US20070118761A1 - Semiconductor integrated circuit device, program delivery method, and program delivery system - Google Patents

Semiconductor integrated circuit device, program delivery method, and program delivery system Download PDF

Info

Publication number
US20070118761A1
US20070118761A1 US11/598,039 US59803906A US2007118761A1 US 20070118761 A1 US20070118761 A1 US 20070118761A1 US 59803906 A US59803906 A US 59803906A US 2007118761 A1 US2007118761 A1 US 2007118761A1
Authority
US
United States
Prior art keywords
program
decryption
encrypted
key
bus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/598,039
Inventor
Kenichi Kawaguchi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Panasonic Holdings Corp
Original Assignee
Matsushita Electric Industrial Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matsushita Electric Industrial Co Ltd filed Critical Matsushita Electric Industrial Co Ltd
Priority to US11/598,039 priority Critical patent/US20070118761A1/en
Publication of US20070118761A1 publication Critical patent/US20070118761A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1433Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a module or a part of a module
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography

Definitions

  • the present invention relates to a semiconductor LSI having the function of decrypting an encrypted program and executing the decrypted program which is mounted on information equipment or the like. More particularly, it relates to a processing system and method for encrypting a program and delivering the encrypted program from a device at a program owner to a device at a program user.
  • a system for preventing illegal copying of software has been devised in recent years.
  • a program is encrypted and delivered
  • provision has been made to prevent the copying of a program for decrypting the encrypted program hereinafter referred to as the “decryption program”.
  • a decryption program is disposed in the internal memory of an LSI from which it cannot be read from the outside and the decrypted program is further protected from being read from the outside (see, e.g., Japanese Laid-Open Patent Publication No. HEI 8-30558).
  • FIG. 18 is a block diagram showing a conventional semiconductor integrated circuit device for executing an encrypted program.
  • the semiconductor integrated circuit device 1 shown in FIG. 18 has: a CPU 3 ; internal memories 4 and 5 for inputting/outputting data via an internal bus 7 ; a bus port 6 for controlling the inputting/outputting of data to and from the outside via an external bus 2 ; an I/O port 9 connected to the CPU 3 via an I/O bus 8 ; a memory port 10 for controlling the internal RAM 5 ; and control registers 11 for controlling the memory port 10 .
  • a decryption program for decrypting the encrypted program is stored in the internal ROM 4 .
  • the encrypted program is read in the internal RAM 5 and decrypted in accordance with the decryption program.
  • the decrypted program is written in the internal RAM 5 .
  • the decrypted program written in the internal RAM 5 is protected from being read from the memory port 10 to the outside under the control of the control registers 11 .
  • the decryption program may be transferred by the program to the outside and hacked.
  • the use of the decryption program that has been hacked makes it possible to hack the encrypted program. Once the encrypted program is hacked, the LSI cannot be used any more since the decryption program cannot be changed.
  • a first semiconductor integrated circuit device comprises: a first memory for inputting and outputting data between a bus and itself, a second memory for inputting and outputting data between the bus and itself; a secret key holder for holdin a secret key; a bus port for controlling access from outside to the bus; a CPU for storing an encrypted program and a decryption program in the first memory via the bus port, decrypting the encrypted program by using the decryption program and the secret key, and executing the decrypted program; and a controller for causing, when the encrypted program and the decryption program are stored in the first memory, the bus port to disable access from the outside, enabling access to the first and second memories, and thereby transferring the encrypted program and the decryption program from the first memory to the second memory, disabling access to the first memory when the transfer is completed, and disabling access to the second memory when the decryption and the execution of the decrypted program are completed.
  • the semiconductor integrated circuit device With the first semiconductor integrated circuit device according to the present invention, it is no more necessary to provide the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved. Moreover, the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • the first semiconductor integrated circuit device further comprises: a secret key access port for controlling access from the CPU to the secret key holder, wherein the secret key access port enables access to the secret key holder when the transfer is completed and disables access to the secrete key holder when the execution of the decrypted program is completed.
  • a secret key access port for controlling access from the CPU to the secret key holder, wherein the secret key access port enables access to the secret key holder when the transfer is completed and disables access to the secrete key holder when the execution of the decrypted program is completed.
  • the CPU preferably includes a register and erases data stored in the register if the execution of the decrypted program is completed.
  • the controller preferably controls access to the first and second memories by controlling chip select signals to the first and second memories.
  • the controller preferably includes a flag storing portion for storing first and second flags, enables access to the first and second memories when the first flag is set, disables access to the first memory when the first flag is reset and the second flag is set, and disables access to the second memory when each of the first and second flags is reset
  • the bus port preferably disables access from the outside when at least one of the first and second flags is set
  • the CPU preferably sets the first and second flags when the encrypted program and the decryption program are inputted to the first memory, resets the first flag when the transfer is completed, and resets the second flag when the execution of the decrypted program is completed.
  • a second semiconductor integrated circuit device comprises: a first memory for inputting and outputting data between a bus and itself, a second memory for inputting and outputting data between the bus and itself, a first memory port connected between the bus and the first memory to control access from the bus to the first memory; a second memory port connected between the bus and the second memory to control access from the bus to the second memory; a secret key holder for holding a secret key; a bus port for controlling access from outside to the bus; a CPU having a register, the CPU writing an encrypted program and a decryption program in the first memory via the bus port, decrypting the encrypted program by using the decryption program and the secret key, writing the decrypted program in the second memory, and executing the decrypted program; and a controller for causing, when the writing to the first memory is completed, the bus port to disable access from the outside to the bus, causing the first memory port to disable the writing to the first memory, and causing the second memory
  • the second semiconductor integrated circuit device With the second semiconductor integrated circuit device according to the present invention, it is no more necessary to provide the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved. Moreover, the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • a third semiconductor integrated circuit device comprises: a first memory for inputting and outputting data between a bus and itself; a second memory for inputting and outputting data between the bus and itself; a memory port connected between the bus and the first memory to control access from the bus to the first memory; a secret key holder for holding a secret key; a bus port for controlling access from outside to the bus; a CPU having a register, the CPU writing an encrypted program and a decryption program in the first memory via the bus port, decrypting the encrypted program by using the decryption program and the secret key, writing the decrypted program in the second memory, and executing the decrypted program; and a controller including a memory initializer for erasing data in the second memory, the controller causing, when the wiring to the first memory is completed, the bus port to disable access from the outside to the bus and causing the memory port to disable the writing to the first memory and causing, when the execution of the decrypted program is
  • the third semiconductor integrated circuit device With the third semiconductor integrated circuit device according to the present invention, it is no more necessary to provide the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved. Moreover, the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • a fourth semiconductor integrated circuit device comprises: a first memory for inputting and outputting data between a bus and itself; a second memory for inputting and outputting data between the bus and itself; a secret key holder for holding a secret key; a decryption key holder for holding a decryption key; a bus port for controlling access from outside to the bus; a CPU including a register, the CPU performing first storage for storing the encrypted decryption key and a decryption key decryption program in the first memory via the bus port, performing first decryption for decrypting the encrypted decryption key by using the decryption key decryption program and the secret key, writing the decrypted decryption key in the decryption key holder, performing second storage for storing an encrypted program and a decryption program in the first memory, performing decryption for decrypting the encrypted program by using the decryption program and the decrypted decryption
  • the fourth semiconductor integrated circuit device With the fourth semiconductor integrated circuit device according to the present invention, it is no more necessary to provide the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved. Moreover, the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked. In addition, the encryption program and the encryption strength can be selected at the encrypted program transferor.
  • a first program delivery method is a program delivery method for delivering a program between a first device and a second device, the method comprising the steps of: transferring a public key from the second device to the first device; transferring a decryption program to the second device from the outside thereof, encrypting the program by using the public key in the first device and transferring the encrypted program to the second device; and decrypting the encrypted program by using a secret key corresponding to the public key and the decryption program in the second device.
  • the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved.
  • the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • a second program delivery method is a program delivery method for delivering a program between a first device and a second device, the method comprising the steps of: transferring a public key from the second device to the first device; encrypting a decryption key by using the public key in the first device and transferring the encrypted decryption key to the second device; decrypting the encrypted decryption key by using a secret key corresponding to the public key in the second device; encrypting the program by using an encryption key corresponding to the decryption key in the first device and transferring the encrypted program to the second device; and decrypting the encrypted program by using the decrypted decryption key in the second device.
  • the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved.
  • the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • the encryption program and the encryption strength can be selected at the encrypted program transferor.
  • a first program delivery system is a program delivery system for delivering a program, the system comprising: a first device and a second device, the first device encrypting the program by using a public key and transferring the encrypted program to the second device and the second device decrypting the program encrypted by the first device by using a secret key corresponding to the public key and a decryption program transferred from the outside of the second device.
  • the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved.
  • the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • a second program delivery system is a program delivery system for delivering a program, the system comprising: a first device and a second device, the first device encrypting a decryption key by using a public key, transferring the encrypted decryption key to the second device, encrypting the program by using an encryption key corresponding to the decryption key, and transferring the encrypted program to the second device, the second device decrypting the decryption key encrypted by the first device by using a secret key corresponding to the public key and decrypting the program encrypted by the first device by using the decrypted decryption key.
  • the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved.
  • the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • the encryption program and the encryption strength can be selected at the encrypted program transferor.
  • FIG. 1 is a block diagram for illustrating a structure of a semiconductor integrated circuit device in a first embodiment of the present invention
  • FIG. 2 is a flow chart showing the procedure of decrypting an encrypted program
  • FIG. 3 is a block diagram for illustrating a structure of a semiconductor integrated circuit device in a second embodiment of the present invention
  • FIG. 4 is a flow chart showing the procedure of decrypting an encrypted program
  • FIG. 5 is a block diagram for illustrating a structure of a semiconductor integrated circuit device in a third embodiment of the present invention.
  • FIG. 6 is a flow chart showing the procedure of decrypting an encrypted program
  • FIG. 7 is a block diagram for illustrating a structure of a semiconductor integrated circuit device in a fourth embodiment of the present invention.
  • FIG. 8 is a flow chart showing the procedure of decrypting an encrypted decryption key
  • FIG. 9 is a view showing correlations among the respective states of flags, a bus port, and chip select signals
  • FIG. 10 is a flow chart showing the procedure of -decrypting an encrypted program
  • FIG. 11 is a view showing the transfer of a public key from a program user to a program developer
  • FIG. 12 is a view showing the encryption of a decryption key
  • FIG. 13 is a view showing the transfer of an encrypted decryption key from the program developer to the program user;
  • FIG. 14 is a view showing the decryption of an encrypted decryption key
  • FIG. 15 is a view showing the encryption of a program
  • FIG. 16 is a view showing the transfer of an encrypted program from the program developer to the program user
  • FIG. 17 is a view showing the decryption of an encrypted program.
  • FIG. 18 is a block diagram showing a structure of a conventional semiconductor integrated circuit device.
  • FIG. 1 is a block diagram for illustrating a structure of a semiconductor integrated circuit device 101 in a first embodiment of the present invention.
  • an encrypted program is transferred from a PC 128 a (corresponding to a first device) which is a device at a program developer to a program user via a PC 126 .
  • the encrypted program is decrypted by using a secret key and a decryption program.
  • the PC 128 a is a device at the program developer and keeps a program D 128 a and an encryption program 128 b for encrypting a program.
  • the information equipment 140 is equipment at the program user and has: the semiconductor integrated circuit device 101 ; a flash memory 123 a for keeping a decryption program D 123 a; a USB upstream port 124 ; and peripheral equipment 150 .
  • An outer bus 102 provides connection among the semiconductor integrated circuit 101 , the flash memory 123 a, and the USB upstream port 124 .
  • the semiconductor integrated circuit device has: a CPU 103 a; internal RAMs 104 (corresponding to a first memory) and 105 (corresponding to a second memory); a public key storing register 106 ; a bus port 110 a; a security controller 111 a; and an I/O port 122 .
  • the internal bus 109 is connected in the manner as shown in the drawing.
  • the CPU 103 a has a general-purpose register controller 119 a and general-purpose registers 120 a.
  • the security controller 111 a has a flag storing portion 113 a for storing a program decryption execute flag 112 F (corresponding to a second flag) and a RAM copy flag 113 F (corresponding to a first flag), a chip select dispatcher 114 a, and a DMA controller 118 a.
  • the external bus 102 is used to transfer a public key stored in the public key storing register 106 to the personal computer 128 a and transfer a program encrypted by using the public key and the encryption program D 128 b to the semiconductor integrated circuit device 101 .
  • the CPU 103 a operates in accordance with a program stored in the internal RAMs 104 and 105 or in the flash memory 123 a.
  • the CPU 103 a not only operates a normal program but also decrypts an encrypted program and executes the decrypted program.
  • the CPU 103 a also transfers the encrypted-program inputted from the outside and the decryption program D 123 a to the internal RAM 104 .
  • the internal RAM 104 is a memory used during a normal operation, i.e., when either of the decryption program D 123 a and the decrypted program is not executed. A description will be given to the case where a program encrypted by using the public key and the encryption program D 128 b is decrypted and executed.
  • the encrypted program and the decryption program D 123 a in the flash memory 123 a are transferred by the CPU 103 a to the internal RAM 104 in the state in which the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 a.
  • the bus port 110 a disconnects the external bus 102 and the internal bus 109 from each other, the encrypted program and the decryption program D 123 a are transferred by the DMA controller 118 a from the internal RAM 104 to the internal RAM 105 . Thereafter, the security controller 111 a disables access from the internal bus 109 to the internal RAM 104 until the execution of the decrypted program is completed.
  • the internal RAM 105 is used during the execution of the decryption program D 123 a and during the execution of the decrypted program. A description will be given to the case where the encrypted program is decrypted and executed.
  • the bus port 110 a disconnects the external bus 102 and the internal bus 109 from each other
  • the encrypted program and the decryption program D 123 a are transferred by the DMA controller 118 a from the internal RAM 104 to the internal RAM 105 .
