The present invention relates to an encryption key providing method, a semiconductor integrated circuit, and an encryption key management device. In particular, the present invention can be utilized suitably for an encryption key providing method, a semiconductor integrated circuit, and an encryption key management device which have resistance properties against unjust acquisition of an encryption key generated by use of physically unclonable device unique data.
In recent years, there have been reports on cases of various attacks to an electrical unit (Electronic Control Unit: ECU) mounted in a vehicle, such as unjust access and an unjust imitation. In the related art technology of an in-vehicle microcomputer, a key itself for encryption and decryption was written without taking measures against electronic eavesdropping; accordingly, it was easy to steal the encryption key. It is obvious that such unjust acts cause a serious problem from the viewpoint of safety. There has been an increasing need for an in-vehicle microcomputer which has high security against such unjust acts. On the other hand, faults and defects in an in-vehicle microcomputer will affect a human life. Therefore, the analysis of faults and defects is essential. If the tamper-resistant technology is employed all over the microcomputer in order to prevent the unjust acts, the microcomputer will be provided with a high security, and it becomes possible to prevent the unjust acts. On the other hand, it becomes difficult for an automaker, an ECU maker, and a chip maker to conduct the analysis of faults and defects, causing inconvenience for them.
Therefore, the security technology which utilizes an identification code unique to a device (or a device unique ID) generated with the use of a physically unclonable function (PUF) has been examined. In the technology utilizing the PUF, a Hash function which is encrypted by means of the device unique ID (Identification) is written in a region of ROM (Read Only Memory), for example, and data is decrypted with the use of the Hash function decrypted by means of the device unique ID. Therefore, the security is secured.
The physically unclonable function (PUF) is derived from an initial value at the time of power-on of SRAM (Static Random Access Memory), for example. The initial value of SRAM fluctuates due to manufacturing variations; therefore, by taking a sufficiently large number of bits, it can serve as a unique value for each device. On the other hand, there are demands of repeatability that the device unique ID generated from the same device shall have the same value, even if it is generated many times. This is because there is a possibility that it may be taken for a counterfeit product, if a different device unique ID is generated from the same device by nature. However, the initial value of SRAM and many PUFs may have fluctuations depending on the environment in which they are generated, that is, the difference of the ambient temperature in which the device is placed, the power supply voltage, etc.
Patent Literature 1 discloses a semiconductor device capable of generating an initial unique code which is a value unique to a device and includes a random bit error. This semiconductor device corrects the error included in the initial unique code, generates a fixed device unique ID (device unique ID), and utilizes it for the decryption of confidential information. In the error correction, the correction data corresponding to the fixed device unique ID are referred to. (Patent Literature)
(Patent Literature 1) Japanese Unexamined Patent Application Publication No. 2013-003431