WO2019142306A1 - Semiconductor device, data-providing method, data-decoding method, and program - Google Patents

Semiconductor device, data-providing method, data-decoding method, and program Download PDF

Info

Publication number
WO2019142306A1
WO2019142306A1 PCT/JP2018/001505 JP2018001505W WO2019142306A1 WO 2019142306 A1 WO2019142306 A1 WO 2019142306A1 JP 2018001505 W JP2018001505 W JP 2018001505W WO 2019142306 A1 WO2019142306 A1 WO 2019142306A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
divided data
encrypted
header
signal
Prior art date
Application number
PCT/JP2018/001505
Other languages
French (fr)
Japanese (ja)
Inventor
大輔 森山
鈴木 大輔
Original Assignee
ルネサスエレクトロニクス株式会社
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ルネサスエレクトロニクス株式会社, 三菱電機株式会社 filed Critical ルネサスエレクトロニクス株式会社
Priority to PCT/JP2018/001505 priority Critical patent/WO2019142306A1/en
Publication of WO2019142306A1 publication Critical patent/WO2019142306A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/36Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols with means for detecting characters not meant for transmission

Definitions

  • the present invention relates to a semiconductor device, a data providing method, a data decoding method, and a program.
  • IoT Internet of Things
  • IoT devices are widely used. Such IoT devices may update firmware.
  • the divided data is transmitted from the transmitting terminal capable of communicating with the IoT device as the receiving terminal to the receiving terminal. Then, the receiving terminal receives the divided data and combines the received data. In such a case, it is expected that the integrity of the divided data to be transmitted and received is maintained.
  • the embedded device described in Patent Document 1 sequentially performs verification processing on each section obtained by dividing update data for updating software into a plurality of pieces.
  • the embedded device stores intermediate values obtained during the verification process.
  • the embedded device compares the value obtained by the verification process with the verification data to confirm that there is no tampering. If it is confirmed that there is no tampering, the embedded device performs verification processing on each section in order again.
  • the embedded device compares the intermediate value obtained in the verification process with the stored intermediate value, and if it matches, updates the software according to the section.
  • a division size determination unit determines the program to be tampered with based on random number information before loading the program, and the division unit divides the program into block data.
  • the first conversion means converts block data into temporary authentication data of a block division size or less by logical operation.
  • the second conversion means calculates authentication data by subjecting the authentication temporary data to a second conversion process, and stores the authentication data and the block division size.
  • the falsification detection system calculates the comparison data by performing block division, first conversion, and second conversion on the loaded program using the stored block division size after loading the program.
  • the tampering detection system detects tampering of a program by comparing authentication data and comparison data.
  • the processor described in Patent Document 3 includes a core that executes an instruction code, a CPU-unique key unique to the core, and an encrypted ROM code area that stores an encrypted instruction code in a non-rewritable form.
  • the processor includes a code authentication processing block that authenticates an instruction code including an instruction code stored in the area, and a cryptographic processing block that encrypts data input and output between the core and the outside.
  • the data input unit inputs electronic data and divides the electronic data into N segments.
  • the hash value calculation unit and the inspection data generation unit use an operation process in which an operation result obtained by performing a predetermined operation on data of the Mth segment is input for performing predetermined operation of data of the M + 1th segment. Repeat to the Nth segment to generate inspection data.
  • the verification data generation unit generates verification data of electronic data including inspection data and an operation result during generation of the inspection data as intermediate data.
  • the receiving terminal generates an intermediate value, and the transmitting terminal does not share such an intermediate value. Therefore, it can not be verified whether divided data generated at the transmitting terminal is combined in the same state as before division at the receiving terminal.
  • a program is divided and processed a plurality of times by a plurality of processing means, and these are compared and processed. Therefore, the implementation scale becomes large and the computational efficiency is not high.
  • the technique described in Patent Document 3 is not a verification method of divided data by outputting an intermediate value to the outside.
  • the technology described in Patent Document 4 uses the intermediate value for verification inside the device, but is not a technology realized between different devices. That is, the above description has not been made to solve the problem that the receiving terminal that has received the divided data by the transmitting terminal checks the integrity of such data and combines them.
  • the semiconductor device is a semiconductor device having a memory and a control circuit and providing data set in advance to the external terminal device, wherein the memory is an encrypted data with authentication and authentication. It stores key information for
  • the control circuit divides the data into a plurality of divided data while maintaining continuity on the data array, and based on a signal output by performing encryption processing on the previous divided data on the data array. Generate a transmission header.
  • the control circuit generates encrypted divided data and an authentication tag corresponding to the encrypted divided data from the transmission header, the divided data, and the key information, and generates the encrypted divided data and the encrypted divided data.
  • the corresponding authentication tag is output in the order on the data array.
  • the semiconductor device has a memory and a control circuit, and the memory stores key information for decrypting the encrypted encrypted text with authentication.
  • the control circuit sequentially receives, from the external terminal device, encrypted encrypted divided data with authentication and an authentication tag corresponding to the plurality of encrypted divided data.
  • the control circuit decrypts the currently received encrypted division data using the key information, and compares the authentication tag generated by the decryption with the authentication tag received from the external terminal apparatus, thereby performing the decrypted division. Authenticate data.
  • the control circuit collates the continuity verification signal based on the encrypted divided data processed immediately before with the transmission header attached to the decrypted divided data, thereby the divided data processed immediately before and the currently received encryption It is determined whether there is continuity on the data array with the divided data obtained by decoding the divided data.
  • the control circuit determines whether or not to perform the decryption on the encrypted divided data to be received immediately, according to the result of the authentication and the result of the determination as to whether or not the apparatus has the continuity.
  • the semiconductor device can transmit and receive divided data efficiently and safely, and can maintain program consistency.
  • FIG. 1 is a schematic view of a transmission and reception system according to a first embodiment.
  • FIG. 1 is a hardware configuration diagram of a first semiconductor device according to a first embodiment.
  • FIG. 2 is a hardware configuration diagram of a second semiconductor device according to the first embodiment. It is a figure for demonstrating the process of CPU111 in a 1st semiconductor device. It is a figure for demonstrating the process of CPU121 in a 2nd semiconductor device.
  • FIG. 6 is a diagram showing transitions of signals in the CPU 111.
  • FIG. 6 is a diagram showing transitions of signals in the CPU 121.
  • FIG. 7 is a hardware configuration diagram of a first semiconductor device according to a second embodiment.
  • FIG. 7 is a hardware configuration diagram of a second semiconductor device according to a second embodiment.
  • FIG. 7 is a hardware configuration diagram of a first semiconductor device according to a second embodiment.
  • FIG. 7 is a hardware configuration diagram of a second semiconductor device according to a second embodiment. It is a figure for demonstrating the process of CPU111 in a 1st semiconductor device. It is a figure for demonstrating the process of CPU121 in a 1st semiconductor device. It is a figure showing an example of composition of a signal concerning an embodiment.
  • each element described in the drawing as a functional block that performs various processing can be configured by a CPU (Central Processing Unit), a memory, and other circuits in terms of hardware, and in terms of software, a memory It is realized by the program etc. loaded to Therefore, it is understood by those skilled in the art that these functional blocks can be realized in various forms by hardware only, software only, or a combination thereof, and is not limited to any of them. Therefore, the configuration exemplified as the circuit in the following description can be realized by either hardware or software or both, and the configuration shown as the circuit realizing a certain function realizes the same function. Can also be shown as part of the For example, a configuration described as a control circuit may be described as a control unit. In the drawings, the same elements are denoted by the same reference numerals, and the redundant description is omitted as necessary.
  • Non-transitory computer readable media include various types of tangible storage media. Examples of non-transitory computer readable media are magnetic recording media (eg flexible disk, magnetic tape, hard disk drive), magneto-optical recording media (eg magneto-optical disk), CD-ROM (Read Only Memory) CD-R, CD And semiconductor memory (eg, mask ROM, PROM (Programmable ROM), EPROM (Erasable PROM), flash ROM, RAM (Random Access Memory)).
  • the programs may also be supplied to the computer by various types of temporary computer readable media. Examples of temporary computer readable media include electrical signals, light signals, and electromagnetic waves.
  • the temporary computer readable medium can provide the program to the computer via a wired communication path such as electric wire and optical fiber, or a wireless communication path.
  • FIG. 1 is a schematic diagram of a transmission / reception system according to a first embodiment.
  • the transmission / reception system 1 transmits data of the transmission terminal 11 to the reception terminal 12.
  • the transmission terminal 11 is a device having at least the first semiconductor device 110 as a configuration, and is, for example, a computer having a communication function, a tablet, a smart phone, an IoT device, a home appliance, a mobile object, a sensor, an industrial device, etc. is there.
  • the receiving terminal 12 is a device capable of communicating with the transmitting terminal 11, and has at least a second semiconductor device 120 as a configuration.
  • the receiving terminal 12 is, for example, a computer, a tablet, a smartphone, an IoT device, a home appliance, a mobile object, a sensor, an industrial device, or the like.
  • the transmission terminal 11 and the reception terminal 12 are communicably connected. Such connection is not particularly limited as long as it is a method such as USB (Universal Serial Bus), Bluetooth (registered trademark), Wi-Fi (Wireless Fidelity), or the like, which can ensure communication regardless of wired or wireless.
  • USB Universal Serial Bus
  • Bluetooth registered trademark
  • Wi-Fi Wireless Fidelity
  • the transmission / reception system 1 transmits / receives data, for example, when the transmission terminal 11 transmits the latest firmware to the reception terminal 12 to update the firmware of the reception terminal 12. For example, the transmission / reception system 1 divides the data in the transmitting terminal 11, performs the encryption process with authentication on the divided data, and performs the encrypted divided data, which is the encrypted divided data, as an authentication tag corresponding to the data Together with the function of transmitting to the receiving terminal. Further, the transmission / reception system 1 receives the data transmitted by the transmission terminal 11 in the reception terminal 12, decodes the received data, combines them, and restores the state before the transmission terminal 11 is divided. By dividing and transmitting data, the amount of data processed by the receiving terminal 12 at one time can be reduced, and the processing load on the receiving terminal 12 can be reduced.
  • FIG. 2 is a hardware configuration diagram of the first semiconductor device 110 according to the first embodiment.
  • the first semiconductor device 110 in charge of information processing has, as main components, a CPU 111, a memory 112, and an IF 113 (Interface), and these components are connected by a communication bus.
  • the CPU 111 is an arithmetic device for performing arithmetic processing and the like to be described later in the first semiconductor device 110.
  • the CPU 111 mainly has a plaintext control circuit 111a, a transmission header control circuit 111b, and an AE encryption circuit 111c.
  • the CPU 111 may have a plurality of these configurations as hardware, or may be configured to be capable of parallel processing as software.
  • the CPU described in this embodiment may include peripheral circuits other than the CPU core.
  • the plaintext control circuit 111a divides the original data received as an input signal according to a preset specification, and sequentially outputs the divided data to the AE encryption circuit 111c.
  • the plaintext control circuit 111a divides the original data while maintaining the continuity on the data arrangement.
  • the plaintext control circuit 111a sequentially outputs the divided original data while maintaining the continuity on the data array. That is, when the data output from the plaintext control circuit 111a is combined in the order of output, the divided data matches the original data.
  • the plaintext control circuit 111a is a specification for dividing the received data into n (n is an integer of 2 or more) data.
  • the plaintext control circuit 111a receives the original data SG01 as an input signal, and while maintaining the continuity on the data arrangement of the original data SG01, the divided data SG01. Generate i (i is an integer from 1 to n). Then, the plaintext control circuit 111a converts the generated divided data into divided data SG01.1 to SG01. Output in order up to n.
  • the transmission header control circuit 111b receives the initial header and the authentication tag as input signals, and outputs the received signal to the AE encryption circuit 111c as a ciphertext header. Details of the input signal received by the transmission header control circuit 111b will be described later.
  • the key information is also used when performing decryption processing.
  • the AE encryption circuit 111 c outputs a signal including the ciphertext, the authentication tag, and the header.
  • the memory 112 is a readable and writable non-volatile storage device, and mainly includes, for example, a flash memory, an EEPROM (Electrically Erasable Programmable Read-Only Memory), an SSD (Solid State Drive), and the like.
  • the memory 112 stores original data SG01 for input to the plaintext control circuit 111a, key information SG02 for input to the AE encryption circuit, and an initial header SG03 for input to the transmission header control circuit 111b.
  • the IF 113 is an interface for the semiconductor device 110 to transmit and receive various data to and from an external device.
  • the IF 113 receives data processed by the CPU 111 and outputs the received data to the outside.
  • FIG. 3 is a hardware configuration diagram of the second semiconductor device 120 according to the first embodiment.
  • the second semiconductor device 120 in charge of information processing mainly includes a CPU 121, a memory 122, and an IF 123, and these configurations are connected by a communication bus.
  • the CPU 111 is an arithmetic device for performing arithmetic processing and the like to be described later in the second semiconductor device 120.
  • the CPU 121 mainly includes a ciphertext control circuit 121a, a reception header control circuit 121b, a reception tag control circuit 121c, and an AE decryption circuit 111d.
  • the ciphertext control circuit 121a receives, as input signals, the ciphertext received from the transmitting terminal 11 and the integrity verification result received from the AE decryption circuit 121d.
  • the ciphertext control circuit 121a can determine whether to output the ciphertext to the AE decryption circuit 121d based on the received integrity verification result.
  • the reception header control circuit 121b receives, as an input signal, the initial header received from the transmission terminal 11, the transmission header, and the integrity verification result received from the AE decoding circuit 121d. Further, the reception header control circuit 121b has a function of temporarily storing the transmission header. The reception header control circuit 121b can determine whether to output the ciphertext to the AE decryption circuit 121d based on the received integrity verification result.
  • the reception tag control circuit 121c receives, as an input signal, the authentication tag received from the transmission terminal 11, and the integrity verification result received from the AE decoding circuit 121d.
  • the reception tag control circuit 121c can determine whether to output the ciphertext to the AE decryption circuit 121d based on the received integrity verification result.
  • the AE decryption circuit 121 d performs decryption processing and verification of the authentication tag on the authentication-encrypted signal. That is, the AE decryption circuit 121 d uses the ciphertext, the authentication tag, the header signal, and the key information stored in the memory 122 received from the transmission terminal 11 as input signals. The AE decryption circuit 121 d decrypts the ciphertext, and verifies whether the authentication tag generated as a result of the decryption matches the authentication tag received as the input signal. As a result of the verification, if these authentication tags match, the AE decryption circuit 121d outputs the decrypted plaintext. On the other hand, if the authentication tags do not match, the AE decoding circuit 121d outputs an error signal as a result of the consistency verification.
  • FIG. 4 is a diagram for explaining the processing of the CPU 111 in the first semiconductor device.
  • the CPU 111 accesses the memory 112 to read the original data SG01 and the initial header SG03, and supplies the original data SG01 to the plaintext control circuit 111a and the initial header SG03 to the transmission header control circuit 111b.
  • the plaintext control circuit 111a having received the original data SG01 converts the original data SG01 from the divided data SG01.1 to the divided data SG01. Generate n divided data up to n.
  • the plaintext control circuit 111a sequentially outputs each divided data to the AE encryption circuit 111c while maintaining the continuity on the data arrangement.
  • the transmission header control circuit 111b Upon receiving the initial header SG03, the transmission header control circuit 111b outputs the initial header SG03 to the AE encryption circuit 111c as a transmission header SG06.1 to be added to the divided data SG01.1.
  • the transmission header control circuit 111b causes the transmission headers SG06. i (where i is an integer from 2 to n here), the authentication tag SG 05. Receive i-1. Then, the transmission header control circuit 111b receives the received authentication tag SG05. i-1 to the next transmission header SG06. It sequentially outputs to the AE encryption circuit 111c as i.
  • the AE encryption circuit 111c receives the key information SG02 from the memory 112, and at the same time, the divided data SG01. i, transmission header SG06. Receive i. Then, the AE encryption circuit 111c transmits the divided data SG01. encrypt i. The AE encryption circuit 111 c outputs the ciphertext SG 04. i and an authentication tag SG05. Output i. Ciphertext SG04. i is divided data SG01. i is encrypted data. Note that the initial header SG03 and the output ciphertext SG04. i and an authentication tag SG05. The i is transmitted to the receiving terminal 12 via the IF 113.
  • FIG. 5 is a diagram showing a configuration example of the signal according to the first embodiment.
  • the signal in the present embodiment refers to a block of signals to be transmitted and received as a frame.
  • Ethernet registered trademark
  • BLE Bluetooth Low Energy (registered trademark)
  • FIG. 5 shows a frame 500 and a frame 600 as an example of a frame output by the CPU 111.
  • the frame 500 has a communication header at the beginning of the signal, followed by the payload, and then by the auxiliary information.
  • the communication header includes an initial header SG03.
  • the payload is divided data SG01. i includes a signal encrypted with key information SG02.
  • the auxiliary information is the authentication tag SG05. including i.
  • the frame 600 differs from the frame 500 in the configuration of the payload and the auxiliary information.
  • the payload is divided data SG01. i is encrypted by the key information SG02, and the authentication tag SG05. including i.
  • the auxiliary information is the authentication tag SG05. i is not included.
  • any configuration of the frame 500 or the frame 600 exemplified herein may be employed.
  • the original data can be divided and assigned to the payload area by adopting the frame 500.
  • the authentication tag can be put in part of the payload area.
  • FIG. 6 is a diagram for explaining the process of the CPU 121 in the second semiconductor device.
  • the CPU 121 transmits an initial header SG03, a ciphertext SG04. i, and the authentication tag SG05. Receive i.
  • the CPU 121 supplies the initial header SG03 to the reception header control circuit 121b, and the ciphertext SG04. i is supplied to the ciphertext control circuit 121a, and the authentication tag SG05. i is supplied to the reception header control circuit 121 b and the reception tag control circuit, respectively.
  • the ciphertext control circuit 121a transmits the ciphertext SG04. i received and received ciphertext SG 04. i is output to the AE decoding circuit 121 d.
  • the reception header control circuit 121b When receiving the initial header SG03, the reception header control circuit 121b outputs the initial header SG03 to the AE decryption circuit 121d as a reception header SG07.1 corresponding to the ciphertext SG04.1 that is the first piece of encrypted division data.
  • the reception header control circuit 121b causes the reception headers SG07.
  • i here, i is an integer from 2 to n here
  • Receive i-1 That is, the reception header control circuit 121b transmits the authentication tag SG05.
  • i is received, it is temporarily stored, and the immediately following authentication tag SG05.
  • i + 1 is received, the authentication tag SG05.
  • i is output to the AE decoding circuit 121 d. Note that the timing of output to the AE decoding circuit 121 d and the immediately following authentication tag SG05. The timing of receiving i + 1 does not matter.
  • the reception tag control circuit 121c controls the authentication tag SG05. i received the authentication tag SG05. i is output to the AE decoding circuit 121 d.
  • the AE decryption circuit 121 d transmits the ciphertext SG 04. i, received header SG07. i, and the authentication tag SG05. Receive i each. Also, the AE decryption circuit 121 d accesses the memory 122 and receives the key information SG 02. The AE decryption circuit 121 d uses the key information SG02 to encrypt the ciphertext SG04. Decryption division data SG08. i, and authentication tag SG09. Calculate i. In addition, ciphertext SG 04. If i is correctly decoded, the decoded split data SG08. i is divided data SG01. The same as i, the authentication tag SG09. i is an authentication tag SG05. It is the same as i. When the AE decoding circuit 121d performs the decoding process as described above, it performs the following verification process.
  • the AE decoding circuit 121d determines whether the authentication tag SG09. i and the authentication tag SG05.n received from the reception tag control circuit 121c. It is checked whether i matches. Authentication tag SG09. i and authentication tag SG05. If i matches, the AE decryption circuit 121 d determines that the ciphertext SG 04. It means that i has been correctly decoded.
  • the AE decryption circuit 121d receives the reception header SG07. As a header signal for guaranteeing the continuity of the encrypted divided data. Receive i. Therefore, when the AE decoding circuit 121d performs the above-described verification process and correct decoding is performed, the decoded divided data SG08. i is the decoded split data SG08. It is data maintaining continuity on data array from i-1.
  • the AE decoding circuit 121 d performs the above verification process, and if the decoding is correctly performed, the verification result SG10. For example, a signal “1” is output to i as a signal indicating that the verification result has been correctly performed.
  • the AE decoding circuit 121d detects the verification result SG10.
  • the i is output to the ciphertext control circuit 121a, the reception header control circuit 121b, and the reception tag control circuit 121c. Furthermore, the AE decoding circuit 121d outputs the decoded divided data SG08. Output i.
  • the AE decoding circuit 121d performs the above verification process, and if the verification result is not a correct result, the verification result SG10. For example, a signal “0” is output to i as a signal indicating that the verification result has not been correctly performed. Further, in this case, the AE decoding circuit 121d is configured to use the decoded divided data SG08. Do not output i.
  • FIG. 7 is a diagram showing transitions of signals in the CPU 111. As shown in FIG. FIG. 7 shows that each signal output from the CPU 111 has a relationship to maintain the continuity on the data array, and thus shows how the processing proceeds in a chained manner from the left to the right. ing. Therefore, for convenience of explanation, a plurality of configurations of the CPU 111 are described in FIG. 7 differently from the actual configuration. The details of the processing already described in FIG. 4 will be omitted.
  • the AE encryption circuit 111c encrypts the divided data SG01.1. Also, the AE encryption circuit 111c receives the initial header SG03 as a transmission header SG06.1. As a result of the encryption processing, the AE encryption circuit 111c outputs the first authentication tag SG05.1 corresponding to the first ciphertext SG04.1 and the ciphertext SG04.1.