  • the security controller 111 a disables access from the internal bus 109 to the internal RAM 105 . Accordingly, the decrypted program temporarily stored in the internal RAM 105 and data during the execution of a decryption process are not monitored from the outside.
  • the public key storing register 106 is a register storing therein a public key, which is used only for reading.
  • the public key is transferred to the personal computer 128 a disposed outside the semiconductor integrated circuit device 101 and used when the program D 128 a is encrypted in accordance with the encryption program D 128 b.
  • the secret key storing register 107 is a register storing therein a secret key, which is used only for reading.
  • the secret key is used when the encrypted program is decrypted in accordance with the decryption program D 123 a.
  • the secret key access port 108 a enables the CPU 103 a to read the secrete key from the secret key storing register 107 only while the RAM copy flag 113 F is reset. Specifically, the secret key access port 108 a enables the CPU 103 a to read the secret key from the secret key storing register 107 only while the program is decrypted, the decrypted program is executed after the decryption program D 123 a is initiated, the transfer of the encrypted program and the decryption program D 123 a from the internal RAM 104 to the internal RAM 105 is completed, and the RAM copy flag 113 F is reset. At any time other than the above, the secret key access port 108 a disables the reading of the secret key.
  • the internal bus 109 is used to transfer a program and data within the semiconductor integrated circuit device 101 .
  • the bus port 110 a disconnects the internal bus 109 and the external bus 102 from each other if at least one of the program decryption execute flag 112 F and the RAM copy flag 113 F is set. Accordingly, the internal bus 109 and the internal RAM 105 are not monitored from the outside during the transfer of the encrypted program and the decryption program D 123 a and during the execution of the decryption program D 123 a and the decrypted program. In any case other than the above, the internal bus 109 and the external bus 102 are connected to each other.
  • the security controller 111 a is internally provided with the flag storing portion 113 a for keeping the program decryption execute flag 112 F and the RAM copy flag 113 F, with the chip select dispatcher 114 a, and with the DMA controller 118 .
  • the security controller 111 a controls the bus port 110 a, the secret key access port 108 a, chip select signals 116 S and 117 S, and the general-purpose register controller 119 a in decrypting the program encrypted by using the encryption program D 128 b and the public key stored in the public key storing register 106 and executing the decrypted program.
  • the chip select dispatcher 114 a When the transfer is completed, the chip select dispatcher 114 a negates the chip select signal 116 S and then shifts to the control of the CPU 103 a.
  • a completion notice is given to the chip select dispatcher 114 a.
  • the chip select dispatcher 114 a Upon receipt of the notice, the chip select dispatcher 114 a generates the chip select signal 117 S, causes the general-purpose register controller 119 a to initialize the general-purpose registers 120 a, and outputs the chip select signal 115 S from the CPU 103 a as the chip select signal 116 S. Thereafter, the bus port 110 a connects the internal bus 109 and the external bus 102 to each other.
  • the program decryption execute flag 112 F is set by the CPU 103 a at the initiation of the decryption program D 123 a and reset by the CPU 103 a at the completion of the execution of the decrypted program.
  • the decryption program D 123 a is initiated, the transfer of the encrypted program and the decryption program D 123 a from the internal RAM 104 to the internal RAM 105 is completed, and the RAM copy flag 113 F is reset.
  • the encrypted program is decrypted and the decrypted program is executed thereafter, access to the internal RAM 104 is disabled, while access to the internal RAM 105 and to the secret key storing register 107 is enabled.
  • the program decryption execute flag 112 F is reset, access to the internal RAM 105 and to the secret key storing register 107 is disabled.
  • the RAM copy flag 113 F is set by the CPU 103 a at the initiation of the decryption program D 123 a and reset at the completion of data transfer from the internal RAM 104 to the internal RAM 105 . Since the internal RAMs 104 and 105 are at the same location on a memory map, the respective chip select signals to the internal RAMs 104 and 105 are not normally asserted simultaneously. However, each of the chip select signals 116 S and 117 S from the chip select dispatcher 114 a to the internal RAMs 104 and 105 is asserted by setting the RAM copy flag 113 F when the encrypted program or the like is to be transferred from the internal RAM 104 to the internal RAM 105 .
  • the chip select dispatcher (hereinafter referred to as “CS dispatcher”) 114 a asserts each of the chip select signals 116 S and 117 S when the RAM copy flag 113 F is set, thereby enabling the DMA controller 118 a to transfer the encrypted program and the decryption program D 123 a from the internal RAM 104 to the internal RAM 105 .
  • the CS dispatcher 114 a negates the chip select signal 116 S and transfers the chip select signal 115 S as the chip select signal 117 S. This enables access to the internal RAM 105 during the decryption of the encrypted program and during the execution of the decrypted program.
  • the CS dispatcher 114 a transfers the chip select signal 115 S as the chip select signal 116 S and negates the chip select signal 117 S, thereby disabling access to the internal RAM 105 during a normal operation, i.e., when either of the decryption program D 123 a and the decrypted program is not executed.
  • the chip select signal 115 S is outputted from the CPU 103 a and asserted when the internal RAM 104 or the internal RAM 105 is to be accessed.
  • the chip select signals 116 S and 117 S are outputted from the CS dispatcher 114 a.
  • the chip select signal 116 S is asserted when the internal RAM 104 is to be accessed.
  • the chip select signal 117 S is asserted when the internal RAM 105 is to be accessed.
  • the DMA controller 118 a transfers the encrypted program and the decryption program D 123 a from the internal RAM 104 to the internal RAM 105 .
  • the RAM copy flag 113 is reset.
  • the general-purpose register controller 119 a resets the general-purpose registers 120 a when the program decryption execute flag 112 F is reset. During the decryption of the encrypted program, therefore, data generated in the general-purpose registers 120 a during the execution of the decrypted program is not monitored from the outside.
  • the I/O port 122 is connected to the CPU 103 a via the I/O bus 121 .
  • the I/O port 122 is also connected to an external circuit such as a sound module 151 or a video module 152 in the peripheral equipment 150 .
  • the flash memory 123 a keeps the decryption program D 123 a.
  • the decryption program D 123 a is transferred to the internal RAM 105 via the internal RAM 104 within the semiconductor integrated circuit device 101 and used in conjunction with the secret key stored in the secret key storing register 107 when the encrypted program is decrypted.
  • the USB upstream port 124 is connected to the personal computer 126 via a USB cable 125 and used to transfer the encrypted program to the semiconductor integrated circuit device 101 .
  • the USB cable 125 - is used to transfer the encrypted program from the personal computer 126 to the USB upstream port 124 .
  • the personal computer 126 receives the encrypted program from the personal computer 128 a and transfers the encrypted program to the information equipment 140 on which the semiconductor integrated circuit device 101 is mounted.
  • a network line 127 is used to transfer the encrypted program from the personal computer 128 to the personal computer 126 .
  • the personal computer 128 receives the public key stored in the public key storing register 106 from the personal computer 126 via the network line 127 , encrypts the program D 128 a by using the encryption program D 128 b and the public key, and transfers the encrypted program to the personal computer 126 via the network line 127 .
  • the program 128 a is encrypted by using the encryption program D 128 b and the public key stored in the public key storing register 106 and then transferred to the semiconductor integrated circuit device 101 via the network line 127 , the personal computer 126 , the USB cable 125 , the USB upstream port 124 , and the external bus 102 .
  • the encrypted program 128 a is decrypted in the semiconductor integrated circuit device 101 by using the decryption program D 123 a and the secret key stored in the secret key storing register 107 .
  • a reference numeral D 128 b denotes an encryption program for encrypting the program D 128 a by using the public key stored in the public key storing register 106 .
  • the information equipment 140 has: the semiconductor integrated circuit device 101 ; the peripheral equipment 150 ; the flash memory 123 a; and the USB upstream port 124 .
  • the peripheral equipment 150 has: the sound module 151 ; and the video module 152 and is connected to the I/O port 122 in the semiconductor integrated circuit device 101 .
  • the sound module 151 is connected to the I/O port 122 of the semiconductor integrated circuit device 101 to perform reproduction, recording, and the like of a sound through the transmission and reception of transferred data and the reception of a control signal.
  • the video module 152 is connected to the I/O port 122 of the semiconductor integrated circuit device 101 to perform reproduction of a dynamic picture image through the transmission and reception of transferred data and the reception of a control signal.
  • FIG. 2 is a flow chart showing the procedure of decrypting the encrypted program in the first embodiment.
  • Step ST 201 the CPU 103 a transfers the decryption program D 123 a and the encrypted program to the internal RAM 104 .
  • Step ST 202 the CPU 103 a sets the program decryption execute flag 112 F and the RAM copy flag 113 F.
  • the bus port 110 a disconnects the internal bus 109 and the external bus 102 from each other.
  • Step ST 203 the DMA controller 118 a transfers the decryption program D 123 a and the encrypted program in the internal RAM 104 to the internal RAM 105 .
  • Step ST 204 the CPU 103 a resets the RAM copy flag 113 F. From the resetting of the RAM copy flag 113 F on till the completion of Step ST 206 , which will be described later, the CS dispatcher 114 a does not assert the chip select signal 116 S.
  • Step ST 205 the CPU 103 a executes the decryption program D 123 a, decrypts the encrypted program by using the secret key stored in the secret key storing register 107 to generate the program D 128 a, and writes the generated program D 128 a in the internal RAM 105 .
  • Step ST 206 the CPU 103 a executes the program D 128 a.
  • Step ST 207 the CPU 103 a resets the program decryption execute flag 112 F.
  • the general-purpose register controller 119 a resets the general-purpose registers 120 a.
  • the bus port 110 a connects the internal bus 109 and the external bus 102 to each other, while the CS dispatcher 114 a outputs the chip select signal 116 S as the chip select signal 115 S and negates the chip select signal 117 S.
  • the chip select signal 116 S is not asserted while the decryption program D 123 a is executed and the program D 128 a is generated, the data and program D 128 a under decryption are not stored in the internal RAM 104 . Since the chip select signal 117 S is negated while the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 a, the data and program D 128 a under decryption is prevented from being monitored from the outside.
  • the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved.
  • the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • FIG. 3 is a block diagram showing a structure of a semiconductor integrated circuit device 301 according to a second embodiment of the present invention.
  • a semiconductor integrated circuit 301 shown in FIG. 3 is different from the semiconductor integrated circuit device 101 shown in FIG. 1 in that it further comprises a memory port 302 (corresponding to a first memory port) and a memory port 303 (corresponding to a second memory port).
  • the semiconductor integrated circuit device 301 is also different from the semiconductor integrated circuit device 101 in that a security controller 111 b has only a flag storing portion 113 b for storing the program decryption execute flag 112 F.
  • the other components they operate similarly to the components shown in FIG. 1 so that the description thereof will not be repeated.
  • the memory port 302 halts writing to the internal RAM 104 under the control of the security controller when the program decryption execute flag 112 F is set. In other words, data cannot be written in the internal RAM 104 during the decryption of the program and during the execution of the decrypted program.
  • the memory port 303 halts access to the internal RAM 105 under the control of the security controller 111 b when the program decryption execute flag 112 F is reset.
  • the internal RAM 105 cannot be accessed during the internal bus 109 and the external bus 102 are connected to each other by a bus port 110 b. Accordingly, the decrypted program and data during the execution of a decryption process, which are written in the internal RAM 105 , are not monitored from the outside.
  • FIG. 4 is a flow chart showing the procedure of decrypting the encrypted program in the second embodiment.
  • Step ST 201 a CPU 103 b transfers the decryption program D 123 a and the encrypted program to the internal RAM 104 .
  • the whole process then advances to ST 402 where the CPU 103 b sets the program decryption execute flag 112 F.
  • the bus port 110 b disconnects the internal bus 109 and the external bus 102 from each other.
  • the memory port 302 halts writing to the internal RAM 104 , while the memory port 303 enables access to the internal RAM 105 .
  • Step ST 205 the CPU 103 b executes the decryption program D 123 a, thereby decrypts the encrypted program by using the secret key stored in the secrete key storing register 107 to generate the program D 128 a, and writes the generated program D 128 a in the internal RAM 105 .
  • Step ST 206 the CPU 103 b executes the program D 128 a.
  • Step ST 207 the program decryption execute flag 112 F is reset.
  • the general-purpose register controller 119 b resets the general-purpose registers 120 b under the control of the security controller 111 b.
  • the bus port 110 b connects the internal bus 109 and the external bus 102 to each other, while the memory port 302 enables writing to the internal RAM 104 and the memory port 303 halts access to the internal RAM 105 .
  • the memory port 302 executes the decryption program D 123 a and halts writing to the internal RAM 104 while the program D 128 a is generated so that the data and program D 128 a under decryption are not stored in the internal RAM 104 .
  • the memory port 303 halts access to the internal RAM 105 while the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 b so that the data and program D 128 a under decryption are not outputted to the outside.
  • the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved.
  • the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • FIG. 5 is a block diagram showing a structure of a semiconductor integrated circuit device 501 according to a third embodiment of the present invention.
  • a semiconductor integrated circuit device 501 shown in FIG. 5 is different from the semiconductor integrated circuit device 101 shown in FIG. 1 in that it further comprises a memory port 402 .
  • the semiconductor integrated circuit device 501 is also different from the semiconductor integrated circuit device 101 shown in FIG. 1 in that a security controller 111 c has a flag storing portion 113 c for storing the program decryption execute flag 112 F and a RAM initializer 502 (corresponding to a memory initializer).
  • a security controller 111 c has a flag storing portion 113 c for storing the program decryption execute flag 112 F and a RAM initializer 502 (corresponding to a memory initializer).
  • the RAM initializer 502 Immediately before the program decryption execute flag 112 F is reset, the RAM initializer 502 writes “1” in each of the regions of the internal RAM 105 to erase data, thereby preventing the decrypted program and the data under decryption, which are written in the internal RAM 105 , from being monitored from the outside.
  • FIG. 6 is a flow chart showing the procedure of decrypting the encrypted program in the third embodiment.
  • Step ST 201 a CPU 103 c transfers the decryption program D 123 a and the encrypted program to the internal RAM 104 .
  • Step ST 205 the CPU 103 c executes the decryption program D 123 a, thereby decrypts the encrypted program by using the secret key stored in the secrete key storing register 107 to generate the program D 128 a, and writes the generated program D 128 a in the internal RAM 105 .
  • Step ST 206 the CPU 103 c executes the program D 128 a.
  • Step ST 607 the RAM initializer 502 writes “1” in each of the regions of the internal RAM 105 to erase data.
  • Step ST 207 the program decryption execute flag 112 F is reset.
  • the general-purpose register controller 119 c resets the general-purpose registers 120 c under the control of the security controller 111 b.
  • the bus port 110 c connects the internal bus 109 and the external bus 102 to each other, while the memory port 402 enables writing to the internal RAM 104 under the control of the security controller 111 c.
  • the memory port 402 executes the decryption program D 123 a and halts writing to the internal RAM 104 while the program D 128 a is generated so that the data and program D 128 a under decryption are not stored in the internal RAM 104 .
  • the RAM initializer 502 has completely erased data in the internal RAM 105 immediately before the bus port 110 c brings the external bus 102 and the internal bus 109 in the disconnected state into the connected state so that the data and program D 128 a under decryption are not outputted to the outside.
  • the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved.
  • the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • FIG. 7 is a block diagram showing a structure of a semiconductor integrated circuit device 701 according to a fourth embodiment of the present invention.
  • a semiconductor integrated circuit device 701 shown in FIG. 7 is different from the semiconductor integrated circuit device 101 shown in FIG. 1 in that it further comprises a decryption key access port 703 and a decryption key storing register 702 .
  • a PC 128 d is different from the PC 128 a shown in FIG. 1 in that it keeps a decryption key encryption program D 728 c, an encryption key D 728 d, and a decryption key D 728 e in addition to the program D 728 a and the encryption program D 728 b.
  • a flag storing portion 113 d is different from the flag storing portion 113 a shown in FIG.
  • a flash memory 123 d is different from the flash memory 123 a in that it keeps a decryption key decryption program D 723 b in addition to the decryption program 723 a.
