WikiPatents - Community Patent Review
Create Free Account  |  License or Sell Your Patent  |  WikiPatents Marketplace  |  WikiPatents Blog
Username:  Password:  
    
Advanced Search
Time-key integrated circuit    
United States Patent5010331   
Link to this pagehttp://www.wikipatents.com/5010331.html
Inventor(s)Dias; Donald R. (Carrollton, TX); Lee; Robert D. (Denton, TX); Bolan; Michael L. (Dallas, TX); Scherpenberg; Francis A. (Carrollton, TX)
AbstractA secure electronic circuit which (in its early life) can be electronically calibrated and written to, but thereafter holds its data securely.
   














 Title Information Submit all comments and votes
 
Patent Text Patent PDF Print Page Summary File History
Plain text PDF images Print Summary File History
Drawing from US Patent 5010331
Time-key integrated circuit - US Patent 5010331 Drawing
Time-key integrated circuit
Inventor     Dias; Donald R. (Carrollton, TX); Lee; Robert D. (Denton, TX); Bolan; Michael L. (Dallas, TX); Scherpenberg; Francis A. (Carrollton, TX)
Owner/Assignee     Dallas Semiconductor Corporation (Dallas, TX)
Patent assignment
All assignments
Publication Date     April 23, 1991
Application Number     07/437,012
PAIR File History     Application Data   Transaction History
Image File Wrapper   Patent Term   Fees
Litigation
Filing Date     November 14, 1989
US Classification     340/5.28 340/5.65 365/96
Int'l Classification     H04Q 001/00 H01H 047/00
Examiner     Yusko; Donald J.
Assistant Examiner     Pudpud; Eric O.
Attorney/Law Firm    
Address
Parent Case     CROSS-REFERENCE TO RELATED APPLICATIONS The present application is a continuation-in-part of, and claims priority under 35 USC .sctn.120 from, the following applications of common assignee: Ser. No. 163,082, Filed 3/2/88 (2846-16), entitled FUSING AND DETECTION CIRCUIT, now U.S. Pat. No. 4,935,645; Ser. No. 163,279, Filed 3/2/88 (2846-17), entitled PROGRAMMABLE TIME BASE CIRCUIT WITH PROTECTED INTERNAL CALIBRATION; now U.S. Pat. No. 4,897,860; Ser. No. 412,767, Filed 9/26/89 (2846-18A) now U.S. Pat. No. 4,943,804, entitled ELECTRONIC KEY LOCKING CIRCUITRY, which is a continuation of Ser. No. 163,281, Filed 3/2/88 and now issued as U.S. Pat. No.4,870,401; and Ser. No. 163,280, Filed 3/2/88 (2846-19), entitled ESD RESISTANT LATCH CIRCUIT now Ser. No. 511,874; and Ser. No. 273,698, Filed 11/21/88 (2846-028), entitled ELECTRONIC KEY SECURITY METHOD AND APPARATUS.
Priority Data    
USPTO Field of Search     340/825.3 340/825.31 340/825.32 340/825.34 340/825.83 340/825.84 340/825.69 340/825.72 361/172 70/277 70/278 307/10.1 307/465 365/96 235/389 235/382 235/382.5
Patent Tags     time-key integrated circuit
   
Enter a comma (,) or semicolon (;) between multiple tag words/phrases.
Describe this patent:
 Amusing   
 Clever   
 Complex   
 Efficient   
 Historic   
 Important   
 Innovative   
 Interesting   
 Practical   
 Simple   
[no votes]
Patent WIKI

Share information and news about this patent, including information and news about the technology, inventors, company, ligation and licensing.
 References Submit all comments and votes
 
*references marked with an asterisk below are user-added references
 U.S. References
 
Add a new US reference:  
ReferenceRelevancyCommentsReferenceRelevancyComments
4870401
Lee
340/5.25
Sep,1989
[0 after 0 votes]		4672379
Bishop
342/28
Jun,1987
[0 after 0 votes]
4594637
Falk
361/172
Jun,1986
[0 after 0 votes]
 Foreign References
 Other References
 Market Review Submit all comments and votes
   
Market Size
Estimate the gross annual revenues of the relevant market sector:
> $10B
$5B - $10B
$2B - $5B
$500M - $2B
$100M - $500M
$10M - $100M
$1M - $10M
$500K - $1M
$100K - $500K
< $100K
[No votes]
$0
 
$0   $2.5B   $5B   $7.5B   $10B
Market Share
Estimate the percentage of the relevant market sector this invention will capture:
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Reasonable Royalty
What percentage of gross sales should the inventor or assignee be paid?
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Public's "Guesstimation" of Royalty Value
Market SizeN/A[No votes]
xMarket ShareN/A[No votes]
xReasonable RoyaltyN/A[No votes]
N/A
License Availablity
If you are NOT the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
License Availablity
If you ARE the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
Competitive Advantage
Does this invention have a significant competitive advantage over similar technologies?
Yes