  • the output ciphertext SG04.1 and the authentication tag SG05.1 are included in the first frame FR1, and the frame FR1 is transmitted from the transmitting terminal 11 to the receiving terminal 12.
  • the AE encryption circuit 111c encrypts the divided data SG01.2. Also, the AE encryption circuit 111c receives the authentication tag SG05.1 attached to the frame FR1 as the transmission header SG06.2. As a result of the encryption processing, the AE encryption circuit 111c outputs the second ciphertext SG04.2 and the first authentication tag SG05.2 corresponding thereto.
  • the output ciphertext SG04.2 and authentication tag SG05.2 are included in the second frame FR2, and the frame FR2 is transmitted from the transmitting terminal 11 to the receiving terminal 12.
  • the third data is also generated similarly to the second data and sequentially transmitted to the receiving terminal.
  • the AE encryption circuit 111c generates divided data SG01. Encrypt n.
  • the AE encryption circuit 111c transmits the authentication tag SG05. Send n-1 header SG06. Receive as n.
  • the AE encryption circuit 111c transmits the nth ciphertext SG04. n and the first authentication tag SG 05. Output n
  • the output ciphertext SG04. n and authentication tag SG05. n is included in the nth frame FRn, and the frame FRn is transmitted from the transmitting terminal 11 to the receiving terminal 12.
  • FIG. 8 is a diagram showing transitions of signals in the CPU 121.
  • FIG. 8 is a diagram showing transitions of signals in the CPU 121.
  • FIG. 8 shows that processing proceeds from the left side to the right side in order to show that each signal output from the CPU 121 has a relationship maintaining continuity on the data arrangement. Therefore, for convenience of explanation, a plurality of configurations of the CPU 111 are described in FIG. 7 differently from the actual configuration. The details of the processing already described in FIG. 6 will be omitted.
  • the AE decryption circuit 121 d decrypts the ciphertext SG04.1.
  • the AE decoding circuit 121d receives the reception header SG07.1 (equal to the initial header SG03) and the authentication tag SG05.1, and verifies whether the decoded divided data SG08.1 is correctly decoded. If the verification result is output as the correct one, the AE decoding circuit 121d outputs the decoded divided data SG08.1.
  • the AE decryption circuit 121d decrypts the ciphertext SG04.2.
  • the AE decoding circuit 121d receives the reception header SG07.2 (equal to the authentication tag SG05.1) and the authentication tag SG05.2, and verifies whether the decoded divided data SG08.2 is correctly decoded. If the verification result is output as the correct one, the AE decoding circuit 121d outputs the decoded divided data SG08.2. When the decrypted divided data SG08.1 is not properly decrypted, the decryption process of the ciphertext SG04.2 may or may not be performed.
  • the CPU 121 may combine and process the first decoded divided data SG08.1 and the second decoded divided data SG08.2 after they are output.
  • the AE decryption circuit 121d decrypts the third ciphertext SG04.3 in the same manner as the second ciphertext SG04.2, and outputs the decrypted divided data SG08.3 if the verification result is correct.
  • the CPU 121 may combine the first decoded split data SG08.1 and the second decoded split data SG08.2, and then combine the third decoded split data SG08.3.
  • the decryption process of the ciphertext SG04.3 may or may not be performed.
  • the AE decryption circuit 121d transmits the ciphertext SG04. Decode n.
  • the AE decoding circuit 121d receives the reception header SG07. n (equal to transmission header SG06.n-1), an authentication tag SG05.n. n, and the decoded split data SG08. Verify that n was correctly decoded. If the verification result is output as the correct one, the AE decoding circuit 121 d outputs the decoded divided data SG08. Output n In this way, the CPU 121 can sequentially verify divided data maintaining continuity on the data array, and sequentially combine and process them. The combining process may be sequentially performed, or may be collectively performed after all the verification processes are completed. When the subsequent decryption is performed when the ciphertext is not correctly decrypted in any decryption process, the decrypted divided data may be discarded.
  • the second semiconductor device 120 can sequentially decode the divided data while maintaining the continuity on the data arrangement.
  • the second semiconductor device 120 can perform processing to prevent loss or replacement of divided data.
  • the transmission and reception system 1 according to the first embodiment can secure secrecy and data integrity in data transmission and reception.
  • the reception terminal 12 in the transmission and reception system 1 according to the first embodiment can proceed with the process of sequentially combining the decoded divided data before completing the reception of all the data.
  • Embodiment 2 will be described with reference to FIGS. 9 to 12.
  • the transmission / reception system 1 according to the second embodiment is different from that of the first embodiment in the function of the CPU 211 included in the first semiconductor device 210.
  • the transmission terminal 11 has the first semiconductor device 210.
  • the transmission / reception system 1 according to the second embodiment is different from that of the first embodiment in the function of the CPU 221 included in the second semiconductor device 220 in which the receiving terminal 12 includes the second semiconductor device 220.
  • FIG. 9 is a hardware configuration diagram of the first semiconductor device according to the second embodiment.
  • the first semiconductor device 210 according to the second embodiment has the CPU 211, and the CPU 211 performs transmission instead of the transmission header control circuit 111b that the CPU 111 according to the first embodiment has. It has a header control circuit 211b.
  • FIG. 10 is a hardware configuration diagram of the second semiconductor device according to the second embodiment.
  • the second semiconductor device 220 according to the second embodiment has the CPU 221, and the CPU 221 is replaced with the reception header control circuit 121b that the CPU 121 according to the first embodiment has, and the reception is performed. It has a header control circuit 221b.
  • FIG. 11 is a diagram for explaining the process of the CPU 211 in the first semiconductor device. As shown in FIG. 11, the CPU 211 differs from the first embodiment in signal processing between the AE encryption circuit 111 c and the transmission header control circuit 211 b.
  • the transmission header control circuit 211b When the transmission header control circuit 211b receives the initial header SG03, the transmission header control circuit 211b outputs it to the AE encryption circuit 111c as a transmission header SG06.1 to be added to the first divided data SG01.1.
  • the transmission header control circuit 111 b transmits transmission headers SG 06.
  • Receive i-1 Then, the transmission header control circuit 111b receives the ciphertext SG04. i-1 to the next transmission header SG06. It sequentially outputs to the AE encryption circuit 111c as i.
  • the transmission header control circuit 211 b receives the received ciphertext SG 04.
  • i is calculated using a preset algorithm for i, and the result is stored in a transmission header SG06. It may be i.
  • the preset algorithm is, for example, one using a hash function such as CRHF (Collision Resistant Hash Function).
  • FIG. 12 is a diagram for explaining the process of the CPU 221 in the second semiconductor device.
  • the CPU 221 transmits the initial header SG03, the ciphertext SG04. i, and the authentication tag SG05. Receive i.
  • the CPU 221 supplies the initial header SG03 to the reception header control circuit 121b, and the ciphertext SG04. i is supplied to the ciphertext control circuit 121a and the reception header control circuit 221b, and the authentication tag SG05. supply i to the receiving tag control circuit respectively.
  • the reception header control circuit 221b When receiving the initial header SG03, the reception header control circuit 221b outputs it to the AE decryption circuit 121d as a reception header SG07.1 corresponding to the ciphertext SG04.1 which is the first piece of encrypted division data.
  • the reception header control circuit 221b causes the reception headers SG07.
  • i here is an integer from 2 to n
  • Receive i-1 That is, the reception header control circuit 221b transmits the ciphertext SG04.
  • i is received, it is temporarily stored, and ciphertext SG04.
  • i + 1 is received, the ciphertext SG 04.
  • i is output to the AE decoding circuit 121 d.
  • the reception header control circuit 221b like the transmission header control circuit 211b, receives the received ciphertext SG04. An operation may be performed using a preset algorithm for i, and the result may be used as the reception header SG07.1.
  • the preset algorithm is, for example, one using a hash function such as CRHF (Collision Resistant Hash Function).
  • CRHF collision Resistant Hash Function
  • the transmission and reception system 1 according to the second embodiment can secure secrecy and data integrity in data transmission and reception.
  • the reception terminal 12 in the transmission and reception system 1 according to the second embodiment can proceed with the process of sequentially combining the decoded divided data before completing the reception of all the data.
  • the first embodiment and the second embodiment are different from each other in the original information to be used as a header.
  • the transmission / reception system or the semiconductor device according to Embodiment 1 and Embodiment 2 can be described as follows. That is, the first semiconductor devices 110 and 210 of the transmission terminal 11 generate the transmission header based on the data output by the processing on the immediately preceding divided encryption data on the data array.
  • the transmission header may be an authentication tag output from the AE encryption circuit 111c or the AE encryption circuit 211c, or may be a ciphertext.
  • the transmission header may be an authentication tag or an encrypted text output from the AE encryption circuit 111 c or the AE encryption circuit 211 c, which is calculated by a preset algorithm.
  • the second semiconductor devices 120 and 220 of the receiving terminal 12 generate the reception header based on the data output by the processing on the immediately preceding encrypted divided data on the data array.
  • the reception header may be an authentication tag or a ciphertext in the signal received by the reception terminal 12. Further, the received header may be one obtained by calculating the received authentication tag or ciphertext according to a preset algorithm.
  • the transmission terminal 11 has the first semiconductor device 310, and the function of the CPU 311 included in the first semiconductor device 310 is different from that of the first embodiment.
  • the transmission / reception system 1 according to the third embodiment is different from that of the first embodiment in the function of the CPU 321 included in the second semiconductor device 320, in which the receiving terminal 12 has the second semiconductor device 320.
  • the transmission / reception system 1 according to the third embodiment is different from that of the first embodiment in the process for the first divided data and the process for the last divided data.
  • FIG. 13 is a hardware configuration diagram of the first semiconductor device according to the third embodiment.
  • the first semiconductor device 310 according to the third embodiment has a CPU 311, and the CPU 311 performs transmission instead of the transmission header control circuit 111 b that the CPU 111 according to the first embodiment has. It has a header control circuit 311b.
  • the memory 112 stores the first signal SG11 and the second signal SG12 in addition to the original data SG01, the key information SG02, and the initial header SG03.
  • the first signal SG11 is a signal indicating that it is the processing of the first divided data when the original data SG01 is divided in the transmitting terminal 11 to perform the encryption process with authentication.
  • the second signal SG12 is a signal indicating that it is the last process when the transmitting terminal 11 divides the original data SG01 and performs encryption processing with authentication.
  • FIG. 14 is a hardware configuration diagram of the second semiconductor device according to the third embodiment.
  • the second semiconductor device 320 according to the third embodiment has the CPU 321, and the CPU 321 receives instead of the reception header control circuit 121b that the CPU 121 according to the first embodiment has. It has a header control circuit 321b.
  • the CPU 321 shown in FIG. 14 transmits a first signal SG11 and a second signal SG12 from the transmitting terminal 11. Therefore, in the execution program (not shown), it is registered in advance that the first signal SG11 is a signal related to the first divided data and the second signal SG12 is a signal related to the last divided data.
  • the CPU 321 may store the first signal SG11 and the second signal SG12 in the memory 122 and execute the following processing by referring to the stored first signal SG11 and the second signal SG12.
  • FIG. 15 is a diagram for explaining the process of the CPU 311 in the first semiconductor device.
  • the CPU 311 differs from the first embodiment in that the transmission header control circuit 311b receives the first signal SG11 and the second signal SG12 from the memory 112 and processes the received signals.
  • the processing of the transmission header control circuit 311b will be described below for the first processing, the second to (n-1) th processing, and the nth processing.
  • the transmission header control circuit 311 b In the first process, the transmission header control circuit 311 b generates an AE encryption circuit as a transmission header SG06.1 in which the received initial header SG03 and the first signal SG11 are added to the divided data SG01.1 to be subjected to the first process. Output to 111c.
  • the AE encryption circuit 111c encrypts the divided data SG01.1 using the key information SG02, adds a transmission header SG06.1 including the initial header SG03 and the first signal SG11, and adds the ciphertext SG04.1.
  • the transmission header control circuit 311 b performs the process described in the first embodiment.
  • the transmission header control circuit 311b receives the authentication tag SG05.n received from the AE encryption circuit 111c.
  • the n ⁇ 1 and the second signal SG12 are divided into divided data SG01. Transmission header SG06. It outputs to the AE encryption circuit 111c as n.
  • the AE encryption circuit 111c uses the key information SG02 to generate divided data SG01. n is encrypted, and a transmission header SG06. n is attached and ciphertext SG 04. Generate n.
  • the CPU 311 according to the third embodiment includes the first signal SG11 indicating the first process in the transmission header SG06.1 of the ciphertext SG04.1 applied to the first process. Further, the CPU 311 according to the third embodiment determines the ciphertext SG 04. n transmission header SG06. n includes a first signal SG11 indicating that it is the final process.
  • FIG. 16 is a diagram for explaining the process of the CPU 321 in the second semiconductor device.
  • the CPU 321 transmits an initial header SG03, an encrypted text SG04. i, authentication tag SG05. i, the first signal SG11, and the second signal SG12 are received.
  • the CPU 321 supplies the initial header SG03, the first signal SG11, and the second signal SG12 to the reception header control circuit 121b.
  • reception header control circuit 321b The processing of the reception header control circuit 321b will be described below for the first processing, the second to n-1st processing, and the nth processing.
  • the reception header control circuit 321b sends the initial header SG03 and the first signal SG11 to the AE decryption circuit 121d as the reception header SG07.1 to be added to the ciphertext SG04.1 which is the first piece of encrypted division data. Output.
  • the AE decryption circuit 121d decrypts the ciphertext SG04.1.
  • the AE decoding circuit 121d processes the decoded divided data SG08.1 as the first divided data.
  • the reception header control circuit 321 b performs the process described in the first embodiment.
  • the reception header control circuit 321b sets the transmission header SG06.1 as the reception header SG07.1 to be added to the ciphertext SG04.1 which is the nth encryption division data.
  • the n ⁇ 1 and the second signal SG12 are output to the AE decoding circuit 121d.
  • the AE decryption circuit 121 d transmits the ciphertext SG 04. Decode n.
  • the AE decoding circuit 121d transmits the transmission headers SG06. When it is detected that n contains the second signal SG12, the decoded split data SG08. Process n as final divided data.
  • the AE decoding circuit 121 d verifies whether the transmission header includes the first signal SG11 or the second signal SG12 in the process described above, the first signal SG11 or the second signal SG11 stored in advance in the memory 122 Processing may be performed using two signals SG12. In that case, the above-described processing may be performed without transmitting the first signal SG11 or the second signal SG12 from the transmission terminal 11.
  • the process which concerns on the above-mentioned 1st signal SG11 and 2nd signal SG12 can also abbreviate
  • the first divided data can be secured by the data included in the first header.
  • the processing relating to the first signal SG11 and the second signal SG12 described above can also be applied to the transmission and reception system 1 according to the second embodiment.
  • the CPU 321 according to the third embodiment detects that the first signal SG11 indicating that it is the head divided data is included.
  • the CPU 321 according to the third embodiment detects that the second signal SG12 indicating that the divided data is the last divided data among the n divided data is included.
  • the semiconductor device 320 according to the third embodiment can process the divided data from the beginning to the end to ensure consistency with the original data. It becomes. Therefore, the transmission and reception system 1 according to the third embodiment can secure secrecy and data integrity in data transmission and reception.
  • a semiconductor device having a memory and a control circuit and providing data set in advance to an external terminal device,
  • the memory stores key information for authenticated encryption;
  • the control circuit The data is divided into a plurality of divided data while maintaining continuity on the data array, Generating a transmission header on the basis of a signal output by performing encryption processing on the previous divided data on the data array;
  • An encrypted divided data and an authentication tag corresponding to the encrypted divided data are generated from the transmission header, the divided data, and the key information, respectively.
  • Semiconductor device Semiconductor device.
  • the transmission header is It is an authentication tag that is output by encrypting the previous divided data on the data array, The semiconductor device according to appendix 1.
  • the transmission header is A signal based on a ciphertext output by performing an encryption process on the previous divided data on the data array;
  • the transmission header is It is a signal calculated by inputting the ciphertext into a preset hash function, The semiconductor device according to appendix 3.
  • the memory further stores an initial header that is header information of the data;
  • the control circuit The transmission header including the initial header is generated for the first divided data on the data array among the encrypted divided data.
  • the memory further stores a first signal for indicating that it is the first divided data on the data array;
  • the control circuit The first signal is included in the transmission header with respect to the first divided data on the data array among the encrypted divided data,
  • the semiconductor device according to appendix 1.
  • the memory further stores a second signal for indicating the last divided data on the data array;
  • the control circuit The second signal is included in the transmission header with respect to the last divided data in the data array among the encrypted divided data,
  • the semiconductor device according to appendix 1.
  • a data providing method for providing preset data to an external terminal device comprising: The data is divided into a plurality of divided data while maintaining continuity on the data array, Generating a transmission header on the basis of a signal output by performing encryption processing on the previous divided data on the data array; An encrypted divided data and an authentication tag corresponding to the encrypted divided data are generated from the transmission header, the divided data, and the key information, respectively. Outputting the generated encrypted divided data and the authentication tag corresponding to the encrypted divided data in the order on the data array; Data provision method.
  • the method is The data is divided into a plurality of divided data while maintaining continuity on the data array, Generating a transmission header on the basis of a signal output by performing encryption processing on the previous divided data on the data array; An encrypted divided data and an authentication tag corresponding to the encrypted divided data are generated from the transmission header, the divided data, and the key information, respectively. Outputting the generated encrypted divided data and the authentication tag corresponding to the encrypted divided data in the order on the data array; program.
  • the memory stores key information for decrypting the encrypted encrypted data with authentication.
  • the control circuit Receiving an initial header, encrypted encrypted divided data with authentication, an authentication tag corresponding to the plurality of encrypted divided data, and a header signal for guaranteeing continuity of the encrypted divided data from an external terminal device; Decrypt the received encrypted division data by the key information; The decrypted divided data is authenticated by comparing the authentication tag generated by the decryption and the header signal with the authentication tag received from the external terminal device, and the encryption received immediately after the authentication result according to the result of the authentication Determine whether to perform the decoding on the divided data; Semiconductor device.
  • the header signal is an authentication tag corresponding to the encrypted divided data processed immediately before, The semiconductor device according to appendix 10.
  • the header signal is a signal based on the ciphertext of the encrypted divided data processed immediately before, The semiconductor device according to appendix 10.
  • the header is a signal calculated by inputting the ciphertext of the encrypted divided data processed immediately before into a hash function set in advance.
  • the control unit Along with the encrypted split data, Receiving from the external terminal apparatus a first signal for indicating that it is the first divided data on the data array; In the case where the first signal is included in the decryption header information generated by performing decryption processing on the encrypted division data received first, Execute decryption processing of encrypted split data provided immediately after, The semiconductor device according to appendix 10.
  • a data decryption method for decrypting encrypted divided data provided from an external terminal device comprising: Store key information for decryption, Receiving sequentially encrypted encrypted division data with authentication, an authentication tag corresponding to the plurality of encrypted division data, and a header signal for ensuring continuity of the encrypted division data from an external terminal device; Decrypting the received encrypted divided data sequentially with the key information; The decrypted divided data is authenticated by comparing the authentication tag generated by the decryption with the authentication tag received from the external terminal device; In accordance with the result of the authentication and the result of the determination as to whether or not the apparatus has the continuity, it is determined whether or not the decryption is to be performed on the encrypted divided data to be received immediately thereafter. Data decryption method.
  • a transmitting terminal for transmitting data and a receiving terminal for receiving data The transmitting terminal is Have key information, The data is divided into a plurality of divided data while maintaining continuity on the data array, Generating a transmission header on the basis of a signal output by performing encryption processing on the previous divided data on the data array; An encrypted divided data and an authentication tag corresponding to the encrypted divided data are generated from the transmission header, the divided data, and the key information, respectively.
  • the receiving terminal is Have the key information, Receiving sequentially encrypted encrypted division data with authentication, an authentication tag corresponding to the plurality of encrypted division data, and a header signal for ensuring continuity of the encrypted division data from an external terminal device; Decrypting the received encrypted divided data sequentially with the key information; The decrypted divided data is authenticated by comparing the authentication tag generated by the decryption with the authentication tag received from the external terminal device; In accordance with the result of the authentication and the result of the determination as to whether or not the apparatus has the continuity, it is determined whether or not the decryption is to be performed on the encrypted divided data to be received immediately thereafter. Transmission and reception system.
  • the embodiment can be applied to a server apparatus, a terminal apparatus, etc. that transmits and receives the update program.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

A semiconductor device (110) has a memory (112) and a control circuit (111). The semiconductor device provides preset data to an external terminal device. The memory (112) stores key information for authenticated encryption. The control circuit (111) divides data into a plurality of divided data while maintaining contiguity in a data array and generates a transmission header on the basis of a signal outputted by encrypting the immediately preceding divided data in the data array. The control circuit (111) generates encryption divided data and an authentication tag that corresponds to the encryption divided data, respectively, from the transmission header, the divided data, and the key information, and outputs the encryption divided data and the authentication tag that corresponds to the encryption divided data in accordance with an order in the data array.

