Recent years have seen the development of an apparatus in which, as exemplified by mobile terminals, the major functions of the apparatus are implemented on a single system LSI containing a processor. In such apparatus, it is sometimes the case that software such as an operation system that runs on the system LSI or an interface for exchanging information with other apparatus is disclosed to the public. Since the operation system or the interface is disclosed to the public, various third party software developers can develop their own software that runs on the apparatus.
However, when the interface or the operation system is disclosed to the public, it becomes easy for malicious third parties such as hackers to illegally alter the software that runs on the processor. It also becomes easy for malicious third parties using such illegally altered software to illegally copy or alter confidential information such as personal information or copyrighted content stored in the apparatus, or to illegally use the apparatus.
In view of the above, various techniques have been proposed for preventing such illegal alteration of software and illegal copying of confidential information. For example, it is proposed to provide a system LSI with a separate circuit, such as an encryption circuit or an authentication circuit, dedicated to security protection. Such a dedicated circuit is effective in blocking hacker attacks from outside the apparatus, but is vulnerable to attacks from within the apparatus, such as hacking that a circuit controlling the security function may attempt.
For example, in order to prevent illegal copying of content, the content is transmitted or stored in encrypted form. However, if the encryption/decryption key is stolen when the apparatus reproduces the content using the key, the content could be illegally copied. For example, consider a situation in which the processor decrypts the content using the encryption/decryption key. In this case, if the processor handles the encryption/decryption key in an open environment, such as where the processor is accessible from the outside or where the specification of the operation system is disclosed, there is the danger that the encryption/decryption key may fall into the hands of a hacker.
Furthermore, volatile or nonvolatile memory areas which are contained in the system LSI but provided separately from the circuit dedicated to security purposes are basically areas that a third party can freely access. There is therefore the possibility that a hacker may store a hacking program in such memory areas by some kind of means. Should this happen, the hacker could hack (for example, illegally alter or illegally access) a legitimate program or confidential information (including key information and personal information) stored in such memory areas.
For example, even when personal information, etc. are stored in encrypted form in a nonvolatile memory area, if the key for decrypting the personal information is also stored in the same memory area, there is a risk that the information contained in the memory area may be analyzed by a hacker with the intention of stealing the personal information. Further, even if a decryption of the personal information using a special decryption program stored in the nonvolatile memory area is performed, there is still a concern that the program may be analyzed by a hacker, resulting in the leakage of information. The hacker could also analyze the special program and alter the program so as to leak the personal information.
In this way, by illegally accessing the memory areas provided separately from the circuit dedicated to security protection, a malicious third party could steal the confidential information stored in such memory areas. Furthermore, if the program handling the confidential information were illegally altered by a malicious third party so as to leak the confidential information, the confidential information could be stolen in an indirect manner.
Further, in order to protect information stored within the apparatus, it is proposed that a security card responsible for part of the security function be connected to the system LSI (for example, refer to Japanese Laid-open Patent Publication No. 2007-281813). For example, in digital television broadcasting, the video stream is compressed and encoded with a scramble key, and the broadcast video stream carries the scramble key that is used to decode the video stream and that is updated every few seconds. On the other hand, a work key for decrypting the scramble key is built into the security card. Then, a portion of the program (channel) information (the above-mentioned stream) selected by a tuner is input to the security card under the control of a program running on a main processor incorporated in the system LSI. Then, the decrypted scramble key is output from the security card. The decrypted scramble key is received by the main processor and is input, for example, to an encryption circuit. The compressed video stream encoded with the scramble key is input to the encryption circuit together with the scramble key, and the encryption circuit decrypts the compressed video stream for output. The compressed video stream thus decrypted is input to a video processing circuit where the compressed video stream is expanded and converted into YpbPr or RGB video signals. The video signals are input to a graphics circuit. The graphics circuit inserts additional information such as a program title into the video signals, and the resulting video is output to a monitor. The monitor displays the obtained video.