The present invention relates to a data processing apparatus capable of safely managing data which is valuable from a financial point of view, such as an image, music data, and personal information.
With development of semiconductor technology in recent years, digitization of data is advancing rapidly, in the music data from a record to CD (Compact Disc), and in movie data from video to DVD (Digital Versatile Disc). Digital data, such as copyrighted data and personal information, has an advantage for a producer or a purchaser in that quality degradation does not occur by copying; on the other hand, the digital data has a disadvantage, such as the decrease in a quantity sold due to illegal copies and the leakage of the personal information to many and unspecified persons. In this way, it is desirable to establish a kind of mechanism in which only those who are permitted can use digital contents.
In order to protect digital contents and the valuable data in communication, finance, etc. from a malicious third party, encryption technology is used positively. The encryption technology has realized the authentication function to confirm whether a user is permitted to use contents, as well as the function of data encryption and decryption to enable only those who are permitted to use the contents. Processing systems of digital contents, etc. are realized by implementing such an encryption technology into a semiconductor product.
In a digital contents processing system in the past, authentication is performed among a device which outputs encrypted contents, such as a DVD drive, a contents processing unit, and contents recording medium. When it is confirmed that authenticating processing is just, the encrypted contents are transmitted to the contents processing unit from the contents recording medium. In order to decrypt the encrypted contents, a key is necessary. The key is generated by calculation from the information necessary for generation of the key and unique information in the contents recording medium. The unique information, temporary data, and a key (the temporary data and the key being generated in the calculation process of a contents decryption key) are required to be of secrecy, since the encrypted contents can be unjustly decrypted by obtaining these items unjustly.
In this way, in order that the contents may not be used unjustly by a malicious third party, it is necessary to provide a security protection area in the contents processing unit. However, in the case where a malicious third party can have a certain influence to the security protection area, neither the secrecy of contents nor the authentication result with respect to a drive is necessarily secured when authentication and decoding of contents are performed. For example, since the contents processing unit is controlled by CPU (Central Processing Unit) by executing the software, falsification of the authentication result and unjust acquisition of the unique information become easily performed by coupling a debugger. When such an unjust access becomes feasible, it is possible to nullify the authentication etc. by sending data directly to a security protection area. Therefore, in such a contents processing system, it is necessary to provide configuration which prevents unjust access to the function in the security protection area from the exterior. To be specific, it is necessary to devise measures such as integrating the function in the security protection area into a single chip, thereby disenabling the coupling of a debugger to CPU and the unjust writing/reading of data from the exterior.
In the past, the following measures are disclosed: that is, a data processor calculates the sum value to instructions included in every predetermined section of an instruction flow, and when the sum value obtained by the last operation and the sum value obtained by the present operation disagree in the same section, the execution of instructions is stopped or the execution sequence of instructions is compulsorily changed (refer to, for example, Document 1 (Japanese unexamined Patent Publication No. 2005-166070)). In addition, an encryption program generating apparatus is proposed, which compresses a branch instruction, a non-branch instruction, and the check sum of the non-branch instruction, which are extracted from a game program, encrypts the compressed data concerned, and stores the encrypted data in a program memory (refer to, for example, Document 2 (Japanese Patent Application No. 131107-2007)).