Description

半導体装置、データ提供方法、データ復号方法、およびプログラムSemiconductor device, data providing method, data decoding method, and program
 本発明は半導体装置、データ提供方法、データ復号方法、およびプログラムに関する。 The present invention relates to a semiconductor device, a data providing method, a data decoding method, and a program.
 IoT(Internet of Things)機器が広く普及している。かかるIoT機器は、ファームウェアをアップデートする場合がある。そのような場合に、受信端末であるIoT機器と通信可能な送信端末から分割したデータを受信端末へ送信する。そして、受信端末は、分割データを受け取り、受け取ったデータを結合する。このような場合において、送受信する分割データの整合性を保つことが期待されている。 IoT (Internet of Things) devices are widely used. Such IoT devices may update firmware. In such a case, the divided data is transmitted from the transmitting terminal capable of communicating with the IoT device as the receiving terminal to the receiving terminal. Then, the receiving terminal receives the divided data and combines the received data. In such a case, it is expected that the integrity of the divided data to be transmitted and received is maintained.
 特許文献1に記載の組込機器は、ソフトウェアを更新する更新データが複数に分割された各セクションについて順に検証処理を行う。組込機器は、検証処理の途中で得られる中間値を記憶しておく。組込機器は、全てのセクションに対して検証処理が完了すると、検証処理で得られた値と、検証データとを比較して、改ざんがないことを確認する。改ざんがないことが確認できると、組込機器は、再び各セクションについて順に検証処理を行う。組込機器は、検証処理で得られた中間値と記憶しておいた中間値とを比較して、一致すると、そのセクションによってソフトウェアを更新する。 The embedded device described in Patent Document 1 sequentially performs verification processing on each section obtained by dividing update data for updating software into a plurality of pieces. The embedded device stores intermediate values obtained during the verification process. When the verification process is completed for all the sections, the embedded device compares the value obtained by the verification process with the verification data to confirm that there is no tampering. If it is confirmed that there is no tampering, the embedded device performs verification processing on each section in order again. The embedded device compares the intermediate value obtained in the verification process with the stored intermediate value, and if it matches, updates the software according to the section.
 特許文献2に記載の改ざん検出システムは、改竄検出対象であるプログラムに対し、プログラムのロード前に分割サイズ決定手段が乱数情報に基づき決定し、分割手段が前記プログラムをブロックデータに分割する。第1変換手段は、ブロックデータを論理演算によりブロック分割サイズ以下の認証一時データに変換する。第2変換手段は、前記認証一時データを第2変換処理することで認証データを算出し、認証データとブロック分割サイズとを、記憶する。改ざん検出システムは、プログラムのロード以後に、ロードされたプログラムに対し、記憶されているブロック分割サイズを用い、ブロック分割、第1変換、第2変換を行い、比較データを算出する。改ざん検出システムは、認証データと比較データとを比較することでプログラムの改竄を検出する。 In the tampering detection system described in Patent Document 2, a division size determination unit determines the program to be tampered with based on random number information before loading the program, and the division unit divides the program into block data. The first conversion means converts block data into temporary authentication data of a block division size or less by logical operation. The second conversion means calculates authentication data by subjecting the authentication temporary data to a second conversion process, and stores the authentication data and the block division size. The falsification detection system calculates the comparison data by performing block division, first conversion, and second conversion on the loaded program using the stored block division size after loading the program. The tampering detection system detects tampering of a program by comparing authentication data and comparison data.
 特許文献3に記載のプロセッサは、命令コードを実行するコアと、コアに固有のCPU固有鍵と、暗号化された命令コードを書き換え不可能な形式で記憶する暗号化ROMコード領域とを備える。プロセッサは、この領域に記憶された命令コードを含む命令コードの認証を行うコード認証処理ブロックと、コアと外部との間で入出力されるデータを暗号化する暗号処理ブロックとを備える。 The processor described in Patent Document 3 includes a core that executes an instruction code, a CPU-unique key unique to the core, and an encrypted ROM code area that stores an encrypted instruction code in a non-rewritable form. The processor includes a code authentication processing block that authenticates an instruction code including an instruction code stored in the area, and a cryptographic processing block that encrypts data input and output between the core and the outside.
 特許文献4に記載の情報処理装置において、データ入力部は、電子データを入力し、電子データをN個のセグメントに分割する。ハッシュ値計算部および検査データ生成部は、M番目のセグメントのデータに所定の演算を行った演算結果を、M+1番目のセグメントのデータの所定の演算を行うための入力とする演算処理をN番目のセグメントまで繰り返し行って、検査データを生成する。検証データ生成部は、検査データ、および、検査データの生成の途中の演算結果を中間データとして含む、電子データの検証データを生成する。 In the information processing apparatus described in Patent Document 4, the data input unit inputs electronic data and divides the electronic data into N segments. The hash value calculation unit and the inspection data generation unit use an operation process in which an operation result obtained by performing a predetermined operation on data of the Mth segment is input for performing predetermined operation of data of the M + 1th segment. Repeat to the Nth segment to generate inspection data. The verification data generation unit generates verification data of electronic data including inspection data and an operation result during generation of the inspection data as intermediate data.
国際公開第2015/068220号International Publication No. 2015/068220 国際公開第2008/056700号International Publication No. 2008/056700 特開2006-018528号公報JP, 2006-018528, A 特開2013-138409号公報JP, 2013-138409, A
 特許文献1に記載の技術は、受信端末が中間値を生成するものであって、送信端末がかかる中間値を共有する仕組みではない。そのため、送信端末において生成した分割データが、受信端末において分割前と同じ状態に結合されたかを検証できない。特許文献2に記載の技術は、複数の加工手段によりプログラムを複数回分割処理し、これらを比較処理する。そのため、実装規模が大きくなり、且つ、計算効率が高くない。特許文献3に記載の技術は、中間値を外部に出力することによる分割データの検証手法ではない。特許文献4に記載の技術は、中間値を装置内部における検証に利用しているが、異なる機器間において実現する技術ではない。すなわち、上記の記述は、送信端末が分割したデータを受け取った受信端末が、かかるデータの整合性を確認し、結合するといった課題を解決するには至っていない。 In the technique described in Patent Document 1, the receiving terminal generates an intermediate value, and the transmitting terminal does not share such an intermediate value. Therefore, it can not be verified whether divided data generated at the transmitting terminal is combined in the same state as before division at the receiving terminal. In the technology described in Patent Document 2, a program is divided and processed a plurality of times by a plurality of processing means, and these are compared and processed. Therefore, the implementation scale becomes large and the computational efficiency is not high. The technique described in Patent Document 3 is not a verification method of divided data by outputting an intermediate value to the outside. The technology described in Patent Document 4 uses the intermediate value for verification inside the device, but is not a technology realized between different devices. That is, the above description has not been made to solve the problem that the receiving terminal that has received the divided data by the transmitting terminal checks the integrity of such data and combines them.
 その他の課題と新規な特徴は、本明細書の記述および添付図面から明らかになるであろう。 Other problems and novel features will be apparent from the description of the present specification and the accompanying drawings.
 一実施の形態によれば、半導体装置は、メモリと制御回路とを有し、外部端末装置に対して予め設定されたデータを提供する半導体装置であって、前記メモリは、認証付き暗号化のための鍵情報を記憶している。前記制御回路は、前記データを、データ配列上の連続性を維持したまま、複数の分割データに分割し、前記データ配列上における直前の分割データを暗号化処理することによって出力された信号に基づいて送信ヘッダを生成する。前記制御回路は、前記送信ヘッダと前記分割データと前記鍵情報とから、それぞれ暗号分割データと当該暗号分割データに対応する認証タグとを生成し、生成した前記暗号分割データと当該暗号分割データに対応する前記認証タグとを、前記データ配列上の順番に従って出力する。 According to one embodiment, the semiconductor device is a semiconductor device having a memory and a control circuit and providing data set in advance to the external terminal device, wherein the memory is an encrypted data with authentication and authentication. It stores key information for The control circuit divides the data into a plurality of divided data while maintaining continuity on the data array, and based on a signal output by performing encryption processing on the previous divided data on the data array. Generate a transmission header. The control circuit generates encrypted divided data and an authentication tag corresponding to the encrypted divided data from the transmission header, the divided data, and the key information, and generates the encrypted divided data and the encrypted divided data. The corresponding authentication tag is output in the order on the data array.
 一実施の形態によれば、半導体装置は、メモリと制御回路とを有し、前記メモリは、認証付き暗号化された暗号文を復号するための鍵情報を記憶している。前記制御回路は、外部端末装置から認証付き暗号化された暗号分割データと当該複数の暗号分割データに対応する認証タグとを順次受け取る。前記制御回路は、現在受け取っている暗号分割データを前記鍵情報により復号し、前記復号により生成した認証タグと、前記外部端末装置から受け取った前記認証タグとを照合することにより、前記復号した分割データを認証する。前記制御回路は、直前に処理した暗号分割データに基づく連続性検証信号と、前記復号した分割データに付随する送信ヘッダとを照合することにより、直前に処理した分割データと、現在受け取っている暗号分割データを復号した分割データとのデータ配列上の連続性を有しているか否かを判定する。前記制御回路は、前記認証の結果および前記連続性を有しているか否かの判定結果に応じて、直後に受け取る暗号分割データに対する前記復号を行うか否かを決定する。 According to one embodiment, the semiconductor device has a memory and a control circuit, and the memory stores key information for decrypting the encrypted encrypted text with authentication. The control circuit sequentially receives, from the external terminal device, encrypted encrypted divided data with authentication and an authentication tag corresponding to the plurality of encrypted divided data. The control circuit decrypts the currently received encrypted division data using the key information, and compares the authentication tag generated by the decryption with the authentication tag received from the external terminal apparatus, thereby performing the decrypted division. Authenticate data. The control circuit collates the continuity verification signal based on the encrypted divided data processed immediately before with the transmission header attached to the decrypted divided data, thereby the divided data processed immediately before and the currently received encryption It is determined whether there is continuity on the data array with the divided data obtained by decoding the divided data. The control circuit determines whether or not to perform the decryption on the encrypted divided data to be received immediately, according to the result of the authentication and the result of the determination as to whether or not the apparatus has the continuity.
 前記一実施の形態によれば、半導体装置は、効率的かつ安全に分割データの授受を行い、プログラムの整合性を保つことができる。 According to the one embodiment, the semiconductor device can transmit and receive divided data efficiently and safely, and can maintain program consistency.
実施の形態1にかかる送受信システムの概略図である。FIG. 1 is a schematic view of a transmission and reception system according to a first embodiment. 実施の形態1にかかる第1半導体装置のハードウェア構成図である。FIG. 1 is a hardware configuration diagram of a first semiconductor device according to a first embodiment. 実施の形態1にかかる第2半導体装置のハードウェア構成図である。FIG. 2 is a hardware configuration diagram of a second semiconductor device according to the first embodiment. 第1半導体装置におけるCPU111の処理を説明するための図である。It is a figure for demonstrating the process of CPU111 in a 1st semiconductor device. 第2半導体装置におけるCPU121の処理を説明するための図である。It is a figure for demonstrating the process of CPU121 in a 2nd semiconductor device. CPU111における信号の推移を示した図である。FIG. 6 is a diagram showing transitions of signals in the CPU 111. CPU121における信号の推移を示した図である。FIG. 6 is a diagram showing transitions of signals in the CPU 121. 実施の形態2にかかる第1半導体装置のハードウェア構成図である。FIG. 7 is a hardware configuration diagram of a first semiconductor device according to a second embodiment. 実施の形態2にかかる第2半導体装置のハードウェア構成図である。FIG. 7 is a hardware configuration diagram of a second semiconductor device according to a second embodiment. 第1半導体装置におけるCPU211の処理を説明するための図である。It is a figure for demonstrating the process of CPU211 in a 1st semiconductor device. 第2半導体装置におけるCPU221の処理を説明するための図である。It is a figure for demonstrating the process of CPU221 in a 2nd semiconductor device. 実施の形態2にかかる第1半導体装置のハードウェア構成図である。FIG. 7 is a hardware configuration diagram of a first semiconductor device according to a second embodiment. 実施の形態2にかかる第2半導体装置のハードウェア構成図である。FIG. 7 is a hardware configuration diagram of a second semiconductor device according to a second embodiment. 第1半導体装置におけるCPU111の処理を説明するための図である。It is a figure for demonstrating the process of CPU111 in a 1st semiconductor device. 第1半導体装置におけるCPU121の処理を説明するための図である。It is a figure for demonstrating the process of CPU121 in a 1st semiconductor device. 実施の形態にかかる信号の構成例を示した図である。It is a figure showing an example of composition of a signal concerning an embodiment.
 説明の明確化のため、以下の記載および図面は、適宜、省略、および簡略化がなされている。また、様々な処理を行う機能ブロックとして図面に記載される各要素は、ハードウェア的には、CPU(Central Processing Unit)、メモリ、その他の回路で構成することができ、ソフトウェア的には、メモリにロードされたプログラムなどによって実現される。したがって、これらの機能ブロックがハードウェアのみ、ソフトウェアのみ、またはそれらの組合せによっていろいろな形で実現できることは当業者には理解されるところであり、いずれかに限定されるものではない。よって、以下の説明に回路として例示した構成は、ハードウェアまたはソフトウェアのいずれかまたはその両方によって実現することが可能であり、ある機能を実現する回路として示された構成は、同様の機能を実現するソフトウェアの一部としても示され得る。例えば、制御回路と記載された構成は、制御部として記載され得る。なお、各図面において、同一の要素には同一の符号が付されており、必要に応じて重複説明は省略されている。 The following description and the drawings are omitted and simplified as appropriate for clarification of the explanation. Also, each element described in the drawing as a functional block that performs various processing can be configured by a CPU (Central Processing Unit), a memory, and other circuits in terms of hardware, and in terms of software, a memory It is realized by the program etc. loaded to Therefore, it is understood by those skilled in the art that these functional blocks can be realized in various forms by hardware only, software only, or a combination thereof, and is not limited to any of them. Therefore, the configuration exemplified as the circuit in the following description can be realized by either hardware or software or both, and the configuration shown as the circuit realizing a certain function realizes the same function. Can also be shown as part of the For example, a configuration described as a control circuit may be described as a control unit. In the drawings, the same elements are denoted by the same reference numerals, and the redundant description is omitted as necessary.
 また、上述したプログラムは、様々なタイプの非一時的なコンピュータ可読媒体を用いて格納され、コンピュータに供給することができる。非一時的なコンピュータ可読媒体は、様々なタイプの実体のある記録媒体を含む。非一時的なコンピュータ可読媒体の例は、磁気記録媒体(例えばフレキシブルディスク、磁気テープ、ハードディスクドライブ)、光磁気記録媒体(例えば光磁気ディスク)、CD-ROM(Read Only Memory)CD-R、CD-R/W、半導体メモリ(例えば、マスクROM、PROM(Programmable ROM)、EPROM(Erasable PROM)、フラッシュROM、RAM(Random Access Memory))を含む。また、プログラムは、様々なタイプの一時的なコンピュータ可読媒体によってコンピュータに供給されてもよい。一時的なコンピュータ可読媒体の例は、電気信号、光信号、および電磁波を含む。一時的なコンピュータ可読媒体は、電線および光ファイバ等の有線通信路、又は無線通信路を介して、プログラムをコンピュータに供給できる。 Also, the programs described above can be stored and provided to a computer using various types of non-transitory computer readable media. Non-transitory computer readable media include various types of tangible storage media. Examples of non-transitory computer readable media are magnetic recording media (eg flexible disk, magnetic tape, hard disk drive), magneto-optical recording media (eg magneto-optical disk), CD-ROM (Read Only Memory) CD-R, CD And semiconductor memory (eg, mask ROM, PROM (Programmable ROM), EPROM (Erasable PROM), flash ROM, RAM (Random Access Memory)). The programs may also be supplied to the computer by various types of temporary computer readable media. Examples of temporary computer readable media include electrical signals, light signals, and electromagnetic waves. The temporary computer readable medium can provide the program to the computer via a wired communication path such as electric wire and optical fiber, or a wireless communication path.
 <実施の形態1>
 まず、図1を参照しながら、実施の形態1について概略を説明する。図1は、実施の形態1にかかる送受信システムの概略図である。送受信システム1は、送信端末11が有するデータを受信端末12に送信する。送信端末11は、構成として第1半導体装置110を少なくとも有している装置であって、例えば、通信機能を有するコンピュータ、タブレット、スマートフォン、IoT機器、家電、移動体、センサ、産業用機器等である。受信端末12は、送信端末11と通信可能な装置であって、構成として少なくとも第2半導体装置120を有している。受信端末12は、例えば、コンピュータ、タブレット、スマートフォン、IoT機器、家電、移動体、センサ、産業用機器等である。送信端末11と、受信端末12とは、通信可能に接続される。かかる接続は、USB(Universal Serial Bus)やBluetooth(登録商標)、Wi-Fi(Wireless Fidelity)など、有線・無線を問わず、通信を確保する事ができる方式であれば、特に限定はされない。 Embodiment 1
First, the outline of the first embodiment will be described with reference to FIG. FIG. 1 is a schematic diagram of a transmission / reception system according to a first embodiment. The transmission / reception system 1 transmits data of the transmission terminal 11 to the reception terminal 12. The transmission terminal 11 is a device having at least the first semiconductor device 110 as a configuration, and is, for example, a computer having a communication function, a tablet, a smart phone, an IoT device, a home appliance, a mobile object, a sensor, an industrial device, etc. is there. The receiving terminal 12 is a device capable of communicating with the transmitting terminal 11, and has at least a second semiconductor device 120 as a configuration. The receiving terminal 12 is, for example, a computer, a tablet, a smartphone, an IoT device, a home appliance, a mobile object, a sensor, an industrial device, or the like. The transmission terminal 11 and the reception terminal 12 are communicably connected. Such connection is not particularly limited as long as it is a method such as USB (Universal Serial Bus), Bluetooth (registered trademark), Wi-Fi (Wireless Fidelity), or the like, which can ensure communication regardless of wired or wireless.
 送受信システム1がデータの送受信を行う場合とは、例えば、送信端末11から最新のファームウェアを受信端末12に送信し、受信端末12のファームウェアをアップデートさせる場合などである。例えば、送受信システム1は、送信端末11においてデータを分割化し、分割したデータに対して認証付き暗号化の処理を行い、暗号化した分割データである暗号分割データを、かかるデータに対応した認証タグと共に受信端末へ送信する機能を有している。また、送受信システム1は、受信端末12において、送信端末11が送信したかかるデータを受け取り、受け取ったデータを復号処理したうえで結合し、送信端末11が分割する前の状態を復元する。データを分割して送信することにより、受信端末12が一度に処理するデータの量を減らし、受信端末12の処理の負荷を軽減させることが出来る。 The transmission / reception system 1 transmits / receives data, for example, when the transmission terminal 11 transmits the latest firmware to the reception terminal 12 to update the firmware of the reception terminal 12. For example, the transmission / reception system 1 divides the data in the transmitting terminal 11, performs the encryption process with authentication on the divided data, and performs the encrypted divided data, which is the encrypted divided data, as an authentication tag corresponding to the data Together with the function of transmitting to the receiving terminal. Further, the transmission / reception system 1 receives the data transmitted by the transmission terminal 11 in the reception terminal 12, decodes the received data, combines them, and restores the state before the transmission terminal 11 is divided. By dividing and transmitting data, the amount of data processed by the receiving terminal 12 at one time can be reduced, and the processing load on the receiving terminal 12 can be reduced.
 次に、図2を参照しながら送信端末11が有する第1半導体装置110について説明する。図2は、実施の形態1にかかる第1半導体装置110のハードウェア構成図である。情報処理を司る第1半導体装置110は、主な構成として、CPU111、メモリ112、およびIF113(Interface)を有しており、これらの構成は通信バスにより接続されている。 Next, the first semiconductor device 110 included in the transmission terminal 11 will be described with reference to FIG. FIG. 2 is a hardware configuration diagram of the first semiconductor device 110 according to the first embodiment. The first semiconductor device 110 in charge of information processing has, as main components, a CPU 111, a memory 112, and an IF 113 (Interface), and these components are connected by a communication bus.
 なお、以降の説明において、特別に説明を加えた場合を除き、名称が同一で符号が異なる構成は同様の機能を有するものとする。そのため、このような構成についての説明は省略する。 In the following description, components having the same name but different reference numerals have the same functions, unless otherwise specified. Therefore, the description of such a configuration is omitted.
 CPU111は、第1半導体装置110において後述する演算処理等を行うための演算装置である。CPU111は、平文制御回路111a、送信ヘッダ制御回路111b、およびAE暗号化回路111cを主な構成として有している。なお、CPU111は、ハードウェアとしてのこれらの構成を複数有していてもよいし、ソフトウェアとして並列処理可能に構成されていてもよい。また、本実施の形態において説明するCPUは、CPUコア以外の周辺回路を含んでもよい。 The CPU 111 is an arithmetic device for performing arithmetic processing and the like to be described later in the first semiconductor device 110. The CPU 111 mainly has a plaintext control circuit 111a, a transmission header control circuit 111b, and an AE encryption circuit 111c. The CPU 111 may have a plurality of these configurations as hardware, or may be configured to be capable of parallel processing as software. The CPU described in this embodiment may include peripheral circuits other than the CPU core.
 平文制御回路111aは、入力信号として受け取った元データを予め設定された仕様にしたがって分割し、分割データを、順次、AE暗号化回路111cに出力する。平文制御回路111aは、元データを分割する際、データ配列上の連続性を維持したまま、分割する。そして、平文制御回路111aは、分割した元データをデータ配列上の連続性を維持したまま、順次出力する。すなわち、平文制御回路111aが出力したデータを出力された順に結合すれば、分割データは、元データと一致する。 The plaintext control circuit 111a divides the original data received as an input signal according to a preset specification, and sequentially outputs the divided data to the AE encryption circuit 111c. When dividing the original data, the plaintext control circuit 111a divides the original data while maintaining the continuity on the data arrangement. Then, the plaintext control circuit 111a sequentially outputs the divided original data while maintaining the continuity on the data array. That is, when the data output from the plaintext control circuit 111a is combined in the order of output, the divided data matches the original data.
 例えば、平文制御回路111aは、受け取ったデータをn個(nは2以上の整数)のデータに分割する仕様であるとする。その場合、平文制御回路111aは、入力信号として元データSG01を受け取り、元データSG01のデータ配列上の連続性を維持したまま、分割データSG01.i(iは、1からnまでの整数)を生成する。そして、平文制御回路111aは、生成したこれらの分割データを、分割データSG01.1からSG01.nまで順番に出力する。 For example, it is assumed that the plaintext control circuit 111a is a specification for dividing the received data into n (n is an integer of 2 or more) data. In that case, the plaintext control circuit 111a receives the original data SG01 as an input signal, and while maintaining the continuity on the data arrangement of the original data SG01, the divided data SG01. Generate i (i is an integer from 1 to n). Then, the plaintext control circuit 111a converts the generated divided data into divided data SG01.1 to SG01. Output in order up to n.
 なお、本開示において以降に示す例は全て元データSG01をn個に分割することとし、1個目からn個目までの途中の任意の分割データについては、分割データSG01.iとして説明する。 In the present disclosure, all the examples shown below are to divide the original data SG01 into n pieces, and the divided data SG01. It will be described as i.