No



 [No votes]
Most helpful competitive advantage comment
[No comments]
Commercial Alternatives
Are there viable commercial alternatives for this invention?
Yes

No



 [No votes]
Most helpful commercial alternative comment
[No comments]
 Technical Review Submit all comments and votes
 Claims Submit all comments and votes
 


What is claimed is:

1. An electronic key, comprising:

a timing circuit which can be calibrated;

a fusing and detection circuit, comprising:

a fuse element;

a fuse input terminal, connected so that said fuse element can be blown by applying a large abnormal voltage to said fuse input terminal;

a comparator,

having first and second inputs operatively connected to said fuse element in such relation that

said first input of said comparator receives a voltage which is dependent on the state of said fuse element

and said second input of said comparator receives a voltage which is not substantially dependent on the state of said fuse element,

wherein said comparator compares said first and second inputs and provides a logic output which, in a first state, indicates that said fuse element has not been blown, and, in a second state, indicates that said fuse element has been blown;

wherein said fuse input terminal is operatively connected to said inputs of said comparator in such relation that any large abnormal voltage which is applied to said fuse input terminal will tend to drive the output of said comparator into said second state;

wherein said output of said comparator is connected to said timing circuit so that said second output state of said comparator prevents calibration of said timing circuit;

a counter, connected to count accesses to said electronic key;

control logic including a latch which can be set by receipt of a predetermined external command, said control logic being configured so that

at least some commands are accepted before said fuse element has been blown but are not accepted after said fuse element is blown;

at least some other commands are accepted after said fuse element has been blown and before said latch has been set, but are not accepted after said latch has been set; and

at least some other commands are accepted after said latch has been set and before said counter counts off a predetermined number of accesses, but are not accepted after said counter has counted said predetermined number of accesses;

wherein said latch cannot be reset after said fuse element has been blown;

and wherein said control logic and said counter are configured so that, if power is restored after said fuse element has already been blown, said counter will immediately provide an output indicating that said predetermined number of accesses has already occurred.
 Description Submit all comments and votes
 


PARTIAL WAIVER OF COPYRIGHT

All of the material in this patent application is subject to copyright protection under the copyright laws of the United States and of other countries. As of the first effective filing date of the present application, this material is protected as unpublished material.

Portions of the material in the specification and drawings of this patent application are also subject to protection under the maskwork registration laws of the United States and of other countries.

However, permission to copy this material is hereby granted to the extent that the owner of the copyright and maskwork rights has no objection to the facsmile reproduction by anyone of the patent document or patent disclosure, as it appears in the United States Patent and Trademark Office patent file or records, but otherwise reserves all copyright and maskwork rights whatsoever.

BACKGROUND AND SUMMARY OF THE INVENTION

The present invention relates to electronic keys, and to integrated circuits which provide electronic key functionality.

An electronic key is a circuit which performs the function of a key, using stored information instead of shaped metal. Such keys, and related circuits, have found use in a wide variety of applications.

However, electronic keys present some unusual difficulties in design. There is always some risk that an intruder may obtain a key and attempt to "crack" it, to gain free access to the system which is supposed to be protected. Thus, although perfect security may not be possible, the design must provide as much security as is economically possible.

The present application, and the parent applications, disclose a number of innovations which cooperate together to provide a greatly improved electronic key.

Limiting Key Lifetime

Electronic keys are used primarily to provide access to secure electronic data upon receipt of a valid password and to prohibit such access if an invalid password is received. One such application is the use of an electronic key hardware module in conjunction with commercially available software. The electronic key module is attached to the computer operating the software in a manner to allow the software to access the electronic key, and the software is programmed with an alogorithm to verify that the module is attached to the computer. Thus, while the software is easily copied, the electronic key hardware module is not; and the software cannot, therefore, be simultaneously used in several computers.

In a basic electronic key used with software, the software interrogates the key and verifies that the secure data matches data in the software. In more advanced forms of the electronic key, the electronic key allows data to be written into a random access memory inside the key and later read from the key, thus making an unauthorized duplication of the key or software to mimic the key more difficult.

It can be appreciated that other enhancements to electronic keys that add additional features to make the key more versatile and/or to enhance the security are advantageous and desirable for the customer of the electronic key manufacturer and, therefore, for the manufacturer itself.

Certain innovations disclosed herein provide an electronic key which has an additional function which limits the full operational life of the electronic key to a predetermined time interval or a predetermined number of cycles of operation.

Certain innovations disclosed herein provide an electronic key which has a fuse element to provide additional security in protecting at least some of the stored data.

Shown in an illustrated embodiment is an electronic key which recognizes as a valid command a command to perform at least one operation of a first plurality of operations if a timing circuit inside the electronic key has not detected that a predetermined time interval has lapsed. The electronic key recognizes as a valid command a command to perform at least one operation of a second plurality of operations if the timing circuit within the electronic key has detected that the predetermined time interval has lapsed.

