This invention relates in general to the field of microprocessors, and in particular to the field of semiconductor devices that include a processor and a memory device with data security together on the same integrated circuit or chip. The invention supports the protection function of conventional encryption techniques using either public or secret keywords or passwords by preventing access to both the encryption program and the password stored in the associated memory device. These sensitive data are contained in a random-access memory incorporated onto the processor chip, such as an electrically writable and readable flash memory. This has the advantage that the contents of the random-access memory can be read not directly, but only indirectly via data interfaces.
Known externally accessible data interfaces include, for example, the standardized interfaces, such as Joint Test Action Group (JTAG), Universal Asynchronous Receiver/Transmitter (UART), or Universal Serial Bus (USB), all of which facilitate serial access. In the case of USB, the interface function is typically supported by specific programs in the processor and the interface function is also externally controlled and is completely independent of the processor. Also, relatively fast accesses are possible through parallel data interfaces which may also be dependent on or independent of the processor and be standardized or nonstandardized. For such parallel interfaces, as a rule, the function of a multitude of terminals is switched, so that 32-bit data and 32-bit addresses, for example, can be input or output in parallel.
If end users or third parties desire to gain knowledge of an encryption process without permission, they generally desire to access the contents of encrypted data. Such data may comprise stored or transmitted data. One example is the unauthorized transmission and reproduction of cost-chargeable pieces of music using the MP3 compression technique. Encryption of the data may prevent this to some extent, but the individual or global encryption program must remain secret for it to be effective. If there is relatively high interest in decryption of certain types of data, encryption bypass programs or decryption programs are typically quickly spread to the public through the Internet or other channels and thereby render the encryption ineffective.
What is needed is an improved technique for protection of data stored in a processor in conjunction with an encryption or decryption program. In particular, the encryption or decryption program is to be protected from unauthorized readout, alteration, or erasure. For authorized end users, however, program updates are desired to be possible at any time. It is preferred that the level of protection be predeterminable by the user and not by the manufacturer of the processor.
In what follows herein, encryption and decryption may be sometimes referred to together under the term “encryption” for simplicity. The term “user” as used herein indicates the person who buys the processor as a building block from the semiconductor manufacturer and incorporates it into an application-specific circuit to produce a device or apparatus. The device or apparatus is typically purchased and put into service, directly or as part of another device or apparatus, by an end user.