The present invention relates to a semiconductor device mounted in an IC (Integrated Circuit) card as an example, provided with a CPU and a ROM (Read Only Memory) which stores an encrypted program to be used by the CPU, and in particular, relates to a technology which can be suitably utilized for improvement of the security level against an attack trying to illegally read the encrypted program.
Generally an IC card is provided as a SoC (System on Chip) (microcomputer) in which a ROM, a RAM (Random Access Memory), an EEPROM (Electrically Erasable Programmable Read-Only Memory), and a CPU (Central Processing Unit) are integrated into a single chip. The IC card is provided with the required minimum number of external terminals, such as a power source, a ground, a clock, a reset, and a serial communication interface. The configuration of the IC card does not allow a direct access to the internal memory thereof and the exchange of data is always performed through serial communication; accordingly the secrecy of the memory content has been assured.
However, the analysis of security equipment by reverse engineering is posing an issue, in association with the advancement in performance of an analysis device. Especially, the reverse engineering of a ROM is posing such an actual threat that the contents of the firmware stored in the ROM are read out. Hitherto, scrambling by a simple combinational circuit has been performed. The configuration of a scramble circuit is kept in secrecy and the secrecy has guaranteed the secrecy of the firmware. However, the advancement in the reverse engineering technology is now allowing even the analysis of the scramble circuit. In view of the above circumstances, it is required to establish encryption of the contents of a ROM such that the firmware cannot be analyzed only by a simple readout of a ROM pattern. In encryption, the secrecy of a method or the secrecy of a key will improve the security level against an attack trying to illegally read out an encrypted program. When an attack which can decode the contents of the ROM with reverse engineering is assumed, it is expected that an encryption method is also analyzed from the physical analysis of the circuit configuration. Accordingly, an encryption key is stored in an electrically rewritable nonvolatile memory, thereby making it difficult to read out the encryption key only by the reverse engineering by means of the optical observation of a physical shape or a circuit configuration.
Patent Literature 1 and Patent Literature 2 disclose inventions concerning security equipment which encrypts and stores a program. The encrypted program is decrypted by use of an encryption key, developed into another storage device, and executed subsequently.
In the IC card, before encryption is performed for the purpose of secrecy of a program which is firmware, the encryption technology has been widely utilized for the purpose of keeping the secrecy of the stored user information and communication, and several methods are known as for storage of the encryption key for that. Patent Literature 3 and Patent Literature 4 disclose technology which improves the security level against an attack trying to read out an encryption key illegally. That is, Patent Literature 3 discloses technology for storing the encryption key in a memory area in an IC card where read-out from the exterior is absolutely difficult, and Patent Literature 4 discloses technology for dividing the encryption key and storing the divided keys in distributed regions in one storage device. Patent Literature 5 discloses technology in which the key information of plural encryption keys is managed in a split manner or in a batch, thereby storing the key information efficiently.    (Patent Literature 1) Published Japanese Unexamined Patent Application No. 2000-155819    (Patent Literature 2) Published Japanese Unexamined Patent Application No. 2003-333027    (Patent Literature 3) Published Japanese Unexamined Patent Application No. Hei 04(1992)-102185    (Patent Literature 4) Published Japanese Unexamined Patent Application No. 2000-252973    (Patent Literature 5) Published Japanese Unexamined Patent Application No. 2012-080295