1. Field of the Invention
The present invention relates to an information processing device, and more particularly to a tamper proof device such as an integrated circuit card (IC card) having a high degree of security.
2. Description of the Related Art
The IC cards are intended for holding information that must not be tampered by encrypting data with secret encryption keys and decrypting the encrypted text. An IC card has no internal power source and becomes operable only when inserted into a card reader/writer by which it is powered. When it becomes operable, the IC card receives commands from the card reader/writer and transfers data as commanded. The general descriptions of IC cards can be found in books such as IC Card, Junichi Mizusawa, The Institute of Electronics, Information and Communication Engineers, published by Ohm.
As shown in FIG. 1, an IC card 101 includes an IC card chip 102. An IC card generally has a set of contacts, through which power is supplied and data communication is performed.
The structure of an IC card chip is basically the same as that of a microprocessor. As shown in FIG. 2, the IC card chip is organized into a central processing unit (CPU) 201, a memory unit 204, an I/O port 207, and a coprocessor 202. The central processing unit (CPU) 201 performs logic and arithmetic operations, and the memory unit 204 stores programs and data. The I/O port 207 communicates with external card reader/writers. The coprocessor 202 is specifically used for performing modulo arithmetic, such as operations required in the RSA public key cipher. There are also many IC card processors without coprocessors. A data bus 203 provides links among these components.
The memory unit includes a read-only memory (ROM), a random access memory (RAM), and an electrically erasable programmable read-only memory (EEPROM). ROM is not modifiable, and mainly stores program code. RAM is rewritable, but its contents are lost when power is off. RAM therefore cannot be used to retain data after the IC card is withdrawn from the reader/writer such that its power supply is stopped. EEPROM is rewritable, and it retains its contents even without power. EEPROM is used to store data that must sometimes be rewritten and must be retained even when the IC card is removed from the reader/writer. EEPROM is used, for example, in a prepaid card that retains data indicating the amount of use, which has to be rewritten at every use and must be retained after the card is withdrawn from the card reader/writer.
IC cards store programs and data inside an enclosed IC card chip so as to store important information and perform cryptographic processing. The degree of difficulty in deciphering cryptographic processing in IC cards has been considered to be similar to the difficulty of deciphering cryptographic algorithms. It is suggested, however, that there is a risk that information being cryptographically processed in IC cards and the cryptographic keys used for such processing may be inferred through observation and analysis of current consumption during the cryptographic processing, which is easier than deciphering cryptographic algorithms. The current consumption can be observed by measuring current that is supplied from the card reader/writer. Such risks are described in ‘8.5.1.1 Passive protective mechanisms’ p. 263 of Smart Card Handbook written by W. Rankl & W. Effing, John Wiley & sons Co.
The CMOS circuits in an IC card chip consume current when their output changes from ‘1’ to ‘0’, and vice versa. The data bus 203 has a particularly large electrical capacitance such that it draws a large current when the value placed on it changes from ‘1’ to ‘0’, or vice versa. This suggests the possibility that observation of the current consumption can reveal the operations inside the IC card chip.
FIG. 3 is a graph showing current consumption waveforms over one processing cycle in an IC card chip. The waveforms vary as indicated with lines 301 and 302 depending on the data being processed. The variations are caused by differences in data carried on the data bus 203 and data being processed in the CPU 201.
Therefore, it is possible to infer which component is operating or what kind of data is being processing from the current consumption.
As countermeasures against such risks, the prior art provides two general methods: one method keeps the values of current consumption constant; the other method changes the current consumption while performing the same processing. An example of the former method provides a positive data bus, a negative data bus and a plurality of arithmetic units, which perform dummy and real operations concurrently to keep the current consumption constant regardless of the input data and operational results (PCT WO 99/67766). This method, however, raises problems of increased hardware scale, such as a doubling of the bus width and a quadrupling of the number of arithmetic units. As an example of the latter method, a method for encrypting data transferred on the bus or stored in memory has been suggested (JP-A-5731/2001). This method imposes a programming restriction, however, because the difference in life time of a plurality of data sharing the same key information places a limitation on the timing of updating of the encryption key.