 送信ヘッダ制御回路111bは、入力信号として、初期ヘッダおよび認証タグを受け取り、受け取った信号を、暗号文のヘッダとしてAE暗号化回路111cに出力する。送信ヘッダ制御回路111bが受け取る入力信号の詳細については、後述する。 The transmission header control circuit 111b receives the initial header and the authentication tag as input signals, and outputs the received signal to the AE encryption circuit 111c as a ciphertext header. Details of the input signal received by the transmission header control circuit 111b will be described later.
 AE暗号化回路111c(AE=Authenticated Encryption)は、任意の平文とヘッダと鍵情報とを入力信号として、入力信号に対して認証付き暗号化処理を行う。鍵情報は、復号処理をする際にも使用される。認証付き暗号化処理を行うことにより、AE暗号化回路111cは、暗号文、認証タグ、およびヘッダを含んだ信号を出力する。 The AE encryption circuit 111 c (AE = Authenticated Encryption) performs an authentication-added encryption process on an input signal using an arbitrary plaintext, a header, and key information as an input signal. The key information is also used when performing decryption processing. By performing the encryption process with authentication, the AE encryption circuit 111 c outputs a signal including the ciphertext, the authentication tag, and the header.
 メモリ112は、読み書き可能な不揮発性の記憶装置であって、例えば、フラッシュメモリ、EEPROM(Electrically Erasable Programmable Read-Only Memory)、SSD(Solid State Drive)などを主な構成とする。メモリ112は、平文制御回路111aに入力するための元データSG01、AE暗号化回路に入力するための鍵情報SG02、および送信ヘッダ制御回路111bに入力するための初期ヘッダSG03を記憶している。 The memory 112 is a readable and writable non-volatile storage device, and mainly includes, for example, a flash memory, an EEPROM (Electrically Erasable Programmable Read-Only Memory), an SSD (Solid State Drive), and the like. The memory 112 stores original data SG01 for input to the plaintext control circuit 111a, key information SG02 for input to the AE encryption circuit, and an initial header SG03 for input to the transmission header control circuit 111b.
 IF113は、半導体装置110が外部装置と種々のデータを送受信するためのインターフェイスである。例えば、IF113は、CPU111が処理したデータを受け取り、受け取ったデータを外部へ出力する。 The IF 113 is an interface for the semiconductor device 110 to transmit and receive various data to and from an external device. For example, the IF 113 receives data processed by the CPU 111 and outputs the received data to the outside.
 次に、図3を参照しながら、受信端末12が有する第2半導体装置120について説明する。図3は、実施の形態1にかかる第2半導体装置120のハードウェア構成図である。情報処理を司る第2半導体装置120は、主な構成として、CPU121、メモリ122、およびIF123を有しており、これらの構成は通信バスにより接続されている。 Next, the second semiconductor device 120 included in the receiving terminal 12 will be described with reference to FIG. FIG. 3 is a hardware configuration diagram of the second semiconductor device 120 according to the first embodiment. The second semiconductor device 120 in charge of information processing mainly includes a CPU 121, a memory 122, and an IF 123, and these configurations are connected by a communication bus.
 CPU111は、第2半導体装置120において後述する演算処理等を行うための演算装置である。CPU121は、暗号文制御回路121a、受信ヘッダ制御回路121b、受信タグ制御回路121c、およびAE復号回路111dを主な構成として有している。 The CPU 111 is an arithmetic device for performing arithmetic processing and the like to be described later in the second semiconductor device 120. The CPU 121 mainly includes a ciphertext control circuit 121a, a reception header control circuit 121b, a reception tag control circuit 121c, and an AE decryption circuit 111d.
 暗号文制御回路121aは、入力信号として、送信端末11から受け取った暗号文と、AE復号回路121dから受け取った整合性検証結果を受け取る。暗号文制御回路121aは、受け取った整合性検証結果に基づいて、暗号文をAE復号回路121dに出力するか否かを判定し得る。 The ciphertext control circuit 121a receives, as input signals, the ciphertext received from the transmitting terminal 11 and the integrity verification result received from the AE decryption circuit 121d. The ciphertext control circuit 121a can determine whether to output the ciphertext to the AE decryption circuit 121d based on the received integrity verification result.
 受信ヘッダ制御回路121bは、入力信号として、送信端末11から受け取った初期ヘッダ、送信ヘッダ、およびAE復号回路121dから受け取った整合性検証結果を受け取る。また、受信ヘッダ制御回路121bは、送信ヘッダを一時記憶する機能を有している。
受信ヘッダ制御回路121bは、受け取った整合性検証結果に基づいて、暗号文をAE復号回路121dに出力するか否かを判定し得る。 The reception header control circuit 121b receives, as an input signal, the initial header received from the transmission terminal 11, the transmission header, and the integrity verification result received from the AE decoding circuit 121d. Further, the reception header control circuit 121b has a function of temporarily storing the transmission header.
The reception header control circuit 121b can determine whether to output the ciphertext to the AE decryption circuit 121d based on the received integrity verification result.
 受信タグ制御回路121cは、入力信号として、送信端末11から受け取った認証タグ、およびAE復号回路121dから受け取った整合性検証結果を受け取る。受信タグ制御回路121cは、受け取った整合性検証結果に基づいて、暗号文をAE復号回路121dに出力するか否かを判定し得る。 The reception tag control circuit 121c receives, as an input signal, the authentication tag received from the transmission terminal 11, and the integrity verification result received from the AE decoding circuit 121d. The reception tag control circuit 121c can determine whether to output the ciphertext to the AE decryption circuit 121d based on the received integrity verification result.
 AE復号回路121dは、認証付き暗号化された信号に対して、復号処理および認証タグの検証を行う。すなわち、AE復号回路121dは、送信端末11から受け取った暗号文、認証タグ、およびヘッダ信号、ならびにメモリ122に記憶している鍵情報を入力信号とする。AE復号回路121dは、暗号文を復号し、復号した結果生成された認証タグと、入力信号として受け取った認証タグが一致するか検証を行う。検証の結果、これらの認証タグが一致すると、AE復号回路121dは、復号した平文を出力する。一方、これらの認証タグが一致しないと、AE復号回路121dは、整合性検証結果としてエラー信号を出力する。 The AE decryption circuit 121 d performs decryption processing and verification of the authentication tag on the authentication-encrypted signal. That is, the AE decryption circuit 121 d uses the ciphertext, the authentication tag, the header signal, and the key information stored in the memory 122 received from the transmission terminal 11 as input signals. The AE decryption circuit 121 d decrypts the ciphertext, and verifies whether the authentication tag generated as a result of the decryption matches the authentication tag received as the input signal. As a result of the verification, if these authentication tags match, the AE decryption circuit 121d outputs the decrypted plaintext. On the other hand, if the authentication tags do not match, the AE decoding circuit 121d outputs an error signal as a result of the consistency verification.
 次に、図4を参照しながら、送信端末11が有する第1半導体装置110のうち、CPU111の機能を具体的に説明する。図4は、第1半導体装置におけるCPU111の処理を説明するための図である。 Next, the function of the CPU 111 in the first semiconductor device 110 included in the transmission terminal 11 will be specifically described with reference to FIG. FIG. 4 is a diagram for explaining the processing of the CPU 111 in the first semiconductor device.
 まず、CPU111はメモリ112にアクセスして、元データSG01および初期ヘッダSG03を読取り、元データSG01を平文制御回路111aに、そして初期ヘッダSG03を送信ヘッダ制御回路111bに供給する。 First, the CPU 111 accesses the memory 112 to read the original data SG01 and the initial header SG03, and supplies the original data SG01 to the plaintext control circuit 111a and the initial header SG03 to the transmission header control circuit 111b.
 元データSG01を受け取った平文制御回路111aは、元データSG01を分割データSG01.1から分割データSG01.nまでのn個の分割データを生成する。平文制御回路111aは、分割した各データを、データ配列上の連続性を維持した状態で、順次AE暗号化回路111cに出力する。 The plaintext control circuit 111a having received the original data SG01 converts the original data SG01 from the divided data SG01.1 to the divided data SG01. Generate n divided data up to n. The plaintext control circuit 111a sequentially outputs each divided data to the AE encryption circuit 111c while maintaining the continuity on the data arrangement.
 送信ヘッダ制御回路111bは、初期ヘッダSG03を受け取ると、分割データSG01.1に付随させる送信ヘッダSG06.1として、AE暗号化回路111cに出力する。また、送信ヘッダ制御回路111bは、2番目以降の分割データに付随させる送信ヘッダSG06.i(なお、ここでのiは2からnまでの整数である。)として、AE暗号化回路111cが出力する認証タグSG05.i-1を受け取る。そして、送信ヘッダ制御回路111bは、受け取った認証タグSG05.i-1を、次の送信ヘッダSG06.iとして順次AE暗号化回路111cに出力する。 Upon receiving the initial header SG03, the transmission header control circuit 111b outputs the initial header SG03 to the AE encryption circuit 111c as a transmission header SG06.1 to be added to the divided data SG01.1. In addition, the transmission header control circuit 111b causes the transmission headers SG06. i (where i is an integer from 2 to n here), the authentication tag SG 05. Receive i-1. Then, the transmission header control circuit 111b receives the received authentication tag SG05. i-1 to the next transmission header SG06. It sequentially outputs to the AE encryption circuit 111c as i.
 AE暗号化回路111cは、メモリ112から鍵情報SG02を受け取ると共に、平文制御回路111aが出力した分割データSG01.i、送信ヘッダ制御回路111bが出力した送信ヘッダSG06.iを受け取る。そして、AE暗号化回路111cは、鍵情報SG02によって平文である分割データSG01.iを暗号化する。AE暗号化回路111cは、出力として、暗号文SG04.iと、認証タグSG05.iを出力する。暗号文SG04.iは、分割データSG01.iが暗号化されたデータである。なお、初期ヘッダSG03と、出力された暗号文SG04.iと、認証タグSG05.iとは、IF113を介して受信端末12へ送信される。 The AE encryption circuit 111c receives the key information SG02 from the memory 112, and at the same time, the divided data SG01. i, transmission header SG06. Receive i. Then, the AE encryption circuit 111c transmits the divided data SG01. encrypt i. The AE encryption circuit 111 c outputs the ciphertext SG 04. i and an authentication tag SG05. Output i. Ciphertext SG04. i is divided data SG01. i is encrypted data. Note that the initial header SG03 and the output ciphertext SG04. i and an authentication tag SG05. The i is transmitted to the receiving terminal 12 via the IF 113.
 次に、図5を参照しながら、CPU111が出力する信号について説明する。図5は、実施の形態1にかかる信号の構成例を示した図である。本実施の形態における信号は、送受信する信号の塊を、フレームと称する。例えば、Ethernet(登録商標)や、BLE(Bluetooth Low Energy、登録商標)などでは、送受信する信号を以下に示すようなフレームとして扱う。図5には、CPU111が出力するフレームの例として、フレーム500およびフレーム600を示している。 Next, signals output from the CPU 111 will be described with reference to FIG. FIG. 5 is a diagram showing a configuration example of the signal according to the first embodiment. The signal in the present embodiment refers to a block of signals to be transmitted and received as a frame. For example, Ethernet (registered trademark), BLE (Bluetooth Low Energy (registered trademark)), etc. handle signals to be transmitted and received as frames as shown below. FIG. 5 shows a frame 500 and a frame 600 as an example of a frame output by the CPU 111.
 フレーム500は、信号の先頭に通信ヘッダを有し、続いてペイロードを有し、次に補助情報を有している。通信ヘッダは、初期ヘッダSG03を含む。ペイロードは、分割データSG01.iを鍵情報SG02により暗号化された信号を含む。また、補助情報は、認証タグSG05.iを含む。 The frame 500 has a communication header at the beginning of the signal, followed by the payload, and then by the auxiliary information. The communication header includes an initial header SG03. The payload is divided data SG01. i includes a signal encrypted with key information SG02. Also, the auxiliary information is the authentication tag SG05. including i.
 フレーム600は、ペイロードと補助情報の構成が、フレーム500と異なる。ペイロードは、分割データSG01.iを鍵情報SG02により暗号化され信号と、認証タグSG05.iを含む。一方、補助情報は、認証タグSG05.iを含まない。 The frame 600 differs from the frame 500 in the configuration of the payload and the auxiliary information. The payload is divided data SG01. i is encrypted by the key information SG02, and the authentication tag SG05. including i. On the other hand, the auxiliary information is the authentication tag SG05. i is not included.
 本実施の形態においては、ここに例示したフレーム500またはフレーム600のいずれかの構成を採用し得る。例えば、補助情報の領域に認証タグを入れることが可能であれば、フレーム500を採用することにより、ペイロードの領域に元データを分割して割り当てることが出来る。一方、補助情報の領域に認証タグを入れる容量が確保できない場合は、フレーム600のように、ペイロードの領域の一部に認証タグを入れることもできる。 In the present embodiment, any configuration of the frame 500 or the frame 600 exemplified herein may be employed. For example, if it is possible to put an authentication tag in the auxiliary information area, the original data can be divided and assigned to the payload area by adopting the frame 500. On the other hand, when it is not possible to secure the capacity for putting an authentication tag in the auxiliary information area, as shown in the frame 600, the authentication tag can be put in part of the payload area.
 次に、図6を参照しながら、受信端末12が有する第2半導体装置120のうち、CPU121の機能を具体的に説明する。図6は、第2半導体装置におけるCPU121の処理を説明するための図である。 Next, the function of the CPU 121 in the second semiconductor device 120 included in the receiving terminal 12 will be specifically described with reference to FIG. FIG. 6 is a diagram for explaining the process of the CPU 121 in the second semiconductor device.
 CPU121は、IF123を介して送信端末11から初期ヘッダSG03、暗号文SG04.i、および認証タグSG05.iを受け取る。CPU121は、初期ヘッダSG03を受信ヘッダ制御回路121bに供給し、暗号文SG04.iを暗号文制御回路121aに供給し、そして認証タグSG05.iを受信ヘッダ制御回路121bおよび受信タグ制御回路にそれぞれ供給する。 The CPU 121 transmits an initial header SG03, a ciphertext SG04. i, and the authentication tag SG05. Receive i. The CPU 121 supplies the initial header SG03 to the reception header control circuit 121b, and the ciphertext SG04. i is supplied to the ciphertext control circuit 121a, and the authentication tag SG05. i is supplied to the reception header control circuit 121 b and the reception tag control circuit, respectively.
 暗号文制御回路121aは、暗号文SG04.iを受け取り、受け取った暗号文SG04.iをAE復号回路121dに出力する。 The ciphertext control circuit 121a transmits the ciphertext SG04. i received and received ciphertext SG 04. i is output to the AE decoding circuit 121 d.
 受信ヘッダ制御回路121bは、初期ヘッダSG03を受け取ると、1番目の暗号分割データである暗号文SG04.1に対応する受信ヘッダSG07.1として、AE復号回路121dに出力する。 When receiving the initial header SG03, the reception header control circuit 121b outputs the initial header SG03 to the AE decryption circuit 121d as a reception header SG07.1 corresponding to the ciphertext SG04.1 that is the first piece of encrypted division data.
 また、受信ヘッダ制御回路121bは、2番目以降の暗号文に対応する受信ヘッダSG07.i(なお、ここでのiは2からnまでの整数である。)として、認証タグSG05.i-1を受け取る。すなわち、受信ヘッダ制御回路121bは、認証タグSG05.iを受け取ると、これを一時的に記憶し、直後の認証タグSG05.i+1を受け取る際に、記憶しておいた認証タグSG05.iを、AE復号回路121dに出力する。なお、AE復号回路121dに出力するタイミングと直後の認証タグSG05.i+1を受け取るタイミングの先後は問わない。 Also, the reception header control circuit 121b causes the reception headers SG07. As i (here, i is an integer from 2 to n here), the authentication tag SG 05. Receive i-1. That is, the reception header control circuit 121b transmits the authentication tag SG05. When i is received, it is temporarily stored, and the immediately following authentication tag SG05. When i + 1 is received, the authentication tag SG05. i is output to the AE decoding circuit 121 d. Note that the timing of output to the AE decoding circuit 121 d and the immediately following authentication tag SG05. The timing of receiving i + 1 does not matter.
 受信タグ制御回路121cは、認証タグSG05.iを受け取り、受け取った認証タグSG05.iをAE復号回路121dに出力する。 The reception tag control circuit 121c controls the authentication tag SG05. i received the authentication tag SG05. i is output to the AE decoding circuit 121 d.
 AE復号回路121dは、暗号文SG04.i、受信ヘッダSG07.i、および認証タグSG05.iをそれぞれ受け取る。また、AE復号回路121dは、メモリ122にアクセスし、鍵情報SG02を受け取る。AE復号回路121dは、鍵情報SG02を使用して暗号文SG04.iを復号することにより、復号された分割データである復号分割データSG08.i、および認証タグSG09.iを算出する。なお、暗号文SG04.iが正しく復号された場合、復号分割データSG08.iは、分割データSG01.iと同じものであり、認証タグSG09.iは、認証タグSG05.iと同じものである。AE復号回路121dは、上述のように復号処理を行うと、次の検証処理を行う。 The AE decryption circuit 121 d transmits the ciphertext SG 04. i, received header SG07. i, and the authentication tag SG05. Receive i each. Also, the AE decryption circuit 121 d accesses the memory 122 and receives the key information SG 02. The AE decryption circuit 121 d uses the key information SG02 to encrypt the ciphertext SG04. Decryption division data SG08. i, and authentication tag SG09. Calculate i. In addition, ciphertext SG 04. If i is correctly decoded, the decoded split data SG08. i is divided data SG01. The same as i, the authentication tag SG09. i is an authentication tag SG05. It is the same as i. When the AE decoding circuit 121d performs the decoding process as described above, it performs the following verification process.
 検証処理として、AE復号回路121dは、認証タグSG09.iと受信タグ制御回路121cから受け取った認証タグSG05.iとが一致するか否かを照合する。認証タグSG09.iと認証タグSG05.iとが一致する場合、AE復号回路121dは、暗号文SG04.iを正しく復号したことになる。 As the verification process, the AE decoding circuit 121d determines whether the authentication tag SG09. i and the authentication tag SG05.n received from the reception tag control circuit 121c. It is checked whether i matches. Authentication tag SG09. i and authentication tag SG05. If i matches, the AE decryption circuit 121 d determines that the ciphertext SG 04. It means that i has been correctly decoded.
 AE復号回路121dは、暗号分割データの連続性を保証するためのヘッダ信号として受信ヘッダSG07.iを受け取る。したがって、AE復号回路121dが上記の検証処理を行い、正しく復号が行われた場合には、復号分割データSG08.iは復号分割データSG08.i-1からの、データ配列上の連続性を維持したデータである。 The AE decryption circuit 121d receives the reception header SG07. As a header signal for guaranteeing the continuity of the encrypted divided data. Receive i. Therefore, when the AE decoding circuit 121d performs the above-described verification process and correct decoding is performed, the decoded divided data SG08. i is the decoded split data SG08. It is data maintaining continuity on data array from i-1.
 AE復号回路121dは、上記の検証処理を行い、正しく復号が行われた場合には、検証結果SG10.iに、検証結果が正しく行われた旨の信号として、例えば「1」という信号を出力する。AE復号回路121dは、検証結果SG10.iを、暗号文制御回路121a、受信ヘッダ制御回路121b、および受信タグ制御回路121cに出力する。さらに、AE復号回路121dは、正しく復号処理された復号分割データSG08.iを、出力する。 The AE decoding circuit 121 d performs the above verification process, and if the decoding is correctly performed, the verification result SG10. For example, a signal “1” is output to i as a signal indicating that the verification result has been correctly performed. The AE decoding circuit 121d detects the verification result SG10. The i is output to the ciphertext control circuit 121a, the reception header control circuit 121b, and the reception tag control circuit 121c. Furthermore, the AE decoding circuit 121d outputs the decoded divided data SG08. Output i.
 一方、AE復号回路121dは、上記の検証処理を行い、かかる検証結果が正しい結果でない場合には、検証結果SG10.iに、検証結果が正しく行われなかった旨の信号として、例えば「0」という信号を出力する。またこの場合、AE復号回路121dは、正しく復号処理されなかった復号分割データSG08.iを、出力しない。 On the other hand, the AE decoding circuit 121d performs the above verification process, and if the verification result is not a correct result, the verification result SG10. For example, a signal “0” is output to i as a signal indicating that the verification result has not been correctly performed. Further, in this case, the AE decoding circuit 121d is configured to use the decoded divided data SG08. Do not output i.
 次に、図7を参照しながら、送信端末11が有する第1半導体装置110のCPU111における信号の推移を説明する。図7は、CPU111における信号の推移を示した図である。図7は、CPU111が出力する各信号が、データ配列上の連続性を維持する関係を有していることを示すため、左側から右側に向けて処理が数珠繋ぎ状に連関して進む様子を示している。そのため、図7は、説明の便宜上、CPU111の構成が実際とは異なり複数記載されている。また、図4において既に説明した処理内容については詳述を省略する。 Next, transitions of signals in the CPU 111 of the first semiconductor device 110 included in the transmission terminal 11 will be described with reference to FIG. 7. FIG. 7 is a diagram showing transitions of signals in the CPU 111. As shown in FIG. FIG. 7 shows that each signal output from the CPU 111 has a relationship to maintain the continuity on the data array, and thus shows how the processing proceeds in a chained manner from the left to the right. ing. Therefore, for convenience of explanation, a plurality of configurations of the CPU 111 are described in FIG. 7 differently from the actual configuration. The details of the processing already described in FIG. 4 will be omitted.
 図7において、まず、AE暗号化回路111cは、分割データSG01.1を暗号化処理する。また、AE暗号化回路111cは、初期ヘッダSG03を送信ヘッダSG06.1として受け取る。暗号化処理の結果、AE暗号化回路111cは、先頭の暗号文SG04.1および暗号文SG04.1に対応した先頭の認証タグSG05.1を出力する。 In FIG. 7, first, the AE encryption circuit 111c encrypts the divided data SG01.1. Also, the AE encryption circuit 111c receives the initial header SG03 as a transmission header SG06.1. As a result of the encryption processing, the AE encryption circuit 111c outputs the first authentication tag SG05.1 corresponding to the first ciphertext SG04.1 and the ciphertext SG04.1.
 出力された暗号文SG04.1および認証タグSG05.1は、先頭のフレームFR1に含まれ、フレームFR1は、送信端末11から受信端末12へ送信される。 The output ciphertext SG04.1 and the authentication tag SG05.1 are included in the first frame FR1, and the frame FR1 is transmitted from the transmitting terminal 11 to the receiving terminal 12.
 次に、AE暗号化回路111cは、分割データSG01.2を暗号化処理する。また、AE暗号化回路111cは、フレームFR1に付随する認証タグSG05.1を送信ヘッダSG06.2として受け取る。暗号化処理の結果、AE暗号化回路111cは、2番目の暗号文SG04.2およびこれに対応した先頭の認証タグSG05.2を出力する。 Next, the AE encryption circuit 111c encrypts the divided data SG01.2. Also, the AE encryption circuit 111c receives the authentication tag SG05.1 attached to the frame FR1 as the transmission header SG06.2. As a result of the encryption processing, the AE encryption circuit 111c outputs the second ciphertext SG04.2 and the first authentication tag SG05.2 corresponding thereto.
 出力された暗号文SG04.2および認証タグSG05.2は、2番目のフレームFR2に含まれ、フレームFR2は、送信端末11から受信端末12へ送信される。 The output ciphertext SG04.2 and authentication tag SG05.2 are included in the second frame FR2, and the frame FR2 is transmitted from the transmitting terminal 11 to the receiving terminal 12.
 3番目のデータも、2番目のデータと同様に生成されて、順次受信端末へ送信される。 The third data is also generated similarly to the second data and sequentially transmitted to the receiving terminal.
 最後に、AE暗号化回路111cは、分割データSG01.nを暗号化処理する。また、AE暗号化回路111cは、フレームFRn-1に付随する認証タグSG05.n-1を送信ヘッダSG06.nとして受け取る。暗号化処理の結果、AE暗号化回路111cは、n番目の暗号文SG04.nおよびこれに対応した先頭の認証タグSG05.nを出力する。 Finally, the AE encryption circuit 111c generates divided data SG01. Encrypt n. In addition, the AE encryption circuit 111c transmits the authentication tag SG05. Send n-1 header SG06. Receive as n. As a result of the encryption processing, the AE encryption circuit 111c transmits the nth ciphertext SG04. n and the first authentication tag SG 05. Output n
 出力された暗号文SG04.nおよび認証タグSG05.nは、n番目のフレームFRnに含まれ、フレームFRnは、送信端末11から受信端末12へ送信される。 The output ciphertext SG04. n and authentication tag SG05. n is included in the nth frame FRn, and the frame FRn is transmitted from the transmitting terminal 11 to the receiving terminal 12.
 CPU111は、分割データnの処理が終了すると、一連の処理を終了する。 When the processing of the divided data n is completed, the CPU 111 ends the series of processing.
