JP2007072957A - Read/write device and debugging system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent program and data inside a microprocessor from being analyzed and altered by a third party and to realize convenience which needs neither setting nor management about key information required for verification. <P>SOLUTION: A read/write device includes a memory 22 which memorizes identification information Pd unique for the device, a secure information input/output section 23 which can be equipped with a secure information recording medium 40 by which identification information Ps is stored in a protection area 41, mutually recognize the identification information Ps to the identification information Pd and having a verification section 23a which carries out forwarding and storing of the identification information Ps at a memory 22 when they are in agreement, a command transceiver section 21 which transmits the received command to the microprocessor 10, and a decoding section 24 which decodes encryption data received from the microprocessor using the identification information Ps stored in the memory 22 and transmits the decoded data to the host computer. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a read / write device connected to a microprocessor that stores a program to be concealed outside and a host computer that debugs the microprocessor. It also relates to a debugging system.

  Conventionally, a microprocessor incorporated in a system LSI has a debug interface for performing debugging after design and after shipment. Debugging refers to finding and correcting bugs in a program by operating a microprocessor connected to the debugger using its internal programs and data, and the debugger is a tool for debugging. Some programs and data in the microprocessor are confidential. There is a security problem that a malicious third party uses a debugger to analyze and falsify programs and data.

  To solve this problem, disable the function of the on-chip debug circuit at power-on, set the security, and receive the security specification bit and the enable code that enables the reset of that bit to enable the function of the on-chip debug circuit. There is a technique related to an information processing apparatus that enables information to be read by enabling and releasing security (see, for example, Patent Document 1).

In addition, the key information received from the host computer is written to a nonvolatile memory inside the microprocessor, and the microprocessor's internal information is encrypted using the key information and output, and the host computer uses the key information. A technique for decrypting and displaying an encrypted program received in this way is disclosed (for example, see Patent Document 2).
Japanese Unexamined Patent Publication No. 2000-347942 (page 3-4, FIG. 1-2) JP 2004-287590 A (pages 9-13, FIGS. 1-4)

  However, the above conventional method requires the user to strictly manage the key information. There is a problem that the program and data in the microprocessor are analyzed or falsified due to leakage of the key information, and the subsequent debugging operation cannot be performed due to loss of the key information.

  The present invention focuses on the above-described problems and aims to improve the security and user convenience of the debug system.

A read / write device according to the present invention is a read / write device connected to a microprocessor and a host computer for debugging the microprocessor,
A memory for storing device-specific identification information;
A secure information recording medium such as an SD memory card in which authentication information is stored in the protected area can be mounted, and the authentication information of the secure information recording medium is mutually authenticated with the identification information unique to the device of the memory to match. A secure information input / output unit (SDIO) having an authentication unit that sometimes transfers and stores the authentication information from the secure information recording medium to the memory;
A command transmission / reception unit for receiving a command from the host computer and transmitting the received command to the microprocessor;
And a decryption unit that decrypts the encrypted data received from the microprocessor using the authentication information stored in the memory and transmits the decrypted data to the host computer.

  In this configuration, a user who owns a legitimate secure information recording medium is held in the protected area of the secure information recording medium by the authentication unit with the secure information recording medium attached to the secure information input / output unit. The authentication information is mutually authenticated with the device-specific identification information of the read / write device stored in the memory, and then transferred and stored in the memory. The encrypted data generated by the processing in the microprocessor is decrypted by using the authentication information in the memory in the read / write device. Therefore, only a user who has a legitimate secure information recording medium storing authentication information in the protected area can access the microprocessor and decrypt the encrypted data from the microprocessor. Become. As a result, it is possible to effectively prevent analysis and falsification of programs and data in the microprocessor by a third party. It is not necessary to set and manage the key information required for authentication, and the security of the debugging system and the convenience of the user can be realized at the same time.

  In the above, there is an aspect in which the command transmission / reception unit is configured to be activated after confirmation that the authentication information from the secure information recording medium is stored in the memory. According to this, since the command transmission / reception process in the command transmission / reception unit that relays between the host computer and the microprocessor is started after confirming that the authentication information from the secure information recording medium is stored in the memory, The sex can be further enhanced.