Also shown in an illustrated embodiment is an electronic key which recognizes as a valid command a command to perform at least one operation of a first plurality of operations if a counting circuit inside the electronic key has not detected that the electronic key has undergone a predetermined number of particular operations. The electronic key recognizes as a valid command a command to perform at least one operation of a second plurality of operations if the counting circuit within the electronic key has detected that the electronic key has undergone a predetermined number of the particular operations.

Also shown in an illustrated embodiment is an electronic key containing a fuse element which, when unblown, permits signals appearing at an input terminal to be transferred to storage registers in the electronic key, and after being blown, isolates the input terminal from the storage registers.

Timeout Circuits

Time base circuits have been utilized for a number of years as the core of most electronic systems. These circuits can either be utilized to provide clock circuits or to provide a pulse at periodic intervals, among other applications. One type of circuit that utilizes the periodic interval type of time base is a "Timeout" circuit. Timeout circuits are typically preset to a predetermined time in an internal counter circuit, and an internal oscillator counts down from the preset time reference to zero time when an output pulse is provided. If the preset pulse is again received, the circuit then repeats this operation. At the heart of these circuits is a clock that determines the rate at which the counter operates.

One application for a Timeout circuit is a software protection key system. In this type of system, a supplier presets the Timeout circuit for a predetermined time. The Timeout circuit thus has a predetermined countdown duration and a Timeout pulse is produced after this duration. This Timeout pulse provides a signal to the software key that is utilized to invalidate the key and renders it useless. For example, a supplier or provider of the software key may wish to allow an individual access to a certain software system for a predetermined number of days. Once preset, the Timeout circuit allows the key to operate for this predetermined number of days, after which operation of the software key is inhibited.

One disadvantage to a Timeout circuit is the inherent accuracy of the circuits utilized to realize the Timeout circuit. Typically, some type of analog time base oscillator is utilized, which output is then divided down to give a relatively long time base. The dividing circuits are typically digital circuits which, of course, are very accurate. However, by comparison, the analog time base has inherent inaccuracies due to fabrication tolerances, power supply levels, etc., which directly affect the operation of the circuit. Typically, the fabrication tolerances in an analog oscillator are accounted for by trimming either the value of a resistor or the value of a capacitor that is associated with the timing components in the oscillator. Trimming has some inherent disadvantages in that conventional techniques are expensive to implement and require relatively sophisticated test procedures and/or circuit design techniques. Additionally, these trimming techniques are normally performed during test on an ideal power supply, which has a voltage level that may differ from that actually used in the Timeout circuit during operation in a specific application.

In view of the above disadvantages, there exists a need for a time base circuit which can be utilized as a Timeout circuit, and which does not require expensive trimming techniques and which provides a frequency that does not vary appreciably as a function of the power supply level.

An apparatus for generating a time base circuit with internal calibration according to innovative teachings disclosed herein includes an analog oscillator for generating an output signal having a predetermined operating frequency. The operating frequency is input to a programmable counter that divides the operating frequency by a factor of n. A storage register is provided for receiving and storing the value of n for interface to the programmable counter. A reference frequency is generated from the programmable counter and the value of n is inhibited from being altered after storage thereof.

In yet another embodiment of the present invention, a presettable countdown counter is provided for receiving the reference frequency and then counting the cycles thereof for a predetermined count value. The predetermined count value is stored in a discrete register and, after storage thereof, alteration of the contents of the discrete register is inhibited. At the end of the count, a Timeout signal is generated.

In yet another embodiment of the present invention, an internal battery is provided that powers the oscillator (and therefore the operating frequency of the oscillator may be dependent upon the battery voltage). The battery voltage also provides power for the storage of the value of n for the programmable counter and the count value of the countdown counter.

In a further embodiment of the present invention, a watchdog timer circuit is provided for detecting if the oscillator is stopped or the output frequency thereof altered outside a predetermined window. If the output of the oscillator is inhibited or altered, the Timeout signal is generated and the countdown counter is reset.

Security against Password Detection

Security systems which utilize electronic keys are used in many applications such as software protection security systems. In this example, and in general, electronic keys operate to protect secure data by determining if an access code or password received from an external device, such as a computer, is valid before permitting the secure data to be passed to the external device; i.e. the electronic key may then be used to enable the use of the protected entity.

However, a person trying to circumvent the security system could monitor the signal lines to an electronic key to discover the password or access code required by the key to cause the key to send secure data back to the external device. In prior art keys, the electronic key would provide the secure data back only when the proper access code was received but provide no response when an improper access code was received. Thus, it was fairly easy for a person to monitor the signal lines and detect the password required to access the secure data inside the electronic key.

