This application claims priority to Japanese Patent Application Number 2000-180627 filed Jun. 15, 2000, the content of which is incorporated herein by reference in its entirety.
1. Field of the Invention
The present invention relates to a semiconductor device having a memory space composed of rewritable semiconductor memory cells, and a control device for use therewith. In particular, the present invention relates to a semiconductor device having a security function for protecting from unauthorized access any content which is stored in the memory space, and a control device for use therewith.
2. Description of the Related Art
A semiconductor device such as a semiconductor memory device has a memory space composed of rewritable semiconductor memory cells which are represented by respective addresses. A semiconductor memory device may store information (such as copyright-protected subject matter or privacy information of individuals) which should not be subjected to unauthorized reading by a third party, or information which should not be subjected to unauthorized overwriting (as in the case of IC card applications). There have been proposed some semiconductor devices having a memory space, and control devices for use therewith, which have a security function for protecting the stored contents (data) from such unauthorized access.
Hereinafter, a conventional semiconductor device having a security function will be described with reference to FIGS. 5 to 7.
FIG. 5 is a schematic block diagram illustrating a minimum structure for realizing a security function. A semiconductor device 600 shown in FIG. 5 includes a memory accessing means 604, a memory 613 having a memory space (semiconductor memory cells) for storing data, and a security means 609 inserted therebetween. With the security means 609, it is possible to restrict some or all of the operations which are externally requested.
The memory accessing means 604 externally receives an address signal 601, a control signal 602, and a data signal 603, and outputs an address signal 605 which designates one or several of the storage units (semiconductor memory cells) in the memory space of the memory 613 to which access is to be made; a control signal 607 which designates the type and/or content of access to be performed to the memory 613; and a data signal 608 which is used for inputting or outputting of data in accordance with the designated content in the memory 613.
The security means 609 is capable of restricting some or all of the operations which are represented by a signal which is output from the memory accessing means 604 to the memory 613. For example, the security means 609 is capable of restricting the reading of any content which is stored in the memory 613, restricting the overwriting of any content which is stored in the memory 613, or both.
A given operation which is instructed by the memory accessing means 604 to be per formed on the memory 613 is represented by the address signal 605, the control signal 607, and the data signal 608 which are output to the security means 609. In the case where the content of the operation which is instructed by the memory accessing means 604 to be performed on the memory 613 is permitted, the security means 609 outputs an address signal 610, a control signal 611, and a data signal 612 to the memory 613 to perform an operation as instructed by the memory accessing means 604. On the other hand, in the case where the content of the operation which is instructed by the memory accessing means 604 to be performed on the memory 613 is not permitted, the security means 609 applies a conversion process to at least one of the address signal 610, the control signal 611, and the data signal 612. If the externally instructed operation involves outputting of the data which is stored in the memory 613, the security means 609 applies a conversion process to the data signal 608 which is output from the security means 609 to the memory accessing means 604. Thus, the operations to the memory 613 are restricted so that any operations which are not permitted will not occur, thereby realizing a security function for the memory 613.
All of the component elements of the semiconductor device 600 shown in FIG. 5 may be provided on one device. Alternatively, the component elements may be distributed over a number of devices so that a security function will be realized when the devices are used in combination. For example, in the case where the security function is to be realized on a single device, an interface circuit for interfacing with the exterior of the device may be utilized as the memory accessing means 604, while a circuit for restricting some or all of the operations which require access to the memory space may be inserted (as the security means 609) between the memory 613 as a circuit having a memory space and the memory accessing means 604.
Alternatively, in the case where the security function is to be realized on a number of devices collectively, e.g., when the memory accessing means 604, the security means 609, and the memory 613 are all provided on discrete devices, a circuit for restricting some or all of the operations which require access to the memory space may be inserted (as the security means 609) between a memory controller functioning as the memory accessing means 604 and the memory 613 having a memory space.
Hereinafter, a semiconductor device which is capable of outputting dummy data when a read access to the memory is made will be specifically described, by an illustration of a structure in which read operations to a memory are restricted until deactivation of a security function.
FIG. 6 is a schematic block diagram illustrating a conventional semiconductor device 450 which realizes the above-described security function. The semiconductor device 450 includes an interface circuit 404, a security circuit 409, and a memory 413 having a memory space composed of semiconductor memory cells. The security circuit 409 includes a password storage circuit 414 for storing a password, a comparison circuit 416, and an operation restriction circuit 418 for restricting operations to be performed on the memory 413.