  In the above, the secure information input / output unit further includes a mounting detection unit that detects that the secure information recording medium is mounted, and the authentication unit is activated when the mounting detection unit indicates that detection is valid. There is an aspect of being configured as described above.

  According to this, since the authentication information from the secure information recording medium cannot be stored in the memory unless the secure information recording medium is attached to the secure information input / output unit, the security can be further improved. In addition, a legitimate user can quickly establish the prerequisites for starting debugging simply by mounting a secure information recording medium on the read / write device, and does not require setting or management of key information necessary for authentication. Mu

  Further, in the above, there is a mode in which a timer is further provided, and the authentication unit is configured to update the mutual authentication when the timer confirms that a predetermined authentication valid time has elapsed. According to this, the mutual authentication between the identification information unique to the apparatus and the authentication information of the secure information recording medium is periodically repeated, so that the security can be further improved.

  Further, in the above, further comprising a take-out detection unit that detects that the secure information recording medium has been taken out from the secure information input / output unit, and the authentication unit is configured to perform the detection when the take-out detection unit indicates that detection is valid. There is an aspect in which the mutual authentication is configured to be discarded. According to this, if the secure information recording medium is taken out during debugging, mutual authentication can be explicitly terminated without performing a special operation such as turning off the power switch.

  In the above, the secure information input / output unit further includes a data recording unit that records the authentication information and the decrypted data stored in the memory in a data area of the secure information recording medium. is there. According to this, debug information including authentication information and decrypted data stored in the memory can be recorded in the data area of the secure information recording medium. As a result, it is possible to have the flexibility of increasing the number of users permitted to access.

  Further, in the above, further comprising a timer, a data recording unit, and a data erasing unit, the authentication unit stores the authentication information stored in the memory when the timer confirms that a predetermined authentication valid time has elapsed. The data recording unit records the authentication information after the change in the memory in a protected area of the secure information recording medium, and the data erasing unit stores the previous authentication in the protected area of the secure information recording medium. There is an aspect of being configured to erase information. According to this, since the authentication information stored in the protected area of the secure information recording medium is periodically changed, the security can be further improved.

  In addition, a debugging system according to the present invention debugs the operation of the microprocessor that can communicate with any one of the above read / write devices, the microprocessor that can communicate with the read / write device, and the read / write device. A debug system including a host computer, wherein the command transmission / reception unit in the read / write device reads the authentication information in the memory and transmits the authentication information to the microprocessor, and the microprocessor receives the authentication information Is used to encrypt the program execution result data and transmit the encrypted data to the read / write device, and the decryption unit in the read / write device decrypts the encrypted data according to the authentication information read from the memory Is configured to do.

  According to this debug system, after mutual authentication, authentication information is read from the secure information recording medium, stored in the memory, the authentication information is transferred to the microprocessor, and the microprocessor authenticates the received secure information recording medium. Encryption is performed using information, and the read / write device performs decryption using authentication information of the secure information recording medium, and sends the decrypted data to the host computer for debugging, thereby further enhancing security. .

  In addition, a debugging system according to the present invention debugs the operation of the microprocessor that can communicate with any one of the above read / write devices, the microprocessor that can communicate with the read / write device, and the read / write device. A debugging system configured with a host computer, wherein the command transmission / reception unit in the read / write device reads out the authentication information in the memory and transmits the authentication information to the microprocessor. The program execution result data is encrypted using the information, the key information is encrypted using the received authentication information, the encrypted data and the encryption key information are transmitted to the read / write device, and the read The decoding unit in the writing device reads the memory read from the memory Wherein with decrypting the encrypted key information, and is configured to decode the encrypted data using the key information decrypted according to testament information.

  According to the debug system, the microprocessor encrypts the key information for encryption using the authentication information of the secure information recording medium in the microprocessor, and uses the authentication information of the secure information recording medium for the key information encrypted in the read / write device. Since the encrypted data is decrypted using the decrypted key information and the decrypted data is sent to the host computer for debugging, the security can be further improved.

  According to the present invention, the user who has access to the authorized secure information recording medium storing the authentication information in the protected area can access the microprocessor and decrypt the encrypted data from the microprocessor. Therefore, it is possible to effectively prevent third-party analysis and falsification of programs and data inside the microprocessor, and it is unnecessary to set and manage key information necessary for authentication. The security of the debugging system and the convenience of the user can be realized at the same time.