  • the other components operate similarly to the components shown in FIG. 1 so that a description will be given with particular emphasis on different portions between FIGS. 7 and 1 .
  • a CPU 103 d operates in accordance with a program stored in the internal RAM 104 or 105 or in the flash memory 123 d. Besides operating a normal program, the CPU 103 d executes the decryption of the encrypted decryption key and the decryption of the encrypted program as well as the decrypted program. The CPU 103 d also transfers the encrypted decryption key inputted from the outside, the encrypted program, the decryption key encryption program D 723 b, and the decryption program D 723 a to the internal RAM 104 .
  • the internal RAM 104 is a memory used during a normal operation, i.e., when none of the decryption program D 723 a, the decryption key decryption program D 723 b, and the decrypted program is executed.
  • a description will be given to the case where the encrypted decryption key is decrypted and stored in the decryption key storing register 702 .
  • the CPU 103 d transfers the encrypted decryption key and the decryption key decryption program D 723 b in the flash memory 123 d to the internal RAM 104 via the external bus 102 and the internal bus 109 .
  • a DMA controller 118 d transfers the encrypted decryption key and the decryption key decryption program D 723 b from the internal RAM 104 to the internal RAM 105 .
  • a security controller 111 d disables access from the internal bus 109 to the internal RAM 104 until the decryption key decryption program D 723 b is completed.
  • the CPU 103 d transfers the encrypted program and the decryption program D 723 a to the internal RAM 104 in the state in which the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 d.
  • the bus port 110 d then disconnects the external bus 102 and the internal bus 109 from each other, the DMA controller 118 d transfers the encrypted program and the decryption program D 723 a from the internal RAM 104 to the internal RAM 105 .
  • the security controller 111 d disables access from the internal bus 109 to the internal RAM 104 until the execution of the decrypted program is completed.
  • the internal RAM 105 is used during the execution of the decryption key decryption program D 723 b, the decryption program D 723 a, and the decrypted program D 728 b.
  • a description will be given to the case where the encrypted decryption key is decrypted and stored in the decryption key storing register 702 .
  • the DMA controller 118 d transfers the encrypted decryption key and the decryption key decryption program D 723 b from the internal RAM 104 to the internal RAM 105 .
  • the CPU 103 d decrypts the encrypted decryption key by using the internal RAM 105 .
  • a description will be given to the case where the encrypted program is decrypted and executed.
  • the bus port 110 d disconnects the external bus 102 and the internal bus 109 from each other, the encrypted program and the decryption program D 723 a are transferred from the internal RAM 104 to the internal RAM 105 .
  • the CPU 103 d decrypts the encrypted program and executes the decrypted program by using the internal RAM 105 .
  • the public key storing register 106 is a register storing a public key, which is used only for reading.
  • the public key is transferred to the personal computer 128 e disposed outside the semiconductor integrated circuit device 701 and used in conjunction with the decryption key encryption program D 728 c to encrypt the decryption key D 728 e.
  • the encrypted decryption key is decrypted by using the decryption key decryption program D 723 b and the secret key stored in the secret key storing register 107 .
  • the secret key storing register 107 is a register storing a secret key, which is used only for reading.
  • the secret key is used when the encrypted decryption key is decrypted by using the secret key.
  • the decryption key storing register 702 is a register for storing the decryption key D 728 e such that it is written therein and read therefrom.
  • the decryption key D 728 e is used in conjunction with the decryption key decryption program D 723 b to decrypt the encrypted program.
  • the secret key access port 108 d enables the CPU 103 d to read the secret key from the secret key storing register 107 only while the decryption key decryption flag 704 F is set and the RAM copy flag 113 F is reset.
  • the CPU 103 d enables the reading of the secret key from the secret key storing register 107 only while the decryption key decryption program D 723 b is initiated, the transfer of the encrypted decryption key and the decryption key decryption program D 723 b from the internal RAM 104 to the internal RAM 105 is completed, the RAM copy flag 113 F is reset, and the encrypted decryption key is decrypted thereafter.
  • the reading of the secret key is disabled.
  • the decryption key access port 703 enables the writing of the decryption key D 728 e while the decryption key decryption flag 704 F is set and the RAM copy flag 113 is reset.
  • the decryption key access port 703 enables the reading of the decryption key D 728 e while the program decryption execute flag 112 F is set and the RAM copy flag 113 F is reset. At any time other than the above, the writing and reading of the decryption key D 728 e are both disabled.
  • the writing of the decryption key D 728 e is enabled while the decryption key decryption program D 723 b is initiated, the transfer of the encrypted decryption key and the decryption key decryption program D 723 b from the internal RAM 104 to the internal RAM 105 is completed, the RAM copy flag 113 F is reset, and the encrypted decryption key is decrypted thereafter.
  • the reading of the decryption key D 728 e is enabled while the decryption program D 723 a is initiated, the transfer of the encrypted program and the decryption program D 723 a from the internal RAM 104 to the internal RAM 105 is completed, the RAM copy flag 113 F is reset, and the encrypted program is decrypted thereafter.
  • the bus port 110 d disconnects the internal bus 109 and the external bus 102 from each other when at least one of the decryption key decryption flag 704 F, the program decryption execute flag 112 F, and the RAM copy flag 113 F is set.
  • the internal bus 109 and the internal bus RAM 105 are not monitored from the outside. In any case other than the above, the internal bus 109 and the external bus 102 are connected to each other.
  • the security controller 111 d is internally provided with a flag storing portion for keeping the decryption key decryption flag 704 F, with the program decryption execute flag 112 F, and with the RAM copy flag 113 F, a CS dispatcher 114 d, and the DMA controller 118 d.
  • the decryption key decryption flag 704 F is set by the CPU 103 when the decryption key decryption program D 723 b is initiated and reset by the CPU 103 when the decryption of the decryption key is completed.
  • the decryption key decryption program D 723 b is initiated, the transfer of the encrypted decryption key and the decryption key decryption program D 723 b from the internal RAM 104 to the internal RAM 105 is completed, and the RAM copy flag 113 F is reset.
  • access to the internal RAM 104 is disabled during the decryption of the encrypted decryption key, while access to the internal RAM 105 , to the secret key storing register 107 , and to the decryption key storing register 702 is enabled.
  • the decryption key decryption flag 704 F is reset, access to the internal RAM 105 , to the secret key storing register 107 , and to the decryption key storing register 702 is disabled.
  • the program decryption execute flag 112 F is set by the CPU 103 d at the initiation of the decryption program D 723 a and reset by the CPU 103 d at the completion of the execution of the decrypted program.
  • the decryption program D 723 a is initiated, the transfer of the encrypted program and the decryption program D 723 a from the internal RAM 104 to the internal RAM 105 is completed, and the RAM copy flag 113 F is reset.
  • the encrypted program is decrypted and the decrypted program is executed thereafter, access to the internal RAM 104 is disabled and access to the internal RAM 105 and to the decryption key storing register 702 is enabled.
  • the program decryption execute flag 112 F is reset, access to the internal RAM 105 , to the secret key storing register 107 , and to the decryption key storing register 702 is disabled.
  • the RAM copy flag 113 F is set by the CPU 103 d at the initiation of the decryption key decryption program D 723 b or the decryption program D 723 a and reset by the CPU 103 d at the completion of data transfer from the internal RAM 104 to the internal RAM 105 :
  • the CS dispatcher 114 d asserts each of the chip select signals 116 S and 117 S when the RAM copy flag 113 F is set, thereby enabling the DMA controller 118 d to transfer the encrypted decryption key, the decryption key decryption program D 723 b, the encrypted program, and the decryption program D 723 a from the internal RAM 104 to the internal RAM 105 .
  • the CS dispatcher 114 d negates the chip select signal 116 S and transfers the chip select signal 115 S as the chip select signal 117 S.
  • the CS dispatcher 114 d transfers the chip select signal 115 S as the chip select signal 116 S and negates the chip select signal 117 S, thereby disabling access to the internal RAM 105 during a normal operation, i.e., when none of the decryption key decryption program D 723 b, the decryption program D 723 a, and the decrypted program D 728 a is executed.
  • the DMA controller 118 d transfers the encrypted decryption key, the decryption key decryption program D 723 b, the encrypted program, and the decryption program D 723 a from the internal RAM 104 to the internal RAM 105 .
  • the DMA controller 118 d resets the RAM copy flag 113 F.
  • the general-purpose register controller 119 d resets the general-purpose registers 120 d when the decryption key decryption flag 704 F or the program decryption execute flag 112 F is reset. During the decryption of the encrypted program, therefore, data generated in the general-purpose registers 120 d during the execution of the decrypted program is not monitored from the outside.
  • the decryption key decryption program D 723 b is kept in the flash memory 123 d.
  • the decryption key decryption program D 723 b is transferred to the internal RAM 105 via the internal RAM 104 in the semiconductor integrated circuit device 701 to decrypt the encrypted decryption key in conjunction with the secret key stored in the secret key storing register 107 .
  • the decryption program D 723 a is kept in the flash memory 123 d.
  • the decryption program D 723 a is transferred to the internal RAM 105 via the internal RAM 104 in the semiconductor integrated circuit device 701 to decrypt the encrypted program in conjunction with the decryption key stored in the decryption key storing register 702 .
  • the program D 728 a is encrypted by using the encryption program D 728 b and the encryption key D 728 d and transferred to the semiconductor integrated circuit device 701 via the network 127 , the personal computer 126 , the USB cable 125 , the USB upstream port 124 , and the external bus 102 .
  • the program D 728 a is decrypted by using the decryption program D 723 a and the decryption key D 728 e stored in the decryption key storing register 107 .
  • the encryption program D 728 b is for encrypting the program D 728 a by using the encryption key D 728 d.
  • the decryption key encryption program D 728 c is for encrypting the decryption key D 728 e in conjunction with the public key stored in the public key storing register 106 .
  • the encryption key D 728 d is for encrypting the program D 728 a in conjunction with the encryption program D 728 b.
  • the decryption key D 728 e is for decrypting the encrypted program by using the encryption key D 728 d in conjunction with the decryption program D 723 a.
  • Information equipment 740 has the semiconductor integrated circuit device 701 , the peripheral equipment 150 , the flash memory 123 d, and the USB upstream port 124 .
  • FIG. 8 is a flow chart showing the procedure of decrypting the encrypted decryption key in the fourth embodiment.
  • Step ST 801 the CPU 103 d transfers the decryption key decryption program D 723 b and the encrypted decryption key to the internal RAM 104 .
  • Step ST 802 the CPU 103 d sets the decryption key decryption flag 704 F and the RAM copy flag 113 F.
  • the bus port 110 d disconnects the internal bus 109 and the external bus 102 from each other.
  • Step ST 803 the DMA controller 118 d transfers the decryption key decryption program D 723 b and the encrypted decryption key in the internal RAM 104 to the internal RAM 105 .
  • Step ST 804 the CPU 103 d resets the RAM copy flag 113 F. From the resetting of the RAM copy flag 113 F on till the completion of Step ST 805 , which will be described later, the CS dispatcher 114 d does not assert the chip select signal 116 S.
  • Step ST 805 the CPU 103 d executes the decryption key decryption program D 723 b by using the secret key stored in the secret key storing register 107 to decrypt the encrypted decryption key, thereby generates the decryption key D 728 e, and stores it in the decryption key storing register 702 .
  • Step ST 806 the decryption key decryption flag 704 F is reset.
  • the general-purpose register controller 119 d resets the general-purpose registers 120 d.
  • the bus port 110 d connects the internal bus 109 and the external bus 102 to each other.
  • the CS dispatcher 114 d transfers the chip select signal 115 S as the chip select signal 116 S and negates the chip select signal 117 S.
  • FIG. 9 shows the respective states of the decryption key decryption flag 704 F, the program decryption execute flag 112 F, the bus port 110 d corresponding to the state of the RAM copy flag 113 F, the secret key access port 108 d, the decryption key access port 703 , and the chip select signals 116 S and 117 S.
  • “Open” represents the case where the bus port 110 d, the secret key access port 108 d, and the decryption key access port 703 enable data transfer and “Close” represents the case where data transfer is not enabled, while CS 115 represents the case where the chip select signal 115 S is transferred as the chip select signals 116 S and 117 S.
  • the secret key storing register 107 and the decryption key decryption register 702 cannot be accessed.
  • the chip select signal 116 S is not asserted when the decryption key decryption program D 723 b is executed and the decryption key D 728 e is generated. Accordingly, data under decryption, the secret key, and the decryption key D 728 e are not stored in the internal RAM 104 .
  • the chip select signal 117 S is negated when the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 d, data under decryption, the secret key, and the decryption key D 728 e are not outputted to the outside.
  • FIG. 10 is a flow chart showing the procedure of decrypting the encrypted program in the fourth embodiment.
  • Step ST 1001 the CPU 103 d transfers the decryption program D 723 a and the encrypted program to the internal RAM 104 .
  • Step ST 1002 the CPU 103 d sets the program decryption execute flag 112 F and the RAM copy flag 113 F.
  • the bus port 110 d disconnects the internal bus 109 and the external bus 102 from each other.
  • Step ST 1003 the DMA controller 118 d transfers the decryption program D 723 a and the encrypted program in the internal RAM 104 to the internal RAM 105 .
  • Step ST 1004 the CPU 103 d resets the RAM copy flag 113 F. From the resetting of the RAM copy flag 113 F on till the completion of Step ST 1006 , which will be described later, the CS dispatcher 114 d does not assert the chip select signal 116 S.
  • Step ST 1005 the CPU 103 d executes the decryption program D 723 a by using the decryption key D 728 e, thereby decrypts the encrypted program, and generates the program D 728 a.
  • the generated program D 728 a is written in the internal RAM 105 .
  • Step ST 1006 the CPU 103 d executes the program D 728 a.
  • Step ST 1007 the CPU 103 d resets the program decryption execute flag 112 F.
  • the general-purpose register controller 119 d resets the general-purpose registers 120 d.
  • the bus port 110 d connects the internal bus 109 and the external bus 102 to each other.
  • the CS dispatcher 114 d transfers the chip select signal 115 S as the chip select signal 116 S and negates the chip select signal 117 S.
  • the chip select signal 116 S is not asserted when the decryption program D 723 a is executed and the program D 728 a is generated. Accordingly, data under decryption, the decryption key D 728 e, and the program D 728 a are not stored in the internal RAM 104 . Since the chip select signal 117 S is negated when the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 d, data under decryption, the decryption key D 728 e, and the program D 728 a are not outputted to the outside.
  • the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved.
  • the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • the encryption program and the encryption strength can be selected at the encrypted program transferor.
  • FIGS. 11 to 17 are views for illustrating a program delivery system and a program delivery method, which will be described herein below by using the present fourth embodiment as an example.
  • FIGS. 11 to 17 show data transmission and reception between the semiconductor integrated circuit device 701 (corresponding to a second device) within information equipment used by the program user and the PC 128 d (corresponding to a first device) used by the program developer from the encryption of a program till the decryption of the encrypted program.
  • the semiconductor integrated circuit device 701 at the user transfers a public key D 106 stored in the public key storing register 106 to the PC 128 d at the developer.
  • the PC 128 d at the developer encrypts the decryption key D 728 e by using the public key D 106 and the decryption key encryption program D 728 c to generate an encrypted decryption key 1201 .
  • the PC 128 d at the developer transfers the encrypted decryption key 1201 to the semiconductor integrated circuit device 701 at the user.
  • the semiconductor integrated circuit device 701 at the user decrypts the encrypted decryption key 1201 by using the secret key D 107 stored in the secret key storing register 107 and the decryption key decryption program D 723 b and stores the decryption key D 728 e in the decryption key storing register 702 .
  • the PC 128 d at the developer encrypts the program D 728 a by using the encryption key D 728 d and the encryption program D 728 b to generate an encrypted program 1501 .
  • the PC 128 d at the developer transfers the encrypted program 1501 to the semiconductor integrated circuit device 701 at the user.
  • the semiconductor integrated circuit device 701 at the user decrypts the encrypted program 1501 by using the decryption key D 728 e and the decryption program D 723 a and executes the decrypted program D 728 a.
  • the program is encrypted by using the encryption key possessed by the program developer and the encrypted program is delivered to the user. Since the encrypted program can be decrypted by using the decryption key possessed by the program developer, it becomes possible to encrypt the program with an encryption strength desired by the program developer and deliver the encrypted program.