Therefore, it can be appreciated that an electronic key system which provides enhanced security to the stored secure data stored in the electronic key is highly desirable.

Certain innovations disclosed herein provide a method and apparatus for enhancing the security of data stored in an electronic key.

Shown in an illustrated embodiment is a method and apparatus for enhancing the security of data stored in an electronic key in which the electronic key first receives a read request in conjunction with an access code from an external device. The electronic key then passes the data stored in the electronic key to the external device if the access code is determined to be a valid access code by the electronic key, and passes random data to the external device if the access code is determined to be an invalid access code by the electronic key.

Secure Fusing and Detection

In the parent application entitled "Electronic Key Locking Circuitry", there is described an electronic key which provides access to a random access memory upon receipt of a valid password. Included within one embodiment of this electronic key is a timing circuit which provides access to the RAM for a limited time only. This timing circuit is calibrated by the manufactured prior to shipment, and the calibration must be protected so that it cannot be altered by someone other than the manufacturer except in a manner specified by the manufacturer.

Since the integrated circuit is packaged with a backup battery and since the calibration is dependent on the characteristics of the battery, then it is convenient to assemble the integrated circuit and battery as one module and then to perform the calibration after the module has been assembled. However, if the calibration is to remain secure inside the integrated circuit, then a method must be used to lock out further calibration adjustments. In the application referenced above a fusing element is used which, when blown, prohibits further access to the calibration circuitry.

The circuit used in conjunction with the fuse element must thus be able to accommodate the currents and voltages required to "blow" the fuse, and further to detect whether the fuse has been blown. Furthermore, the fuse circuitry should be configured in such a manner that the security of the calibration cannot be breached by applying a specific voltage pattern to the pins of the integrated circuit in order to override the effect of the blown fuse.

Therefore, it can be appreciated that a diode and detection circuit which permits a fuse element to be blown, which detects the condition of the fuse element, and which is resistant to circumvention by an end user is highly desirable.

Certain innovations disclosed herein provide a fusing and detection circuit which enables a fusing element to be blown, which detects whether the fuse has been blown, and which is resistant to circumvention by an end user.

Shown in an illustrated embodiment is a circuit for presenting at an output terminal a voltage indicative of the impedance of a circuit element coupled between a first node and a second node. In the circuit a reference voltage is coupled to the first node and a third node voltage is formed by subtracting a predetermined voltage from the first node. The circuit also includes a current sink coupled to the second node and a comparator for comparing the voltages at the second and the third nodes and for providing a first voltage level at the output terminal if the second node voltage is greater than the third node voltage and provides a second voltage level at the output terminal if the second node voltage is less than the third node voltage.

In a further aspect of the invention, the circuit element is a fusible device and the first node is coupled to a fuse input terminal.

In another aspect of the invention, the output of the circuit is pulled to the first voltage level upon receipt of a lock set signal at a lock set input terminal.

Also shown in an illustrated embodiment is a method for detecting the condition of a fuse element which includes the steps of first applying a first reference voltage to one terminal of the fuse element connected to a first node and subtracting a predetermined voltage from the voltage at the first node to form a voltage at a second node. A relatively small amount of current is pulled from the second terminal of the fusing element and the voltage at the second terminal of the fuse element is compared with the voltage at the second node, and the result of this comparison is indicative of the condition of the fuse element.

ESD Resistance

In the parent application entitled "Electronic Key Locking Circuitry" there is described an electronic key which provides access to an internal random access memory upon receipt of a valid password. Included within one embodiment of this electronic key is an R-S flip-flop circuit which, when set, locks out certain commands that set the length of time of a time-out circuit within the electronic key. After the time-out circuit has timed out, the electronic key ceases to provide certain functions such as enabling data to be written into the random access memory. The end user, in order to avoid the time-out function, might try to reset the R-S flip-flop circuit by the application of an electrostatic discharge to one or more pins of the integrated circuit. There are also other conditions which can give rise to electrostatic discharge on the pins of an integrated circuit which would tend to disrupt data stored in a logic circuit.

It can, therefore, be appreciated that a R-S flip-flop circuit which is resistant to electrostatic discharge is highly desirable.

Certain innovations disclosed herein provide a latch circuit which is resistant to electrostatic discharge.

As shown in an illustrated embodiment, a latch circuit consists of a plurality of bistable multivibrator circuits. Each of the multivibrator circuits has an output terminal, and each of these output terminals are coupled together.

Also shown in an illustrated embodiment is a method to provide a storage circuit which is resistant to electrostatic discharge by first placing each of a plurality of the latch circuits at a location remote from each other on an integrated circuit chip. Second, an output terminal of each of the latch circuits is connected together.

