data area includes a password area; the controller , used to complete the access control of each logical partition according to the value of the control bit in the memory access control area and the controller's judgment on the current working state of the chip, and when the access permission of the logical partition needs to be modified, the password calibration After passing the verification, you can modify the value of each control bit, thereby changing the access rights of each logical partition.

所述控制器包括地址译码器、逻辑分区选择器、存储器访问权限控制器、存储器访问权限寄存器、存储器访问类型判决器,其中存储器访问权限控制器用于对分区指示信号、操作指示信号以及存储器访问权限寄存器的值进行逻辑运算,控制相应的写使能信号、擦使能信号及读使能信号的产生:若逻辑分区禁止所述访问操作,则不产生相应的使能信号,否则产生相应的使能信号,在密码校验过程中读使能信号无效,密码区中的密码只能用于内部比较,若输入密码与其相同则可以对逻辑分区的访问权限进行改写,从而改变各个逻辑分区的访问权限。The controller includes an address decoder, a logical partition selector, a memory access authority controller, a memory access authority register, and a memory access type determiner, wherein the memory access authority controller is used for partition indication signals, operation indication signals, and memory access The value of the authority register performs logical operations to control the generation of the corresponding write enable signal, erase enable signal and read enable signal: if the logical partition prohibits the access operation, the corresponding enable signal will not be generated, otherwise the corresponding Enable signal, the read enable signal is invalid during the password verification process, the password in the password area can only be used for internal comparison, if the input password is the same as it, the access authority of the logical partition can be rewritten, thereby changing the access permission.

对逻辑分区的访问权限进行调整后,可以满足不同应用对存储区大小及访问权限的需求。而不会由于应用不同需要重新进行芯片设计和芯片制造,由此节省了开发时间与成本,进而为基于账号IC卡的增值业务的升级和扩展提供了高效、灵活的硬件平台。After adjusting the access rights of the logical partitions, the requirements of different applications on the storage area size and access rights can be met. It does not need to re-design and manufacture chips due to different applications, thereby saving development time and costs, and providing an efficient and flexible hardware platform for upgrading and expanding value-added services based on account IC cards.

以下以一个实施例来说明本发明。The present invention is described below with an embodiment.

请参阅图5,将用户数据区划分为五个分区的示意图。用户数据区分别划分为数据区1、数据区2、数据区3、数据区4和数据区5。当数据区5作为数据区使用时的情况的描述。Please refer to Figure 5, which is a schematic diagram of dividing the user data area into five partitions. The user data area is divided into data area 1, data area 2, data area 3, data area 4 and data area 5 respectively. Description of the situation when data area 5 is used as a data area.

请参阅图6,其为采用本发明的IC卡芯片的电路框图。该芯片由地址计数器11、控制器12、I/O接口13和存储器14组成。其输入输出管脚有5个:RST、CLK、IO、电源VCC和地GND。其中,RST、CLK和IO分别为外部复位信号、外部时钟输入信号和数据输入输出信号。电源VCC和地GND在图中未标出。地址计数器11在CLK和RST信号作用下产生地址信号ADDR。控制器根据外部输入信号、ADDR信号和存储器各逻辑分区的访问权限,控制到存储器的地址信号以及写使能信号WE、擦使能信号ER以及到I/O接口的读使能信号RE的产生。I/O接口在RE信号有效时将存储数据输出到外部端口,或者从外部输入数据用于密码的比较。Please refer to Fig. 6, which is a circuit block diagram of the IC card chip of the present invention. The chip is composed of address counter 11 , controller 12 , I/O interface 13 and memory 14 . There are 5 input and output pins: RST, CLK, IO, power supply VCC and ground GND. Among them, RST, CLK and IO are external reset signal, external clock input signal and data input and output signal respectively. The power supply VCC and the ground GND are not marked in the figure. Address counter 11 generates address signal ADDR under the action of CLK and RST signals. According to the external input signal, ADDR signal and the access authority of each logical partition of the memory, the controller controls the generation of the address signal to the memory, the write enable signal WE, the erase enable signal ER, and the read enable signal RE to the I/O interface . The I/O interface outputs stored data to an external port when the RE signal is valid, or inputs data from the outside for password comparison.

图8为本发明控制器的结构框图,它包括地址译码器31、存储器逻辑分区选择器32、存储器访问权限控制器33、存储器访问权限寄存器34、存储器访问类型判决器35。FIG. 8 is a structural block diagram of the controller of the present invention, which includes an address decoder 31 , a memory logical partition selector 32 , a memory access authority controller 33 , a memory access authority register 34 , and a memory access type determiner 35 .