  Embodiments of a debugging system according to the present invention will be described below in detail with reference to the drawings.

(Embodiment 1)
First, the debug system according to Embodiment 1 of the present invention will be described.

<Configuration>
FIG. 1 is a block diagram showing a configuration of a debugging system according to the first embodiment. This debug system includes a microprocessor 10, a read / write device 20, a host computer 30, and an SD memory card 40, which is a typical example of a secure information recording medium.

  The microprocessor 10 includes a debug interface 11, a memory 12, a CPU 13, and an encryption processing unit 14. The memory 12 includes encryption key information Pe for encrypting data in the program 12 a and the encryption processing unit 14. Is stored.

  The read / write device 20 includes a command transmission / reception unit 21, a memory 22, a secure information input / output unit 23 that uses SDIO (Secure Digital Input Output), and a decryption unit 24. The memory 22 stores device-specific identification information Pd for mutual authentication with the SD memory card 40. The secure information input / output unit (SDIO) 23 includes an authentication unit 23a.

  The host computer 30 includes a command input unit 31 and an output display unit 32.

  The SD memory card 40 includes a protect area 41 and a data area 42. The protect area 41 stores SD memory card authentication information Ps for performing mutual authentication with the read / write device 20.

  The authentication unit 23 a of the secure information input / output unit (SDIO) 23 reads the device-specific identification information Pd from the memory 22 and also reads the SD memory card authentication information Ps from the protected area 41 of the SD memory card 40 to authenticate with the identification information Pd. It is configured to perform mutual authentication with the information Ps.

<Operation>
The operation of the debug system of this embodiment will be described using the flowchart shown in FIG. 2A shows the processing of the authentication unit 23a in the read / write device 20, FIG. 2B shows the processing of the command transmission / reception unit 21 in the read / write device 20, and FIG. 2C shows the processing of the microprocessor 10. FIG. 2D shows the processing of the decoding unit 24 in the read / write device 20.

  The SD memory card 40 is inserted (inserted) into the secure information input / output unit (SDIO) 23 in the read / write device 20, and the microprocessor 10, the read / write device 20 and the host computer 30 are activated.

  As shown in FIG. 2A, in the read / write device 20, the authentication unit 23 a of the secure information input / output unit (SDIO) 23 includes the device-specific identification information Pd stored in the memory 22 and the SD memory card 40. The SD memory card authentication information Ps stored in the protected area 41 is read, the mutual authentication of the identification information Pd and the authentication information Ps is performed, and when the mutual authentication is successful, the SD memory card authentication information Ps is transferred to the memory 22. Store.

  Next, as shown in FIG. 2B, when the command transmission / reception unit 21 in the read / write device 20 receives a command request from the command input unit 31 of the host computer 30, the command is sent to the debug interface 11 in the microprocessor 10. Send to.

  On the other hand, as shown in FIG. 2C, in the microprocessor 10, the CPU 13 executes the program 12a stored in the memory 12 in accordance with the contents of the command received by the debug interface 11, and obtains the execution result data. The data is output to the encryption processing unit 14. The encryption processing unit 14 reads the encryption key information Pe stored in the memory 12, encrypts the program execution result data using this, and reads the encrypted data via the debug interface 11. 20 to send.

  Next, as shown in FIG. 2D, the decryption unit 24 in the read / write device 20 receives the encrypted data from the microprocessor 10, confirms the reading of the SD memory card authentication information Ps into the memory 22, The encrypted data is decrypted using the SD memory card authentication information Ps in the memory 22, and the decrypted data is output to the host computer 30.

  The output display unit 32 in the host computer 30 displays the decoded data.

  As described above, according to the present embodiment, when a user who owns a regular SD memory card 40 sets the SD memory card 40 in the secure information input / output unit (SDIO) 23, the SD memory card The authentication information Ps held in 40 is transferred and stored in the memory 22 after mutual authentication with the device-specific identification information Pd of the read / write device 20. Then, the encrypted data by the encryption key information Pe generated by the processing in the microprocessor 10 is decrypted using the SD memory card authentication information Ps in the memory 22 in the read / write device 20. Therefore, the user who has access to the regular SD memory card 40 storing the authentication information Ps in the protected area 41 can access the microprocessor 10 and decrypt the encrypted data from the microprocessor 10. It will be limited. As a result, it is possible to improve security against analysis and falsification by a third party of programs and data in the microprocessor.