BRIEF DESCRIPTION OF THE DRAWING

The present invention will be described with reference to the accompanying drawings, which show important sample embodiments of the invention and which are incorporated in the specification hereof by reference, wherein:

FIG. 1.1 is a plot of the relative number of valid commands recognized in the preferred embodiment of an electronic key according to innovative teachings disclosed herein for various conditions of the electronic key; FIG. 1.2 is a functional block diagram of a preferred embodiment of an electronic key according to innovative teachings disclosed herein; FIG. 1.3 is a flow chart of the manufacturing, OEM customization, and user operation of the preferred embodiment of an electronic key according to innovative teachings disclosed herein; FIG. 1.4 is a functional block diagram of an alternative embodiment of an electronic key according to innovative teachings disclosed herein; and FIG. 1.5 is a flow chart of the manufacturer, OEM customization, and end user operation of an alternative embodiment of an electronic key according to innovative teachings disclosed herein.

FIG. 2.1 illustrates a schematic diagram of a time base circuit utilized for a Timeout circuit; FIG. 2.2 illustrates a schematic diagram of an analog oscillator; FIG. 2.3 illustrates a logic diagram of a modulo N counter; FIG. 2.4 illustrates a logic diagram of a day counter; and FIG. 2.5 illustrates a logic diagram of a ripple counter that is presettable to provide a predetermined count.

FIG. 3 is a block diagram of an electronic key system in accordance with the present invention.

FIG. 4.1 is a circuit diagram of a fusing and detection circuit according to innovative teachings disclosed herein; FIG. 4.2 is a circuit diagram of circuitry used to form a lock set signal which is an input to the fusing and detection circuit shown in FIG. 4.1; FIG. 4.3 is a timing diagram showing various voltage waveforms applicable to the circuits shown in FIG. 4.1 and FIG. 4.2; and FIGS. 4.4a and 4.4b are a circuit diagram and a sectional view of an alternative embodiment of the fusing element shown in the circuit diagram of FIG. 4.1.

FIG. 5.1 is a layout diagram of an integrated circuit containing a latch circuit interconnected according to innovative teachings disclosed herein; FIG. 5.2 is a logic diagram of the latch circuits and the interconnections of the latch circuits shown in FIG. 5.1; and FIG. 5.3 is a schematic diagram of one of the latch circuits shown in FIG. 5.2.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

The numerous innovative teachings of the present application will be described with particular reference to the presently preferred embodiment, wherein these innovative teachings are advantageously applied to the particular problems of a compact battery-powered electronic key. However, it should be understood that this class of embodiments provides only a few examples of the many advantageous uses of the innovative teachings herein. In general, statements made in the specification of the present application do not necessarily delimit any of the various claimed inventions. Moreover, some statements may apply to some inventive features but not to others.

Command Subsets

An electronic key according to a preferred embodiment of the present invention recognizes a first plurality or set of commands after initial fabrication as shown in FIG. 1.1. After the initial fabrication of the electronic key and after it has been attached to a battery and formed into a module, and after testing and calibration, a fuse is blown to reduce the number of valid commands recognized by the electronic key to a second plurality or second set of commands as shown in FIG. 1.1. Specifically, test and calibration commands are no longer recognized as valid commands by the electronic key after the fuse has been blown. When the electronic key is in this configuration, the key is next shipped to an original equipment manufacturer (OEM) who performs certain tests and programs certain data into the electronic key ring, including the number of days in which a timeout circuit will count down after it has been activated by an end user. The OEM then sends a lock oscillator command to the electronic key which sets an R-S flip-flop in the electronic key which further reduces the number of valid commands recognized by the electronic key to a third plurality or third set of commands. The OEM then issues an arm oscillator command which causes the electronic key to begin its internal timeout counter upon the first use of the electronic key by an end user.

The electronic key in this configuration is then shipped to an end user who can perform any of the third plurality of valid commands until the timeout counter completes its timeout cycle. Prior to the completion of the timeout cycle, the end user can read and write data from and to a secure memory inside the electronic key. When the timeout counter completes its timing cycle (when the time set by the OEM has expired) then the command set is further reduced to a fourth plurality or fourth set of commands which the electronic key ring will recognize. This fourth set of commands includes reading data from the secure memory but not writing data into the secure memory.

An example of the use of an electronic key according to innovative teachings disclosed herein would be for an OEM to ship the electronic key with its software which is provided to an end user on an evaluation basis. The software would be programmed to periodically write data to the electronic module and read data back and to cease its operation if the proper data is not read back from the electronic key. After the timeout cycle, the software would not be able to write data into the electronic key and therefore would detect an improper read when it tried to read data out of the electronic key. However, the ability to read data from the electronic key would permit the end user to send the electronic key back to the OEM who could read the data in the electronic key and provide the end user with another electronic key which had the proper data and would be compatible with the software held by the end user to allow the end user to continue to use the software with a new electronic key furnished by the OEM.