In accordance with the semiconductor device 450, restriction on read operations is established (i.e., a security function is set) at the time when the semiconductor device 450 is turned ON. The security function can only be deactivated if a password (security control signal) 407 which is externally input via the interface circuit 404 matches a fixed password which is stored in the password storage circuit 414 in the security circuit 409, after which read operations can be performed normally.
In the case of making an external access to the stored content (data) which is stored in a given address in the memory 413 of the semiconductor device 450, an address signal 401, a control signal 402, and a data signal 403 are input to the interface circuit 404. The interface circuit 404 outputs an internal address signal 405 and an internal control signal 406, and if necessary an internal data signal 408, to the memory 413. In the case where the security function of the memory 413 is deactivated, the operation restriction circuit 418 outputs an address signal 410, a control signal 411, and a data signal 412 to the memory 413 in accordance with the address signal 401, the control signal 402, and the data signal 403, which are externally supplied (or more directly, in accordance with the internal address signal 405, the internal control signal 406, and the internal data signal 408). As a result, a normal operation is performed.
The semiconductor device 450 is constructed in such a manner that the security function of the memory 413 is set in an initial state which follows after the semiconductor device 450 is turned ON. As a result of the restriction on some or all of the operations to the memory 413 enforced by the security circuit 409, the semiconductor device 450 either refrains from operating at all or performs an operation which is different from an instructed operation. In applications which are arranged so as to output dummy data (instead of normal data) when a read access to the memory 413 is made, once the security function is set, only the dummy data will be output in response to any read access made to the memory 413, thereby preventing any unauthorized reading.
The following methods have been proposed as methods for realizing the aforementioned function of preventing unauthorized read. For example, a method described in Japanese Laid-Open Publication No. 59-152599 ensures that, while the security function is activated, the address signal 410 is not output from the security circuit 409 to the memory 413 unless certain conditions are satisfied. According to a method described in Japanese Laid-Open Publication No. 6-250939, the security circuit 409 encrypts the data signal 412 received by the memory 413 and outputs the encrypted version of the data signal 412 to the interface circuit 404 as the data signal 408. According to yet another method, it is ensured that, while the security function is activated, the security circuit 409 does not output the control signal 411 to the memory 413 for instructing a read operation to be commenced unless certain conditions are satisfied.
In order to deactivate the read restriction for the memory 413, a password (security control signal) 407 for deactivating the operation restriction is externally input. The externally input password 407 is compared by the comparison circuit 416 against a password signal 415 representing a pass word which is stored in the password storage circuit 414. If both passwords match, the comparison circuit 416 issues an operation restriction deactivating signal (password match signal) 417 to the operation restriction circuit 418. Upon receiving the operation restriction deactivating signal 417, the operation restriction circuit 418 permits any subsequent read operations to be performed to the memory. Thereafter, read operations will be normally performed upon request of a read.
Based on the above structure, the stored content in the memory cannot be properly read by a person who does not know the password and a method for inputting the password. Thus, unauthorized reading by a third party can be prevented if the password and the method for inputting the password are not made public.
FIG. 7 is a schematic block diagram illustrating a system 500 which realizes a security function for a semiconductor device by employing a different structure from that illustrated in FIG. 6. The system 500 includes control device 501 (e.g., CPU) which requests access to the memory, a semiconductor device 550 having a security function, and a security control device 506. In the system 500, the control device 501 outputs an address signal 502, a control signal 503, and a data signal 505 to the semiconductor device 550 to perform an operation on the semiconductor device 550. However, the control device 501 cannot take full control of the semiconductor device 550 unless the security function of the semiconductor device 550 is deactivated.
The security control device 506 is xe2x80x9cchallengedxe2x80x9d to deactivate the security function of the semiconductor device 550 as follows. The security function of the semiconductor device 550 is deactivated only when the semiconductor device 550 recognizes from the content of a security communication signal 504 that the security control device 506 is a device which is predetermined to be granted access thereto. If the transmitter/recipient of the security communication signal 504 is not recognized as the predetermined device, the security function is not deactivated, and some or all of the operations to be performed on the semiconductor device 550 remain restricted.
