In recent years, users have enjoyed listening to music by using consumer appliances capable of digitizing music data and storing the digitized music data in a storage device. Also, there have been demands for consumer appliances capable of handling high-quality contents such as HD images in addition to music data.
In order to process high-quality contents such as HD images, it is necessary to improve the processing capability of the consumer appliances. As a method of improving the processing capability of the consumer appliances, a multi CPU system (also referred to as a “multi processor system”) has been used in the field of Personal Computers (PC). According to the multi CPU system, processing that has been conventionally performed by one CPU is shared among a plurality of CPUs so as to reduce a period necessary for performing the processing.
On the other hand, it is possible to make copies of digitized music data and HD images without deterioration. Accordingly, in order to protect interests of copyright holders of data such as digitized music data and HD images, it is necessary to handle the data in an environment where unauthorized use cannot be performed.
The Patent Document 1 discloses an art of preventing unauthorized use of data that needs to be protected, by using a device including a plurality of CPUs. According to the art disclosed in the Patent Document 1 (hereinafter referred to as a “first conventional art”), each of the plurality of CPUs has allocated thereto a key that is unique to the CPU. A program and data that need to be protected is encrypted using a key corresponding to a CPU among the CPUs that handles the program and data, and the encrypted program and data are stored in an external memory. When the CPU attempts to use the program and data stored in the external memory, a bus encryption circuit performs decryption processing using the key corresponding to the CPU, and outputs decrypted program and data to the CPU.
However, in a case where such a program and data include right information showing the permitted number of times of playing back contents for example, it is impossible to prevent a so-called backup restoration attack. The backup restoration attack is a kind of unauthorized use in which all the data stored in an external memory are copied, and a right is used up. Then, the copy of the right information is restored. In this case, the restored right information is accurately decrypted using the bus encryption circuit. This results in allowing restoration of the right that would have been expired. Therefore, the first conventional art cannot realize the secure handling of information that needs to be protected.
In view of this, in order to certainly protect data and programs, there has been conventionally used another art (hereinafter referred to as a “second conventional art”) in which a device including one CPU (a single processor) performs operations by switching between processing relating to data that needs to be protected and processing relating to data that does not need to be protected.
The device of the second conventional art realizes an execution environment for performing processing relating to data that needs to be protected, by using an internal memory included in a system LSI and a mode dedicated for the CPU. Hereinafter, such an execution environment is referred to as a “protection mode”. According to the second conventional art, while the system LSI is operating in a mode that is not the protection mode (hereinafter referred to as a “normal mode”), access to the internal memory by the system LSI is intercepted. Here, when the execution environment is switched from the normal mode to the protection mode, the CPU is reset. Then, a protected program stored in the system LSI is activated. This protected program is stored in a ROM or the like included in the system LSI, and is difficult to be tampered with from outside of the device. Also, when the execution environment is switched from the normal mode to the protection mode, the system LSI is permitted to access the internal memory. According to such a control, the system LSI cannot access the internal memory while operating in the normal mode. Furthermore, a program that can access the internal memory during operations of the system LSI in the protection mode is a program being operated by the CPU that is operating in the protection mode, and this program is difficult to be tampered with (or another program that is called by the program difficult to be tampered with). Therefore, it is possible to limit a program that can handle data stored in the internal memory to a secure program.
As described above, the device including one CPU switches between processing relating to data that needs to be protected and processing relating to data that does not need to be protected. Accordingly, it is possible to prevent unauthorized access to the secure memory and securely use data stored in the internal memory.    [Patent Document 1] Japanese Laid-Open Patent Application Publication No. 2005-99984