地址译码器31,用于对地址计数器的结果即ADDR信号译码,产生存储器的字线信号和位线信号,同时将译码结果信号送往逻辑分区选择器32。The address decoder 31 is used to decode the result of the address counter, that is, the ADDR signal, to generate the word line signal and the bit line signal of the memory, and send the decoded result signal to the logical partition selector 32 .

逻辑分区选择器32,用于根据译码结果信号,判断其所属的逻辑分区,使地址所指向的逻辑分区的指示信号有效,并送到存储器访问权限控制器33。The logical partition selector 32 is used to determine the logical partition to which it belongs according to the decoding result signal, enable the indication signal of the logical partition pointed to by the address, and send it to the memory access authority controller 33 .

存储器访问类型判决器35,用于根据CLK和RST的不同组合形式,产生不同的操作指示信号,如读指示信号RE1、写指示信号WE1或擦指示信号ER1,输出到存储器访问权限控制器33。The memory access type determiner 35 is used to generate different operation indication signals according to different combinations of CLK and RST, such as read indication signal RE1, write indication signal WE1 or erase indication signal ER1, and output them to the memory access authority controller 33.

存储器访问权限寄存器34,用于读取存储器访问权限控制区的控制字并将其锁存,即该寄存器继承了存储器访问权限控制区的数值,寄存器中的某一位规定了所对应逻辑分区的访问权限。The memory access authority register 34 is used to read the control word of the memory access authority control area and latch it, that is, the register inherits the value of the memory access authority control area, and a certain bit in the register specifies the value of the corresponding logical partition. access permission.

存储器访问权限控制器33,用于对分区指示信号、操作指示信号以及存储器访问权限寄存器的值进行逻辑运算,控制相应的写使能信号WE、擦使能信号ER及读使能信号RE的产生。其中,WE和ER信号输出到存储器,对存储器进行写擦操作,RE信号输出到I/O接口,控制数据输入输出电路对存储器数据的输出。对于合法的访问操作产生相应的使能信号(ER和WE信号直接用于数据的擦除和写入);如果该逻辑分区禁止这种访问操作,则不能产生该操作的使能信号,从而实现对外部设备访问存储器的控制。对于这一部分的描述详见下文存储器访问权限控制器产生控制信号WE或ER的逻辑示意图及其说明。The memory access authority controller 33 is used to perform logical operations on the value of the partition indication signal, the operation indication signal, and the memory access authority register, and control the generation of the corresponding write enable signal WE, erase enable signal ER, and read enable signal RE . Among them, the WE and ER signals are output to the memory to perform write and erase operations on the memory, and the RE signal is output to the I/O interface to control the data input and output circuit to output the memory data. Generate corresponding enable signals for legal access operations (ER and WE signals are directly used for erasing and writing data); if the logical partition prohibits this access operation, the enable signal for this operation cannot be generated, thereby realizing Control of access to memory by external devices. For the description of this part, please refer to the logical schematic diagram and description of the control signal WE or ER generated by the memory access authority controller below.

逻辑分区选择器32,用于根据地址译码的结果,判断地址处于哪个逻辑分区,使该逻辑分区指示信号(FQ1~FQ5)有效。数据区1至数据区5指示信号送往存储器访问权限控制器33,用于访问权限控制。逻辑分区的硬件实现方案是:对于存储器中每一个字节,地址译码器均有一条译码结果字线与其对应,根据逻辑分区的大小,将每一分区中所有地址对应的字线进行“或”运算,其运算结果作为该分区的指示信号输出,就可以达到划分逻辑分区,并使地址所指向分区的指示信号有效。The logical partition selector 32 is used for judging which logical partition the address is in according to the result of address decoding, and enabling the logical partition indication signals (FQ1-FQ5). The indication signals from data area 1 to data area 5 are sent to the memory access authority controller 33 for access authority control. The hardware implementation scheme of the logical partition is: for each byte in the memory, the address decoder has a decoding result word line corresponding to it, and according to the size of the logical partition, the word lines corresponding to all addresses in each partition are " Or" operation, the operation result is output as the indication signal of the partition, so as to achieve the division of logical partitions and make the indication signal of the partition pointed to by the address effective.