During an initial state after the system 500 is turned ON, the security function of the system 500 is activated, so that the contents stored in the semiconductor device 550 cannot be properly read by an external device. The semiconductor device 550 xe2x80x9cchallengesxe2x80x9d the security control device 506, i.e., transmits to the security control device 506 a signal (security communication signal) 504 for recognizing what device is being coupled to the semiconductor device 550, and the security control device 506 returns a signal which the security control device 506 generates based on the signal 504. The semiconductor device 550 determines whether or not the returned signal 504 matches an expected value. If the returned signal 504 matches the expected value, it is determined that the proper (or authorized) security control device 506 is coupled to the semiconductor device 550 as an external device, and accordingly deactivates the security function of the semiconductor device 550. The transmission/reception of the signal 504 may be repeated multiple times to gain enhanced security.
Unlike the security function of the semiconductor device 450 shown in FIG. 6, the system 500 provides a security function which may be enforced in such a manner that the xe2x80x9crightxe2x80x9d communication to occur between the semiconductor device 550 and the security control device 506 is directed to a different content each time such a communication is made. Therefore, the security function provided by the system 500 is difficult to break via simple signal analysis.
Thus, the semiconductor device 550 can provide a very secure security function because it permits a proper read operation to occur only when the security control device 506 coupled thereto is recognized as a predetermined device.
Instead of the above-described example where unauthorized reading is prevented, a security function can also be realized to restrict other types of operations as well. For example, in order to prevent unauthorized overwriting of the content stored in a memory, the same conditions as those described above for establishing or deactivating restriction on read operations can be applied for establishing or deactivating restriction on overwrite operations.
However, the above-described conventional method for realizing a security function has the following problems.
In the semiconductor device 450 shown in FIG. 6, since a fixed protocol is always used for deactivating the security function, a third party may relatively easily discover a security deactivating method by analyzing the input signals, e.g., the password (security control signal) 407.
On the other hand, the system 500 shown in FIG. 7, the content of the output (i.e., the security communication signal 504) from the security device 506 which is expected by the semiconductor device 550 can be varied, whereby a more secure security function can be realized. However, this structure has cost and/or size-related disadvantages associated with the security control device 506, which needs to be provided externally to the semiconductor device 550.
In one aspect of the present invention, there is provided a semiconductor device including: a memory having a memory space for recording data, the memory space including addresses; at least one first storage section for storing at least a portion of an address at which access to the memory space is requested and/or data which is requested to be written to the memory space; and an operation restriction circuit for at least partially restricting operations to be performed on the memory, wherein the operation restriction circuit controls restriction on the operations to be performed on the memory based on at least a portion of the data and/or the address stored in the at least one first storage section.
In accordance with the above structure, it is possible to control restriction on operations to be performed on the memory by utilizing at least a portion of data requested to be written to the memory space and/or an address at which the data is requested to be written. Some or all of the operations requiring any access to the memory space can be restricted until the operation restriction circuit deactivates restriction on operations to be performed on the memory, for example. Thus, it is difficult for a third party to decipher the method for deactivating the security function. Since it is not necessary to provide any special devices external to the semiconductor device for realizing the security function, there is no substantial penalty associated with the product size and/or cost.
In one embodiment of the invention, the access is a write operation.
In another embodiment of the invention, the at least one first storage section comprises a plurality of storage subsections.
In accordance with the above structure, (a portion of) a plurality of data requested to be written to the memory space and/or a plurality of addresses at which the data is requested to be written can be stored. Thus, it becomes even more difficult f or a third party to decipher the method for deactivating the security function, whereby a semiconductor device can be realized which cannot be easily subjected to unauthorized utilization.
In another embodiment of the invention, if at least one of the at least one first storage section does not contain the address or data stored therein, the operation restriction circuit maintains restriction on the operations to be performed on the memory.
In accordance with the above structure, security can be provided in a state (e.g., an initial state) where not all of the storage subsections contain (a portion of) data and/or an address.
In still another embodiment of the invention, the at least one first storage section includes an address storage section for storing the address, and a data storage section for storing the data; the semiconductor device includes a comparison circuit for performing a comparison of data in the memory space as designated by the address stored in the address storage section against the data stored in the data storage section; and the operation restriction circuit maintains restriction on the operations to be performed on the memory if a result of the comparison by the comparison circuit does not match.
In accordance with the above structure, a higher level of security can be realized because it is possible to confirm at the time of a read operation that the stored data has not been altered.
