An information processing apparatus has been known which utilizes a software program and data stored in a semiconductor memory by removably connecting the semiconductor memory thereto.
Some of such semiconductor memories have a security technique for the security of data and the like stored therein. For example, Japanese Patent Application Laid-Open No. 9-106690 (1997) and Japanese Patent Application Laid-Open No. 7-219852 (1995) disclose a method of encrypting data by the use of key data. Japanese Patent Application Laid-Open No. 2001-35171 discloses a method which enables data to be inputted and outputted only when an encrypted command is inputted.
However, even if the data is encrypted by utilizing a logical operation such as an exclusive OR by the use of the key data as in Japanese Patent Application Laid-Open No. 9-106690 and Japanese Patent Application Laid-Open No. 7-219852 described above, it is possible to observe the contents of a communication carried out between the semiconductor memory and the information processing apparatus. This presents a problem such that the encrypted data is analyzed.
The strength of security can be improved by complicating an encryption scheme for encryption of a command as in Japanese Patent Application Laid-Open No. 2001-35171 described above. It is, however, difficult to take countermeasures, for example, so as to adopt different encryption techniques for the respective semiconductor memories. Data encrypted by the same encryption technique are always supplied. Further, because the data exchanged between the information processing apparatus and the semiconductor memories are browsable in a similar manner to Japanese Patent Application Laid-Open No. 9-106690 and Japanese Patent Application Laid-Open No. 7-219852 described above, there is a problem such that it is difficult to avoid the possibility that the encrypted data are analyzed.
The technology herein is intended for a memory information protection system comprising an information processing apparatus, and a semiconductor memory removably mounted to the information processing apparatus, the semiconductor memory including a data storage means, a first input/output terminal section, a memory control means, an encryption key source data storage section, and a decryption key data storage means, the information processing apparatus including a processing means, a temporary storage means, a second input/output terminal section, a cipher generation data storage means, an encryption key data generating means, and an encryption means.
The data storage means included in the semiconductor memory stores therein data containing a program to be protected, and is accessed by the information processing apparatus. The first input/output terminal section receives a command including an instruction code and address data from the information processing apparatus, and provides the data read from the data storage means to the information processing apparatus. The encryption key source data storage section stores therein encryption key source data serving as a source for encryption. The decryption key data storage means stores therein decryption key data in a form inaccessible from the information processing apparatus, the decryption key data being a decryption key used to judge that the semiconductor memory is permitted to be used for the information processing apparatus. The memory control means includes a decryption means for decrypting an encrypted command provided from the information processing apparatus by using the decryption key data.
The second input/output terminal section included in the information processing apparatus is connected to the first input/output terminal section of the semiconductor memory, outputs the command including the instruction code and the address data, and receives the data read from the semiconductor memory. The processing means processes the data read from the semiconductor memory, and generates the command to be provided to the semiconductor memory. The cipher generation data storage means stores therein cipher generation data for generation of encryption key data associated with the decryption key data. The encryption key data generating means generates the encryption key data based on the encryption key source data read from the encryption key source data storage section and the cipher generation data. The temporary storage means temporarily stores therein the encryption key data generated by the encryption key data generating means. The encryption means generates the encrypted command obtained by encrypting the command generated by the processing means by using the encryption key data to output the encrypted command to the second input/output terminal section.
The memory control means controls the reading of the data stored in the data storage means by using the command decrypted by the decryption means.
According to the technology herein, the information processing apparatus communicates with the semiconductor memory by using the encryption key data generated in accordance with the information read from the semiconductor memory. This provides the memory information protection system, the method of protecting the memory information, and the semiconductor memory which make it difficult to analyze a security system, thereby effectively preventing the unauthorized reading of data, as compared with an instance in which the same encryption key data is always used and an instance in which encryption key data information itself is transmitted and received between the information processing apparatus and the semiconductor memory.
Preferably, the encryption key data generating means generates the encryption key data having a predetermined relationship with the decryption key data by using the encryption key source data and based on the cipher generation data.
The encryption key data is generated in accordance with the encryption key source data. This preclude the encryption key data from being obtained even if the encryption key source data is read.
Preferably, the temporary storage means stores the encryption key data a data length of which is ten or more times greater than that of the encryption key source data.
The information processing apparatus is capable of generating and using the encryption key data having a greater data length while receiving only the encryption key source data with less data size from the semiconductor memory. This makes it difficult to analyze the encryption key data, thereby effectively preventing the unauthorized reading of data.
Preferably, the processing means doubles as the encryption key data generating means and the encryption means. The processing means performs a computing process on the encryption key source data and the cipher generation data to determine the encryption key data, thereby writing the encryption key data into the temporary storage means, and outputs the encrypted command obtained by encrypting the command by using the encryption key data.
The single processing means implements the operations of the encryption key data generating means and the encryption means. This provides the memory information protection system with a simple construction, as compared with an instance in which these means are independent of each other.
Preferably, the cipher generation data storage means is located as a memory space inaccessible from the outside of the information processing apparatus through the second input/output terminal section.
The prevention of the reading of information required for encryption and decryption from outside makes it difficult to analyze the security system.
Preferably, the decryption key data storage means stores the decryption key data pairing up with the encryption key source data serving as a source of the encryption key data and stored in the encryption key source data storage section.
The use of different pairs of encryption key source data and decryption key data for respective semiconductor memories makes it difficult to analyze the encryption key data, as compared with an instance in which the same encryption key data is used for all of the semiconductor memories.
Preferably, the processing means erases the encryption key data stored in the temporary storage means after the encryption means outputs a desired number of encrypted commands.
Erasing the encryption key data after use makes it difficult to analyze the encryption key data.
It is therefore a primary object of the illustrative non-limiting exemplary technology described herein to provide a memory information protection system, a method of protecting memory information and a semiconductor memory which are capable of enhancing the security of data stored in the semiconductor memory to effectively prevent the unauthorized reading of the stored data.
It is another object of the illustrative non-limiting exemplary technology described herein to provide a memory information protection system, a method of protecting memory information and a semiconductor memory which make the external unauthorized reading of data stored in the semiconductor memory difficult without complicating the construction of the semiconductor memory to ensure the protection of the stored data without significantly increasing the costs of the semiconductor memory.
It is still another object of the illustrative non-limiting exemplary technology described herein to provide a memory information protection system, a method of protecting memory information and a semiconductor memory which make it difficult to analyze a security system for the semiconductor memory to strengthen the security of the stored data.
These and other objects, features, aspects and advantages will become more apparent from the following detailed description of exemplary illustrative non-limiting implementations when taken in conjunction with the accompanying drawings.