Abstract

When an encrypted program and a decryption program are inputted to a first memory, a semiconductor integrated circuit device causes a bus port to disable access from the outside and enables access to the first memory and to a second memory, thereby transferring the encrypted program and the decryption program from the first memory to the second memory. When the transfer is completed, the semiconductor integrated circuit device disables access to the first memory and gives, to a CPU, an instruction to decrypt the encrypted program by using a secret key held in a secret key holder and the decryption program and execute the decrypted program. After the execution of the decrypted program is completed, the semiconductor integrated circuit device disables access to the second memory.

Description

    BACKGROUND OF THE INVENTION
  • The present invention relates to a semiconductor LSI having the function of decrypting an encrypted program and executing the decrypted program which is mounted on information equipment or the like. More particularly, it relates to a processing system and method for encrypting a program and delivering the encrypted program from a device at a program owner to a device at a program user.
  • With the widespread use of information equipment capable of rewriting a program or executing a user program, a system for preventing illegal copying of software has been devised in recent years. In a method in which a program is encrypted and delivered, provision has been made to prevent the copying of a program for decrypting the encrypted program (hereinafter referred to as the “decryption program”. For example, a decryption program is disposed in the internal memory of an LSI from which it cannot be read from the outside and the decrypted program is further protected from being read from the outside (see, e.g., Japanese Laid-Open Patent Publication No. HEI 8-30558).
  • FIG. 18 is a block diagram showing a conventional semiconductor integrated circuit device for executing an encrypted program.
  • The semiconductor integrated circuit device 1 shown in FIG. 18 has: a CPU 3; internal memories 4 and 5 for inputting/outputting data via an internal bus 7; a bus port 6 for controlling the inputting/outputting of data to and from the outside via an external bus 2; an I/O port 9 connected to the CPU 3 via an I/O bus 8; a memory port 10 for controlling the internal RAM 5; and control registers 11 for controlling the memory port 10.
  • A decryption program for decrypting the encrypted program is stored in the internal ROM 4. The encrypted program is read in the internal RAM 5 and decrypted in accordance with the decryption program. The decrypted program is written in the internal RAM 5. The decrypted program written in the internal RAM 5 is protected from being read from the memory port 10 to the outside under the control of the control registers 11.
  • However, since the decryption program is kept in the LSI as described above, an internal nonvolatile memory should be provided in the LSI, which increases cost required for the LSI.
  • In addition, if a malicious program is encrypted, read in the LSI, and then executed, the decryption program may be transferred by the program to the outside and hacked. The use of the decryption program that has been hacked makes it possible to hack the encrypted program. Once the encrypted program is hacked, the LSI cannot be used any more since the decryption program cannot be changed.
  • A problem has also been encountered that an encryption program and an encryption strength cannot be selected by the encrypted program transferor.
    • SUMMARY OF THE INVENTION
  • It is therefore an object of the present invention to provide a lower-cost semiconductor integrated circuit device which allows a reduction in the probability that an encrypted program is hacked.
  • To solve the foregoing problems, a first semiconductor integrated circuit device according to the present invention comprises: a first memory for inputting and outputting data between a bus and itself, a second memory for inputting and outputting data between the bus and itself; a secret key holder for holdin a secret key; a bus port for controlling access from outside to the bus; a CPU for storing an encrypted program and a decryption program in the first memory via the bus port, decrypting the encrypted program by using the decryption program and the secret key, and executing the decrypted program; and a controller for causing, when the encrypted program and the decryption program are stored in the first memory, the bus port to disable access from the outside, enabling access to the first and second memories, and thereby transferring the encrypted program and the decryption program from the first memory to the second memory, disabling access to the first memory when the transfer is completed, and disabling access to the second memory when the decryption and the execution of the decrypted program are completed.
  • With the first semiconductor integrated circuit device according to the present invention, it is no more necessary to provide the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved. Moreover, the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • Preferably, the first semiconductor integrated circuit device according to the present invention further comprises: a secret key access port for controlling access from the CPU to the secret key holder, wherein the secret key access port enables access to the secret key holder when the transfer is completed and disables access to the secrete key holder when the execution of the decrypted program is completed.
  • In the first semiconductor integrated circuit device according to the present invention, the CPU preferably includes a register and erases data stored in the register if the execution of the decrypted program is completed.
  • In the first semiconductor integrated circuit device according to the present invention, the controller preferably controls access to the first and second memories by controlling chip select signals to the first and second memories.
  • In the first semiconductor integrated circuit device according to the present invention, the controller preferably includes a flag storing portion for storing first and second flags, enables access to the first and second memories when the first flag is set, disables access to the first memory when the first flag is reset and the second flag is set, and disables access to the second memory when each of the first and second flags is reset, the bus port preferably disables access from the outside when at least one of the first and second flags is set, and the CPU preferably sets the first and second flags when the encrypted program and the decryption program are inputted to the first memory, resets the first flag when the transfer is completed, and resets the second flag when the execution of the decrypted program is completed.
  • To solve the foregoing problems, a second semiconductor integrated circuit device according to the present invention comprises: a first memory for inputting and outputting data between a bus and itself, a second memory for inputting and outputting data between the bus and itself, a first memory port connected between the bus and the first memory to control access from the bus to the first memory; a second memory port connected between the bus and the second memory to control access from the bus to the second memory; a secret key holder for holding a secret key; a bus port for controlling access from outside to the bus; a CPU having a register, the CPU writing an encrypted program and a decryption program in the first memory via the bus port, decrypting the encrypted program by using the decryption program and the secret key, writing the decrypted program in the second memory, and executing the decrypted program; and a controller for causing, when the writing to the first memory is completed, the bus port to disable access from the outside to the bus, causing the first memory port to disable the writing to the first memory, and causing the second memory port to enable access to the second memory and causing, when the execution of the decrypted program is completed, the CPU to erase data stored in the register and disable access to the secrete key holder, while causing the second memory port to disable access to the second memory.
  • With the second semiconductor integrated circuit device according to the present invention, it is no more necessary to provide the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved. Moreover, the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • To solve the foregoing problems, a third semiconductor integrated circuit device according to the present invention comprises: a first memory for inputting and outputting data between a bus and itself; a second memory for inputting and outputting data between the bus and itself; a memory port connected between the bus and the first memory to control access from the bus to the first memory; a secret key holder for holding a secret key; a bus port for controlling access from outside to the bus; a CPU having a register, the CPU writing an encrypted program and a decryption program in the first memory via the bus port, decrypting the encrypted program by using the decryption program and the secret key, writing the decrypted program in the second memory, and executing the decrypted program; and a controller including a memory initializer for erasing data in the second memory, the controller causing, when the wiring to the first memory is completed, the bus port to disable access from the outside to the bus and causing the memory port to disable the writing to the first memory and causing, when the execution of the decrypted program is completed, the CPU to erase data stored in the register and disable access to the secret key holder and causing the memory initializer to erase the data in the second memory.
  • With the third semiconductor integrated circuit device according to the present invention, it is no more necessary to provide the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved. Moreover, the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • To solve the foregoing problems, a fourth semiconductor integrated circuit device according to the present invention comprises: a first memory for inputting and outputting data between a bus and itself; a second memory for inputting and outputting data between the bus and itself; a secret key holder for holding a secret key; a decryption key holder for holding a decryption key; a bus port for controlling access from outside to the bus; a CPU including a register, the CPU performing first storage for storing the encrypted decryption key and a decryption key decryption program in the first memory via the bus port, performing first decryption for decrypting the encrypted decryption key by using the decryption key decryption program and the secret key, writing the decrypted decryption key in the decryption key holder, performing second storage for storing an encrypted program and a decryption program in the first memory, performing decryption for decrypting the encrypted program by using the decryption program and the decrypted decryption key, and executing the decrypted program; and a controller for causing, when the first storage to the first memory is completed, the bus port to disable access from the outside to the bus and enabling access to the first and second memories such that the encrypted decryption key and the decryption key decryption program are transferred from the first memory to the second memory, enabling, when the transfer is completed, access to the secret key holder and disabling access to the first memory; causing, when the first decryption is completed, the CPU to erase data stored in register and disable access to the secret key holder, while disabling access to the second memory, enabling access to the first memory, and causing the bus port to enable access from the outside to the bus, causing, when the second storage to the first memory is completed, the bus port to disable access from the outside to the bus and enabling access to the second memory such that the encrypted program and the decryption program are transferred from the first memory to the second memory, enabling, when the transfer is completed, access to the decryption key holder and disabling access to the first memory, and causing, when the second decryption and the execution of the decrypted program are completed, the CPU to erase data stored in the register and disable access to the secret key holder and disabling access to the second memory.
  • With the fourth semiconductor integrated circuit device according to the present invention, it is no more necessary to provide the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved. Moreover, the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked. In addition, the encryption program and the encryption strength can be selected at the encrypted program transferor.
  • To solve the foregoing problems, a first program delivery method according to the present invention is a program delivery method for delivering a program between a first device and a second device, the method comprising the steps of: transferring a public key from the second device to the first device; transferring a decryption program to the second device from the outside thereof, encrypting the program by using the public key in the first device and transferring the encrypted program to the second device; and decrypting the encrypted program by using a secret key corresponding to the public key and the decryption program in the second device.
  • In accordance with the first program delivery method of the present invention, it is no more necessary to provide the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved. Moreover, the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • To solve the foregoing problems, a second program delivery method according to the present invention is a program delivery method for delivering a program between a first device and a second device, the method comprising the steps of: transferring a public key from the second device to the first device; encrypting a decryption key by using the public key in the first device and transferring the encrypted decryption key to the second device; decrypting the encrypted decryption key by using a secret key corresponding to the public key in the second device; encrypting the program by using an encryption key corresponding to the decryption key in the first device and transferring the encrypted program to the second device; and decrypting the encrypted program by using the decrypted decryption key in the second device.
  • In accordance with the second program delivery method of the present invention, it is no more necessary to provide the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved. Moreover, the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked. In addition, the encryption program and the encryption strength can be selected at the encrypted program transferor.
  • To solve the foregoing problems, a first program delivery system according to the present invention is a program delivery system for delivering a program, the system comprising: a first device and a second device, the first device encrypting the program by using a public key and transferring the encrypted program to the second device and the second device decrypting the program encrypted by the first device by using a secret key corresponding to the public key and a decryption program transferred from the outside of the second device.
  • In accordance with the first program delivery system of the present invention, it is no more necessary to provide the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved. Moreover, the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • To solve the foregoing problems, a second program delivery system according to the present invention is a program delivery system for delivering a program, the system comprising: a first device and a second device, the first device encrypting a decryption key by using a public key, transferring the encrypted decryption key to the second device, encrypting the program by using an encryption key corresponding to the decryption key, and transferring the encrypted program to the second device, the second device decrypting the decryption key encrypted by the first device by using a secret key corresponding to the public key and decrypting the program encrypted by the first device by using the decrypted decryption key.
  • In accordance with the second program delivery system of the present invention, it is no more necessary to provide the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved. Moreover, the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked. In addition, the encryption program and the encryption strength can be selected at the encrypted program transferor.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a block diagram for illustrating a structure of a semiconductor integrated circuit device in a first embodiment of the present invention;
  • FIG. 2 is a flow chart showing the procedure of decrypting an encrypted program;
  • FIG. 3 is a block diagram for illustrating a structure of a semiconductor integrated circuit device in a second embodiment of the present invention;
  • FIG. 4 is a flow chart showing the procedure of decrypting an encrypted program;
  • FIG. 5 is a block diagram for illustrating a structure of a semiconductor integrated circuit device in a third embodiment of the present invention;
  • FIG. 6 is a flow chart showing the procedure of decrypting an encrypted program;
  • FIG. 7 is a block diagram for illustrating a structure of a semiconductor integrated circuit device in a fourth embodiment of the present invention;
  • FIG. 8 is a flow chart showing the procedure of decrypting an encrypted decryption key;
  • FIG. 9 is a view showing correlations among the respective states of flags, a bus port, and chip select signals;
  • FIG. 10 is a flow chart showing the procedure of -decrypting an encrypted program;
  • FIG. 11 is a view showing the transfer of a public key from a program user to a program developer;
  • FIG. 12 is a view showing the encryption of a decryption key;
  • FIG. 13 is a view showing the transfer of an encrypted decryption key from the program developer to the program user;
  • FIG. 14 is a view showing the decryption of an encrypted decryption key;
  • FIG. 15 is a view showing the encryption of a program;
  • FIG. 16 is a view showing the transfer of an encrypted program from the program developer to the program user;
  • FIG. 17 is a view showing the decryption of an encrypted program; and
  • FIG. 18 is a block diagram showing a structure of a conventional semiconductor integrated circuit device.
    • DETAILED DESCRIPTION OF THE INVENTION
  • Referring to the drawings, the individual embodiments of the present invention will be described herein below.
    • Embodiment 1
  • FIG. 1 is a block diagram for illustrating a structure of a semiconductor integrated circuit device 101 in a first embodiment of the present invention.
  • As shown in FIG. 1, an encrypted program is transferred from a PC 128 a (corresponding to a first device) which is a device at a program developer to a program user via a PC 126. In the semiconductor integrated circuit device 101 (corresponding to a second device) within information equipment 140 at the user, the encrypted program is decrypted by using a secret key and a decryption program.
  • The PC 128 a is a device at the program developer and keeps a program D128 a and an encryption program 128 b for encrypting a program.
  • The information equipment 140 is equipment at the program user and has: the semiconductor integrated circuit device 101; a flash memory 123 a for keeping a decryption program D123 a; a USB upstream port 124; and peripheral equipment 150. An outer bus 102 provides connection among the semiconductor integrated circuit 101, the flash memory 123 a, and the USB upstream port 124.
  • The semiconductor integrated circuit device has: a CPU 103 a; internal RAMs 104 (corresponding to a first memory) and 105 (corresponding to a second memory); a public key storing register 106; a bus port 110 a; a security controller 111 a; and an I/O port 122. The internal bus 109 is connected in the manner as shown in the drawing.
  • The CPU 103 a has a general-purpose register controller 119 a and general-purpose registers 120 a.
  • The security controller 111 a has a flag storing portion 113 a for storing a program decryption execute flag 112F (corresponding to a second flag) and a RAM copy flag 113F (corresponding to a first flag), a chip select dispatcher 114 a, and a DMA controller 118 a.
  • A specific description will be given to the respective contents and operations of the individual elements.
  • The external bus 102 is used to transfer a public key stored in the public key storing register 106 to the personal computer 128 a and transfer a program encrypted by using the public key and the encryption program D128 b to the semiconductor integrated circuit device 101.
  • The CPU 103 a operates in accordance with a program stored in the internal RAMs 104 and 105 or in the flash memory 123 a. The CPU 103 a not only operates a normal program but also decrypts an encrypted program and executes the decrypted program. The CPU 103 a also transfers the encrypted-program inputted from the outside and the decryption program D123 a to the internal RAM 104.
  • The internal RAM 104 is a memory used during a normal operation, i.e., when either of the decryption program D123 a and the decrypted program is not executed. A description will be given to the case where a program encrypted by using the public key and the encryption program D128 b is decrypted and executed. First, the encrypted program and the decryption program D123 a in the flash memory 123 a are transferred by the CPU 103 a to the internal RAM 104 in the state in which the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 a. Then, after the bus port 110 a disconnects the external bus 102 and the internal bus 109 from each other, the encrypted program and the decryption program D123 a are transferred by the DMA controller 118 a from the internal RAM 104 to the internal RAM 105. Thereafter, the security controller 111 a disables access from the internal bus 109 to the internal RAM 104 until the execution of the decrypted program is completed.
  • The internal RAM 105 is used during the execution of the decryption program D123 a and during the execution of the decrypted program. A description will be given to the case where the encrypted program is decrypted and executed. After the bus port 110 a disconnects the external bus 102 and the internal bus 109 from each other, the encrypted program and the decryption program D123 a are transferred by the DMA controller 118 a from the internal RAM 104 to the internal RAM 105. In the state in which the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 a, the security controller 111 a disables access from the internal bus 109 to the internal RAM 105. Accordingly, the decrypted program temporarily stored in the internal RAM 105 and data during the execution of a decryption process are not monitored from the outside.
