1. Field of the Invention
The present invention relates to a technique for testing a storage device, and more particularly to a technique for testing a storage device which stores an encryption key, information for decoding the encryption key, and information such as a confidential document or the like to be kept secret from an outsider.
2. Description of the Related Art
The necessity to guard confidential information is increasing with the advancement of a computer technology. The importance of an encryption technique for encrypting data before stored or transmitted is becoming higher accordingly. Encrypting data to be stored in a computer external memory and storing the encrypted data in the memory, etc. are also in actual practice. More specifically, an encryption key is stored in advance in a storage device. Data is encrypted with the encryption key and is stored in a memory. Data read out from the memory is decrypted with a decryption key.
Meanwhile, in order to check whether a storage medium is defective or not, it is required to ascertain whether the storage medium can store data and output the stored data properly.
The steps of storing a predetermined test pattern or the like in a memory, reading it therefrom and comparing the readout test pattern and the original test pattern with each other, etc. have been conventionally conducted to ascertain the above.
When the memory is a ROM (read-only memory), the steps of reading out data stored in the ROM and ascertaining whether the readout data and written data match with each other, etc., have been conventionally performed.
However, when a memory device, having a encryption key stored therein, is tested by the above-described method, there is the problem of the encryption key itself being read out to the outside of the memory device.
In order to solve this problem, a memory device having the testing function of reading out stored data from the memory device, converting the readout data and thereafter outputting the converted data to the outside of the memory device, has also been proposed. According also to this method, however, a transformed code is read out to the outside of the memory device. The transformation scheme can easily be prospected, and the encryption key can be prospected as well.
Published Unexamined Japanese Patent Application Kokai No. 8-63402 has proposed a semiconductor IC which has the function of testing a ROM without reading out data stored in the ROM directly to the outside of the IC, by way of comparing data stored in the ROM and an externally supplied expected value with each other and outputting a comparison result. According also to this method, whether confidential data matches with the expected value can be determined per address or the like. Therefore, by performing the test while changing the expected value from one to another, the confidential data can be specified. Furthermore, since the comparison is effected per address, a large amount of checking time is required.
The present invention has been made in consideration of the above-described circumstances, and it is an object of the present invention to provide a testing method for testing a memory, and a storage device having a testing function.
It is another object of the present invention to provide a testing method, which is suitable for testing a storage device which stores highly confidential data, and such a storage device having a testing function.
According to the first aspect of the present, invention having the above-described objects, there is provided a storage device comprising:
first storage means for storing data;
second storage means including an encoded cryptographic key stored therein;
third storage means including decoding information stored therein to decode the cryptographic key;
fourth storage means including an arithmetic function stored therein to test the third storage means;
writing means for decoding the cryptographic key with the decoding information stored in the third storage means, encrypting externally supplied data with the cryptographic key as decoded and writing the encrypted data in the first storage means;
reading means for decoding the cryptographic key with the decoding information stored in the third storage means, reading data from the first storage means, decrypting the read data with the cryptographic key as decoded and outputting the decrypted data; and
comparing means for processing the decoding information stored in the third storage means, by using the arithmetic function stored in the fourth storage means, and for comparing a resultant value and an expected value with each other and outputting a comparison result.
If the storage device was designed so that storage data of the third storage means could be read externally to permit the third storage means to be tested in regard to whether the decoding information had been properly stored therein, there would be the risk that an observer could obtain the decoding information and decode the cryptographic key.
According to the present invention, in light of the above, an arithmetic function for use in the test is stored in the fourth storage means, and the decoding information is processed using the arithmetic function. A resultant value and an expected value are compared with each other, and the output of a comparison result is effected. If the decoding information has been stored properly, the comparison result will indicate an equality between both values. Thus, without the decoding information being output to the outside of the storage device, a determination can be performed as to whether one or more stored cryptographic keys are proper or not.
Furthermore, since the decoding information is processed using the arithmetic function and the resultant value and the expected value are compared with each other, there is no possibility of the decoding information being prospected from the expected value. In the case of comparing the value obtained as a result of the decoding information being processed using the arithmetic function and the expected value with each other, the number of times of comparison is smaller than in the case of comparing per address the decoding information and the expected value with each other. This ensures more speedy processing.
The storage device may further comprise scan means for scanning an address of at least one of the first, second and fourth storage means and reading out a storage content thereof, in order to test whether the above-mentioned at least one of the first, second and fourth storage means is defective or not. The scan means may include inhibiting means for inhibiting an access to the third storage means.
According to the above-described structure, the acts of directly accessing the third storage means and reading out stored data therefrom are also inhibited to maintain the confidentiality of the decoding information.
For example, the first storage means is a rewritable nonvolatile memory, the second storage means is a part of the unrewritable memory, and the third storage means and the fourth storage means are nonvolatile memories.