(Embodiment 2)
Next, a debugging system according to Embodiment 2 of the present invention will be described.

<Configuration>
The configuration of the debugging system of the present embodiment is the same as that of the first embodiment.

<Operation>
The operation of the debug system of this embodiment will be described with reference to the flowchart shown in FIG.

  The processing of the authentication unit 23a of the read / write device 20 shown in FIG. 3A is the same as that in FIG. 2A in the case of the first embodiment. As a result, the SD memory card authentication information Ps is stored in the memory 22.

  The processing of the command transmission / reception unit 21 in the read / write device 20 is different from that of the first embodiment (FIG. 2B). As shown in FIG. 3B, the command transmission / reception unit 21 reads the SD memory card authentication information Ps from the memory 22, and receives a command input from the host computer 30 when the SD memory card authentication information Ps is successfully read. . The difference from the first embodiment is that when the command input from the host computer 30 is received, the reading of the SD memory card authentication information Ps from the memory 22 is checked. Subsequent operations are the same as those of the debugging system of the first embodiment.

  According to the present embodiment, the command transmission / reception process in the command transmission / reception unit 21 that relays between the host computer 30 and the microprocessor 10 is started after confirmation that the SD memory card authentication information Ps is stored in the memory 22. Therefore, the security can be further improved as compared with the first embodiment.

(Embodiment 3)
Next, a debugging system according to Embodiment 3 of the present invention will be described.

<Configuration>
FIG. 4 is a block diagram showing the configuration of the debug system according to the third embodiment of the present invention. On the premise of the configuration of the first embodiment shown in FIG. 1, the read / write device 20 further detects that the SD memory card 40 is inserted (inserted) into the secure information input / output unit (SDIO) 23 and starts up. A mounting detection unit 25 is provided. Since other configurations are the same as those in FIG. 1, the same reference numerals are given to the same portions, and the description thereof is omitted.

<Operation>
The operation of the debug system of this embodiment will be described using the flowchart shown in FIG.

  The processing of the authentication unit 23a in the read / write device 20 shown in FIG. 5A is different from that of the first embodiment, and the processing by the mounting detection unit 25 is added. That is, when the SD memory card 40 is attached (inserted) to the secure information input / output unit (SDIO) 23, the attachment detection unit 25 detects the attachment of the SD memory card 40, and in response to this, FIG. The process proceeds to 2 (a). That is, when the attachment detection unit 25 indicates that detection is valid, the authentication unit 23 a authenticates the device-specific identification information Pd stored in the memory 22 and the SD memory card authentication stored in the protected area 41 of the SD memory card 40. The information Ps is read, the mutual authentication between the identification information Pd and the authentication information Ps is performed. When the authentication is successful, the SD memory card authentication information Ps is stored in the memory 22. Thereafter, the same processing as in FIGS. 2B, 2C, and 2D of the first embodiment is performed.

  According to the present embodiment, the SD memory card authentication information Ps cannot be stored in the memory 22 unless the SD memory card 40 is attached to the secure information input / output unit 23. Therefore, the security is higher than that in the first embodiment. The sex can be further enhanced.

  In addition, the user can quickly establish the prerequisites for starting debugging simply by installing the SD memory card 40 in the read / write device 20, and does not require any setting or management related to key information necessary for authentication. Mu

(Embodiment 4)
Next, a debugging system according to Embodiment 4 of the present invention will be described.

<Configuration>
FIG. 6 is a block diagram showing the configuration of the debugging system according to the fourth embodiment of the present invention. Assuming the configuration of the first embodiment shown in FIG. 1, the read / write device 20 further includes an SD memory card attachment detection unit 25 and a timer 26 similar to those described above. Since other configurations are the same as those in FIG. 1, the same reference numerals are given to the same portions, and the description thereof is omitted.

<Operation>
The operation of the debug system of this embodiment will be described with reference to the flowchart shown in FIG.