  • The public key storing register 106 is a register storing therein a public key, which is used only for reading. The public key is transferred to the personal computer 128 a disposed outside the semiconductor integrated circuit device 101 and used when the program D128 a is encrypted in accordance with the encryption program D128 b.
  • The secret key storing register 107 is a register storing therein a secret key, which is used only for reading. The secret key is used when the encrypted program is decrypted in accordance with the decryption program D123 a.
  • The secret key access port 108 a enables the CPU 103 a to read the secrete key from the secret key storing register 107 only while the RAM copy flag 113F is reset. Specifically, the secret key access port 108 a enables the CPU 103 a to read the secret key from the secret key storing register 107 only while the program is decrypted, the decrypted program is executed after the decryption program D123 a is initiated, the transfer of the encrypted program and the decryption program D123 a from the internal RAM 104 to the internal RAM 105 is completed, and the RAM copy flag 113F is reset. At any time other than the above, the secret key access port 108 a disables the reading of the secret key.
  • The internal bus 109 is used to transfer a program and data within the semiconductor integrated circuit device 101.
  • The bus port 110 a disconnects the internal bus 109 and the external bus 102 from each other if at least one of the program decryption execute flag 112F and the RAM copy flag 113F is set. Accordingly, the internal bus 109 and the internal RAM 105 are not monitored from the outside during the transfer of the encrypted program and the decryption program D123 a and during the execution of the decryption program D123 a and the decrypted program. In any case other than the above, the internal bus 109 and the external bus 102 are connected to each other.
  • The security controller 111 a is internally provided with the flag storing portion 113 a for keeping the program decryption execute flag 112F and the RAM copy flag 113F, with the chip select dispatcher 114 a, and with the DMA controller 118. The security controller 111 a controls the bus port 110 a, the secret key access port 108 a, chip select signals 116S and 117S, and the general-purpose register controller 119 a in decrypting the program encrypted by using the encryption program D128 b and the public key stored in the public key storing register 106 and executing the decrypted program.
  • A description will be given to the case where the program encrypted by the encryption program D128 b is decrypted and executed. First, when the encrypted program and the decryption program D123 a are transferred by the CPU 103 a to the internal RAM 104 in the state in which the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 a, the bus port 110 a then disconnects the external bus 102 and the internal bus 109 from each other. Then, the chip select dispatcher 114 a asserts the chip select signals 116S and 117S such that the program encrypted by the DMA controller 118 a and the decryption program D123 a are transferred from the internal RAM 104 to the internal RAM 105. When the transfer is completed, the chip select dispatcher 114 a negates the chip select signal 116S and then shifts to the control of the CPU 103 a. When the program is decrypted in the CPU 103 a and the execution of the decrypted program is completed, a completion notice is given to the chip select dispatcher 114 a. Upon receipt of the notice, the chip select dispatcher 114 a generates the chip select signal 117S, causes the general-purpose register controller 119 a to initialize the general-purpose registers 120 a, and outputs the chip select signal 115S from the CPU 103 a as the chip select signal 116S. Thereafter, the bus port 110 a connects the internal bus 109 and the external bus 102 to each other.
  • The program decryption execute flag 112F is set by the CPU 103 a at the initiation of the decryption program D123 a and reset by the CPU 103 a at the completion of the execution of the decrypted program. The decryption program D123 a is initiated, the transfer of the encrypted program and the decryption program D123 a from the internal RAM 104 to the internal RAM 105 is completed, and the RAM copy flag 113F is reset. While the encrypted program is decrypted and the decrypted program is executed thereafter, access to the internal RAM 104 is disabled, while access to the internal RAM 105 and to the secret key storing register 107 is enabled. When the program decryption execute flag 112F is reset, access to the internal RAM 105 and to the secret key storing register 107 is disabled.
  • The RAM copy flag 113F is set by the CPU 103 a at the initiation of the decryption program D123 a and reset at the completion of data transfer from the internal RAM 104 to the internal RAM 105. Since the internal RAMs 104 and 105 are at the same location on a memory map, the respective chip select signals to the internal RAMs 104 and 105 are not normally asserted simultaneously. However, each of the chip select signals 116S and 117S from the chip select dispatcher 114 a to the internal RAMs 104 and 105 is asserted by setting the RAM copy flag 113F when the encrypted program or the like is to be transferred from the internal RAM 104 to the internal RAM 105.
  • The chip select dispatcher (hereinafter referred to as “CS dispatcher”) 114 a asserts each of the chip select signals 116S and 117S when the RAM copy flag 113F is set, thereby enabling the DMA controller 118 a to transfer the encrypted program and the decryption program D123 a from the internal RAM 104 to the internal RAM 105. When the program decryption execute flag 112F is set and the RAM copy flag 113F is reset, the CS dispatcher 114 a negates the chip select signal 116S and transfers the chip select signal 115S as the chip select signal 117S. This enables access to the internal RAM 105 during the decryption of the encrypted program and during the execution of the decrypted program. In any case other than those mentioned above, the CS dispatcher 114 a transfers the chip select signal 115S as the chip select signal 116S and negates the chip select signal 117S, thereby disabling access to the internal RAM 105 during a normal operation, i.e., when either of the decryption program D123 a and the decrypted program is not executed.
  • The chip select signal 115S is outputted from the CPU 103 a and asserted when the internal RAM 104 or the internal RAM 105 is to be accessed.
  • The chip select signals 116S and 117S are outputted from the CS dispatcher 114 a. The chip select signal 116S is asserted when the internal RAM 104 is to be accessed. The chip select signal 117S is asserted when the internal RAM 105 is to be accessed.
  • When the RAM copy flag 113F is set, the DMA controller 118 a transfers the encrypted program and the decryption program D123 a from the internal RAM 104 to the internal RAM 105. When the transfer is completed, the RAM copy flag 113 is reset.
  • The general-purpose register controller 119 a resets the general-purpose registers 120 a when the program decryption execute flag 112F is reset. During the decryption of the encrypted program, therefore, data generated in the general-purpose registers 120 a during the execution of the decrypted program is not monitored from the outside.
  • The I/O port 122 is connected to the CPU 103 a via the I/O bus 121. The I/O port 122 is also connected to an external circuit such as a sound module 151 or a video module 152 in the peripheral equipment 150.
  • The flash memory 123 a keeps the decryption program D123 a.
  • The decryption program D123 a is transferred to the internal RAM 105 via the internal RAM 104 within the semiconductor integrated circuit device 101 and used in conjunction with the secret key stored in the secret key storing register 107 when the encrypted program is decrypted.
  • The USB upstream port 124 is connected to the personal computer 126 via a USB cable 125 and used to transfer the encrypted program to the semiconductor integrated circuit device 101.
  • The USB cable 125 -is used to transfer the encrypted program from the personal computer 126 to the USB upstream port 124.
  • The personal computer 126 receives the encrypted program from the personal computer 128 a and transfers the encrypted program to the information equipment 140 on which the semiconductor integrated circuit device 101 is mounted.
  • A network line 127 is used to transfer the encrypted program from the personal computer 128 to the personal computer 126.
  • The personal computer 128 receives the public key stored in the public key storing register 106 from the personal computer 126 via the network line 127, encrypts the program D128 a by using the encryption program D128 b and the public key, and transfers the encrypted program to the personal computer 126 via the network line 127.
  • The program 128 a is encrypted by using the encryption program D128 b and the public key stored in the public key storing register 106 and then transferred to the semiconductor integrated circuit device 101 via the network line 127, the personal computer 126, the USB cable 125, the USB upstream port 124, and the external bus 102. The encrypted program 128 a is decrypted in the semiconductor integrated circuit device 101 by using the decryption program D123 a and the secret key stored in the secret key storing register 107.
  • A reference numeral D128 b denotes an encryption program for encrypting the program D128 a by using the public key stored in the public key storing register 106.
  • The information equipment 140 has: the semiconductor integrated circuit device 101; the peripheral equipment 150; the flash memory 123 a; and the USB upstream port 124.
  • The peripheral equipment 150 has: the sound module 151; and the video module 152 and is connected to the I/O port 122 in the semiconductor integrated circuit device 101.
  • The sound module 151 is connected to the I/O port 122 of the semiconductor integrated circuit device 101 to perform reproduction, recording, and the like of a sound through the transmission and reception of transferred data and the reception of a control signal.
  • The video module 152 is connected to the I/O port 122 of the semiconductor integrated circuit device 101 to perform reproduction of a dynamic picture image through the transmission and reception of transferred data and the reception of a control signal.
  • Referring to FIG. 2, the outline of the procedure of decrypting the encrypted program to generate the program D128 a and executing the program D128 a will be described.
  • FIG. 2 is a flow chart showing the procedure of decrypting the encrypted program in the first embodiment.
  • First, in Step ST201, the CPU 103 a transfers the decryption program D123 a and the encrypted program to the internal RAM 104.
  • When the transfer is completed, the whole process then advances to Step ST202 where the CPU 103 a sets the program decryption execute flag 112F and the RAM copy flag 113F. At this time, the bus port 110 a disconnects the internal bus 109 and the external bus 102 from each other.
  • After the disconnection, the whole process then advances to Step ST203 where the DMA controller 118 a transfers the decryption program D123 a and the encrypted program in the internal RAM 104 to the internal RAM 105.
  • When the transfer is completed, the whole process then advances to Step ST204 where the CPU 103 a resets the RAM copy flag 113F. From the resetting of the RAM copy flag 113F on till the completion of Step ST206, which will be described later, the CS dispatcher 114 a does not assert the chip select signal 116S.
  • The whole process then advances to Step ST205 where the CPU 103 a executes the decryption program D123 a, decrypts the encrypted program by using the secret key stored in the secret key storing register 107 to generate the program D128 a, and writes the generated program D128 a in the internal RAM 105.
  • The whole process then advances to Step ST206 where the CPU 103 a executes the program D128 a.
  • Finally, the whole process advances to Step ST207 where the CPU 103 a resets the program decryption execute flag 112F. When the program decryption execute flag 112F is reset, the general-purpose register controller 119 a resets the general-purpose registers 120 a. When the program decryption execute flag 112 a is reset, the bus port 110 a connects the internal bus 109 and the external bus 102 to each other, while the CS dispatcher 114 a outputs the chip select signal 116S as the chip select signal 115S and negates the chip select signal 117S.
  • Since the chip select signal 116S is not asserted while the decryption program D123 a is executed and the program D128 a is generated, the data and program D128 a under decryption are not stored in the internal RAM 104. Since the chip select signal 117S is negated while the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 a, the data and program D128 a under decryption is prevented from being monitored from the outside.
  • Thus, according to the first embodiment, it is no more necessary to provide the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved. Moreover, the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
    • Embodiment 2
  • FIG. 3 is a block diagram showing a structure of a semiconductor integrated circuit device 301 according to a second embodiment of the present invention. A semiconductor integrated circuit 301 shown in FIG. 3 is different from the semiconductor integrated circuit device 101 shown in FIG. 1 in that it further comprises a memory port 302 (corresponding to a first memory port) and a memory port 303 (corresponding to a second memory port). The semiconductor integrated circuit device 301 is also different from the semiconductor integrated circuit device 101 in that a security controller 111 b has only a flag storing portion 113 b for storing the program decryption execute flag 112F. As for the other components, they operate similarly to the components shown in FIG. 1 so that the description thereof will not be repeated.
  • The memory port 302 halts writing to the internal RAM 104 under the control of the security controller when the program decryption execute flag 112F is set. In other words, data cannot be written in the internal RAM 104 during the decryption of the program and during the execution of the decrypted program.
  • The memory port 303 halts access to the internal RAM 105 under the control of the security controller 111 b when the program decryption execute flag 112F is reset. In other words, the internal RAM 105 cannot be accessed during the internal bus 109 and the external bus 102 are connected to each other by a bus port 110 b. Accordingly, the decrypted program and data during the execution of a decryption process, which are written in the internal RAM 105, are not monitored from the outside.
  • A description will be given next to the procedure of decrypting the encrypted program to generate the program D128 a and executing the program D128 a.
  • FIG. 4 is a flow chart showing the procedure of decrypting the encrypted program in the second embodiment.
  • First, in Step ST201, a CPU 103 b transfers the decryption program D123 a and the encrypted program to the internal RAM 104.
  • When the transfer is completed, the whole process then advances to ST402 where the CPU 103 b sets the program decryption execute flag 112F. At this time, the bus port 110 b disconnects the internal bus 109 and the external bus 102 from each other. The memory port 302 halts writing to the internal RAM 104, while the memory port 303 enables access to the internal RAM 105.
  • Then, the whole process advances to Step ST205 where the CPU 103 b executes the decryption program D123 a, thereby decrypts the encrypted program by using the secret key stored in the secrete key storing register 107 to generate the program D128 a, and writes the generated program D128 a in the internal RAM 105.
  • Then, the whole process advances to Step ST206 where the CPU 103 b executes the program D128 a.
  • Finally, when the execution of the program D128 a is completed, the whole process advances to Step ST207 where the program decryption execute flag 112F is reset. When the program decryption execute flag 112F is reset, the general-purpose register controller 119 b resets the general-purpose registers 120 b under the control of the security controller 111 b. When the program decryption execute flag 112F is reset, the bus port 110 b connects the internal bus 109 and the external bus 102 to each other, while the memory port 302 enables writing to the internal RAM 104 and the memory port 303 halts access to the internal RAM 105.
  • In the semiconductor integrated circuit device 301, the memory port 302 executes the decryption program D123 a and halts writing to the internal RAM 104 while the program D128 a is generated so that the data and program D128 a under decryption are not stored in the internal RAM 104. In addition, the memory port 303 halts access to the internal RAM 105 while the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 b so that the data and program D128 a under decryption are not outputted to the outside.
  • Thus, according to the second embodiment, it is no more necessary to provide the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved. Moreover, the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
    • Embodiment 3
  • FIG. 5 is a block diagram showing a structure of a semiconductor integrated circuit device 501 according to a third embodiment of the present invention.
  • A semiconductor integrated circuit device 501 shown in FIG. 5 is different from the semiconductor integrated circuit device 101 shown in FIG. 1 in that it further comprises a memory port 402. The semiconductor integrated circuit device 501 is also different from the semiconductor integrated circuit device 101 shown in FIG. 1 in that a security controller 111 c has a flag storing portion 113 c for storing the program decryption execute flag 112F and a RAM initializer 502 (corresponding to a memory initializer). As for the other components, they operate similarly to the components shown in FIG. 1 so that the description thereof will not be repeated.
  • Immediately before the program decryption execute flag 112F is reset, the RAM initializer 502 writes “1” in each of the regions of the internal RAM 105 to erase data, thereby preventing the decrypted program and the data under decryption, which are written in the internal RAM 105, from being monitored from the outside.
  • A description will be given next to the procedure of decrypting the encrypted program to generate the program D128 a and executing the program D128 a.
  • FIG. 6 is a flow chart showing the procedure of decrypting the encrypted program in the third embodiment.
  • First, in Step ST201, a CPU 103 c transfers the decryption program D123 a and the encrypted program to the internal RAM 104.
  • When the transfer is completed, the whole process then advances to ST402 where the CPU 103 c sets the program decryption execute flag 112F. At this time, a bus port 110c disconnects the internal bus 109 and the external bus 102 from each other, while the memory port 402 halts writing to the internal RAM 104 under the control of the security controller 111 c.
  • Then, the whole process advances to Step ST205 where the CPU 103 c executes the decryption program D123 a, thereby decrypts the encrypted program by using the secret key stored in the secrete key storing register 107 to generate the program D128 a, and writes the generated program D128 a in the internal RAM 105.
  • When the generated program D128 a is written in the internal RAM 105, the whole process then advances to Step ST206 where the CPU 103 c executes the program D128 a.
  • The whole process then advances to Step ST607 where the RAM initializer 502 writes “1” in each of the regions of the internal RAM 105 to erase data.
  • Finally, when the data in the internal RAM 105 is erased, the whole process advances to Step ST207 where the program decryption execute flag 112F is reset. When the program decryption execute flag 112F is reset, the general-purpose register controller 119 c resets the general-purpose registers 120c under the control of the security controller 111 b. When the program decryption execute flag 112F is reset, the bus port 110 c connects the internal bus 109 and the external bus 102 to each other, while the memory port 402 enables writing to the internal RAM 104 under the control of the security controller 111 c.
  • In the semiconductor integrated circuit device 501, the memory port 402 executes the decryption program D123 a and halts writing to the internal RAM 104 while the program D128 a is generated so that the data and program D128 a under decryption are not stored in the internal RAM 104. In addition, the RAM initializer 502 has completely erased data in the internal RAM 105 immediately before the bus port 110 c brings the external bus 102 and the internal bus 109 in the disconnected state into the connected state so that the data and program D128 a under decryption are not outputted to the outside.
  • Thus, according to the third embodiment, it is no more necessary to provide the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved. Moreover, the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
    • Embodiment 4
  • FIG. 7 is a block diagram showing a structure of a semiconductor integrated circuit device 701 according to a fourth embodiment of the present invention.
  • A semiconductor integrated circuit device 701 shown in FIG. 7 is different from the semiconductor integrated circuit device 101 shown in FIG. 1 in that it further comprises a decryption key access port 703 and a decryption key storing register 702. A PC 128 dis different from the PC 128 a shown in FIG. 1 in that it keeps a decryption key encryption program D728 c, an encryption key D728 d, and a decryption key D728 e in addition to the program D728 a and the encryption program D728 b. A flag storing portion 113 d is different from the flag storing portion 113 a shown in FIG. 1 in that it keeps a decryption key decryption flag 704F in addition to the program decryption execute flag 112F and the RAM copy flag 113F. A flash memory 123 d is different from the flash memory 123 a in that it keeps a decryption key decryption program D723 b in addition to the decryption program 723 a. As for the other components, they operate similarly to the components shown in FIG. 1 so that a description will be given with particular emphasis on different portions between FIGS. 7 and 1.