FIG. 1.2

A block diagram of an electronic key system containing an electronic key 1.10 in accordance with the present invention is shown in FIG. 1.2. Also shown is a central processing unit (CPU) 1.14 which has connected to it a parallel port connecter 1.16 through which passes a plurality of data lines and other signal lines 1.17. Connected to the parallel port connecter 1.16 is an interface circuit or key ring 1.18. Connected to the output of the key ring 1.18 is another parallel port connecter 1.19 which in turn is shown connected to a printer 1.20. Connected between the key ring 1.18 and the electronic key 1.10 are four lines: a clock line 1.22, a data line 1.24, a reset-bar line 1.26, and a ground line 1.28.

Three of the four lines, the clock line 1.22, the reset-bar line 1.26 and the ground line 1.28, are connected to a control logic circuit 1.30 within the electronic key 1.10. The control logic circuit 1.30 has six outputs. The first output of the control logic circuit 1.30 is connected to the input of a 64 bit identification register 1.34 on a line 1.35; the second output is connected to the input of a 64 bit password register 1.36 on a line 1.37; the third output is connected to a first input of a 384 bit secure memory 1.38 on a line 1.39; the fourth output is connected to a first input of a command register 1.40 on a line 1.41; the fifth output is connected to the input of a garbled number generator 1.42 on a line 1.43; and the sixth output is connected to the input of an oscillator and counter circuit 1.44 on a line 1.45.

The data line 1.24 is connected to a bidirectional input/output terminal of the 64 bit identification register 1.34, to a second input of the 64 bit password register 1.36, to a first input of a compare register 1.47, to a bidirectional input/output terminal of the 384 bit secure memory 1.38, to a second input of the command register 1.40, to the output of a garbled data generator circuit 1.42, and to a bidirectional input/output terminal of the oscillator and counter circuit 1.44. The output of the 64 bit password register 1.36 appears on a line 1.48 which in turn is connected to a second input of the compare register 1.47. An output of the command register 1.40 appears on a line 1.49 which is connected to a second input of the 384 bit secure memory 1.38. Another output of the command register 1.40 appears on a line 1.50 which is connected to another input of the control logic circuit 1.30. The output of the compare register 1.44 appears on a line 1.52 which is connected to another input of the control logic circuit 1.30. The control logic 1.30 also has an input from a diode fuse circuit 1.54 on a line 1.56. The diode fuse circuit 1.54 has an input on a line 1.58 from a fuse input terminal 1.60 of the electronic key 1.10. The fuse input terminal 1.60 is not connected to the key ring 1.18, the fuse input terminal 1.60 being used only by the manufacturer of the electronic key 1.10 in the manner described in detail below.

It will be understood that the lines 1.35, 1.37, 1.39, 1.41, 1.45, 1.49, and 1.50 may carry multiple signals and may be multiple conductor lines rather than being single connections.

The circuitry described above as being included within the electronic key 1.10 is embodied in a CMOS integrated circuit in the preferred embodiments. The electronic key 1.10 also includes a back-up battery 1.62 which is connected to the CMOS integrated circuit and which provides back-up power for the CMOS integrated circuit, and power for the oscillator in the oscillator and counter circuit 1.44. In the preferred embodiments the CMOS integrated circuit and back-up battery are contained within a molded plastic package to form a portable module having connector pins for making the connections with the key ring 1.18 that are described above.

In the preferred embodiment, the data lines and other signals contained within the parallel port connector 1.16 out of the CPU 1.14 are passed directly to the printer 1.20 with the exception of the SLCTIN signal in the parallel port connector 1.16 which is used to provide data to and from the electronic key 1.10 on line 1.24. Since the SLCTIN signal is generally not used by peripheral printers, the key ring 1.18 directs this SLCTIN signal directly to line 1.24 leading into the electronic key 1.10 and disconnects the SLCTIN signal line from the peripheral device 1.20.

The other three lines, the clock line 1.22, the reset signal 1.26 and the ground line 1.28, are tapped off lines which are connected between the CPU 1.14 and the printer 1.20. The clock line 1.22 in the preferred embodiment is tapped off the line commonly known in the computer industry as the data out 1.3 (D3) line, and the reset-bar line 1.26 is tapped off the line commonly known as the data out 1.2 (D2) line. The ground line 1.28 is the standard ground line in the parallel port connector 1.16.

Although not shown in FIG. 1.2 nor discussed in detail for the sake of brevity, it will be understood that the electronic key ring 1.18 can be suitably modified by means known to those skilled in the art for use in virtually any communications path such as between the CPU 1.14 and a nonvolatile memory device, such as a ROM, inside of the CPU 1.14, or attached to an RS232 serial port. In at least some of these configurations, the electronic key ring 1.18 would contain additional switching and logic circuitry and would require an additional predetermined serial bit stream from the CPU 1.14 to signal the electronic key ring 1.18 to route certain signal lines to the electronic key 1.10 rather than through the normal communication channel.