为了提高密码的安全性,本发明还包括地址变换器36,所述地址变换器通过控制器连接地址计数器,在控制器的指示下进行地址跳跃,并将跳跃后的地址发送至地址译码器(请参阅图8)。地址跳跃是通过地址变换器实现的,当第5区作为密码区使用时,外部地址指向该区域时,通过地址变换器将其增加到存储器的最大地址之外,使外部读出的数据为空地址的数据,以保证密码区的数据不被读出。另外当密码校验达到其操作地址时,地址变换器又将外部地址变换成密码区在存储器中的物理地址,从该区域读出密码与外部输入的密码进行比较,如果两者完全一致则校验通过,否则校验不通过。In order to improve the security of the password, the present invention also includes an address converter 36, which is connected to the address counter through the controller, performs address jump under the instruction of the controller, and sends the jumped address to the address decoder (see Figure 8). Address jumping is realized through an address converter. When the fifth area is used as a password area, when the external address points to this area, it is increased beyond the maximum address of the memory through the address converter, so that the externally read data is empty. Address data to ensure that the data in the password area will not be read out. In addition, when the password verification reaches its operating address, the address converter converts the external address into the physical address of the password area in the memory, and compares the password read from this area with the password input from the outside. The verification passes, otherwise the verification fails.

改变存储器逻辑分区的访问权限是通过给存储器访问权限控制区写入不同的值来实现的。芯片上电后,存储器访问权限控制区的数值被送给存储器访问权限寄存器34,并且被存储器访问权限寄存器34锁存。存储器访问权限寄存器34完全继承了存储器访问权限控制区的数值,即存储器访问权限寄存器中的某一位规定了对应逻辑分区的访问权限,不同的值代表着不同的访问权限。Changing the access authority of the memory logical partition is realized by writing different values to the memory access authority control area. After the chip is powered on, the value in the memory access authority control area is sent to the memory access authority register 34 and latched by the memory access authority register 34 . The memory access right register 34 completely inherits the value of the memory access right control area, that is, a certain bit in the memory access right register defines the access right of the corresponding logical partition, and different values represent different access rights.

五个用户数据区都有自己独立的访问控制方式,每个数据区又有多种访问权限,分别由存储器访问权限控制区中不同的位进行控制。每个数据区对应着不同的控制位,控制位的值又确定该数据区的访问权限。因此要改变数据区的访问权限,只需改变其对应控制位的值,使其控制方式十分灵活。控制位和用户数据区、访问权限的对应关系如下表所示:   存储器访问权限控制区   数据区   访问权限   DF1   用户数据区1   只读/可读写擦   DF2   用户数据区2   只读/可读写擦   DF3   用户数据区3   只读/可读写擦   DF4   用户数据区4   只读/可读写擦   DF5   用户数据区5   可读擦写/可比较 The five user data areas have their own independent access control methods, and each data area has multiple access rights, which are controlled by different bits in the memory access control area. Each data area corresponds to a different control bit, and the value of the control bit determines the access authority of the data area. Therefore, to change the access authority of the data area, it is only necessary to change the value of the corresponding control bit, so that the control method is very flexible. The corresponding relationship between control bits, user data area and access rights is shown in the following table: memory access control area data area access permission DF1 User Data Area 1 Read-only / read-write erase DF2 User Data Area 2 Read-only / read-write erase DF3 User Data Area 3 Read-only / read-write erase DF4 User Data Area 4 Read-only / read-write erase DF5 User Data Area 5 read/write/comparable

不可访问——存储器中的数据不能被外部设备读出,也不能被擦写;Inaccessible - the data in the memory cannot be read by external devices, nor can it be erased;

只读——存储器中的数据能被外部设备读出,但不能进行擦写修改;Read-only - the data in the memory can be read by external devices, but cannot be erased and modified;

可读写擦——存储单元能反复擦写,所写数据能被外部设备读出。Readable, writable and erasable - the storage unit can be repeatedly erased and written, and the written data can be read by external devices.

可比较-----存储器中的数据不能被外部设备读出,也不能做修改。只能与外部输入的数据在电路内部进行比较。Comparable -- the data in the memory cannot be read by external devices, nor can it be modified. It can only be compared with externally input data inside the circuit.

该芯片的存储器访问权限控制器33在对用户数据区进行访问控制时,除对逻辑分区指示信号和操作指示信号进行逻辑运算外,还结合存储器访问权限寄存器中控制位的值一起进行逻辑运算。The memory access authority controller 33 of the chip performs logic operations in combination with the value of the control bit in the memory access authority register in addition to performing logical operations on the logical partition indication signal and the operation indication signal when controlling access to the user data area.