 次に、図8を参照しながら、受信端末12が有する第2半導体装置120のCPU121における信号の推移を説明する。図8は、CPU121における信号の推移を示した図である。図8は、CPU121における信号の推移を示した図である。図8は、CPU121が出力する各信号が、データ配列上の連続性を維持する関係を有していることを示すため、左側から右側に向けて処理が連なるように進む様子を示している。そのため、図7は、説明の便宜上、CPU111の構成が実際とは異なり複数記載されている。また、図6において既に説明した処理内容については詳述を省略する。 Next, transition of a signal in the CPU 121 of the second semiconductor device 120 included in the receiving terminal 12 will be described with reference to FIG. FIG. 8 is a diagram showing transitions of signals in the CPU 121. As shown in FIG. FIG. 8 is a diagram showing transitions of signals in the CPU 121. As shown in FIG. FIG. 8 shows that processing proceeds from the left side to the right side in order to show that each signal output from the CPU 121 has a relationship maintaining continuity on the data arrangement. Therefore, for convenience of explanation, a plurality of configurations of the CPU 111 are described in FIG. 7 differently from the actual configuration. The details of the processing already described in FIG. 6 will be omitted.
 まず、AE復号回路121dは、暗号文SG04.1を復号する。AE復号回路121dは、受信ヘッダSG07.1(初期ヘッダSG03に等しい)と、認証タグSG05.1とを受け取り、復号分割データSG08.1が正しく復号されたかを検証する。検証結果が正しいものと出力された場合、AE復号回路121dは、復号分割データSG08.1を出力する。 First, the AE decryption circuit 121 d decrypts the ciphertext SG04.1. The AE decoding circuit 121d receives the reception header SG07.1 (equal to the initial header SG03) and the authentication tag SG05.1, and verifies whether the decoded divided data SG08.1 is correctly decoded. If the verification result is output as the correct one, the AE decoding circuit 121d outputs the decoded divided data SG08.1.
 次に、AE復号回路121dは、暗号文SG04.2を復号する。AE復号回路121dは、受信ヘッダSG07.2(認証タグSG05.1に等しい)と、認証タグSG05.2とを受け取り、復号分割データSG08.2が正しく復号されたかを検証する。検証結果が正しいものと出力された場合、AE復号回路121dは、復号分割データSG08.2を出力する。なお、復号分割データSG08.1が正しく復号されなかった場合、暗号文SG04.2の復号処理は行ってもよいし、行わなくてもよい。 Next, the AE decryption circuit 121d decrypts the ciphertext SG04.2. The AE decoding circuit 121d receives the reception header SG07.2 (equal to the authentication tag SG05.1) and the authentication tag SG05.2, and verifies whether the decoded divided data SG08.2 is correctly decoded. If the verification result is output as the correct one, the AE decoding circuit 121d outputs the decoded divided data SG08.2. When the decrypted divided data SG08.1 is not properly decrypted, the decryption process of the ciphertext SG04.2 may or may not be performed.
 CPU121は、1番目の復号分割データSG08.1及び2番目の復号分割データSG08.2が出力された後に、これらを結合処理してもよい。 The CPU 121 may combine and process the first decoded divided data SG08.1 and the second decoded divided data SG08.2 after they are output.
 次に、AE復号回路121dは、2番目の暗号文SG04.2と同様に、3番目の暗号文SG04.3を復号し、検証結果が正しい場合、復号分割データSG08.3を出力する。CPU121は、1番目の復号分割データSG08.1及び2番目の復号分割データSG08.2を結合処理した後に、さらに3番目の復号分割データSG08.3を結合処理してもよい。なお、復号分割データSG08.2が正しく復号されなかった場合、暗号文SG04.3の復号処理は行ってもよいし、行わなくてもよい。 Next, the AE decryption circuit 121d decrypts the third ciphertext SG04.3 in the same manner as the second ciphertext SG04.2, and outputs the decrypted divided data SG08.3 if the verification result is correct. The CPU 121 may combine the first decoded split data SG08.1 and the second decoded split data SG08.2, and then combine the third decoded split data SG08.3. When the decrypted divided data SG08.2 is not correctly decrypted, the decryption process of the ciphertext SG04.3 may or may not be performed.
 最後に、AE復号回路121dは、暗号文SG04.nを復号する。AE復号回路121dは、受信ヘッダSG07.n(送信ヘッダSG06.n-1に等しい)と、認証タグSG05.nとを受け取り、復号分割データSG08.nが正しく復号されたかを検証する。検証結果が正しいものと出力された場合、AE復号回路121dは、復号分割データSG08.nを出力する。このようにして、CPU121は、データ配列上の連続性を維持した分割データを順次検証し、そして、順次結合処理することができる。なお、結合処理は順次行ってもよいし、全ての検証処理が終了した後にまとめて行ってもよい。なお、いずれかの復号処理において暗号文が正しく復号されなかった場合に以降の復号を実行する場合、復号分割データは破棄してもよい。 Finally, the AE decryption circuit 121d transmits the ciphertext SG04. Decode n. The AE decoding circuit 121d receives the reception header SG07. n (equal to transmission header SG06.n-1), an authentication tag SG05.n. n, and the decoded split data SG08. Verify that n was correctly decoded. If the verification result is output as the correct one, the AE decoding circuit 121 d outputs the decoded divided data SG08. Output n In this way, the CPU 121 can sequentially verify divided data maintaining continuity on the data array, and sequentially combine and process them. The combining process may be sequentially performed, or may be collectively performed after all the verification processes are completed. When the subsequent decryption is performed when the ciphertext is not correctly decrypted in any decryption process, the decrypted divided data may be discarded.
 このような構成により、第2半導体装置120は、データ配列上の連続性を維持した状態で分割データを順次復号することができる。よって、第2半導体装置120は、分割データの欠損や入れ替わりを防ぐ処理を行うことができる。 With such a configuration, the second semiconductor device 120 can sequentially decode the divided data while maintaining the continuity on the data arrangement. Thus, the second semiconductor device 120 can perform processing to prevent loss or replacement of divided data.
 以上に説明した構成により、実施の形態1にかかる送受信システム1は、データの送受信において、秘匿性と、データの整合性とを担保することができる。また、実施の形態1にかかる送受信システム1における受信端末12は、全てのデータの受信を完了する前に、順次復号分割データを結合する処理を進めることが出来る。 With the configuration described above, the transmission and reception system 1 according to the first embodiment can secure secrecy and data integrity in data transmission and reception. In addition, the reception terminal 12 in the transmission and reception system 1 according to the first embodiment can proceed with the process of sequentially combining the decoded divided data before completing the reception of all the data.
 <実施の形態2>
 次に、図9から図12を参照しながら、実施の形態2について説明する。実施の形態2にかかる送受信システム1は、送信端末11が第1半導体装置210を有し、第1半導体装置210に含まれるCPU211の機能が実施の形態1と異なる。また、実施の形態2にかかる送受信システム1は、受信端末12が第2半導体装置220を有し、第2半導体装置220に含まれるCPU221の機能が実施の形態1と異なる。 Second Embodiment
Next, Embodiment 2 will be described with reference to FIGS. 9 to 12. The transmission / reception system 1 according to the second embodiment is different from that of the first embodiment in the function of the CPU 211 included in the first semiconductor device 210. The transmission terminal 11 has the first semiconductor device 210. Further, the transmission / reception system 1 according to the second embodiment is different from that of the first embodiment in the function of the CPU 221 included in the second semiconductor device 220 in which the receiving terminal 12 includes the second semiconductor device 220.
 図9は、実施の形態2にかかる第1半導体装置のハードウェア構成図である。図9に示すように、実施の形態2にかかる第1半導体装置210は、CPU211を有し、CPU211は、実施の形態1にかかるCPU111が有していた送信ヘッダ制御回路111bに代えて、送信ヘッダ制御回路211bを有している。 FIG. 9 is a hardware configuration diagram of the first semiconductor device according to the second embodiment. As shown in FIG. 9, the first semiconductor device 210 according to the second embodiment has the CPU 211, and the CPU 211 performs transmission instead of the transmission header control circuit 111b that the CPU 111 according to the first embodiment has. It has a header control circuit 211b.
 図10は、実施の形態2にかかる第2半導体装置のハードウェア構成図である。図10に示すように、実施の形態2にかかる第2半導体装置220は、CPU221を有し、CPU221は、実施の形態1にかかるCPU121が有していた受信ヘッダ制御回路121bに代えて、受信ヘッダ制御回路221bを有している。 FIG. 10 is a hardware configuration diagram of the second semiconductor device according to the second embodiment. As shown in FIG. 10, the second semiconductor device 220 according to the second embodiment has the CPU 221, and the CPU 221 is replaced with the reception header control circuit 121b that the CPU 121 according to the first embodiment has, and the reception is performed. It has a header control circuit 221b.
 次に、図11を参照しながら、実施の形態2にかかるCPU211の機能について実施の形態1と異なる点について説明する。図11は、第1半導体装置におけるCPU211の処理を説明するための図である。図11に示すように、CPU211は、AE暗号化回路111cと送信ヘッダ制御回路211bとの間の信号処理が実施の形態1と異なる。 Next, differences between the functions of the CPU 211 according to the second embodiment and the first embodiment will be described with reference to FIG. FIG. 11 is a diagram for explaining the process of the CPU 211 in the first semiconductor device. As shown in FIG. 11, the CPU 211 differs from the first embodiment in signal processing between the AE encryption circuit 111 c and the transmission header control circuit 211 b.
 送信ヘッダ制御回路211bは、初期ヘッダSG03を受け取ると、1番目の分割データSG01.1に付随させる送信ヘッダSG06.1として、AE暗号化回路111cに出力する。送信ヘッダ制御回路111bは、2番目以降の分割データに付随させる送信ヘッダSG06.i(なお、ここでのiは2からnまでの整数である。)として、AE暗号化回路111cが出力する暗号文SG04.i-1を受け取る。そして、送信ヘッダ制御回路111bは、受け取った暗号文SG04.i-1を、次の送信ヘッダSG06.iとして順次AE暗号化回路111cに出力する。 When the transmission header control circuit 211b receives the initial header SG03, the transmission header control circuit 211b outputs it to the AE encryption circuit 111c as a transmission header SG06.1 to be added to the first divided data SG01.1. The transmission header control circuit 111 b transmits transmission headers SG 06. The encrypted text SG 04. i output from the AE encryption circuit 111 c as i (here, i is an integer from 2 to n). Receive i-1. Then, the transmission header control circuit 111b receives the ciphertext SG04. i-1 to the next transmission header SG06. It sequentially outputs to the AE encryption circuit 111c as i.
 なお、送信ヘッダ制御回路211bは、受け取った暗号文SG04.iに対して予め設定されたアルゴリズムを用いて演算を行い、行った結果を送信ヘッダSG06.iとしてもよい。予め設定されたアルゴリズムとは、例えば、CRHF(Collision Resistant Hash Function)などのハッシュ関数を用いたものである。 The transmission header control circuit 211 b receives the received ciphertext SG 04. i is calculated using a preset algorithm for i, and the result is stored in a transmission header SG06. It may be i. The preset algorithm is, for example, one using a hash function such as CRHF (Collision Resistant Hash Function).
 次に、図12を参照しながら、受信端末12が有する第2半導体装置220のうち、CPU221の機能について実施の形態1と異なる点について説明する。図12は、第2半導体装置におけるCPU221の処理を説明するための図である。 Next, the function of the CPU 221 of the second semiconductor device 220 included in the receiving terminal 12 will be described with reference to FIG. FIG. 12 is a diagram for explaining the process of the CPU 221 in the second semiconductor device.
 CPU221は、IF123を介して送信端末11から初期ヘッダSG03、暗号文SG04.i、および認証タグSG05.iを受け取る。CPU221は、初期ヘッダSG03を受信ヘッダ制御回路121bに供給し、暗号文SG04.iを暗号文制御回路121aおよび受信ヘッダ制御回路221bに供給し、そして認証タグSG05.iを受信タグ制御回路にそれぞれ供給する。 The CPU 221 transmits the initial header SG03, the ciphertext SG04. i, and the authentication tag SG05. Receive i. The CPU 221 supplies the initial header SG03 to the reception header control circuit 121b, and the ciphertext SG04. i is supplied to the ciphertext control circuit 121a and the reception header control circuit 221b, and the authentication tag SG05. supply i to the receiving tag control circuit respectively.
 受信ヘッダ制御回路221bは、初期ヘッダSG03を受け取ると、1番目の暗号分割データである暗号文SG04.1に対応する受信ヘッダSG07.1として、AE復号回路121dに出力する。 When receiving the initial header SG03, the reception header control circuit 221b outputs it to the AE decryption circuit 121d as a reception header SG07.1 corresponding to the ciphertext SG04.1 which is the first piece of encrypted division data.
 また、受信ヘッダ制御回路221bは、2番目以降の暗号文に付随させる受信ヘッダSG07.i(なお、ここでのiは2からnまでの整数である。)として、暗号文SG04.i-1を受け取る。すなわち、受信ヘッダ制御回路221bは、暗号文SG04.iを受け取ると、これを一時的に記憶し、直後の暗号文SG04.i+1を受け取る際に、記憶しておいた暗号文SG04.iを、AE復号回路121dに出力する。 Further, the reception header control circuit 221b causes the reception headers SG07. As i (here, i here is an integer from 2 to n), ciphertext SG 04. Receive i-1. That is, the reception header control circuit 221b transmits the ciphertext SG04. When i is received, it is temporarily stored, and ciphertext SG04. When i + 1 is received, the ciphertext SG 04. i is output to the AE decoding circuit 121 d.
 なお、受信ヘッダ制御回路221bは、送信ヘッダ制御回路211bと同様に、受け取った暗号文SG04.iに対して予め設定されたアルゴリズムを用いて演算を行い、行った結果を受信ヘッダSG07.1としてもよい。予め設定されたアルゴリズムとは、例えば、CRHF(Collision Resistant Hash Function)などのハッシュ関数を用いたものである。ただし、正しい検証処理を行うために、受信ヘッダ制御回路221bが有するアルゴリズムは、送信ヘッダ制御回路211bが有するものと同じである必要がある。 The reception header control circuit 221b, like the transmission header control circuit 211b, receives the received ciphertext SG04. An operation may be performed using a preset algorithm for i, and the result may be used as the reception header SG07.1. The preset algorithm is, for example, one using a hash function such as CRHF (Collision Resistant Hash Function). However, in order to perform the correct verification process, the algorithm possessed by the reception header control circuit 221 b needs to be the same as that possessed by the transmission header control circuit 211 b.
 以上に説明した構成により、実施の形態2にかかる送受信システム1は、データの送受信において、秘匿性と、データの整合性とを担保することができる。また、実施の形態2にかかる送受信システム1における受信端末12は、全てのデータの受信を完了する前に、順次復号分割データを結合する処理を進めることが出来る。 With the configuration described above, the transmission and reception system 1 according to the second embodiment can secure secrecy and data integrity in data transmission and reception. In addition, the reception terminal 12 in the transmission and reception system 1 according to the second embodiment can proceed with the process of sequentially combining the decoded divided data before completing the reception of all the data.
 なお、実施の形態1と実施の形態2とは、それぞれヘッダとするための元の情報が異なる。しかしながら、実施の形態1および実施の形態2にかかる送受信システムまたは半導体装置は、次のように説明することが出来る。すなわち、送信端末11の第1半導体装置110及び210は、データ配列上で直前に隣接する暗号分割データに対する処理によって出力されたデータに基づいて、送信ヘッダを生成している。 The first embodiment and the second embodiment are different from each other in the original information to be used as a header. However, the transmission / reception system or the semiconductor device according to Embodiment 1 and Embodiment 2 can be described as follows. That is, the first semiconductor devices 110 and 210 of the transmission terminal 11 generate the transmission header based on the data output by the processing on the immediately preceding divided encryption data on the data array.
 かかる送信ヘッダは、AE暗号化回路111cまたはAE暗号化回路211cが出力する認証タグであってもよいし、暗号文であってもよい。また、かかる送信ヘッダは、AE暗号化回路111cまたはAE暗号化回路211cが出力する認証タグまたは暗号文を予め設定されたアルゴリズムにより演算したものであってもよい。 The transmission header may be an authentication tag output from the AE encryption circuit 111c or the AE encryption circuit 211c, or may be a ciphertext. In addition, the transmission header may be an authentication tag or an encrypted text output from the AE encryption circuit 111 c or the AE encryption circuit 211 c, which is calculated by a preset algorithm.
 同様に、受信端末12の第2半導体装置120及び220は、データ配列上で直前に隣接する暗号分割データに対する処理によって出力されたデータに基づいて、受信ヘッダを生成している。 Similarly, the second semiconductor devices 120 and 220 of the receiving terminal 12 generate the reception header based on the data output by the processing on the immediately preceding encrypted divided data on the data array.
 かかる受信ヘッダは、受信端末12が受信する信号のうち、認証タグであってもよいし、暗号文であってもよい。また、かかる受信ヘッダは、受信した認証タグまたは暗号文を予め設定されたアルゴリズムにより演算したものであってもよい。 The reception header may be an authentication tag or a ciphertext in the signal received by the reception terminal 12. Further, the received header may be one obtained by calculating the received authentication tag or ciphertext according to a preset algorithm.
 <実施の形態3>
 次に、図13から図16を参照しながら、実施の形態3について説明する。実施の形態3にかかる送受信システム1は、送信端末11が第1半導体装置310を有し、第1半導体装置310に含まれるCPU311の機能が実施の形態1と異なる。また、実施の形態3にかかる送受信システム1は、受信端末12が第2半導体装置320を有し、第2半導体装置320に含まれるCPU321の機能が実施の形態1と異なる。また、実施の形態3にかかる送受信システム1は、1番目の分割データに対する処理および最後の分割データに対する処理が、実施の形態1と異なる。 Embodiment 3
Next, Embodiment 3 will be described with reference to FIGS. 13 to 16. In the transmission / reception system 1 according to the third embodiment, the transmission terminal 11 has the first semiconductor device 310, and the function of the CPU 311 included in the first semiconductor device 310 is different from that of the first embodiment. The transmission / reception system 1 according to the third embodiment is different from that of the first embodiment in the function of the CPU 321 included in the second semiconductor device 320, in which the receiving terminal 12 has the second semiconductor device 320. The transmission / reception system 1 according to the third embodiment is different from that of the first embodiment in the process for the first divided data and the process for the last divided data.
 図13は、実施の形態3にかかる第1半導体装置のハードウェア構成図である。図13に示すように、実施の形態3にかかる第1半導体装置310は、CPU311を有し、CPU311は、実施の形態1にかかるCPU111が有していた送信ヘッダ制御回路111bに代えて、送信ヘッダ制御回路311bを有している。また、実施の形態3にかかる機能を実現するため、メモリ112は、元データSG01、鍵情報SG02、および初期ヘッダSG03に加えて、第1信号SG11および第2信号SG12を記憶している。 FIG. 13 is a hardware configuration diagram of the first semiconductor device according to the third embodiment. As shown in FIG. 13, the first semiconductor device 310 according to the third embodiment has a CPU 311, and the CPU 311 performs transmission instead of the transmission header control circuit 111 b that the CPU 111 according to the first embodiment has. It has a header control circuit 311b. Further, in order to realize the function according to the third embodiment, the memory 112 stores the first signal SG11 and the second signal SG12 in addition to the original data SG01, the key information SG02, and the initial header SG03.
 第1信号SG11は、送信端末11において元データSG01を分割して認証付き暗号化処理を行う際の、先頭の分割データの処理であることを示す信号である。第2信号SG12は、送信端末11において元データSG01を分割して認証付き暗号化処理を行う際の、最後尾の処理であることを示す信号である。 The first signal SG11 is a signal indicating that it is the processing of the first divided data when the original data SG01 is divided in the transmitting terminal 11 to perform the encryption process with authentication. The second signal SG12 is a signal indicating that it is the last process when the transmitting terminal 11 divides the original data SG01 and performs encryption processing with authentication.
 図14は、実施の形態3にかかる第2半導体装置のハードウェア構成図である。図14に示すように、実施の形態3にかかる第2半導体装置320は、CPU321を有し、CPU321は、実施の形態1にかかるCPU121が有していた受信ヘッダ制御回路121bに代えて、受信ヘッダ制御回路321bを有している。 FIG. 14 is a hardware configuration diagram of the second semiconductor device according to the third embodiment. As shown in FIG. 14, the second semiconductor device 320 according to the third embodiment has the CPU 321, and the CPU 321 receives instead of the reception header control circuit 121b that the CPU 121 according to the first embodiment has. It has a header control circuit 321b.
 図14に示すCPU321は、送信端末11から第1信号SG11および第2信号SG12が送信される。したがって、図示しない実行プログラムにおいて、第1信号SG11が先頭の分割データに関する信号であること、および、第2信号SG12が最後尾の分割データに関する信号であることを予め登録されている。CPU321は、メモリ122に第1信号SG11および第2信号SG12を記憶しておき、記憶した第1信号SG11および第2信号SG12を参照することにより、以下の処理を実行してもよい。 The CPU 321 shown in FIG. 14 transmits a first signal SG11 and a second signal SG12 from the transmitting terminal 11. Therefore, in the execution program (not shown), it is registered in advance that the first signal SG11 is a signal related to the first divided data and the second signal SG12 is a signal related to the last divided data. The CPU 321 may store the first signal SG11 and the second signal SG12 in the memory 122 and execute the following processing by referring to the stored first signal SG11 and the second signal SG12.
 次に、図15を参照しながら、実施の形態3にかかるCPU311の機能について実施の形態1と異なる点について説明する。図15は、第1半導体装置におけるCPU311の処理を説明するための図である。図15に示すように、CPU311は、送信ヘッダ制御回路311bがメモリ112から第1信号SG11および第2信号SG12を受け取り、受け取ったこれらの信号を処理する点において実施の形態1と異なる。 Next, differences between the functions of the CPU 311 according to the third embodiment and the first embodiment will be described with reference to FIG. FIG. 15 is a diagram for explaining the process of the CPU 311 in the first semiconductor device. As shown in FIG. 15, the CPU 311 differs from the first embodiment in that the transmission header control circuit 311b receives the first signal SG11 and the second signal SG12 from the memory 112 and processes the received signals.
 以下、送信ヘッダ制御回路311bの処理について、1番目の処理、2番目からn-1番目の処理、およびn番目の処理についてそれぞれ説明する。 The processing of the transmission header control circuit 311b will be described below for the first processing, the second to (n-1) th processing, and the nth processing.
 1番目の処理において、送信ヘッダ制御回路311bは、受け取った初期ヘッダSG03および第1信号SG11を、1番目の処理に掛かる分割データSG01.1に付随させる送信ヘッダSG06.1として、AE暗号化回路111cに出力する。AE暗号化回路111cは、鍵情報SG02を用いて分割データSG01.1を暗号化処理すると共に、初期ヘッダSG03および第1信号SG11を含む送信ヘッダSG06.1を付随させ、暗号文SG04.1を生成する。 In the first process, the transmission header control circuit 311 b generates an AE encryption circuit as a transmission header SG06.1 in which the received initial header SG03 and the first signal SG11 are added to the divided data SG01.1 to be subjected to the first process. Output to 111c. The AE encryption circuit 111c encrypts the divided data SG01.1 using the key information SG02, adds a transmission header SG06.1 including the initial header SG03 and the first signal SG11, and adds the ciphertext SG04.1. Generate
 2番目からn-1番目の処理において、送信ヘッダ制御回路311bは、実施の形態1において説明した処理をおこなう。 In the second to n−1th processes, the transmission header control circuit 311 b performs the process described in the first embodiment.
 n番目の処理において、送信ヘッダ制御回路311bは、AE暗号化回路111cから受け取った認証タグSG05.n-1および第2信号SG12を、n番目の処理にかかる分割データSG01.nに付随させる送信ヘッダSG06.nとして、AE暗号化回路111cに出力する。AE暗号化回路111cは、鍵情報SG02を用いて分割データSG01.nを暗号化処理すると共に、第2信号SG12が含まれる送信ヘッダSG06.nを付随させ、暗号文SG04.nを生成する。 In the n-th process, the transmission header control circuit 311b receives the authentication tag SG05.n received from the AE encryption circuit 111c. The n−1 and the second signal SG12 are divided into divided data SG01. Transmission header SG06. It outputs to the AE encryption circuit 111c as n. The AE encryption circuit 111c uses the key information SG02 to generate divided data SG01. n is encrypted, and a transmission header SG06. n is attached and ciphertext SG 04. Generate n.
 このように、実施の形態3にかかるCPU311は、1番目の処理に掛かる暗号文SG04.1の送信ヘッダSG06.1に、最初の処理であることを示す第1信号SG11を含ませる。また、実施の形態3にかかるCPU311は、n個に分割された内の最後に当たるn番目の処理にかかる暗号文SG04.nの送信ヘッダSG06.nに、最後の処理であることを示す第1信号SG11を含ませる。 Thus, the CPU 311 according to the third embodiment includes the first signal SG11 indicating the first process in the transmission header SG06.1 of the ciphertext SG04.1 applied to the first process. Further, the CPU 311 according to the third embodiment determines the ciphertext SG 04. n transmission header SG06. n includes a first signal SG11 indicating that it is the final process.
 次に、図16を参照しながら、受信端末12が有する第2半導体装置320のうち、CPU321の機能について実施の形態1と異なる点について説明する。図16は、第2半導体装置におけるCPU321の処理を説明するための図である。 Next, the function of the CPU 321 of the second semiconductor device 320 included in the receiving terminal 12 will be described with reference to FIG. FIG. 16 is a diagram for explaining the process of the CPU 321 in the second semiconductor device.