According to the above structure, a cryptographic key can be stored in the rewritable nonvolatile memory. The cryptographic key may be set to differ depending on storage devices so that even if the cryptographic key of one storage device should be decoded, the cryptographic key of another storage device cannot be prospected.
The expected value described previously may be a value pre-stored in the nonvolatile memory of the storage device or may be an externally supplied value.
The aforementioned arithmetic function may be a one-way function which is, for example, a hash function.
By processing the decoding information with such a one-way function, a single value or processing result is obtained from the decoding information. Meanwhile, however, many pieces of decoding information can be prospected from the processing result and consequently it is difficult to specify the decoding information.
It is preferred that the third storage means and the comparing means be sealed integrally with each other by a resin or the like and be designed so that the contents of communications between the third storage means and the comparing means are not output to the outside of the storage device.
If a data line, etc. for the third storage means were integrated with a data line for another storage means, data might leak to the outside of the storage device while the data was being exchanged between the third storage means and the comparing means. In light of this, the present invention employs the above-described structure to keep the storage content of the third storage means confidential.
According to the second aspect of the present invention, there is provided a storage device comprising:
confidential information storage means including confidential information stored therein;
test information storage means including test information stored therein to test the confidential information storage means;
receiving means for receiving an externally supplied instruction signal which indicates an instruction to test the confidential information storage means; and
outputting means for processing the confidential information in response to the instruction signal received by the receiving means, by using the test information stored in the test information storage means, and for comparing a processing result and an expected value with each other and outputting a comparison result.
According also to the above-described storage device, a determination can be performed as to whether the confidential information has been stored properly in the confidential information storage means, without the confidential information being directly read out to the outside of the storage device.
The expected value may be a value pre-stored in the above storage device or an externally supplied value.
The confidential information contains, for example, information for decoding an encoded key which is used to perform at least one of encryption and decryption of data, while the test information contains a predetermined arithmetic function, for example.
It is preferred that the aforementioned arithmetic function be a one-way function, such as a hash function or the like, which satisfies a xe2x80x9cmany (values which are substituted for the function)-to-one (calculation result)xe2x80x9d relationship.
A plurality of confidential information pieces which are, for example, a private key xe2x80x9cnxe2x80x9d and a public key xe2x80x9cexe2x80x9d, can be stored in the confidential information storage means. In this case, whether the confidential information pieces have been properly stored or not can be determined based on a comparison result which indicates, for example, whether a relationship of me mod n=0 is satisfied or not. In the above relationship, xe2x80x9cmxe2x80x9d is an externally supplied constant or a constant pre-stored in the storage device.
Further, a private key (d, n) and a public key (e, n) can be stored in the confidential information storage means. In this case, whether the confidential information pieces have been properly stored or not can be determined based on a comparison result which indicates, for example, whether a relationship of d=md mod n is satisfied or not. xe2x80x9cmxe2x80x9d is an externally supplied constant or a constant pre-stored in the storage device.
According to the third aspect of the present invention, there is provided a testing method for testing a memory which stores confidential information and a direct external access to which is inhibited, the testing method comprising steps of:
processing data stored in the memory, by employing a predetermined technique;
comparing a processing result and an expected value with each other; and
determining whether a storage content of the memory is proper or not, based on a comparison result.
With the above testing method, the memory can be tested without the storage data of the memory being directly read out to the outside thereof. Since data after processed is used in the comparison, a processing amount can be reduced.
The above-described confidential information is information such as key decoding information for decoding an encoded cryptographic key, a confidential document, etc.
The predetermined technique mentioned above is the technique of processing the data with a one-way function.
According to the fourth aspect of the present invention, there is provided a storage device comprising:
a first memory storing data;
a second memory storing an encoded cryptographic key;
a third memory storing decoding information to decode said cryptographic key;
a fourth memory storing an arithmetic function to test said third memory;
a controller for decoding the encoded cryptographic key stored in said second memory with the decoding information stored in said third memory, encrypting externally supplied data with the cryptographic key as decoded and writing the encrypted data in said first memory, for decoding the cryptographic key stored in said first memory with the decoding information stored in said third memory, reading data from said first memory, decrypting the read data with the cryptographic key as decoded and outputting the decrypted data, and for processing the decoding information stored in said third memory, by using the arithmetic function stored in said fourth memory, and comparing a resultant value of the processing and an expected value with each other and outputting a comparison result to detect said third memory is proper or not.
Said third memory and said controller may be sealed integrally with each other so that contents of communications between said third memory and said controller are not output to an outside of said storage device.
Said controller may scan an address of at least one of said first, second and fourth memories and reading out a storage content thereof, in order to test (check) whether said at least one of said first, second and fourth memories is defective or not. Said controller may inhibit an access to said third memory.
Said first and second memory comprises, for example, a rewritable nonvolatile memory, and said third and fourth memories comprises nonvolatile memories.
Said expected value is one of a value pre-stored in said storage device and an externally supplied value.
The arithmetic function is a one-way function such as a hush function.