Secure transaction microcontroller with secure boot loader

• Main Authors: Hsiang, Peter C, Hess, Mark, Chock, Raymond O
• Format: Patent
• Language: English
• Published: 24.09.2019
• Subjects: CALCULATING; CHECKING-DEVICES; COIN-FREED OR LIKE APPARATUS; COMPUTING; COUNTING; DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FORADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORYOR FORECASTING PURPOSES; ELECTRIC DIGITAL DATA PROCESSING; PHYSICS; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE,COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTINGPURPOSES, NOT OTHERWISE PROVIDED FOR

A high security microcontroller (such as in a point of sale terminal) includes tamper control circuitry for detecting vulnerability conditions: a write to program memory before the sensitive financial information has been erased, a tamper detect condition, the enabling of a debugger, a power-up condition, an illegal temperature condition, an illegal supply voltage condition, an oscillator fail condition, and a battery removal condition. If the tamper control circuitry detects a vulnerability condition, then the memory where the sensitive financial information could be stored is erased before boot loader operation or debugger operation can be enabled. Upon power-up if a valid image is detected in program memory, then the boot loader is not executed and secure memory is not erased but rather the image is executed. The tamper control circuitry is a hardware state machine that is outside control of user-loaded software and is outside control of the debugger.