1. Field of the Invention
The present invention relates to a semiconductor storage device having non-volatile memory cell array blocks, e.g., as used in semiconductor integrated circuits. In particular, the present invention relates to a semiconductor storage device having a security function for preventing unauthorized tampering with any content stored in a memory.
2. Description of the Related Art
Electrically erasable non-volatile semiconductor storage devices, such as flash memories, are capable of on-system data rewriting. That is, the data and/or codes stored in such a semiconductor storage device can still be updated even after the semiconductor storage device has been incorporated into a system. Therefore, electrically erasable non-volatile semiconductor storage devices, such as flash memories, are widely used as means for storing programs for driving a microcomputer-based system or the like in accordance with a desired procedure. In such cases, information to be utilized for user authentication, checking programs, and the like are also stored in the same storage device. Therefore, an ability to prevent unauthorized rewriting of data (or “tampering”) while also permitting easy updating of stored content is desired.
For example, as disclosed in Japanese Laid-Open Publication No. 9-34797, in actual implementations or proposed structures of tamper prevention circuits, a function limitation release key code (i.e., a key code which disengages a function limitation) is externally input to enable authentication of any access made by an authorized user.
FIG. 3 illustrates a semiconductor memory incorporating a conventional data tamper prevention circuit. This conventional circuit (lock circuit) 300 includes: an internal register 30 for storing a key code which has been subjected to a unidirectional hash conversion; a decoder circuit (security communication circuit) 31 for decoding an input code; a conversion circuit 32 including a unidirectional hash function; a function limitation release determination circuit (comparison circuit) 33; a write control circuit; and a gating circuit.
In accordance with the lock circuit 300, in order to provide data protection in the case where a reference value (key code) which is previously stored in the internal register 30 is directly read by an unauthorized party, the reference value is converted by the unidirectional hash conversion circuit 32 so as to be stored in a converted form, rather than in a plaintext form. In order to also protect a function limitation release key code which is externally input to the device, the externally-input function limitation release key is encrypted. The function limitation release key is decoded by the security communication circuit 31 (to become a key code Iv1), and thereafter converted by the unidirectional hash conversion circuit 32 (to become a key code Iv2). This converted value is compared against the reference value stored in the internal register 30 by the comparison circuit 33. If the two values match, a function limitation release signal 34 is issued to release the function limitation. In order to survive “repetitive attacks” (i.e., a fraudulent technique of trying every possible key input pattern until obtaining a match), the security communication circuit 31 is constructed based on a Diffie-Hellman Key Exchange algorithm or the like, so that a different valid key is generated each time.
However, the aforementioned conventional techniques have the following problems.
First, in order to release the function limitation, it is necessary to externally input a function limitation release key. Accordingly, the above-described system requires an external key storage device for storing the function limitation release key. However, since the function limitation release key is retained external to the device, the key must pass through an interfacing section every time access is requested, independent of what sort of encryption technique may be employed in the communication path between the devices, i.e., between the device shown in FIG. 3 and any other device within the system (e.g., the key storage device). This may run the risk of the function limitation release key being intercepted during communication, or being directly read from the external key storage device.
Moreover, complicated circuitry is required for encrypting signals exchanged between devices, and particularly complicated encryption is required. Hence, complicated decoding circuitry within the device is required to provide protection against repetitive attacks.
Furthermore, in order to effectuate a good tamper prevention function, merely replacing a given semiconductor storage device with a semiconductor storage device having a tamper prevention function does not suffice. In addition, the entire system must be redesigned to enable a good tamper prevention function.