The present invention relates to an IC card and a microcomputer, and particularly to a technology effective for application to a security technology used for ones like an IC card and a stored-program one-chip microcomputer, each of which includes a CPU and a memory and performs data processing using an encoding key.
Japanese Patent Application Laid-Open No. Hei 10(1998)-69222 discloses, as an example, a technology wherein in an IC card which effects an encoding process or a decoding process on data by using key information stored in a memory, a delay process for losing a time correlation with the contents of the key information is executed during or before or after the execution of the encoding process or decoding process to set up against an operation analytical method like a TA (Timing Attack) method of estimating the contents of execution and an encoding key by using the difference in processing time.
It has recently been suggested that there is a possibility that the contents of an encoding process and an encoding key will easily be estimated by observing and analyzing current consumption at the time that an IC card is executing the encoding process. This has been described in 8.5.1.1 Passive protective mechanism (pp 263) of “Smart Card Handbook”, by W. Rankl & W. Effing, John Wiley & sons Co., Ltd.
That is, an SPA (Simple Power Analysis) method analyzes an encoding key and processed data according to the difference between operational or computational instructions or the difference between waveforms of consumed currents developed due to the difference in processed data. A DPA (Differential Power Analysis) method statistically processes waveforms of currents consumed and thereby estimates an encoding key. In the DPA method, a supposed encoding key is applied to a certain portion of DES, for example, and while a plaintext is being changed, the waveforms of the consumed currents are measured and statistics thereabout are collected. This work is repeated while the encoding key is being changed in various ways, and the current waveform exhibits a large peak in the case of a proper key.
As described in the Publication referred to above, the delay process, which has taken into consideration only the TA (Timing Attack) method, is not capable of losing even the correlation of current consumption based on an actual computation or operation. This is not capable of setting up against the operation analytical method like such a SPA or DPA method as to observe the waveform of each current consumed. To this end, the inventors of the present application have led to the development of a security technology capable of more reliably preventing decoding of the contents of an encoding process and an encoding key, based on the observation of the current consumption as described above with respect to ones each of which performs a fixed or regular data processing operation according to a stored-program as in the IC card and the microcomputer mounted to a module like an IC card or the like.