 CPU321は、IF123を介して送信端末11から初期ヘッダSG03、暗号文SG04.i、認証タグSG05.i、第1信号SG11、および第2信号SG12を受け取る。CPU321は、初期ヘッダSG03、第1信号SG11、および第2信号SG12を受信ヘッダ制御回路121bに供給する。 The CPU 321 transmits an initial header SG03, an encrypted text SG04. i, authentication tag SG05. i, the first signal SG11, and the second signal SG12 are received. The CPU 321 supplies the initial header SG03, the first signal SG11, and the second signal SG12 to the reception header control circuit 121b.
 以下、受信ヘッダ制御回路321bの処理について、1番目の処理、2番目からn-1番目の処理、およびn番目の処理についてそれぞれ説明する。 The processing of the reception header control circuit 321b will be described below for the first processing, the second to n-1st processing, and the nth processing.
 1番目の処理において、受信ヘッダ制御回路321bは、1番目の暗号分割データである暗号文SG04.1に付随させる受信ヘッダSG07.1として、初期ヘッダSG03および第1信号SG11をAE復号回路121dに出力する。 In the first process, the reception header control circuit 321b sends the initial header SG03 and the first signal SG11 to the AE decryption circuit 121d as the reception header SG07.1 to be added to the ciphertext SG04.1 which is the first piece of encrypted division data. Output.
 AE復号回路121dは、暗号文SG04.1を復号処理する。AE復号回路121dは、送信ヘッダSG06.1に、第1信号SG11が含まれていることを検知すると、復号分割データSG08.1を先頭の分割データとして処理する。 The AE decryption circuit 121d decrypts the ciphertext SG04.1. When it is detected that the first signal SG11 is included in the transmission header SG06.1, the AE decoding circuit 121d processes the decoded divided data SG08.1 as the first divided data.
 2番目からn-1番目の処理において、受信ヘッダ制御回路321bは、実施の形態1において説明した処理をおこなう。 In the second to n−1th processes, the reception header control circuit 321 b performs the process described in the first embodiment.
 n番目の処理において、受信ヘッダ制御回路321bは、n番目の暗号分割データである暗号文SG04.1に付随させる受信ヘッダSG07.1として、送信ヘッダSG06.n-1および第2信号SG12をAE復号回路121dに出力する。 In the nth process, the reception header control circuit 321b sets the transmission header SG06.1 as the reception header SG07.1 to be added to the ciphertext SG04.1 which is the nth encryption division data. The n−1 and the second signal SG12 are output to the AE decoding circuit 121d.
 AE復号回路121dは、暗号文SG04.nを復号処理する。AE復号回路121dは、送信ヘッダSG06.nに、第2信号SG12が含まれていることを検知すると、復号分割データSG08.nを最後尾の分割データとして処理する。 The AE decryption circuit 121 d transmits the ciphertext SG 04. Decode n. The AE decoding circuit 121d transmits the transmission headers SG06. When it is detected that n contains the second signal SG12, the decoded split data SG08. Process n as final divided data.
 AE復号回路121dは、上述した処理のうち、送信ヘッダに第1信号SG11または第2信号SG12が含まれるか否かを検証する際、メモリ122に予め記憶しておいた第1信号SG11または第2信号SG12を用いて処理をおこなってもよい。その場合、送信端末11から第1信号SG11または第2信号SG12を送信せずに上述の処理を行ってもよい。 When the AE decoding circuit 121 d verifies whether the transmission header includes the first signal SG11 or the second signal SG12 in the process described above, the first signal SG11 or the second signal SG11 stored in advance in the memory 122 Processing may be performed using two signals SG12. In that case, the above-described processing may be performed without transmitting the first signal SG11 or the second signal SG12 from the transmission terminal 11.
 なお、上述の第1信号SG11および第2信号SG12に係る処理は、第1信号SG11にかかる構成を省略することもできる。この場合、先頭の分割データであることは、先頭ヘッダに含まれるデータにより担保し得る。また、当然ながら、上述の第1信号SG11および第2信号SG12に係る処理は、実施の形態2にかかる送受信システム1に適用することもできる。 In addition, the process which concerns on the above-mentioned 1st signal SG11 and 2nd signal SG12 can also abbreviate | omit the structure concerning 1st signal SG11. In this case, the first divided data can be secured by the data included in the first header. Also, as a matter of course, the processing relating to the first signal SG11 and the second signal SG12 described above can also be applied to the transmission and reception system 1 according to the second embodiment.
 このように、実施の形態3にかかるCPU321は、先頭の分割データであることを示す第1信号SG11を含まれることを検知する。また、実施の形態3にかかるCPU321は、n個に分割された内の最後尾の分割データであることを示す第2信号SG12が含まれることを検知する。CPU321が第1信号SG11および第2信号SG12を検知することにより、実施の形態3にかかる半導体装置320は、分割されたデータを先頭から最後尾まで元データとの整合性を担保する処理が可能となる。したがって、実施の形態3にかかる送受信システム1は、データの送受信において、秘匿性と、データの整合性とを担保することができる。 Thus, the CPU 321 according to the third embodiment detects that the first signal SG11 indicating that it is the head divided data is included. The CPU 321 according to the third embodiment detects that the second signal SG12 indicating that the divided data is the last divided data among the n divided data is included. When the CPU 321 detects the first signal SG11 and the second signal SG12, the semiconductor device 320 according to the third embodiment can process the divided data from the beginning to the end to ensure consistency with the original data. It becomes. Therefore, the transmission and reception system 1 according to the third embodiment can secure secrecy and data integrity in data transmission and reception.
 なお、本発明は上記実施の形態に限られたものではなく、趣旨を逸脱しない範囲で適宜変更することが可能である。 The present invention is not limited to the above embodiment, and can be appropriately modified without departing from the scope of the present invention.
 例えば、上記の実施形態の一部又は全部は、以下の付記のようにも記載され得るが、以下には限られない。 For example, some or all of the above embodiments may be described as in the following appendices, but is not limited to the following.
   (付記1)
 メモリと制御回路とを有し、外部端末装置に対して予め設定されたデータを提供する半導体装置であって、
 前記メモリは、認証付き暗号化のための鍵情報を記憶し、
 前記制御回路は、
 前記データを、データ配列上の連続性を維持したまま、複数の分割データに分割し、
 前記データ配列上における直前の分割データを暗号化処理することによって出力された信号に基づいて送信ヘッダを生成し、
 前記送信ヘッダと前記分割データと前記鍵情報とから、それぞれ暗号分割データと当該暗号分割データに対応する認証タグとを生成し、
 生成した前記暗号分割データと当該暗号分割データに対応する前記認証タグとを、前記データ配列上の順番に従って出力する、
半導体装置。 (Supplementary Note 1)
A semiconductor device having a memory and a control circuit and providing data set in advance to an external terminal device,
The memory stores key information for authenticated encryption;
The control circuit
The data is divided into a plurality of divided data while maintaining continuity on the data array,
Generating a transmission header on the basis of a signal output by performing encryption processing on the previous divided data on the data array;
An encrypted divided data and an authentication tag corresponding to the encrypted divided data are generated from the transmission header, the divided data, and the key information, respectively.
Outputting the generated encrypted divided data and the authentication tag corresponding to the encrypted divided data in the order on the data array;
Semiconductor device.
   (付記2)
 前記送信ヘッダは、
 前記データ配列上における直前の分割データを暗号化処理することによって出力された認証タグである、
付記1に記載の半導体装置。 (Supplementary Note 2)
The transmission header is
It is an authentication tag that is output by encrypting the previous divided data on the data array,
The semiconductor device according to appendix 1.
   (付記3)
 前記送信ヘッダは、
 前記データ配列上における直前の分割データを暗号化処理することによって出力された暗号文に基づいた信号である、
付記1に記載の半導体装置。 (Supplementary Note 3)
The transmission header is
A signal based on a ciphertext output by performing an encryption process on the previous divided data on the data array;
The semiconductor device according to appendix 1.
   (付記4)
 前記送信ヘッダは、
 前記暗号文を予め設定されたハッシュ関数に入力して演算された信号である、
付記3に記載の半導体装置。 (Supplementary Note 4)
The transmission header is
It is a signal calculated by inputting the ciphertext into a preset hash function,
The semiconductor device according to appendix 3.
   (付記5)
 前記メモリは、前記データのヘッダ情報である初期ヘッダをさらに記憶し、
 前記制御回路は、
 前記暗号分割データのうち、前記データ配列上の先頭の分割データに対して、前記初期ヘッダを含む送信ヘッダを生成する、
付記1に記載の半導体装置。 (Supplementary Note 5)
The memory further stores an initial header that is header information of the data;
The control circuit
The transmission header including the initial header is generated for the first divided data on the data array among the encrypted divided data.
The semiconductor device according to appendix 1.
   (付記6)
 前記メモリは、データ配列上で先頭の分割データであることを示すための第1信号をさらに記憶し、
 前記制御回路は、
 前記暗号分割データのうち、データ配列上で先頭の分割データに対して、前記第1信号を、前記送信ヘッダに含ませる、
付記1に記載の半導体装置。 (Supplementary Note 6)
The memory further stores a first signal for indicating that it is the first divided data on the data array;
The control circuit
The first signal is included in the transmission header with respect to the first divided data on the data array among the encrypted divided data,
The semiconductor device according to appendix 1.
   (付記7)
 前記メモリは、データ配列上で最後尾の分割データであることを示すための第2信号をさらに記憶し、
 前記制御回路は、
 前記暗号分割データのうち、データ配列上で最後尾の分割データに対して、前記第2信号を、前記送信ヘッダに含ませる、
付記1に記載の半導体装置。 (Appendix 7)
The memory further stores a second signal for indicating the last divided data on the data array;
The control circuit
The second signal is included in the transmission header with respect to the last divided data in the data array among the encrypted divided data,
The semiconductor device according to appendix 1.
   (付記8)
 外部端末装置に対して予め設定されたデータを提供するデータ提供方法であって、
 前記データを、データ配列上の連続性を維持したまま、複数の分割データに分割し、
 前記データ配列上における直前の分割データを暗号化処理することによって出力された信号に基づいて送信ヘッダを生成し、
 前記送信ヘッダと前記分割データと前記鍵情報とから、それぞれ暗号分割データと当該暗号分割データに対応する認証タグとを生成し、
 生成した前記暗号分割データと当該暗号分割データに対応する前記認証タグとを、前記データ配列上の順番に従って出力する、
データ提供方法。 (Supplementary Note 8)
A data providing method for providing preset data to an external terminal device, comprising:
The data is divided into a plurality of divided data while maintaining continuity on the data array,
Generating a transmission header on the basis of a signal output by performing encryption processing on the previous divided data on the data array;
An encrypted divided data and an authentication tag corresponding to the encrypted divided data are generated from the transmission header, the divided data, and the key information, respectively.
Outputting the generated encrypted divided data and the authentication tag corresponding to the encrypted divided data in the order on the data array;
Data provision method.
   (付記9)
 コンピュータに以下の方法を実行させることにより、外部端末装置に対して予め設定されたデータを提供するプログラムであって、
 前記方法は、
 前記データを、データ配列上の連続性を維持したまま、複数の分割データに分割し、
 前記データ配列上における直前の分割データを暗号化処理することによって出力された信号に基づいて送信ヘッダを生成し、
 前記送信ヘッダと前記分割データと前記鍵情報とから、それぞれ暗号分割データと当該暗号分割データに対応する認証タグとを生成し、
 生成した前記暗号分割データと当該暗号分割データに対応する前記認証タグとを、前記データ配列上の順番に従って出力する、
プログラム。 (Appendix 9)
A program that provides data set in advance to an external terminal device by causing a computer to execute the following method.
The method is
The data is divided into a plurality of divided data while maintaining continuity on the data array,
Generating a transmission header on the basis of a signal output by performing encryption processing on the previous divided data on the data array;
An encrypted divided data and an authentication tag corresponding to the encrypted divided data are generated from the transmission header, the divided data, and the key information, respectively.
Outputting the generated encrypted divided data and the authentication tag corresponding to the encrypted divided data in the order on the data array;
program.
   (付記10)
 メモリと制御回路とを有し、
 前記メモリは、認証付き暗号化された暗号文を復号するための鍵情報を記憶し、
 前記制御回路は、
 外部端末装置から初期ヘッダと認証付き暗号化された暗号分割データと当該複数の暗号分割データに対応する認証タグと前記暗号分割データの連続性を保証するためのヘッダ信号とを順次受け取り、
 受け取る暗号分割データを前記鍵情報により復号し、
 前記復号およびヘッダ信号により生成した認証タグと、前記外部端末装置から受け取った前記認証タグとを照合することにより、前記復号した分割データを認証し、 前記認証の結果に応じて、直後に受け取る暗号分割データに対する前記復号を行うか否かを決定する、
半導体装置。 (Supplementary Note 10)
With memory and control circuitry,
The memory stores key information for decrypting the encrypted encrypted data with authentication.
The control circuit
Receiving an initial header, encrypted encrypted divided data with authentication, an authentication tag corresponding to the plurality of encrypted divided data, and a header signal for guaranteeing continuity of the encrypted divided data from an external terminal device;
Decrypt the received encrypted division data by the key information;
The decrypted divided data is authenticated by comparing the authentication tag generated by the decryption and the header signal with the authentication tag received from the external terminal device, and the encryption received immediately after the authentication result according to the result of the authentication Determine whether to perform the decoding on the divided data;
Semiconductor device.
   (付記11)
 前記ヘッダ信号は、直前に処理した暗号分割データに対応する認証タグである、
付記10に記載の半導体装置。 (Supplementary Note 11)
The header signal is an authentication tag corresponding to the encrypted divided data processed immediately before,
The semiconductor device according to appendix 10.
   (付記12)
 前記ヘッダ信号は、直前に処理した暗号分割データの暗号文に基づく信号である、
付記10に記載の半導体装置。 (Supplementary Note 12)
The header signal is a signal based on the ciphertext of the encrypted divided data processed immediately before,
The semiconductor device according to appendix 10.
   (付記13)
 前記ヘッダは、直前に処理した暗号分割データの暗号文を予め設定されたハッシュ関数に入力して演算された信号である、
付記12に記載の半導体装置。 (Supplementary Note 13)
The header is a signal calculated by inputting the ciphertext of the encrypted divided data processed immediately before into a hash function set in advance.
The semiconductor device according to appendix 12.
   (付記14)
 前記制御部は、
 前記認証に成功し前記連続性を有していると判定した場合に、直後に受け取る暗号分割データに対する前記復号を行うことを決定する、
付記10に記載の半導体装置。 (Supplementary Note 14)
The control unit
When it is determined that the authentication is successful and the continuity is present, it is determined that the decryption is performed on the encrypted division data to be received immediately thereafter.
The semiconductor device according to appendix 10.
   (付記15)
 前記制御部は、
 前記認証に成功し前記連続性を有していることが判定された場合に、直前に復号した分割データと現在の処理において復号した分割データとを結合する、
付記14に記載の半導体装置。 (Supplementary Note 15)
The control unit
When it is determined that the authentication is successful and the continuity is determined, the divided data decoded immediately before and the divided data decoded in the current process are combined.
The semiconductor device according to appendix 14.
   (付記16)
 前記制御部は、
 前記復号により生成した認証タグと、前記外部端末装置から受け取った前記認証タグとが一致しない場合、前記復号した分割データを認証しない、
付記10に記載の半導体装置。 (Supplementary Note 16)
The control unit
When the authentication tag generated by the decryption does not match the authentication tag received from the external terminal device, the decrypted divided data is not authenticated.
The semiconductor device according to appendix 10.
   (付記17)
 前記制御部は、
 直前に処理した分割データと、現在受け取っている暗号分割データを復号した分割データとがデータ配列上の連続性を有していることを判定しない場合は、以降に受け取る暗号分割データに対して復号処理を実行しない、
付記10に記載の半導体装置。 (Supplementary Note 17)
The control unit
When it is not determined that the divided data processed immediately before and the divided data obtained by decrypting the currently received encrypted divided data have continuity on the data array, the encrypted divided data received later is decrypted. Do not execute processing,
The semiconductor device according to appendix 10.
   (付記18)
 前記制御部は、
 前記暗号分割データとともに、
 データ配列上で先頭の分割データであることを示すための第1信号を外部端末装置から受け取り、
 最初に受け取った暗号分割データに対して復号処理を行うことにより生成された復号ヘッダ情報に、前記第1信号が含まれる場合には、
 直後に提供される暗号分割データの復号処理を実行する、
 付記10に記載の半導体装置。 (Appendix 18)
The control unit
Along with the encrypted split data,
Receiving from the external terminal apparatus a first signal for indicating that it is the first divided data on the data array;
In the case where the first signal is included in the decryption header information generated by performing decryption processing on the encrypted division data received first,
Execute decryption processing of encrypted split data provided immediately after,
The semiconductor device according to appendix 10.
   (付記19)
 前記制御部は、
 データ配列上で最後尾の分割データであることを示すための第2信号を外部端末装置からさらに受け取り、
 受け取った暗号分割データに対して復号処理を行うことにより生成された復号ヘッダ情報に、前記第2信号が含まれる場合には、
 前記第2信号が含まれていた前記暗号分割データに対する処理をもって、一連の復号処理を終了する、
 付記17に記載の半導体装置。 (Appendix 19)
The control unit
Further receiving a second signal from the external terminal device to indicate that it is the last divided data on the data array;
When the second signal is included in the decryption header information generated by performing decryption processing on the received encrypted division data,
A series of decryption processing is ended by processing the encrypted divided data including the second signal.
The semiconductor device according to appendix 17.
   (付記20)
 外部端末装置から提供された暗号分割データを復号するデータ復号方法であって、
 復号するための鍵情報を記憶し、
 外部端末装置から認証付き暗号化された暗号分割データと当該複数の暗号分割データに対応する認証タグと前記暗号分割データの連続性を保証するためのヘッダ信号とを順次受け取り、
 受け取る暗号分割データを前記鍵情報により順次復号し、
 前記復号により生成した認証タグと、前記外部端末装置から受け取った前記認証タグとを照合することにより、前記復号した分割データを認証し、
 前記認証の結果および前記連続性を有しているか否かの判定結果に応じて、直後に受け取る暗号分割データに対する前記復号を行うか否かを決定する、
データ復号方法。 (Supplementary Note 20)
A data decryption method for decrypting encrypted divided data provided from an external terminal device, comprising:
Store key information for decryption,
Receiving sequentially encrypted encrypted division data with authentication, an authentication tag corresponding to the plurality of encrypted division data, and a header signal for ensuring continuity of the encrypted division data from an external terminal device;
Decrypting the received encrypted divided data sequentially with the key information;
The decrypted divided data is authenticated by comparing the authentication tag generated by the decryption with the authentication tag received from the external terminal device;
In accordance with the result of the authentication and the result of the determination as to whether or not the apparatus has the continuity, it is determined whether or not the decryption is to be performed on the encrypted divided data to be received immediately thereafter.
Data decryption method.
   (付記21)
 コンピュータに、以下の方法を実行させることにより、外部端末装置から提供された暗号分割データを復号するプログラムであって、前記方法は、
 外部端末装置から提供された暗号分割データを復号するデータ復号方法であって、
 復号するための鍵情報を記憶し、
 外部端末装置から認証付き暗号化された暗号分割データと当該複数の暗号分割データに対応する認証タグと前記暗号分割データの連続性を保証するためのヘッダ信号とを順次受け取り、
 受け取る暗号分割データを前記鍵情報により順次復号し、
 前記復号により生成した認証タグと、前記外部端末装置から受け取った前記認証タグとを照合することにより、前記復号した分割データを認証し、
 前記認証の結果および前記連続性を有しているか否かの判定結果に応じて、直後に受け取る暗号分割データに対する前記復号を行うか否かを決定する、
プログラム。 (Supplementary Note 21)
A program for decrypting encrypted divided data provided from an external terminal device by causing a computer to execute the following method, the method comprising:
A data decryption method for decrypting encrypted divided data provided from an external terminal device, comprising:
Store key information for decryption,
Receiving sequentially encrypted encrypted division data with authentication, an authentication tag corresponding to the plurality of encrypted division data, and a header signal for ensuring continuity of the encrypted division data from an external terminal device;
Decrypting the received encrypted divided data sequentially with the key information;
The decrypted divided data is authenticated by comparing the authentication tag generated by the decryption with the authentication tag received from the external terminal device;
In accordance with the result of the authentication and the result of the determination as to whether or not the apparatus has the continuity, it is determined whether or not the decryption is to be performed on the encrypted divided data to be received immediately thereafter.
program.
   (付記22)
 データを送信する送信端末とデータを受信する受信端末とを備え、
 前記送信端末は、
 鍵情報を有し、
 前記データを、データ配列上の連続性を維持したまま、複数の分割データに分割し、
 前記データ配列上における直前の分割データを暗号化処理することによって出力された信号に基づいて送信ヘッダを生成し、
 前記送信ヘッダと前記分割データと前記鍵情報とから、それぞれ暗号分割データと当該暗号分割データに対応する認証タグとを生成し、
 生成した前記暗号分割データと当該暗号分割データに対応する前記認証タグとを、前記データ配列上の順番に従って出力し、
 前記受信端末は、
 前記鍵情報を有し、
 外部端末装置から認証付き暗号化された暗号分割データと当該複数の暗号分割データに対応する認証タグと前記暗号分割データの連続性を保証するためのヘッダ信号とを順次受け取り、
 受け取る暗号分割データを前記鍵情報により順次復号し、
 前記復号により生成した認証タグと、前記外部端末装置から受け取った前記認証タグとを照合することにより、前記復号した分割データを認証し、
 前記認証の結果および前記連続性を有しているか否かの判定結果に応じて、直後に受け取る暗号分割データに対する前記復号を行うか否かを決定する、
送受信システム。 (Supplementary Note 22)
A transmitting terminal for transmitting data and a receiving terminal for receiving data;
The transmitting terminal is
Have key information,
The data is divided into a plurality of divided data while maintaining continuity on the data array,
Generating a transmission header on the basis of a signal output by performing encryption processing on the previous divided data on the data array;
An encrypted divided data and an authentication tag corresponding to the encrypted divided data are generated from the transmission header, the divided data, and the key information, respectively.
Outputting the generated encrypted divided data and the authentication tag corresponding to the encrypted divided data in the order on the data array;
The receiving terminal is
Have the key information,
Receiving sequentially encrypted encrypted division data with authentication, an authentication tag corresponding to the plurality of encrypted division data, and a header signal for ensuring continuity of the encrypted division data from an external terminal device;
Decrypting the received encrypted divided data sequentially with the key information;
The decrypted divided data is authenticated by comparing the authentication tag generated by the decryption with the authentication tag received from the external terminal device;
In accordance with the result of the authentication and the result of the determination as to whether or not the apparatus has the continuity, it is determined whether or not the decryption is to be performed on the encrypted divided data to be received immediately thereafter.
Transmission and reception system.
 一実施の形態は、更新プログラムの授受を行うサーバ装置、端末装置等に適用可能である。 The embodiment can be applied to a server apparatus, a terminal apparatus, etc. that transmits and receives the update program.
1 送受信システム
11 送信端末
12 受信端末
110、210、310 第1半導体装置
112、122 メモリ
120、220、320 第2半導体装置
500、600 フレーム
SG01 元データ
SG02 鍵情報
SG03 初期ヘッダ
SG04.i 暗号文
SG05.i 認証タグ
SG06.i 送信ヘッダ
SG07.i 受信ヘッダ
SG08.i 復号分割データ
SG09.i 認証タグ
SG10.i 検証結果
SG11 第1信号
SG12 第2信号 1 transmission / reception system 11 transmission terminal 12 reception terminal 110, 210, 310 first semiconductor device 112, 122 memories 120, 220, 320 second semiconductor device 500, 600 frame SG01 original data SG02 key information SG03 initial header SG04. i Ciphertext SG05. i Authentication tag SG06. i Transmission header SG07. i Received header SG08. i Decoded divided data SG09. i authentication tag SG10. i Verification result SG11 1st signal SG12 2nd signal