  • A CPU 103 d operates in accordance with a program stored in the internal RAM 104 or 105 or in the flash memory 123d. Besides operating a normal program, the CPU 103 d executes the decryption of the encrypted decryption key and the decryption of the encrypted program as well as the decrypted program. The CPU 103 d also transfers the encrypted decryption key inputted from the outside, the encrypted program, the decryption key encryption program D723 b, and the decryption program D723 a to the internal RAM 104.
  • The internal RAM 104 is a memory used during a normal operation, i.e., when none of the decryption program D723 a, the decryption key decryption program D723 b, and the decrypted program is executed. A description will be given to the case where the encrypted decryption key is decrypted and stored in the decryption key storing register 702. First, in the state in which the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 d, the CPU 103 d transfers the encrypted decryption key and the decryption key decryption program D723 b in the flash memory 123 d to the internal RAM 104 via the external bus 102 and the internal bus 109. Then, after the bus port Hod disconnects the external bus 102 and the internal bus 109 from each other, a DMA controller 118 dtransfers the encrypted decryption key and the decryption key decryption program D723 b from the internal RAM 104 to the internal RAM 105. Thereafter, a security controller 111 d disables access from the internal bus 109 to the internal RAM 104 until the decryption key decryption program D723 b is completed.
  • Subsequently, a description will be given to the case where the encrypted program is decrypted and executed. First, the CPU 103 d transfers the encrypted program and the decryption program D723 a to the internal RAM 104 in the state in which the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 d. After the bus port 110 d then disconnects the external bus 102 and the internal bus 109 from each other, the DMA controller 118 d transfers the encrypted program and the decryption program D723 a from the internal RAM 104 to the internal RAM 105. Thereafter, the security controller 111 d disables access from the internal bus 109 to the internal RAM 104 until the execution of the decrypted program is completed.
  • The internal RAM 105 is used during the execution of the decryption key decryption program D723 b, the decryption program D723 a, and the decrypted program D728 b. A description will be given to the case where the encrypted decryption key is decrypted and stored in the decryption key storing register 702. After the bus port 110 d disconnects the external bus 102 and the internal bus 109 from each other, the DMA controller 118 dtransfers the encrypted decryption key and the decryption key decryption program D723 b from the internal RAM 104 to the internal RAM 105. During the decryption of the encrypted decryption key, the CPU 103 d decrypts the encrypted decryption key by using the internal RAM 105. A description will be given to the case where the encrypted program is decrypted and executed. After the bus port 110d disconnects the external bus 102 and the internal bus 109 from each other, the encrypted program and the decryption program D723 a are transferred from the internal RAM 104 to the internal RAM 105. During the decryption of the encrypted program and during the execution of the decrypted program, the CPU 103 d decrypts the encrypted program and executes the decrypted program by using the internal RAM 105. While the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 d, access from the internal-bus 109 to the internal RAM 105 is disabled. Accordingly, the decrypted decryption key D728 e, the decrypted program D728 a, and data during the execution of these decryption processes, each temporarily stored in the internal RAM 105, are not monitored from the outside.
  • The public key storing register 106 is a register storing a public key, which is used only for reading. The public key is transferred to the personal computer 128 e disposed outside the semiconductor integrated circuit device 701 and used in conjunction with the decryption key encryption program D728 c to encrypt the decryption key D728 e. The encrypted decryption key is decrypted by using the decryption key decryption program D723 b and the secret key stored in the secret key storing register 107.
  • The secret key storing register 107 is a register storing a secret key, which is used only for reading. The secret key is used when the encrypted decryption key is decrypted by using the secret key.
  • The decryption key storing register 702 is a register for storing the decryption key D728 e such that it is written therein and read therefrom. The decryption key D728 e is used in conjunction with the decryption key decryption program D723 b to decrypt the encrypted program.
  • The secret key access port 108 d enables the CPU 103 d to read the secret key from the secret key storing register 107 only while the decryption key decryption flag 704F is set and the RAM copy flag 113F is reset. Specifically, the CPU 103 d enables the reading of the secret key from the secret key storing register 107 only while the decryption key decryption program D723 b is initiated, the transfer of the encrypted decryption key and the decryption key decryption program D723 b from the internal RAM 104 to the internal RAM 105 is completed, the RAM copy flag 113F is reset, and the encrypted decryption key is decrypted thereafter. At any time other than the above, the reading of the secret key is disabled.
  • The decryption key access port 703 enables the writing of the decryption key D728 e while the decryption key decryption flag 704F is set and the RAM copy flag 113 is reset. The decryption key access port 703 enables the reading of the decryption key D728 e while the program decryption execute flag 112F is set and the RAM copy flag 113F is reset. At any time other than the above, the writing and reading of the decryption key D728 e are both disabled. Specifically, the writing of the decryption key D728 e is enabled while the decryption key decryption program D723 b is initiated, the transfer of the encrypted decryption key and the decryption key decryption program D723 b from the internal RAM 104 to the internal RAM 105 is completed, the RAM copy flag 113F is reset, and the encrypted decryption key is decrypted thereafter. On the other hand, the reading of the decryption key D728 e is enabled while the decryption program D723 a is initiated, the transfer of the encrypted program and the decryption program D723 a from the internal RAM 104 to the internal RAM 105 is completed, the RAM copy flag 113F is reset, and the encrypted program is decrypted thereafter.
  • The bus port 110 d disconnects the internal bus 109 and the external bus 102 from each other when at least one of the decryption key decryption flag 704F, the program decryption execute flag 112F, and the RAM copy flag 113F is set. During the execution of the decryption key decryption program D723 b, the decryption program D723 a, and the decrypted program D728 a, therefore, the internal bus 109 and the internal bus RAM 105 are not monitored from the outside. In any case other than the above, the internal bus 109 and the external bus 102 are connected to each other.
  • The security controller 111 d is internally provided with a flag storing portion for keeping the decryption key decryption flag 704F, with the program decryption execute flag 112F, and with the RAM copy flag 113F, a CS dispatcher 114 d, and the DMA controller 118 d.
  • The decryption key decryption flag 704F is set by the CPU 103 when the decryption key decryption program D723 b is initiated and reset by the CPU 103 when the decryption of the decryption key is completed. The decryption key decryption program D723 b is initiated, the transfer of the encrypted decryption key and the decryption key decryption program D723 b from the internal RAM 104 to the internal RAM 105 is completed, and the RAM copy flag 113F is reset. Thereafter, access to the internal RAM 104 is disabled during the decryption of the encrypted decryption key, while access to the internal RAM 105, to the secret key storing register 107, and to the decryption key storing register 702 is enabled. When the decryption key decryption flag 704F is reset, access to the internal RAM 105, to the secret key storing register 107, and to the decryption key storing register 702 is disabled.
  • The program decryption execute flag 112F is set by the CPU 103 d at the initiation of the decryption program D723 a and reset by the CPU 103 d at the completion of the execution of the decrypted program. The decryption program D723 a is initiated, the transfer of the encrypted program and the decryption program D723 a from the internal RAM 104 to the internal RAM 105 is completed, and the RAM copy flag 113F is reset. While the encrypted program is decrypted and the decrypted program is executed thereafter, access to the internal RAM 104 is disabled and access to the internal RAM 105 and to the decryption key storing register 702 is enabled. When the program decryption execute flag 112F is reset, access to the internal RAM 105, to the secret key storing register 107, and to the decryption key storing register 702 is disabled.
  • The RAM copy flag 113F is set by the CPU 103 d at the initiation of the decryption key decryption program D723 b or the decryption program D723 a and reset by the CPU 103 d at the completion of data transfer from the internal RAM 104 to the internal RAM 105:
  • The CS dispatcher 114d asserts each of the chip select signals 116S and 117S when the RAM copy flag 113F is set, thereby enabling the DMA controller 118 d to transfer the encrypted decryption key, the decryption key decryption program D723 b, the encrypted program, and the decryption program D723 a from the internal RAM 104 to the internal RAM 105. When the decryption key decryption flag 704F or the program decryption execute flag 112F is set and the RAM copy flag 113F is reset, the CS dispatcher 114d negates the chip select signal 116S and transfers the chip select signal 115S as the chip select signal 117S. This enables access to the internal RAM 105 during the decryption of the encrypted decryption key, during the decryption of the encrypted program, and during the execution of the decrypted program. In any case other than those mentioned above, the CS dispatcher 114d transfers the chip select signal 115S as the chip select signal 116S and negates the chip select signal 117S, thereby disabling access to the internal RAM 105 during a normal operation, i.e., when none of the decryption key decryption program D723 b, the decryption program D723 a, and the decrypted program D728 a is executed.
  • When the RAM copy flag 113F is set, the DMA controller 118 d transfers the encrypted decryption key, the decryption key decryption program D723 b, the encrypted program, and the decryption program D723 a from the internal RAM 104 to the internal RAM 105. When the transfer is completed, the DMA controller 118 d resets the RAM copy flag 113F.
  • The general-purpose register controller 119d resets the general-purpose registers 120 d when the decryption key decryption flag 704F or the program decryption execute flag 112F is reset. During the decryption of the encrypted program, therefore, data generated in the general-purpose registers 120 d during the execution of the decrypted program is not monitored from the outside.
  • The decryption key decryption program D723 b is kept in the flash memory 123 d. When the decryption key encrypted by using the decryption key encryption program D728 c and the secret key is decrypted, the decryption key decryption program D723 b is transferred to the internal RAM 105 via the internal RAM 104 in the semiconductor integrated circuit device 701 to decrypt the encrypted decryption key in conjunction with the secret key stored in the secret key storing register 107.
  • The decryption program D723 a is kept in the flash memory 123 d. When the program encrypted by using the encryption program D728 b and the encryption key D728 d is decrypted, the decryption program D723 a is transferred to the internal RAM 105 via the internal RAM 104 in the semiconductor integrated circuit device 701 to decrypt the encrypted program in conjunction with the decryption key stored in the decryption key storing register 702.
  • The program D728 a is encrypted by using the encryption program D728 b and the encryption key D728 d and transferred to the semiconductor integrated circuit device 701 via the network 127, the personal computer 126, the USB cable 125, the USB upstream port 124, and the external bus 102. In the semiconductor integrated circuit device 701, the program D728 a is decrypted by using the decryption program D723 a and the decryption key D728 e stored in the decryption key storing register 107.
  • The encryption program D728 b is for encrypting the program D728 a by using the encryption key D728 d.
  • The decryption key encryption program D728 c is for encrypting the decryption key D728 e in conjunction with the public key stored in the public key storing register 106.
  • The encryption key D728 d is for encrypting the program D728 a in conjunction with the encryption program D728 b.
  • The decryption key D728 e is for decrypting the encrypted program by using the encryption key D728 d in conjunction with the decryption program D723 a.
  • Information equipment 740 has the semiconductor integrated circuit device 701, the peripheral equipment 150, the flash memory 123 d, and the USB upstream port 124.
  • A description will be given next to the procedure of decrypting the encrypted decryption key and storing the decryption key D728 e in the decryption key storing register 702.
  • FIG. 8 is a flow chart showing the procedure of decrypting the encrypted decryption key in the fourth embodiment.
  • First, in Step ST801, the CPU 103 d transfers the decryption key decryption program D723 b and the encrypted decryption key to the internal RAM 104.
  • When the transfer is completed, the whole process then advances to Step ST802 where the CPU 103 d sets the decryption key decryption flag 704F and the RAM copy flag 113F. At this time, the bus port 110 d disconnects the internal bus 109 and the external bus 102 from each other.
  • After the disconnection, the whole process then advances to Step ST803 where the DMA controller 118 d transfers the decryption key decryption program D723 b and the encrypted decryption key in the internal RAM 104 to the internal RAM 105.
  • When the transfer is completed, the whole process then advances to Step ST804 where the CPU 103 d resets the RAM copy flag 113F. From the resetting of the RAM copy flag 113F on till the completion of Step ST805, which will be described later, the CS dispatcher 114 d does not assert the chip select signal 116S.
  • Next, the whole process advances to Step ST805 where the CPU 103 d executes the decryption key decryption program D723 b by using the secret key stored in the secret key storing register 107 to decrypt the encrypted decryption key, thereby generates the decryption key D728 e, and stores it in the decryption key storing register 702.
  • Finally, the whole process advances to Step ST806 where the decryption key decryption flag 704F is reset. When the decryption key decryption flag 704F is reset, the general-purpose register controller 119d resets the general-purpose registers 120 d. When the decryption key decryption flag 704F is reset, the bus port 110 d connects the internal bus 109 and the external bus 102 to each other. The CS dispatcher 114 d transfers the chip select signal 115S as the chip select signal 116S and negates the chip select signal 117S.
  • FIG. 9 shows the respective states of the decryption key decryption flag 704F, the program decryption execute flag 112F, the bus port 110 d corresponding to the state of the RAM copy flag 113F, the secret key access port 108 d, the decryption key access port 703, and the chip select signals 116S and 117S.
  • In FIG. 9, “Open” represents the case where the bus port 110 d, the secret key access port 108 d, and the decryption key access port 703 enable data transfer and “Close” represents the case where data transfer is not enabled, while CS 115 represents the case where the chip select signal 115S is transferred as the chip select signals 116S and 117S.
  • As shown in FIG. 9, when the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 d, the secret key storing register 107 and the decryption key decryption register 702 cannot be accessed. On the other hand, the chip select signal 116S is not asserted when the decryption key decryption program D723 b is executed and the decryption key D728 e is generated. Accordingly, data under decryption, the secret key, and the decryption key D728 e are not stored in the internal RAM 104. Since the chip select signal 117S is negated when the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 d, data under decryption, the secret key, and the decryption key D728 e are not outputted to the outside.
  • A description will be given next to the procedure of decrypting the encrypted program to generate the program D728 a and executing the program D728 a with reference to FIG. 10.
  • FIG. 10 is a flow chart showing the procedure of decrypting the encrypted program in the fourth embodiment.
  • First, in Step ST1001, the CPU 103 d transfers the decryption program D723 a and the encrypted program to the internal RAM 104.
  • When the transfer is completed, the whole process advances to Step ST1002 where the CPU 103 d sets the program decryption execute flag 112F and the RAM copy flag 113F. At this time, the bus port 110 d disconnects the internal bus 109 and the external bus 102 from each other.
  • After the disconnection, the whole process advances to Step ST1003 where the DMA controller 118 d transfers the decryption program D723 a and the encrypted program in the internal RAM 104 to the internal RAM 105.
  • When the transfer is completed, the whole process advances to Step ST1004 where the CPU 103 d resets the RAM copy flag 113F. From the resetting of the RAM copy flag 113F on till the completion of Step ST1006, which will be described later, the CS dispatcher 114 d does not assert the chip select signal 116S.
  • Then, the whole process advances to Step ST1005 where the CPU 103 d executes the decryption program D723 a by using the decryption key D728 e, thereby decrypts the encrypted program, and generates the program D728 a. The generated program D728 a is written in the internal RAM 105.
  • Then, the whole process advances to Step ST1006 where the CPU 103 d executes the program D728 a.
  • Finally, the whole process advances to Step ST1007 where the CPU 103 d resets the program decryption execute flag 112F. When the program decryption execute flag 112F is reset, the general-purpose register controller 119d resets the general-purpose registers 120 d. When the program decryption execute flag 112F is reset, the bus port 110 d connects the internal bus 109 and the external bus 102 to each other. The CS dispatcher 114 d transfers the chip select signal 115S as the chip select signal 116S and negates the chip select signal 117S.
  • As shown in FIG. 9, the chip select signal 116S is not asserted when the decryption program D723 a is executed and the program D728 a is generated. Accordingly, data under decryption, the decryption key D728 e, and the program D728 a are not stored in the internal RAM 104. Since the chip select signal 117S is negated when the external bus 102 and the internal bus 109 are connected to each other by the bus port 110 d, data under decryption, the decryption key D728 e, and the program D728 a are not outputted to the outside.
  • Thus, it is no more necessary to provide the semiconductor integrated circuit device with an internal nonvolatile memory for keeping the decryption program so that a cost reduction is achieved. Moreover, the encrypted program can be decrypted and executed, while the program and data under decryption are not monitored from the outside. This reduces the probability that the encrypted program is hacked.
  • In addition, the encryption program and the encryption strength can be selected at the encrypted program transferor.
  • Program Delivery Method and System
  • FIGS. 11 to 17 are views for illustrating a program delivery system and a program delivery method, which will be described herein below by using the present fourth embodiment as an example.
  • FIGS. 11 to 17 show data transmission and reception between the semiconductor integrated circuit device 701 (corresponding to a second device) within information equipment used by the program user and the PC 128 d (corresponding to a first device) used by the program developer from the encryption of a program till the decryption of the encrypted program.
  • First, as shown in FIG. 11, the semiconductor integrated circuit device 701 at the user transfers a public key D106 stored in the public key storing register 106 to the PC 128 d at the developer.
  • Next, as shown in FIG. 12, the PC 128 d at the developer encrypts the decryption key D728 e by using the public key D106 and the decryption key encryption program D728 c to generate an encrypted decryption key 1201.
  • Next, as shown in FIG. 13, the PC 128 d at the developer transfers the encrypted decryption key 1201 to the semiconductor integrated circuit device 701 at the user.
  • Next, as shown in FIG. 14, the semiconductor integrated circuit device 701 at the user decrypts the encrypted decryption key 1201 by using the secret key D107 stored in the secret key storing register 107 and the decryption key decryption program D723 b and stores the decryption key D728 e in the decryption key storing register 702.
  • Then, as shown in FIG. 15, the PC 128 d at the developer encrypts the program D728 a by using the encryption key D728 d and the encryption program D728 b to generate an encrypted program 1501.
  • Next, as shown in FIG. 16, the PC 128 d at the developer transfers the encrypted program 1501 to the semiconductor integrated circuit device 701 at the user.
  • Finally, as shown in FIG. 17, the semiconductor integrated circuit device 701 at the user decrypts the encrypted program 1501 by using the decryption key D728 e and the decryption program D723 a and executes the decrypted program D728 a.
  • Thus, the program is encrypted by using the encryption key possessed by the program developer and the encrypted program is delivered to the user. Since the encrypted program can be decrypted by using the decryption key possessed by the program developer, it becomes possible to encrypt the program with an encryption strength desired by the program developer and deliver the encrypted program.
  • Although each of the first to fourth embodiments has described the case where the control of the internal RAMs 104 and 105 is effected by using the chip select signals in the semiconductor integrated circuit, it will easily be appreciated that the present invention is also similarly practicable in each of the embodiments even if a write enable signal and a read enable signal are used.