请参阅图7,其为存储器访问权限控制器产生控制信号WE或ER的逻辑示意图。现在以写信号WE的产生为例进行说明,用户数据区1至用户数据区5的指示信号FQ1~FQ5先与存储器访问权限寄存器中相应的控制位进行逻辑操作,运算结果CNTL1-CNTL5用来选择是否允许WE1信号通过存储器访问权限控制器。只要CNTL1-CNTL5中有一个信号有效,则允许WE1信号通过。即WE信号与WE1信号相同,若WE信号代表一个写操作,则可以对存储器的相应单元写。若CNTL1-CNTL5都为无效状态,则WE1信号就不允许通过,使得WE信号始终保持无效状态,不能对存储器写操作。擦信号ER的产生方法与写信号WE的一致。Please refer to FIG. 7 , which is a schematic logic diagram of the memory access authority controller generating the control signal WE or ER. Now take the generation of the write signal WE as an example to illustrate. The indication signals FQ1~FQ5 of the user data area 1 to the user data area 5 first perform logic operations with the corresponding control bits in the memory access authority register, and the operation results CNTL1-CNTL5 are used to select Whether to allow the WE1 signal to pass through the memory access authority controller. As long as one signal in CNTL1-CNTL5 is valid, the WE1 signal is allowed to pass. That is, the WE signal is the same as the WE1 signal, and if the WE signal represents a write operation, then the corresponding unit of the memory can be written. If CNTL1-CNTL5 are all in an invalid state, the WE1 signal is not allowed to pass through, so that the WE signal remains in an invalid state all the time, and the memory cannot be written. The generation method of the erase signal ER is the same as that of the write signal WE.

当第5区作为密码区使用时,存放在存储器访问权限控制区的FG和5个控制位的值在正常使用情况下只能读而不能擦写,因此在卡的发行过程中写入控制位的值是不能随意修改的,从而确保每个控制位所对应的用户数据区的操作模式不能随意修改。例如在发行过程中将某一用户数据区设为只读状态,并在该用户数据区内存放一组帐号,那么在正常使用时芯片将屏蔽所有对该用户数据区的擦写操作,确保其内部所存放的帐号不被意外修改,有效地抑制卡在使用过程中的失效。但是密码的存在又为运营商提供了一种可靠改写用户数据区内帐号的方法,在密码校验通过后,可以对存储器访问权限控制区进行读写擦操作(即改写控制位的值),从而改变其对应数据区的操作模式。当该用户数据区的操作模式变为读写擦时,其内部所存储的帐号就可以进行修改。When the 5th area is used as a password area, the values of FG and 5 control bits stored in the memory access control area can only be read but not rewritable under normal use, so write the control bit during the card issuance process The value cannot be modified at will, so as to ensure that the operation mode of the user data area corresponding to each control bit cannot be modified at will. For example, if a certain user data area is set as read-only during the issuance process, and a group of account numbers are stored in the user data area, then the chip will block all erasing and writing operations on the user data area during normal use to ensure that the The account number stored inside will not be accidentally modified, effectively inhibiting the invalidation of the card during use. However, the existence of the password provides a method for the operator to reliably rewrite the account number in the user data area. After the password verification is passed, the memory access control area can be read, written, and erased (that is, the value of the control bit is rewritten). Thereby changing the operation mode of its corresponding data area. When the operation mode of the user data area changes to read, write and erase, the account number stored inside can be modified.

上述公开的用户数据区分为5个区,但并非局限于此,用户数据区可以分为若干区,比如分为2-5个区。可以将其中一个区设定为密码区,考虑到密码区和其它数据区的地址不连续,因此可以将用户数据区的最后一个区作为密码区。The user data area disclosed above is divided into 5 areas, but it is not limited thereto. The user data area can be divided into several areas, such as 2-5 areas. One of the areas can be set as the password area. Considering that the addresses of the password area and other data areas are not continuous, the last area of the user data area can be used as the password area.