Claims (20)

  1.  メモリと制御回路とを有し、外部端末装置に対して予め設定されたデータを提供する半導体装置であって、
     前記メモリは、認証付き暗号化のための鍵情報を記憶し、
     前記制御回路は、
     前記データを、データ配列上の連続性を維持したまま、複数の分割データに分割し、
     前記データ配列上における直前の分割データを暗号化処理することによって出力された信号に基づいて送信ヘッダを生成し、
     前記送信ヘッダと前記分割データと前記鍵情報とから、それぞれ暗号分割データと当該暗号分割データに対応する認証タグとを生成し、
     生成した前記暗号分割データと当該暗号分割データに対応する前記認証タグとを、前記データ配列上の順番に従って出力する、
    半導体装置。     A semiconductor device having a memory and a control circuit and providing data set in advance to an external terminal device,
    The memory stores key information for authenticated encryption;
    The control circuit
    The data is divided into a plurality of divided data while maintaining continuity on the data array,
    Generating a transmission header on the basis of a signal output by performing encryption processing on the previous divided data on the data array;
    An encrypted divided data and an authentication tag corresponding to the encrypted divided data are generated from the transmission header, the divided data, and the key information, respectively.
    Outputting the generated encrypted divided data and the authentication tag corresponding to the encrypted divided data in the order on the data array;
    Semiconductor device.
  2.  前記送信ヘッダは、
     前記データ配列上における直前の分割データを暗号化処理することによって出力された認証タグである、
    請求項1に記載の半導体装置。     The transmission header is
    It is an authentication tag that is output by encrypting the previous divided data on the data array,
    The semiconductor device according to claim 1.
  3.  前記送信ヘッダは、
     前記データ配列上における直前の分割データを暗号化処理することによって出力された暗号文に基づいた信号である、
    請求項1に記載の半導体装置。     The transmission header is
    A signal based on a ciphertext output by performing an encryption process on the previous divided data on the data array;
    The semiconductor device according to claim 1.
  4.  前記送信ヘッダは、
     前記暗号文を予め設定されたハッシュ関数に入力して演算された信号である、
    請求項3に記載の半導体装置。     The transmission header is
    It is a signal calculated by inputting the ciphertext into a preset hash function,
    The semiconductor device according to claim 3.
  5.  前記メモリは、前記データのヘッダ情報である初期ヘッダをさらに記憶し、
     前記制御回路は、
     前記暗号分割データのうち、前記データ配列上の先頭の分割データに対して、前記初期ヘッダを含む送信ヘッダを生成する、
    請求項1に記載の半導体装置。     The memory further stores an initial header that is header information of the data;
    The control circuit
    The transmission header including the initial header is generated for the first divided data on the data array among the encrypted divided data.
    The semiconductor device according to claim 1.
  6.  前記メモリは、データ配列上で先頭の分割データであることを示すための第1信号をさらに記憶し、
     前記制御回路は、
     前記暗号分割データのうち、データ配列上で先頭の分割データに対して、前記第1信号を、前記送信ヘッダに含ませる、
    請求項1に記載の半導体装置。     The memory further stores a first signal for indicating that it is the first divided data on the data array;
    The control circuit
    The first signal is included in the transmission header with respect to the first divided data on the data array among the encrypted divided data,
    The semiconductor device according to claim 1.
  7.  前記メモリは、データ配列上で最後尾の分割データであることを示すための第2信号をさらに記憶し、
     前記制御回路は、
     前記暗号分割データのうち、データ配列上で最後尾の分割データに対して、前記第2信号を、前記送信ヘッダに含ませる、
    請求項1に記載の半導体装置。     The memory further stores a second signal for indicating the last divided data on the data array;
    The control circuit
    The second signal is included in the transmission header with respect to the last divided data in the data array among the encrypted divided data,
    The semiconductor device according to claim 1.
  8.  外部端末装置に対して予め設定されたデータを提供するデータ提供方法であって、
     認証付き暗号化のための鍵情報を記憶し、
     前記データを、データ配列上の連続性を維持したまま、複数の分割データに分割し、
     前記データ配列上における直前の分割データを暗号化処理することによって出力された信号に基づいて送信ヘッダを生成し、
     前記送信ヘッダと前記分割データと前記鍵情報とから、それぞれ暗号分割データと当該暗号分割データに対応する認証タグとを生成し、
     生成した前記暗号分割データと当該暗号分割データに対応する前記認証タグとを、前記データ配列上の順番に従って出力する、
    データ提供方法。     A data providing method for providing preset data to an external terminal device, comprising:
    Store key information for certified encryption,
    The data is divided into a plurality of divided data while maintaining continuity on the data array,
    Generating a transmission header on the basis of a signal output by performing encryption processing on the previous divided data on the data array;
    An encrypted divided data and an authentication tag corresponding to the encrypted divided data are generated from the transmission header, the divided data, and the key information, respectively.
    Outputting the generated encrypted divided data and the authentication tag corresponding to the encrypted divided data in the order on the data array;
    Data provision method.
  9.  コンピュータに以下の方法を実行させることにより、外部端末装置に対して予め設定されたデータを提供するプログラムであって、
     前記方法は、
     認証付き暗号化のための鍵情報を記憶し、
     前記データを、データ配列上の連続性を維持したまま、複数の分割データに分割し、
     前記データ配列上における直前の分割データを暗号化処理することによって出力された信号に基づいて送信ヘッダを生成し、
     前記送信ヘッダと前記分割データと前記鍵情報とから、それぞれ暗号分割データと当該暗号分割データに対応する認証タグとを生成し、
     生成した前記暗号分割データと当該暗号分割データに対応する前記認証タグとを、前記データ配列上の順番に従って出力する、
    プログラム。     A program that provides data set in advance to an external terminal device by causing a computer to execute the following method.
    The method is
    Store key information for certified encryption,
    The data is divided into a plurality of divided data while maintaining continuity on the data array,
    Generating a transmission header on the basis of a signal output by performing encryption processing on the previous divided data on the data array;
    An encrypted divided data and an authentication tag corresponding to the encrypted divided data are generated from the transmission header, the divided data, and the key information, respectively.
    Outputting the generated encrypted divided data and the authentication tag corresponding to the encrypted divided data in the order on the data array;
    program.
  10.  メモリと制御回路とを有し、
     前記メモリは、認証付き暗号化された暗号文を復号するための鍵情報を記憶し、
     前記制御回路は、
     外部端末装置から認証付き暗号化された暗号分割データと当該暗号分割データに対応する認証タグと前記暗号分割データの連続性を保証するためのヘッダ信号とを順次受け取り、
     受け取る暗号分割データを前記鍵情報により順次復号し、
     前記復号により生成した認証タグと、前記外部端末装置から受け取った前記認証タグとを照合することにより、前記復号した分割データを認証し、
     前記認証の結果に応じて、直後に受け取る暗号分割データに対する前記復号を行うか否かを決定する、
    半導体装置。     With memory and control circuitry,
    The memory stores key information for decrypting the encrypted encrypted data with authentication.
    The control circuit
    Receiving sequentially encrypted encrypted divided data with authentication, an authentication tag corresponding to the encrypted divided data, and a header signal for ensuring continuity of the encrypted divided data from the external terminal device;
    Decrypting the received encrypted divided data sequentially with the key information;
    The decrypted divided data is authenticated by comparing the authentication tag generated by the decryption with the authentication tag received from the external terminal device;
    In accordance with the result of the authentication, it is determined whether or not the decryption is to be performed on the encrypted divided data received immediately thereafter.
    Semiconductor device.
  11.  前記ヘッダ信号は、直前に処理した暗号分割データに対応する認証タグである、
    請求項10に記載の半導体装置。     The header signal is an authentication tag corresponding to the encrypted divided data processed immediately before,
    The semiconductor device according to claim 10.
  12.  前記ヘッダ信号は、直前に処理した暗号分割データの暗号文に基づく信号である、
    請求項10に記載の半導体装置。     The header signal is a signal based on the ciphertext of the encrypted divided data processed immediately before,
    The semiconductor device according to claim 10.
  13.  前記ヘッダ信号は、直前に処理した暗号分割データの暗号文を予め設定されたハッシュ関数に入力して演算された信号である、
    請求項12に記載の半導体装置。     The header signal is a signal calculated by inputting the ciphertext of the encrypted divided data processed immediately before into a preset hash function,
    A semiconductor device according to claim 12.
  14.  前記制御回路は、
     前記認証に成功し、且つ、前記連続性を有していると判定した場合に、直後に受け取る暗号分割データに対する前記復号を行うことを決定する、
    請求項10に記載の半導体装置。     The control circuit
    When it is determined that the authentication is successful and the continuity is present, it is determined that the decryption is performed on the encrypted division data to be received immediately thereafter.
    The semiconductor device according to claim 10.
  15.  前記制御回路は、
     前記認証に成功し、且つ、前記連続性を有していることが判定された場合に、直前に復号した分割データと現在の処理において復号した分割データとを結合する、
    請求項14に記載の半導体装置。     The control circuit
    When it is determined that the authentication is successful and the continuity is obtained, the divided data decoded immediately before and the divided data decoded in the current process are combined.
    The semiconductor device according to claim 14.
  16.  前記制御回路は、
     直前に処理した分割データと、現在受け取っている暗号分割データを復号した分割データとがデータ配列上の連続性を有していることを判定しない場合は、以降に受け取る暗号分割データに対して復号処理を実行しない、
    請求項10に記載の半導体装置。     The control circuit
    When it is not determined that the divided data processed immediately before and the divided data obtained by decrypting the currently received encrypted divided data have continuity on the data array, the encrypted divided data received later is decrypted. Do not execute processing,
    The semiconductor device according to claim 10.
  17.  前記制御回路は、
     前記暗号分割データとともに、
     データ配列上で先頭の分割データであることを示すための第1信号を外部端末装置から受け取り、
     最初に受け取った暗号分割データに対して復号処理を行うことにより生成された復号ヘッダ情報に、前記第1信号が含まれる場合には、
     直後に提供される暗号分割データの復号処理を実行する、
     請求項10に記載の半導体装置。     The control circuit
    Along with the encrypted split data,
    Receiving from the external terminal apparatus a first signal for indicating that it is the first divided data on the data array;
    In the case where the first signal is included in the decryption header information generated by performing decryption processing on the encrypted division data received first,
    Execute decryption processing of encrypted split data provided immediately after,
    The semiconductor device according to claim 10.
  18.  前記制御回路は、
     データ配列上で最後尾の分割データであることを示すための第2信号を外部端末装置からさらに受け取り、
     受け取った暗号分割データに対して復号処理を行うことにより生成された復号ヘッダ情報に、前記第2信号が含まれる場合には、
     前記第2信号が含まれていた前記暗号分割データに対する処理をもって、一連の復号処理を終了する、
     請求項17に記載の半導体装置。     The control circuit
    Further receiving a second signal from the external terminal device to indicate that it is the last divided data on the data array;
    When the second signal is included in the decryption header information generated by performing decryption processing on the received encrypted division data,
    A series of decryption processing is ended by processing the encrypted divided data including the second signal.
    The semiconductor device according to claim 17.
  19.  外部端末装置から提供された暗号分割データを復号するデータ復号方法であって、
     復号するための鍵情報を記憶し、
     外部端末装置から認証付き暗号化された暗号分割データと当該暗号分割データに対応する認証タグと前記暗号分割データの連続性を保証するためのヘッダ信号とを順次受け取り、
     受け取る暗号分割データを前記鍵情報により順次復号し、
     前記復号により生成した認証タグと、前記外部端末装置から受け取った前記認証タグとを照合することにより、前記復号した分割データを認証し、
     前記認証の結果および前記連続性を有しているか否かの判定結果に応じて、直後に受け取る暗号分割データに対する前記復号を行うか否かを決定する、
    データ復号方法。     A data decryption method for decrypting encrypted divided data provided from an external terminal device, comprising:
    Store key information for decryption,
    Receiving sequentially encrypted encrypted divided data with authentication, an authentication tag corresponding to the encrypted divided data, and a header signal for ensuring continuity of the encrypted divided data from the external terminal device;
    Decrypting the received encrypted divided data sequentially with the key information;
    The decrypted divided data is authenticated by comparing the authentication tag generated by the decryption with the authentication tag received from the external terminal device;
    In accordance with the result of the authentication and the result of the determination as to whether or not the apparatus has the continuity, it is determined whether or not the decryption is to be performed on the encrypted divided data to be received immediately thereafter.
    Data decryption method.
  20.  コンピュータに、以下の方法を実行させることにより、外部端末装置から提供された暗号分割データを復号するプログラムであって、前記方法は、
     外部端末装置から提供された暗号分割データを復号するデータ復号方法であって、
     復号するための鍵情報を記憶し、
     外部端末装置から認証付き暗号化された暗号分割データと当該暗号分割データに対応する認証タグと前記暗号分割データの連続性を保証するためのヘッダ信号とを順次受け取り、
     受け取る暗号分割データを前記鍵情報により順次復号し、
     前記復号により生成した認証タグと、前記外部端末装置から受け取った前記認証タグとを照合することにより、前記復号した分割データを認証し、
     前記認証の結果および前記連続性を有しているか否かの判定結果に応じて、直後に受け取る暗号分割データに対する前記復号を行うか否かを決定する、
    プログラム。     A program for decrypting encrypted divided data provided from an external terminal device by causing a computer to execute the following method, the method comprising:
    A data decryption method for decrypting encrypted divided data provided from an external terminal device, comprising:
    Store key information for decryption,
    Receiving sequentially encrypted encrypted divided data with authentication, an authentication tag corresponding to the encrypted divided data, and a header signal for ensuring continuity of the encrypted divided data from the external terminal device;
    Decrypting the received encrypted divided data sequentially with the key information;
    The decrypted divided data is authenticated by comparing the authentication tag generated by the decryption with the authentication tag received from the external terminal device;
    In accordance with the result of the authentication and the result of the determination as to whether or not the apparatus has the continuity, it is determined whether or not the decryption is to be performed on the encrypted divided data to be received immediately thereafter.
    program.
PCT/JP2018/001505 2018-01-19 2018-01-19 Semiconductor device, data-providing method, data-decoding method, and program WO2019142306A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2018/001505 WO2019142306A1 (en) 2018-01-19 2018-01-19 Semiconductor device, data-providing method, data-decoding method, and program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2018/001505 WO2019142306A1 (en) 2018-01-19 2018-01-19 Semiconductor device, data-providing method, data-decoding method, and program