In still another embodiment of the invention, the semiconductor device further comprises: a second storage section for storing a reference address; and a comparison circuit for performing a comparison of the address stored in the first storage section against the reference address stored in the second storage section, wherein the operation restriction circuit deactivates restriction on the operations to be performed on the memory if a result of the comparison by the comparison circuit matches.
In accordance with the above structure, a higher level of security can be realized by comparing the addresses stored in the first storage section against the reference addresses stored in the second storage section.
In still another embodiment of the invention, the memory includes a storage unit for containing data which is to be concurrently rewritten; and the first storage section is included in the storage unit.
In accordance with the above structure, it becomes possible to vary security conditions by concurrently rewriting the contents stored in at least a portion of the memory space of the memory and the first storage section, whereby a higher level of security can be provided. Note that the second storage section should not be formed within the memory rewriting unit because if the second storage section were formed within the memory rewriting unit, the content stored in the second storage section would be lost when the rewriting unit is overwritten, thereby allowing a user an opportunity to freely set the content after the overwriting.
In another aspect of the present invention, there is provided a control device for controlling a memory having a memory space for recording data, the memory space including addresses, the control device comprising: at least one first storage section for storing at least a portion of an address at which access to the memory space is requested and/or data which is requested to be written to the memory space; and an operation restriction circuit for at least partially restricting operations to be performed on the memory, wherein the operation restriction circuit controls restriction on the operations to be performed on the memory based on at least a portion of the data and/or the address stored in the at least one first storage section.
In accordance with the above structure, it is possible to control restriction on operations to be performed on the memory by utilizing at least a portion of data requested to be written to the memory space and/or an address at which the data is requested to be written. Some or all of the operations requiring any access to the memory space can be restricted until the operation restriction circuit deactivates restriction on operations to be performed on the memory, for example. Thus, it is difficult for a third party to decipher the method for deactivating the security function. By embedding the security function in any device (e.g., a memory controller) on a given system other than the memory, the penalty associated with the product size and/or cost can be reduced.
In one embodiment of the invention, the access is a write operation.
In another embodiment of the invention, the at least one first storage section comprises a plurality of storage subsections.
In accordance with the above structure, it becomes even more difficult for a third party to decipher the method for deactivating the security function, whereby a control device can be realized which cannot be easily subjected to unauthorized utilization.
In another embodiment of the invention, if at least one of the at least one first storage section does not contain the address or data stored therein, the operation restriction circuit maintains restriction on the operations to be performed on the memory.
In accordance with the above structure, security can be provided in a state (e.g., an initial state) where not all of the storage subsections contain (a portion of) data and/or an address.
In still another embodiment of the invention, the at least one first storage section includes an address storage section for storing the address, and a data storage section for storing the data; the semiconductor device includes a comparison circuit for performing a comparison of data in the memory space as designated by the address stored in the address storage section against the data stored in the data storage section; and the operation restriction circuit maintains restriction on the operations to be performed on the memory if a result of the comparison by the comparison circuit does not match.
In accordance with the above structure, a higher level of security can be realized because it is possible to confirm at the time of a read operation that the stored data has not been altered.
In still another embodiment of the invention, the control device further comprises: a second storage section for storing a reference address; and a comparison circuit for performing a comparison of the address stored in the first storage section against the reference address stored in the second storage section, wherein the operation restriction circuit deactivates restriction on the operations to be performed on the memory if a result of the comparison by the comparison circuit matches.
In accordance with the above structure, a higher level of security can be realized by comparing the addresses stored in the first storage section against the reference addresses stored in the second storage section.
In still another embodiment of the invention, the memory includes a storage unit for containing data which is to be concurrently rewritten; and the first storage section is included in the storage unit.
In accordance with the above structure, it becomes possible to vary security conditions by concurrently rewriting the contents stored in at least a portion of the memory space of the memory and the first storage section, whereby a higher level of security can be provided. Note that the second storage section should not be formed within the memory rewriting unit because if the second storage section were formed within the memory rewriting unit, the content stored in the second storage section would be lost when the rewriting unit is overwritten, thereby allowing a user an opportunity to freely set the content after the overwriting.
Thus, the invention described herein makes possible the advantages of: (1) providing a semiconductor device having a security function for preventing unauthorized read or overwrite which can be deactivated by a method which is difficult for any unauthorized third party to analyze and decipher, such that the security function can be realized without the need to require a special external device; and (2) providing a control device for such a semiconductor device.