With reference again to FIG. 1.2, each cycle of the electronic key 1.10 begins with a low-to-high transition on the reset-bar line 1.26 followed by a 24 bit command word. The reset-bar line 1.26 provides power to the electronic key 1.10 and must be held high during the entire transaction. Moreover, the voltage on the reset-bar line 1.26 must be brought low between each transaction in order to reset the electronic key 1.10. During a write operation of data into the electronic key 1.10, the data is transferred into the electronic key 1.10 on the rising edge of the clock signal appearing on the clock line 1.22; and during a read operation of data out of the electronic key 1.10, the data is presented on the data line 1.24 of the electronic key 1.10 on the falling edge of the clock signal on the clock line 1.22 and remain present while clock is low. The control logic 1.30 receives the clock signal on the clock line 1.22 and synchronizes the circuitry within the electronic key 1.10 with this clock signal.

When the electronic key 1.10 receives a command which it does not recognize as a valid command, a signal is sent by the command register 1.40 to the control logic 1.30 on line 1.50 which causes the control logic 1.30 to lock up and the electronic key 1.10 then ignores all other data until it receives another low-to-high transition on the reset-bar line 1.26.

After the electronic key 1.10 is initially fabricated, it will recognize a first plurality or set of valid commands which includes the nine commands described below together with testing commands used by the manufacturer to test the electronic key 1.10. This first set of valid commands also includes calibration commands for calibrating the oscillator and counter circuit 1.44 as described in parent application PROGRAMMABLE TIME BASE CIRCUIT WITH PROTECTED INTERNAL CALIBRATION.

After the electronic key 1.10 has been fabricated, tested, and calibrated, a fusing element in the diode fuse circuit 1.54 is blown, and this blown condition is transferred to the control logic 1.30 on line 1.56 which in turn is transferred to the command register 1.40 on line 1.41 which causes the command register 1.40 to ignore the testing and calibration commands which it recognized before the fuse was blown. Stated in another way, the testing and calibration commands which were recognized as valid commands before the fuse element in the diode fuse circuit 1.54 was blown are no longer recognized as valid commands. The diode fuse element in the diode fuse circuit 1.54 is blown by the application of the proper voltage at the fusing input terminal 1.60 of the electronic key 1.10. The diode fuse circuit 1.54 and its operation are described in detail in parent application FUSING AND DETECTION CIRCUIT.

After the fusing element in the diode fuse circuit 1.54 has been blown, the electronic key 1.10 is then shipped to an OEM. At this stage the electronic key 1.10 recognizes the following nine commands:

1. Read 20 bit counter command--upon receipt of this command, the electronic key 1.10 reads in sequence the logic state of the 20 bit counter in the oscillator and counter circuit 1.44 and places these logic states on the data line 1.24 upon the receipt of the next 20 clock cycles on the clock line 1.22.

2. Read 9 bit day counter command--upon receipt of this command, the electronic key 1.10 places the 9 bits in the 9 bit day counter located in the oscillator and counter circuit 1.44 onto the data line 1.24 upon receipt of the next nine clock cycles on the clock line 1.22.

3. Arm oscillator command--upon receipt of this command, the electronic key 1.10 sets a flag in the control logic 1.30. Upon receipt of the next valid command, the control logic 1.30 will set a signal on line 1.45 to the oscillator and counter circuit 1.44 to cause the oscillator to begin operating and to therefore begin the countdown of the countdown counter (consisting of the oscillator, 20 bit counter, and 9 bit counter).

4. Stop oscillator command--upon receipt of this command by the electronic key 1.10, the command register signals the control logic 1.30 which in turn signals the oscillator and counter circuit 1.44 to stop the oscillator and put the oscillator and counter circuit 1.44 in a low power mode in order that the electronic key 1.10 may be stored for long periods of time without appreciably draining power from the backup battery used to provide backup power to the electronic key 1.10.

5. Write 9 bit day counter command--upon receipt of this command, the electronic key 1.10 will transfer the next sequential 9 bits of data appearing on the data line 1.24 into the 9 bit counter in the oscillator and counter circuit 1.44 in synchronization with the next 9 clock pulses received on the clock line 1.22.

6. Lock counter command--upon receipt of this command, an R-S flip-flop circuit within the control logic 1.30 is set by circuitry described in detail in parent application "ESD RESISTANT LATCH CIRCUIT." The status of this R-S flip-flop circuit is transferred on the line 1.41 to the command register 1.40 which, if the R-S flip-flop circuit has been set, causes the command register 1.40 to ignore any subsequent write 9 bit day counter and stop oscillator commands.

7. Write 64 bit identification/64 bit password command--upon receipt of this command, the electronic key 1.10 will transfer the next 64 bits of data on the data line 1.24 into the 64 bit identification register 1.34 and the following 64 bits on the data line 1.24 into the 64 bit password register 1.36 in synchronization with the clock signal appearing on the clock line 1.22.

8. Read 384 bit secure memory--upon receipt of this command, the electronic key 1.10 will first present the 64 bits in the 64 bit identification register 1.34 onto the data line 1.24 in synchronization with the clock signal on the clock line 1.22. The electronic key 1.10 then reads the next 64 bits presented on the data line 1.24 (the password) and compares the 64 bits with the data stored in the 64 bit password register 1.36 through the circuitry in the compare register 1.47. If the compare register 1.47 indicates that the proper 64 bit password has been received, then the control logic 1.30 causes the 384 bit secure memory 1.38 to place the 384 bits in the secure memory onto the data line 1.24 upon receipt of the next 384 clock signals on the clock line 1.22. If the 64 bit password sent to the electronic key 1.10 does not match the 64 bits stored in the 64 bit password register 1.36, the control logic 1.30 signals the garbled data generator 1.42 to place 384 bits of garbled data onto the data line 1.24. The garbled data generator 1.42 is described in U.S. Pat. No. 4,810,975, which is incorporated herein by reference.

9. Write 384 bit secure memory--upon receipt of this command, the electronic key 1.10 performs the same sequence of operations as in the read 384 bit secure memory command except that (a) upon receipt of the last 384 clock cycles, the data on the data line 1.24 is written into the 384 bit secure memory 1.38 and (b) upon receipt of an invalid password, the electronic key 1.10 will ignore all further clock signals until the signal on the reset-bar line 1.26 is brought low and then high again to reset the electronic key 1.10.

FIG. 1.3

Turning now to FIG. 1.3, a flow chart is shown of the relevant sequence of operations of the electronic key 1.10, specifically the manufacturing operation, the OEM customization, and the end user operations. When the electronic key 1.10 is being fabricated by the manufacturer, a personalization code of 13 bits, which is unique to each OEM customer of the manufacturer, is hardware programmed into the electronic key 1.10 as 1.13 of the 24 bits required in each valid command recognized by the electronic key 1.10. After the electronic key 1.10 is manufactured, the integrated circuit is attached to a backup battery and formed into an electronic key module.

At this time, the electronic key 1.10 is tested by the manufacturer, which tests include special tests commands recognized as valid commands by the electronic key 1.10. In addition, the electronic key 1.10 recognizes certain calibration commands used to calibrate the oscillator as described in the above-referenced co-pending patent application entitled ON CHIP TIME BASE. After the electronic key has been tested and calibrated, the fusing element within the diode fuse circuit 1.54 is blown in a manner described in the above-referenced co-pending application entitled FUSING AND DETECTION CIRCUIT.

After the fusing element in the diode fuse circuit 1.54 has been blown, the set of valid commands recognized by the electronic key 1.10 is reduced to the nine commands listed above. In addition, the blown state of the fusing element causes the electronic key to lock up if the primary power on the reset-bar line 1.26 and the power supplied by the backup battery 1.62 is interrupted. The lockup occurs because the 9 bit day counter in the oscillator and counter circuit 1.44 is biased to come up in the zero time state when power is applied to the counter, and the R-S flip-flop circuit is designed to come up in the set or locked state when power is applied. Thus, at this point in the sequence of operations, it is not possible to remove power from the electronic key 1.10 and reapply the power to reset the electronic key to a condition to recognize all of the valid commands available prior to the blowing of the fusing element or to a condition to recognize all of the valid commands available prior to the issuance of the lock command after the lock command has been sent to the electronic key 1.10.

After the fusing element is blown, the manufacturer performs a verification test and ships the electronic key 1.10 to the OEM whose personalization code has been hardware encoded into the electronic key 1.10 as described above.

The OEM then programs the identification bits in the 64 bit identification register 1.34, the password bits in the 64 bit password register 1.36, the 384 bit secure memory 1.38, and the 9 bit days counter in the oscillator and counter circuit 1.44. By using the arm oscillator command, the read 20 bit counter command, the read 9 bit day counter command, and the stop oscillator command, the OEM can verify that the countdown timer in the oscillator and counter circuit 1.44 is operating properly. After all of the above-mentioned bits have been properly programmed into the electronic key 1.10 and the oscillator has been stopped, the OEM issues a lock command. The effect of issuing this lock command is to set an R-S flip-flop circuit inside the control logic 1.30 which in turn operates to further reduce the command set which the electronic key 1.10 will recognize as valid commands. Specifically, after the R-S flip-flop circuit is set, the nine commands previously listed would now be recognized as valid commands with the exception of the write 9 bit day counter command and the stop oscillator command. The OEM would then issue an arm command so that the next valid command received by the electronic key 1.10 would start the oscillator and counter circuit 1.44.

When the OEM has completed his testing of the electronic key 1.10 and the electronic key 1.10 is ready for use by an end user, the oscillator and counter circuit 1.44 is in a low power mode configuration and thus the