Claims (5)

1-8. (canceled)
9. A program delivery method for delivering a program between a first device and a second device, the method comprising the steps of:
transferring a public key from the second device to the first device;
transferring a decryption program to the second device from the outside thereof;
encrypting the program by using the public key in the first device and transferring the encrypted program to the second device; and
decrypting the encrypted program by using a secret key corresponding to the public key and the decryption program in the second device.
10. A program delivery method for delivering a program between a first device and a second device, the method comprising the steps of:
transferring a public key from the second device to the first device;
encrypting a decryption key by using the public key in the first device and transferring the encrypted decryption key to the second device;
decrypting the encrypted decryption key by using a secret key corresponding to the public key in the second device;
encrypting the program by using an encryption key corresponding to the decryption key in the first device and transferring the encrypted program to the second device; and
decrypting the encrypted program by using the decrypted decryption key in the second device.
11. A program delivery system for delivering a program, the system comprising:
a first device and a second device,
the first device encrypting the program by using a public key and transferring the encrypted program to the second device and
the second device decrypting the program encrypted by the first device by using a secret key corresponding to the public key and a decryption program transferred from the outside of the second device.
12. A program delivery system for delivering a program, the system comprising:
a first device and a second device,
the first device encrypting a decryption key by using a public key, transferring the encrypted decryption key to the second device, encrypting the program by using an encryption key corresponding to the decryption key, and transferring the encrypted program to the second device.
the second device decrypting the decryption key encrypted by the first device by using a secret key corresponding to the public key and decrypting the program encrypted by the first device by using the decrypted decryption key.
US11/598,039 2002-10-31 2006-11-13 Semiconductor integrated circuit device, program delivery method, and program delivery system Abandoned US20070118761A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/598,039 US20070118761A1 (en) 2002-10-31 2006-11-13 Semiconductor integrated circuit device, program delivery method, and program delivery system