用户模式下的密码校验具有很高的安全性能:1、在密码校验通过前,密码不可读写擦,以保证密码的保密性;2、密码校验有次数限制(最多8次),以防止密码被穷举破解;3、密码校验的操作地址与前面数据区的地址不连续,之间有一个地址跳跃,这样有利于密码的安全。The password verification in the user mode has high security performance: 1. Before the password verification is passed, the password cannot be read, written and erased to ensure the confidentiality of the password; 2. The number of password verifications is limited (up to 8 times), To prevent the password from being exhaustively cracked; 3. The operation address of the password verification is not continuous with the address of the previous data area, and there is an address jump between them, which is conducive to the security of the password.

以上公开的仅为本发明的一个具体实施例,但本发明并不局限于此,对于本领域的技术人员来说,在不背离本发明实质的情况下对上述实施方式进行各种变化和修改,这些都应在本发明的保护范围内。The above disclosure is only a specific embodiment of the present invention, but the present invention is not limited thereto. For those skilled in the art, various changes and modifications can be made to the above-mentioned embodiment without departing from the essence of the present invention , these should all be within the protection scope of the present invention.

Claims (11)

1、一种对存储器逻辑分区访问权限进行控制的方法,其特征在于,包括:1. A method for controlling access rights to logical partitions of memory, comprising: (1)在存储器中设置存储器访问权限控制区,在其中设置各逻辑分区的访问权限;(1) Setting a memory access control area in the memory, in which the access rights of each logical partition are set; (2)根据存储器访问权限控制区中的值,对芯片当前工作状态的判断,完成对各个逻辑分区的访问权限控制;(2) According to the value in the memory access control area, the judgment of the current working state of the chip is completed to control the access rights of each logical partition; (3)当需要修改逻辑分区的访问权限时,在密码校验通过后,可以改写存储器访问权限控制区中的值,从而改变各个逻辑分区的访问权限。(3) When the access authority of the logical partition needs to be modified, after the password verification is passed, the value in the memory access authority control area can be rewritten, thereby changing the access authority of each logical partition. 2、如权利要求1所述的对存储器逻辑分区访问权限进行控制的方法,其特征在于,还包括:将逻辑分区的用户数据区中其中一个区设置为存储密码的密码区。2. The method for controlling access authority of a logical partition of a memory according to claim 1, further comprising: setting one of the user data areas of the logical partition as a password area for storing passwords. 3、如权利要求2所述的对存储器逻辑分区访问权限进行控制的方法,其特征在于,步骤(3)中所述密码校验具体为:3. The method for controlling the access authority of the memory logical partition as claimed in claim 2, wherein the password verification in step (3) is specifically: a1:在外部输入信号作用下,地址计数器产生指向密码区的操作地址;a1: under the action of an external input signal, the address counter generates an operation address pointing to the password area; a2:在密码存放地址逐位输入密码,控制器将输入的密码与密码区存储的密码进行比较,只有输入密码与密码区存储的密码完全相同时密码校验才通过。a2: Enter the password bit by bit in the password storage address, and the controller will compare the input password with the password stored in the password area. Only when the input password is exactly the same as the password stored in the password area, the password verification will pass. 4、如权利要求3所述的对存储器逻辑分区访问权限进行控制的方法,其特征在于,步骤(3)的a1和a2之间还包括:判断是否达到预先设定的密码比较触发条件,若是,则进行步骤a2,否则退出。4. The method for controlling the access authority of the memory logical partition as claimed in claim 3, characterized in that, between a1 and a2 of step (3), further comprising: judging whether a preset password comparison trigger condition is reached, if , proceed to step a2, otherwise exit. 5、如权利要求1或2所述的对存储器逻辑分区访问权限进行控制的方法,其特征在于,步骤(3)中改写存储器访问权限控制区中的值具体为:5. The method for controlling the access authority of the memory logical partition as claimed in claim 1 or 2, wherein the value in the rewriting memory access authority control area in step (3) is specifically: b1:在外部输入信号作用下,地址计数器产生指向存储器访问权限控制区的地址信号ADDR;b1: under the action of an external input signal, the address counter generates an address signal ADDR pointing to the memory access control area; b2:译码器对地址信号ADDR进行译码;b2: The decoder decodes the address signal ADDR; b3:依据译码后产生的地址选择存储器访问权限控制区;b3: select the memory access authority control area according to the address generated after decoding; b4:利用外部输入信号选择的操作类型对存储器访问权限控制区中的值进行读写擦操作;b4: Use the operation type selected by the external input signal to read, write and erase the value in the memory access control area; b5:根据外部输入信息修改存储器访问权限控制区对应的值。b5: Modify the value corresponding to the memory access authority control area according to the external input information. 6、如权利要求2所述的对存储器逻辑分区访问权限进行控制的方法,其特征在于,所述密码区可以作为数据区,进行读写擦操作,通过该区对应的控制位的值设置所述区作为数据区还是作为密码区。6. The method for controlling the access authority of the memory logic partition as claimed in claim 2, wherein the password area can be used as a data area for reading, writing, and erasing operations, and the value of the control bit corresponding to the area is used to set the The above area is used as a data area or as a password area. 7、如权利要求2或3所述的对存储器逻辑分区访问权限进行控制的方法,其特征在于,还包括:设置的密码校验的操作地址与密码区相邻的数据区的地址不连续,它们之间存在地址跳跃。7. The method for controlling the access authority of the memory logical partition according to claim 2 or 3, further comprising: the operation address of the set password verification is not continuous with the address of the data area adjacent to the password area, There are address jumps between them. 8、如权利要求1或2所述的对存储器逻辑分区访问权限进行控制的方法,其特征在于,步骤(2)具体为:8. The method for controlling access rights of memory logical partitions according to claim 1 or 2, characterized in that step (2) is specifically: c1:在外部输入信号作用下,地址计数器产生地址信号ADDR;c1: Under the action of an external input signal, the address counter generates an address signal ADDR; c2:译码器对地址信号ADDR进行译码;c2: The decoder decodes the address signal ADDR; c3:依据译码后产生的地址选择访问的逻辑分区;c3: Select the logical partition to access according to the address generated after decoding; c4:根据外部输入信号的组合类型,判断操作类型;c4: According to the combination type of external input signals, determine the operation type; c5:根据存储器访问权限控制区的设定值,确定是否能对选择的逻辑分区进行读写擦操作。c5: According to the setting value of the memory access control area, determine whether the selected logical partition can be read, written and erased. 9、一种IC卡,具有对存储器逻辑分区访问权限进行控制功能,包括地址计数器、划分为多个逻辑分区的存储器、I/O接口及控制器,所述存储器的逻辑分区中包含一个可写入访问权限控制字的存储器访问权限控制区以及若干由所述控制字的不同控制位分别确定访问权限的用户数据区,其特征在于,9. An IC card, which has the function of controlling the access authority of the memory logical partition, including an address counter, a memory divided into a plurality of logical partitions, an I/O interface and a controller, and the logical partition of the memory contains a writable Enter the memory access control area of the access control word and several user data areas whose access rights are respectively determined by different control bits of the control word, it is characterized in that, 所述用户数据区中包含一个密码区;The user data area includes a password area; 所述控制器,用于根据存储器访问权限控制区中的值,对芯片当前工作状态的判断,完成对各个逻辑分区的访问权限控制,以及当需要修改逻辑分区的访问权限时,在密码校验通过后,可以修改各个控制位的值,从而改变各个逻辑分区的访问权限。The controller is used for judging the current working state of the chip according to the value in the access authority control area of the memory, completing the access authority control to each logical partition, and when the access authority of the logical partition needs to be modified, in the password verification After passing, the value of each control bit can be modified, thereby changing the access rights of each logical partition. 10、如权利要求9所述的IC卡,其特征在于,所述控制器包括地址译码器、逻辑分区选择器、存储器访问权限控制器、存储器访问权限寄存器、存储器访问类型判决器,其中存储器访问权限控制器用于对分区指示信号、操作指示信号以及存储器访问权限寄存器的值进行逻辑运算,控制相应的写使能信号、擦使能信号及读使能信号的产生:若逻辑分区禁止所述访问操作,则不产生相应的使能信号,否则产生相应的使能信号,在密码校验过程中读使能信号无效,密码区中的密码只能用于内部比较,若输入密码与其相同则可以对逻辑分区访问权限控制区的值进行改写,从而改变各个逻辑分区的访问权限。10. The IC card according to claim 9, wherein the controller comprises an address decoder, a logical partition selector, a memory access authority controller, a memory access authority register, and a memory access type determiner, wherein the memory The access authority controller is used to perform logical operations on the partition indication signal, operation indication signal and the value of the memory access authority register, and control the generation of the corresponding write enable signal, erase enable signal and read enable signal: if the logical partition prohibits the Access operation, the corresponding enable signal will not be generated, otherwise the corresponding enable signal will be generated, the read enable signal is invalid during the password verification process, the password in the password area can only be used for internal comparison, if the input password is the same as the The value of the access authority control area of the logical partition can be rewritten, thereby changing the access authority of each logical partition. 11、如权利要求9所述的IC卡,其特征在于,还包括地址变换器,地址变换器通过控制器连接地址计数器,在控制器的指示下进行地址跳跃,并将跳跃后的地址发送至地址译码器。11. The IC card according to claim 9, further comprising an address changer, the address changer is connected to the address counter through the controller, performs address jump under the instruction of the controller, and sends the jumped address to address decoder.
CNB2005100888150A 2005-07-29 2005-07-29 Method and IC card for controlling storage logic partition access authority Expired - Lifetime CN100338589C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2005100888150A CN100338589C (en) 2005-07-29 2005-07-29 Method and IC card for controlling storage logic partition access authority

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2005100888150A CN100338589C (en) 2005-07-29 2005-07-29 Method and IC card for controlling storage logic partition access authority

Publications (2)

Publication Number Publication Date
CN1716221A true CN1716221A (en) 2006-01-04
CN100338589C CN100338589C (en) 2007-09-19

Family

ID=35822069

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005100888150A Expired - Lifetime CN100338589C (en) 2005-07-29 2005-07-29 Method and IC card for controlling storage logic partition access authority

Country Status (1)

Country Link
CN (1) CN100338589C (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101777077A (en) * 2010-02-26 2010-07-14 四川长虹电器股份有限公司 Method for implementing file system of embedded device
CN101175268B (en) * 2006-10-31 2010-09-08 华为技术有限公司 Method and device for controlling operation authority of communication terminal chip
US7925894B2 (en) 2001-07-25 2011-04-12 Seagate Technology Llc System and method for delivering versatile security, digital rights management, and privacy services
US8028166B2 (en) 2006-04-25 2011-09-27 Seagate Technology Llc Versatile secure and non-secure messaging
CN102299798A (en) * 2011-06-22 2011-12-28 中国电力科学研究院 Secure transmission method of smart card based on mode control word pattern
CN101640883B (en) * 2008-07-29 2012-07-04 中国移动通信集团公司 Method, system and device for space management of user card memory
US8281178B2 (en) 2006-04-25 2012-10-02 Seagate Technology Llc Hybrid computer security clock
US8429724B2 (en) 2006-04-25 2013-04-23 Seagate Technology Llc Versatile access control system
CN103279431A (en) * 2013-05-23 2013-09-04 青岛海信宽带多媒体技术有限公司 Access method for kinds of permissions of memorizer
CN109376031A (en) * 2018-09-27 2019-02-22 潍柴动力股份有限公司 A method and device for preventing misjudgment of EEPROM storage area verification
CN111274555A (en) * 2020-01-15 2020-06-12 莆田杰木科技有限公司 Code protection method and protection device in Flash memory
CN113420308A (en) * 2021-07-01 2021-09-21 联芸科技(杭州)有限公司 Data access control method and control system for encryption memory

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2386080A1 (en) * 1977-03-31 1978-10-27 Cii Honeywell Bull ACCOUNTING SYSTEM FOR PREDETERMINED HOMOGENEOUS UNITS
US5603000A (en) * 1989-05-15 1997-02-11 Dallas Semiconductor Corporation Integrated circuit memory with verification unit which resets an address translation register upon failure to define one-to-one correspondences between addresses and memory cells
JPH0916740A (en) * 1995-06-28 1997-01-17 Dainippon Printing Co Ltd Portable information recording medium and information writing / reading method therefor
JP3611964B2 (en) * 1998-04-16 2005-01-19 富士通株式会社 Storage device, storage control method, and storage medium
CN100390817C (en) * 2003-06-10 2008-05-28 大唐微电子技术有限公司 IC smart card with dynamic logical partition and access control and its implementation method
CN1253829C (en) * 2003-10-15 2006-04-26 大唐微电子技术有限公司 Non-CPU integrated circuit card for optimizing storage logic partition structure