Publications (1)

Publication Number Publication Date
WO2019142306A1 true WO2019142306A1 (en) 2019-07-25

Family

ID=67301374

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/001505 WO2019142306A1 (en) 2018-01-19 2018-01-19 Semiconductor device, data-providing method, data-decoding method, and program

Country Status (1)

Country Link
WO (1) WO2019142306A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009025657A (en) * 2007-07-20 2009-02-05 Kyocera Corp Transmitter, receiving method, and receiver
WO2015015702A1 (en) * 2013-08-02 2015-02-05 日本電気株式会社 Authenticated encryption device, authenticated encryption method, and program for authenticated encryption
WO2016116999A1 (en) * 2015-01-19 2016-07-28 三菱電機株式会社 Packet transmission device, packet-receiving device, packet transmission program, and packet-receiving program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009025657A (en) * 2007-07-20 2009-02-05 Kyocera Corp Transmitter, receiving method, and receiver
WO2015015702A1 (en) * 2013-08-02 2015-02-05 日本電気株式会社 Authenticated encryption device, authenticated encryption method, and program for authenticated encryption
WO2016116999A1 (en) * 2015-01-19 2016-07-28 三菱電機株式会社 Packet transmission device, packet-receiving device, packet transmission program, and packet-receiving program

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DWORKIN, M.: "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC", NIST SPECIAL PUBLICATION 800-38D, November 2007 (2007-11-01), XP055537161, Retrieved from the Internet <URL:https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf> [retrieved on 20180329] *
MURAKAMI, YUMIKO ET AL.: "A Message authentication scheme with variable-length MAC", IEICE TECHNICAL REPORT, vol. 114, no. 489, 24 February 2015 (2015-02-24), pages 205 - 210 *

Similar Documents

Publication Publication Date Title
JP5855696B2 (en) Block encryption method and block decryption method including integrity verification
US8908859B2 (en) Cryptographic apparatus and memory system
US20110311048A1 (en) Cryptographic operation apparatus, storage apparatus, and cryptographic operation method
US10050964B2 (en) Method and system for securing data communicated in a network
US11290257B2 (en) Data transfer system and transfer method
US20150012968A1 (en) Information processing system
KR101913644B1 (en) Code-based encryption apparatus and method capable of message authentication
CN113079001B (en) Key updating method, information processing apparatus, and key updating device
WO2019043921A1 (en) Encryption device, decryption device, encryption method, decryption method, encryption program, and decryption program
US8995666B2 (en) Key scheduling device and key scheduling method
US10771266B2 (en) Method for configuring a transponder, transponder and base station
US20150058639A1 (en) Encryption processing device and storage device
US11516024B2 (en) Semiconductor device, update data-providing method, update data-receiving method, and program
US20230139104A1 (en) Authenticated encryption apparatus, authenticated decryption apparatus, authenticated encryption system, method, and computer readable medium
WO2019142306A1 (en) Semiconductor device, data-providing method, data-decoding method, and program
US20150249467A1 (en) Storage device, controller, and data writing method
KR20160109891A (en) Apparatus and Method for Generating Cryptographic Key based on PUF
KR101974345B1 (en) Data communication apparatus for connected vehicle supporting secure communication between vehicles via digital signature and operating method thereof
US20200228310A1 (en) Circuit concealing apparatus, calculation apparatus, and program
JP6436794B2 (en) Information processing apparatus, control method thereof, and program
JP2022513496A (en) Arithmetic logic unit and operation method of arithmetic unit
US20240086543A1 (en) Secure booting apparatus and operating method thereof
JP7397403B2 (en) Electronic information storage medium, authentication code generation method, authentication code verification method, and program
JP6732698B2 (en) Authentication encryption system with additional data, encryption device, decryption device, authentication encryption method with additional data, and program
US10547447B2 (en) Collaborative computation of HMAC

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18900757

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18900757

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP