The present invention relates to an information processing equipment, and more particularly to a tamper resistance device such as an IC card (smart cart) having high security.
An IC card is mainly used for storing information in a manner so as not to be altered by a third party or for enciphering data or deciphering a cipher text by using a cipher key which is kept in secret. Since the IC card is not provided with a power source, it becomes operable when it is inserted into a reader-writer. The IC card receives a command from the reader-writer to execute data transfer. A general explanation of IC cards is given, for example, in “IC Card” by Jyunichi Mizusawa, by Ohm Publication Co., compiled by the Institute of Electronics, Information and Communication Engineers.
As shown in FIG. 1, an IC card has the structure that an IC card chip 102 is fabricated on a card 101. A general IC card has contacts via which a power is supplied from a reader-writer and data is transferred.
The structure of an IC card chip is basically the same as that of a microcomputer. As shown in FIG. 2, the IC card chip includes a central processor 201, a storage memory 204, an input/output port 207, and a co-processor 202. The central processor 201 executes logical and arithmetic calculations, and the storage memory 204 stores programs and data. The input/output port 207 communicates with a reader-writer. The co-processor is a special calculation device for executing modular calculations, and is used for calculations in anti-symmetric RSA or the like. Many of IC card processors have no co-processor. A data bus 203 interconnects components of the IC card.
The storage memory 204 includes a ROM (Read Only Memory), a RAM (Random Access Memory), an EEPROM (Electrically Erasable Programmable Read Only Memory) and the like. ROM is a memory whose contents cannot be rewritten freely and stores mainly programs. RAM is a memory whose contents can be rewritten freely and are erased if a power supply is intercepted. When the IC card is disconnected from the reader-writer, a supply of the power is intercepted so that the contents of RAM cannot be retained. EEPROM is a memory whose contents can be retained even if a supply of the power is intercepted. Therefore, EEPROM is used for storing data which may be rewritten and can be retained even if the IC card is disconnected from the reader-writer. For example, the number of prepaid times of a prepaid card is stored in EEPROM because it is updated each time the card is used and the contents thereof are required to be retained even if the card is disconnected from the reader-writer.
An IC card is used for storing programs and important information in the IC card chip to execute a cipher process. It has been long considered that the difficulty in decryption of a cipher process executed in the IC card is the same as decryption of a ciphering algorithm. However, it has been suggested recently that there is a possibility of presuming the contents of a cipher process and a cipher key by measuring and analyzing a consumption current while the cipher process is executed, easier than decryption of a cipher algorithm. The consumption current can be monitored by measuring the current supplied from the reader-writer. This possible danger is described in “Smart Card Handbook”, by W. Rankl & W. Effing, John Wiley & Sons, paragraph 8.5.1.1 “Passive protective mechanisms, at p. 263.
CMOSs constituting an IC card chip consume current when an output state changes from “1” to “0” or vice versa. The data bus 203 in particular flows a large current when its state changes from “1” to “0” or vice versa, because it has a large electrical capacitance. This suggests a possibility of presuming the operation state in the IC card chip by monitoring the consumption current.
FIG. 5 shows wave shapes of consumption current during one cycle of an IC card chip. Depending upon processed data, the current wave shape becomes different as indicated at 501 and 502. This difference is generated depending upon data on the bus 203 and data processed by the central processor 201.
The co-processor 202 can execute a modular calculation of a long train of bits, e.g., 512 bits, in parallel with the central processor 201. Therefore, it is possible to monitor the wave shape of a consumption current different from that of the central processing unit 201 during a long period of time. By monitoring its distinctive wave shape, the number of operations of the co-processor can be easily measured. If there is any correlation between the number of operations of the co-processor and a cipher key, it is possible to presume the cipher key from the number of operations of the co-processor.
If the calculation contents of the co-processor have any shift specific to the cipher key, there is also a possibility of presuming a cipher key by identifying the shift from the consumption current. Such possibilities are also applicable to the central processor. Since the value of bits of a cipher key is fixed, an influence of the value of bits of the cipher key may possibly be monitored by monitoring the consumption current by changing data to be processed.