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7925894B2 (en) 2001-07-25 2011-04-12 Seagate Technology Llc System and method for delivering versatile security, digital rights management, and privacy services
US8429724B2 (en) 2006-04-25 2013-04-23 Seagate Technology Llc Versatile access control system
US8028166B2 (en) 2006-04-25 2011-09-27 Seagate Technology Llc Versatile secure and non-secure messaging
US8281178B2 (en) 2006-04-25 2012-10-02 Seagate Technology Llc Hybrid computer security clock
CN101175268B (en) * 2006-10-31 2010-09-08 华为技术有限公司 Method and device for controlling operation authority of communication terminal chip
CN101640883B (en) * 2008-07-29 2012-07-04 中国移动通信集团公司 Method, system and device for space management of user card memory
CN101777077A (en) * 2010-02-26 2010-07-14 四川长虹电器股份有限公司 Method for implementing file system of embedded device
CN101777077B (en) * 2010-02-26 2012-08-15 四川长虹电器股份有限公司 Method for implementing file system of embedded device
CN102299798A (en) * 2011-06-22 2011-12-28 中国电力科学研究院 Secure transmission method of smart card based on mode control word pattern
CN102299798B (en) * 2011-06-22 2014-10-08 中国电力科学研究院 Secure transmission method of smart card based on mode control word pattern
CN103279431A (en) * 2013-05-23 2013-09-04 青岛海信宽带多媒体技术有限公司 Access method for kinds of permissions of memorizer
CN109376031A (en) * 2018-09-27 2019-02-22 潍柴动力股份有限公司 A method and device for preventing misjudgment of EEPROM storage area verification
CN109376031B (en) * 2018-09-27 2022-10-25 潍柴动力股份有限公司 Method and device for preventing error judgment of check of EEPROM storage area
CN111274555A (en) * 2020-01-15 2020-06-12 莆田杰木科技有限公司 Code protection method and protection device in Flash memory
CN111274555B (en) * 2020-01-15 2022-11-18 福建杰木科技有限公司 Code protection method and protection device in flash memory
CN113420308A (en) * 2021-07-01 2021-09-21 联芸科技(杭州)有限公司 Data access control method and control system for encryption memory

Also Published As

Publication number Publication date
CN100338589C (en) 2007-09-19

Similar Documents

Publication Publication Date Title
US7447807B1 (en) Systems and methods for storing data in segments of a storage subsystem
CN1129916C (en) Programmable access protection in a flash memory device
US8127048B1 (en) Systems and methods for segmenting and protecting a storage subsystem
CN100338589C (en) Method and IC card for controlling storage logic partition access authority
US7275128B2 (en) Selectable block protection for non-volatile memory
CN101266835A (en) Non-volatile memory device including multiple user-selectable programming modes and related method
CN1122163A (en) A secure memory card with program-controlled security access control
US9032135B2 (en) Data protecting method, memory controller and memory storage device using the same
CN104346103A (en) Instruction execution method, memory controller and memory storage device
CN102239524A (en) Logical unit operation
CN114443507A (en) Memory system and operating method thereof
US9235501B2 (en) Memory storage device, memory controller thereof, and method for programming data thereof
CN113721835A (en) Data storage device and operation method thereof
CN101059752A (en) Storage device using nonvolatile cache memory and control method thereof
TW202034178A (en) A data storage device and a data processing method
TWI437569B (en) Method for managing a plurality of blocks of a flash memory, and associated memory device and controller thereof
US20120191924A1 (en) Preparation of memory device for access using memory access type indicator signal
CN102129353B (en) Data writing system and data writing method
CN111435333B (en) Storage device and operation method thereof
CN109783005A (en) Control method, memory storage and its controller and electronic device of memory storage
CN102193870B (en) Memory management and write-in method, memory controller and memory storage system
CN103513930A (en) Memory management method, memory controller and memory storage device
TW201214111A (en) Data writing method, memory controller and memory storage apparatus
CN1189901A (en) Method and device enabling a fixed programme to be developed
CN118796119A (en) Memory management method and storage device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20180115

Address after: The 300463 Tianjin FTA test area (Dongjiang Bonded Port) No. 6865 North Road, 1-1-1802-7 financial and trade center of Asia

Patentee after: Xinjin Leasing (Tianjin) Co.,Ltd.

Address before: 100094 Yongjia North Road, Beijing, No. 6, No.

Patentee before: DATANG MICROELECTRONICS TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20201010

Address after: 100094 No. 6 Yongjia North Road, Beijing, Haidian District

Patentee after: DATANG MICROELECTRONICS TECHNOLOGY Co.,Ltd.

Address before: 300463 Tianjin FTA pilot area (Dongjiang Bonded Port), Asia Road 6865 financial and Trade Center North District 1-1-1802-7

Patentee before: Xinjin Leasing (Tianjin) Co.,Ltd.

CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20070919