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP2002318172A JP4349788B2 (en) 2002-10-31 2002-10-31 Semiconductor integrated circuit device
JP2002-318172 2002-10-31
US10/611,879 US7228436B2 (en) 2002-10-31 2003-07-03 Semiconductor integrated circuit device, program delivery method, and program delivery system
US11/598,039 US20070118761A1 (en) 2002-10-31 2006-11-13 Semiconductor integrated circuit device, program delivery method, and program delivery system

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US10/611,879 Division US7228436B2 (en) 2002-10-31 2003-07-03 Semiconductor integrated circuit device, program delivery method, and program delivery system

Publications (1)

Publication Number Publication Date
US20070118761A1 true US20070118761A1 (en) 2007-05-24

Family

ID=32171258

Family Applications (3)

Application Number Title Priority Date Filing Date
US10/611,879 Expired - Fee Related US7228436B2 (en) 2002-10-31 2003-07-03 Semiconductor integrated circuit device, program delivery method, and program delivery system
US11/598,039 Abandoned US20070118761A1 (en) 2002-10-31 2006-11-13 Semiconductor integrated circuit device, program delivery method, and program delivery system
US11/797,548 Abandoned US20080155272A1 (en) 2002-10-31 2007-05-04 Semiconductor integrated circuit device, program delivery method, and program delivery system

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US10/611,879 Expired - Fee Related US7228436B2 (en) 2002-10-31 2003-07-03 Semiconductor integrated circuit device, program delivery method, and program delivery system

Family Applications After (1)

Application Number Title Priority Date Filing Date
US11/797,548 Abandoned US20080155272A1 (en) 2002-10-31 2007-05-04 Semiconductor integrated circuit device, program delivery method, and program delivery system

Country Status (3)

Country Link
US (3) US7228436B2 (en)
JP (1) JP4349788B2 (en)
CN (2) CN1822011A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060227967A1 (en) * 2005-04-11 2006-10-12 Tomoki Nishikawa Data processing system and method
US9881161B2 (en) 2012-12-06 2018-01-30 S-Printing Solution Co., Ltd. System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4349788B2 (en) * 2002-10-31 2009-10-21 パナソニック株式会社 Semiconductor integrated circuit device
US20050071656A1 (en) * 2003-09-25 2005-03-31 Klein Dean A. Secure processor-based system and method
TWI274282B (en) * 2004-05-13 2007-02-21 Mediatek Inc Method and system of accessing instructions
JP2005332221A (en) * 2004-05-20 2005-12-02 Renesas Technology Corp Storage device
CN100367197C (en) * 2004-05-24 2008-02-06 联发科技股份有限公司 Instruction acquisition method and system thereof
US7536355B2 (en) * 2004-06-10 2009-05-19 Lsi Corporation Content security system for screening applications
JP4562464B2 (en) * 2004-09-07 2010-10-13 富士通株式会社 Information processing device
JP4496061B2 (en) * 2004-11-11 2010-07-07 パナソニック株式会社 Confidential information processing device
US20060277413A1 (en) * 2005-06-01 2006-12-07 Drews Dennis T Data security
JP4738068B2 (en) * 2005-06-17 2011-08-03 富士通セミコンダクター株式会社 Processor and system
US20060294395A1 (en) * 2005-06-28 2006-12-28 Ogram Mark E Executable software security system
US8863230B1 (en) * 2006-06-09 2014-10-14 Xilinx, Inc. Methods of authenticating a programmable integrated circuit in combination with a non-volatile memory device
US7987358B1 (en) * 2006-06-09 2011-07-26 Xilinx, Inc. Methods of authenticating a user design in a programmable integrated circuit
JP2008060653A (en) * 2006-08-29 2008-03-13 Matsushita Electric Ind Co Ltd Control device
JP2009223611A (en) * 2008-03-17 2009-10-01 Konami Digital Entertainment Co Ltd Information processing apparatus, information processing method, and program
US8479021B2 (en) * 2011-09-29 2013-07-02 Pacid Technologies, Llc Secure island computing system and method
JP2013097539A (en) * 2011-10-31 2013-05-20 Mitsutoyo Corp Control device and control program illegal reading prevention method
KR20140073384A (en) * 2012-12-06 2014-06-16 삼성전자주식회사 system on chip for performing secure boot, image forming apparatus comprising it, and methods thereof
JP6585153B2 (en) * 2014-07-16 2019-10-02 ビーエイイー・システムズ・インフォメーション・アンド・エレクトロニック・システムズ・インテグレイション・インコーポレーテッド A device using flash memory to store important or sensitive technical information and other data
US10387662B2 (en) 2014-07-16 2019-08-20 Jeffrey B. Canter Flash memory device for storing sensitive information and other data
FR3050847B1 (en) * 2016-05-02 2019-04-05 Morpho METHOD OF OPTIMIZING MEMORY WRITINGS IN A DEVICE
US10896267B2 (en) * 2017-01-31 2021-01-19 Hewlett Packard Enterprise Development Lp Input/output data encryption
US10642970B2 (en) 2017-12-12 2020-05-05 John Almeida Virus immune computer system and method
US10614254B2 (en) 2017-12-12 2020-04-07 John Almeida Virus immune computer system and method
US10346608B2 (en) 2017-12-12 2019-07-09 John Almeida Virus immune computer system and method
JP7163656B2 (en) * 2018-07-30 2022-11-01 株式会社リコー Delivery system, receiving client terminal, delivery method
US10614232B2 (en) 2018-09-10 2020-04-07 John Almeida Storing and using multipurpose secret data
US10892895B2 (en) * 2018-09-10 2021-01-12 Atense, Inc. Storing and using multipurpose secret data
EP4141722A1 (en) * 2021-08-27 2023-03-01 Siemens Aktiengesellschaft Safe operation of an industrial controller together with an ai module

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5982887A (en) * 1995-04-27 1999-11-09 Casio Computer Co., Ltd. Encrypted program executing apparatus
US6351536B1 (en) * 1997-10-01 2002-02-26 Minoru Sasaki Encryption network system and method
US6385317B1 (en) * 1996-04-03 2002-05-07 Irdeto Access Bv Method for providing a secure communication between two devices and application of this method
US20020112173A1 (en) * 1994-10-27 2002-08-15 Mitsubishi Corporation Apparatus for data copyright management system
US20020138752A1 (en) * 2001-02-02 2002-09-26 Tetsuya Tanaka Semiconductor integrated circuit and business method therewith
US20030159053A1 (en) * 2002-02-19 2003-08-21 Charles Fauble Secure reconfigurable input device with transaction card reader
US20030217258A1 (en) * 2002-05-16 2003-11-20 International Business Machines Corporation Apparatus and method of using ephemeral asymmetric keys to exchange security data between hardware security modules
US6711677B1 (en) * 1999-07-12 2004-03-23 Hewlett-Packard Development Company, L.P. Secure printing method
US20040259633A1 (en) * 2003-04-16 2004-12-23 Gentles Thomas A. Remote authentication of gaming software in a gaming system environment
US6904522B1 (en) * 1998-07-15 2005-06-07 Canal+ Technologies Method and apparatus for secure communication of information between a plurality of digital audiovisual devices
US6952770B1 (en) * 2000-03-14 2005-10-04 Intel Corporation Method and apparatus for hardware platform identification with privacy protection
US20060174116A1 (en) * 2002-02-06 2006-08-03 Xerox Corporation Systems and methods for authenticating communications in a network medium
US7296157B2 (en) * 2002-07-10 2007-11-13 Electronics For Imaging, Inc. Methods and apparatus for secure document printing
US7373507B2 (en) * 2000-08-10 2008-05-13 Plethora Technology, Inc. System and method for establishing secure communication

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0314083A (en) * 1989-06-12 1991-01-22 Toshiba Corp Portable medium
AU1265195A (en) * 1993-12-06 1995-06-27 Telequip Corporation Secure computer memory card
US5533123A (en) * 1994-06-28 1996-07-02 National Semiconductor Corporation Programmable distributed personal security
JPH0830558A (en) 1994-07-20 1996-02-02 Fujitsu Ltd Load distributing method in computer system and computer system utilizing the method
DE69532153T2 (en) * 1994-09-30 2004-09-02 Mitsubishi Corp. Data copyright management system
US5754762A (en) * 1997-01-13 1998-05-19 Kuo; Chih-Cheng Secure multiple application IC card using interrupt instruction issued by operating system or application program to control operation flag that determines the operational mode of bi-modal CPU
US6212635B1 (en) * 1997-07-18 2001-04-03 David C. Reardon Network security system allowing access and modification to a security subsystem after initial installation when a master token is in place
DE19757653C2 (en) * 1997-12-15 2003-07-17 Francotyp Postalia Ag Method and postal device with a chip card read / write unit for reloading change data by chip card
WO2000057290A1 (en) * 1999-03-19 2000-09-28 Hitachi, Ltd. Information processor
US20010034839A1 (en) * 1999-12-24 2001-10-25 Guenter Karjoth Method and apparatus for secure transmission of data and applications
TW536672B (en) * 2000-01-12 2003-06-11 Hitachi Ltd IC card and microcomputer
GB0111521D0 (en) * 2001-05-11 2001-07-04 Amphion Semiconductor Ltd A component for generating data encryption/decryption apparatus
JP4349788B2 (en) * 2002-10-31 2009-10-21 パナソニック株式会社 Semiconductor integrated circuit device

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020112173A1 (en) * 1994-10-27 2002-08-15 Mitsubishi Corporation Apparatus for data copyright management system
US5982887A (en) * 1995-04-27 1999-11-09 Casio Computer Co., Ltd. Encrypted program executing apparatus
US6385317B1 (en) * 1996-04-03 2002-05-07 Irdeto Access Bv Method for providing a secure communication between two devices and application of this method
US6351536B1 (en) * 1997-10-01 2002-02-26 Minoru Sasaki Encryption network system and method
US6904522B1 (en) * 1998-07-15 2005-06-07 Canal+ Technologies Method and apparatus for secure communication of information between a plurality of digital audiovisual devices
US6711677B1 (en) * 1999-07-12 2004-03-23 Hewlett-Packard Development Company, L.P. Secure printing method
US6952770B1 (en) * 2000-03-14 2005-10-04 Intel Corporation Method and apparatus for hardware platform identification with privacy protection
US7373507B2 (en) * 2000-08-10 2008-05-13 Plethora Technology, Inc. System and method for establishing secure communication
US20020138752A1 (en) * 2001-02-02 2002-09-26 Tetsuya Tanaka Semiconductor integrated circuit and business method therewith
US20060174116A1 (en) * 2002-02-06 2006-08-03 Xerox Corporation Systems and methods for authenticating communications in a network medium
US20030159053A1 (en) * 2002-02-19 2003-08-21 Charles Fauble Secure reconfigurable input device with transaction card reader
US20030217258A1 (en) * 2002-05-16 2003-11-20 International Business Machines Corporation Apparatus and method of using ephemeral asymmetric keys to exchange security data between hardware security modules
US7296157B2 (en) * 2002-07-10 2007-11-13 Electronics For Imaging, Inc. Methods and apparatus for secure document printing
US20040259633A1 (en) * 2003-04-16 2004-12-23 Gentles Thomas A. Remote authentication of gaming software in a gaming system environment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060227967A1 (en) * 2005-04-11 2006-10-12 Tomoki Nishikawa Data processing system and method
US7889864B2 (en) * 2005-04-11 2011-02-15 Panasonic Corporation Data processing system and method
US9881161B2 (en) 2012-12-06 2018-01-30 S-Printing Solution Co., Ltd. System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof

Also Published As

Publication number Publication date
CN1499360A (en) 2004-05-26
JP2004152123A (en) 2004-05-27
US20040088554A1 (en) 2004-05-06
US7228436B2 (en) 2007-06-05
CN1248106C (en) 2006-03-29
JP4349788B2 (en) 2009-10-21
CN1822011A (en) 2006-08-23
US20080155272A1 (en) 2008-06-26

Similar Documents

Publication Publication Date Title
US7228436B2 (en) Semiconductor integrated circuit device, program delivery method, and program delivery system
US7389536B2 (en) System and apparatus for limiting access to secure data through a portable computer to a time set with the portable computer connected to a base computer
US7761717B2 (en) Memory device with data security in a processor
US8108941B2 (en) Processor, memory, computer system, system LSI, and method of authentication
EP1056015A1 (en) Storage device, encrypting/decrypting device, and method for accessing nonvolatile memory
US20050268174A1 (en) Semiconductor device, electronic apparatus, and access control method of the semiconductor device
JPH08305558A (en) Ciphering program arithmetic unit
US20100293392A1 (en) Semiconductor device having secure memory controller
US8412903B2 (en) Method and system for managing secure code loading in PC-slave devices
US7076667B1 (en) Storage device having secure test process
US20080005590A1 (en) Memory system
JP4717398B2 (en) Method for controlling data processing apparatus
US20040117639A1 (en) Secure driver
US8397081B2 (en) Device and method for securing software
JPH10143439A (en) Data processor
US20080104368A1 (en) Storage element having data protection functionality
JP2006293516A (en) Bus access control unit
JP2004129227A (en) Information reproducing apparatus, secure module, and information regeneration method
JP2007310601A (en) Microcomputer and method for protecting its software
US7194627B2 (en) Method and system for data encryption and decryption
JP5005477B2 (en) Nonvolatile memory device
JPH08185361A (en) Semiconductor integrated circuit device
JP4596247B2 (en) Data processing circuit, data processing apparatus, data processing method, data processing control method, data processing program, and data processing control program
JP2006209690A (en) Data processing circuit
US20240004802A1 (en) Data security for memory and computing systems

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION