Recherche Images Maps Play YouTube Actualités Gmail Drive Plus »
Recherche avancée dans les brevets | Images de page | Historique Web | Connexion

Brevets

  
[merged small][merged small][merged small][merged small][merged small][merged small][merged small][table][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small]
[merged small][merged small][merged small][graphic][merged small][merged small][merged small][merged small][graphic][merged small][merged small][merged small][merged small][graphic][merged small][merged small][merged small][graphic][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small]
[merged small][graphic][merged small][merged small][merged small][table][merged small]

1

2

SECURITY MODULE FOR RADIO TELEPHONE

BACKGROUND OF THE INVENTION

The present invention relates to a radio telephone 5 and, more particularly, to a security module which protects a KEY code particular to a given radio telephone against illicit use.

Generally, a wired telephone has a channel fixed by a line and, is, therefore, used at a limited place and by a limited person or persons. On the other hand, a wireless or radio telephone is connected to a base station together with other numerous radio telephones by common radio communication media. It is likely, therefore, ^ that an unauthorized person uses the radio telephone at an unexpected place. To eliminate such illicit use, it has been customary to assign a particular identification (ID) code to each radio telephone in order to determine whether or not a radio telephone of interest is authentic 20 one. Specifically, a PROM storing a particular ID code is incorporated in each radio telephone, so that the ID code may be read out to see if the telephone of interest is acceptable.

A modern radio telephone, especially portable radio 25 telephone, has a miniature configuration and cannot readily be designed such that the casing thereof is openable for loading a PROM. In light of this, a current trend is toward the use of an E2PROM (electrically rewritable non-volatile ROM) in place of a PROM. 30 Specifically, after an E2PROM has been built in a radio telephone on the manufacturer's production line, an ID code or similar information is written to the E2PROM from the outside. The ID code is usually written to the E2PROM via a keypad provided on the handset of the 35 telephone. Stated another way, the ID code stored in the E2PROM can be changed on the keypad of the handset, as desired. It is likely, therefore, that once the ID code particular to a given radio telephone is disclosed, an unauthorized person writes it in another 40 radio telephone and uses this telephone illicitly. Another conventional approach for authentication is to add a passsword before writing an ID code or to allow an ID code to be written only when a particular terminal is lowered to the ground level by a test link. How- 45 ever, even the password or the test link level cannot fully protect a radio telephone against illicit use since it is easy to clear.

Attempts have recently been made to store a KEY code in a radio telephone in addition to an ID code, so so that communication may be implemented by a signal encrypted by the KEY code. Specifically, a radio telephone encrypts random data sent from a base station by a KEY code and then returns the resulted data to the base station. In response, the base station determiners 55 whether or not the encrypted data accurately matches the ID code and, only if the former matches the latter, sets up call connection. This kind of scheme is disclosed in "SIS ADDENDUM TO NMT DOC 900-1 and 900-3", July 1988. Even when an unauthorized person 60 happens to know an ID code and encrypted data by monitoring the radio channel with some device, the ID code cannot be used unless the person knows the KEY code.

However, despite the above-stated implementation, 65 the memory storing the KEY code is accessible to read out the key code. In this sese, the protection using the KEY code is not meaningful.

SUMMARY OF THE INVENTION

It is therefore an object of the present invention to provide a security module for a radio telephone which prevents a KEY code stored therein from being read out from the outside.

It is another object of the present invention to provide a generally improved security module for a radio telephone.

A security module for use with a radio telephone and preventing a KEY code from being read out from the outside of the present invention comprises an electrically rewritable nonvolatile memory to which the key code is written, an encrypting circuit for encrypting data entered from the outside on the basis of the key code stored in the non-volatile memory and outputting the encrypted data, an interface for receiving data from the outside and outputting the encrypted data, and a control circuit for enabling the non-volatile memory to be accessed via an internal bus and an external bus and, when the non-volatile memory is accessed, deleting the KEY code.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other objects, features and advantages of the present invention will become more apparent from the following detailed description taken with the accompanying drawings in which:

FIG. 1 is a block diagram schematically showing a specific arrangement of an automobile telephone implemented with a security module embodying the present invention;

FIG. 2 is a flowchart demonstrating a specific call origination prosedure;

FIG. 3 is a block diagram schematically showing the connection of a transmitter/receiver, the security module, and an operation board;

FIG. 4 is a schematic block diagram showing a serial interface applicable to the present invention;

FIG. 5 is a timing chart showing a clock, a busy signal, and serial data;

FIG. 6 is a block diagram schematically showing a 1-chip microcomputer constituting the security module; and

FIG. 7 is a flowchart demonstrating a specific operation of a modified form of the construction shown in FIG. 6.

DESCRIPTION OF THE PREFERRED
EMBODIMENT

Referring to FIG. 1 of the drawings, a specific arrangement of an automobile telephone implemented with a security module embodying the present invention is shown. As shown, the mobile telephone has a body or transmitter/receiver 20, a security module 30 embodying the present invention, a handset 40, and an operation board 50. The transmitter/receiver 20 is connected to a base station 10 by a radio channel. The security module 30 and handset 40 are connected to the transmitter/receiver 20 by an interface 200 which is built in the transmitter/receiver 20.

A reference will be made to FIG. 2 for describing a specific operation which such a mobile telephone performs in the event of call origination. As shown, call start data is fed from the handset 40 to the transmitter/receiver 20 via the interface 200. Storing an identification (ID) code therein, the transmitter/receiver 20 sends data including the ID code to the base station 10

3 4

over the radio channel. The base station 10 stores the tion board 50 and security module has sent the data by

ID code and a corresponding KEY code and, therefore, referencing the address that heads the serial data

locates the mobile station which has requested call orig- SDATA.

ination. Then, the base station 10 generates random data FIG. 6 shows specific circuiry built in the 1-chip

R and sends it to the transmitter/receiver 20. At the 5 microcomputer constituting the security module 30. As

same time, the base station 10 holds the result of encryp- shown, the microcomputer has a serial interface 301 to

tion (C=F(R, KEY)) executed by a one-directional which the three lines LI through L3 are connected. A

function on the basis of the KEY code. On receiving the non-volatile memory 302 which is an E2PROM stores

random data R, the transmitter/receiver 20 transfers it the KEY code therein. An encrypting circuit 303 exe

to the security module 30 via the interface 200. The 10 cutes encryption by use of the KEY code and is made

security module 30 stores a KEY code and encrypts the up of a CPU, ROM and RAM. A control circuit 304 has

random data by a one-directional function on the basis a test terminal 305 connecting to the non-volatile mem

of the KEY code, delivering the result of encryption 0ry 302 and delivers a clear pulse CPLS to the memory

(C'=F(R, KEY)) to the transmitter/receiver 20. In 302 to delete the KEY code. Such components of the

response, the transmitter/receiver 20 sends the result C 15 security module 30 are connected together by internal

to the base station 10 over the radio channel. Then, the buses 306 and 306a.

base station 10 compares the received result C with the When random data R is applied to the security modstored result C and, only if they are identical, executes uie 30 via the serial interface 301, the encrypting circuit call connection over the radio channel. 303 encrypts it by the KEY code. In the illustrative FIG. 3 shows specific connection of the transmitter/- 20 embodiment, the encryption is implemented by a onereceiver 20, operation board 50, and security module 30. directional function, e.g.: In the figure, the transmitter/receiver 20 is connected

to the operation board 50 and security module 30 via the Encrypted data=(random data^51. (mod KEY2) interface 200 and by two bidirectional lines LI and L2

and a single clock line L3. The bidirectional lines LI 25 where KEY1 and KEY2 are representative of predeter

and L2 are assigned to serial data SDATA and a busy mined portions of the KEY code. For this kind of ap

signal BUSY, respectively, while the clock line L3 is proach, a reference may be made to S. C. Pohlig and M.

assigned to a clock SCK. More specifically, as shown in E. Hellman "An Improved Algorithm for Computing

FIG. 4, the lines LI through L3 constituting a serial Logarithms over GF (p) and Its Cryptographic Signifi

interface are connected to a master device and a slave 30 cance", IEEE Transaction on Information Theory,

CPU #1 built in the transmitter/receiver 20, a slave Vol. IT-24, January 1978, pp. 106-110.

CPU #2 built in the security module 30, and a slave The data encrypted by the above procedure is sent

CPU #3 built in the operation board 50. FIG. 5 is a out again via the serial interface circuit 301.

timing chart showing the serial data SDATA, busy A prerequisite with the security module or 1-chip

signal BUSY, and clock SCK. 35 microcomputer 30 is that the operations of the non

As shown in FIG. 3, the security module 30 is imple- volatile memory 302 and encrypting circuit 303 be

mented as a 1-chip microcomputer having an interface tested by some method after the production. Neverthe

therein, e.g. MC68HC11E9 available from Motorola. less, the KEY code stored in the non-volatile memory

Since the security module 30 accommodates the three 302 has to be prevented from being read out for authen

lines LI through L3 in parallel, it can be added to an 40 tication. The control circuit 304 is incorporated in the

existing radio telephone without the latter being modi- module 30 for meeting this requirement. Specifically,

fied. while the microcomputer is in an ordinary operation,

Upgoing data and downgoing data interchanged the test terminal 305 remains inactive so that the internal among the transmitter/receiver 20, security module 30 bus 306 is isolated from the outside by the control cirand operation board 50 will be described with reference 45 cuit 304. In this condition, the encrypting circuit 303 to FIGS. 3 through 5. To begin with, downgoing data and memory 302 are accessible in the microcomputer, from the transmitter/receiver 20 to the operation board When the test terminal 305 is rendered active for a 50 of the security module 30 is implemented by the testing purpose or in the event of unauthorized operaserial data which is synchronous to the clock SCK. tion, the control circuit 304 connects the internal bus Whether the downgoing data is meant for the operation 50 306 and an external bus 307 so that the non-volatile board 50 or for the security module 30 is determined on memory 302 and encrypting circuit 303 become accessithe basis of an address heading the serial data SDATA. ble via the external bus. However, a differentiating The BUSY line L3 indicates whether or not the inter- circuit 304a of the control circuit 304 feeds a clear pulse face 200 is occupied. By referencing this line L3 before CPLS to the non-volatile memory 302 to thereby clear the transmission of data, it is possible to prevent upgo- 55 the content of the memory 302, i.e., the KEY code. As ing and downgoing data from conflicting with each a result, although the memory 302 and encrypting cirother. Specifically, the busy signal BUSY is in a low cuit 303 may be tested thereafter, the KEY code has level or "L" if the interface 200 is in use or in a high been deleted and, therefore, is not read out. level or "H" if otherwise. Regarding upgoing data, the More specifically, when the test terminal 305 is operation board 50 or the security module 30 checks the 60 brought to a high level, the control circuit 304 connects BUSY LINE L3 to see if the interface 200 is in use. If the external bus 307 to the internal bus 306 and at the the interface line 200 is idle, the operation board 50 or same time provides a clear pulse CPLS to the memory the security module 30 uses the line L3. Then, the trans- 302 to erase the KEY code therein. The high level at the mitter/receiver 20 sends the clock SCK to the opera- terminal 305 is also applied to the encrypting circuit 303 tion board 50 or the security module 30. In response, the 65 as a bus request, so that the encrypting circuit 303 abanoperation board 50 of the security module 30 sends dons to seize the internal bus 306. Then, an external serial data SDATA in synchronism with the clock. The device (not shown) can access the memory 302 via transmitter/receiver 20 determines which of the opera- buses 307 and 306 to exchange data, e.g., addresses

« PrécédentContinuer »