  The processing of the authentication unit 23a in the read / write device 20 shown in FIG. 7A is different from that of the first embodiment, and the processing by the mounting detection unit 25 and the processing by the timer 26 are added. That is, when the SD memory card 40 is attached (inserted) to the secure information input / output unit (SDIO) 23, the attachment detection unit 25 detects the attachment of the SD memory card 40, and the authentication unit 23a receives the memory. 22, the device-specific identification information Pd stored in the memory 22 and the SD memory card authentication information Ps stored in the protected area 41 of the SD memory card 40 are read, and the identification information Pd and the authentication information Ps are mutually authenticated. If the authentication is successful, the SD memory card authentication information Ps is stored in the memory 22. Furthermore, when the timer 26 confirms that a predetermined authentication valid time has elapsed, the authentication unit 23a deletes the SD memory card authentication information Ps stored in the memory 22 and performs mutual authentication again. The other processes are the same as those shown in FIGS. 2B, 2C, and 2D of the first embodiment.

  According to the present embodiment, the mutual authentication between the device-specific identification information Pd and the SD memory card authentication information Ps is periodically repeated, so that the security can be further improved.

(Embodiment 5)
Next, a debugging system according to Embodiment 5 of the present invention will be described.

<Configuration>
FIG. 8 is a block diagram showing the configuration of the debugging system according to the fifth embodiment of the present invention. Assuming the configuration of the first embodiment shown in FIG. 1, the read / write device 20 further includes an SD memory card attachment detection unit 25 and an SD memory card removal detection unit 27 similar to those described above. Since other configurations are the same as those in FIG. 1, the same reference numerals are given to the same portions, and the description thereof is omitted.

<Operation>
The operation of the debug system of this embodiment will be described using the flowchart shown in FIG.

  The processing of the authentication unit 23a in the read / write device 20 shown in FIG. 9A is different from that of the first embodiment, and the processing by the attachment detection unit 25 and the processing by the removal detection unit 27 are added. That is, when the SD memory card 40 is attached (inserted) to the secure information input / output unit (SDIO) 23, the attachment detection unit 25 detects the attachment of the SD memory card 40, and the authentication unit 23a receives the memory. 22, the device-specific identification information Pd stored in the memory 22 and the SD memory card authentication information Ps stored in the protected area 41 of the SD memory card 40 are read, and the identification information Pd and the authentication information Ps are mutually authenticated. If the authentication is successful, the SD memory card authentication information Ps is stored in the memory 22. Further, when the removal detection unit 27 detects removal of the SD memory card 40 from the secure information input / output unit 23, the authentication unit 23a deletes the SD memory card authentication information Ps stored in the memory 22, and the SD memory card. Return to the determination of wearing 40. The other processes are the same as those shown in FIGS. 2B, 2C, and 2D of the first embodiment.

  According to the present embodiment, if the SD memory card is taken out during debugging, the mutual authentication can be explicitly terminated without performing a special operation such as turning off the power switch.

(Embodiment 6)
Next, a debugging system according to Embodiment 6 of the present invention will be described.

<Configuration>
FIG. 10 is a block diagram showing the configuration of the debugging system according to the sixth embodiment of the present invention. Based on the configuration of the first embodiment shown in FIG. 1, the read / write device 20 further includes a data recording unit 23b in the secure information input / output unit (SDIO) 23. Since other configurations are the same as those in FIG. 1, the same reference numerals are given to the same portions, and the description thereof is omitted.

<Operation>
The operation of the debug system of this embodiment will be described using the flowchart shown in FIG.

  The processing of the authentication unit 23a in the read / write device 20 shown in FIG. 11 (a) and the processing of the decryption unit 24 shown in FIG. 11 (d) are different from those in the first embodiment, and the processing by the data recording unit 23b is added. Yes.

  That is, as shown in FIG. 11A, the authentication unit 23a in the read / write device 20 transfers and stores the SD memory card authentication information Ps to the memory 22 when the mutual authentication is established, and the data recording unit 23b Information regarding mutual authentication is recorded in the data area 42 of the SD memory card 40.

  Furthermore, as shown in FIG. 11D, the decryption unit 24 in the read / write device 20 decrypts the encrypted data from the microprocessor 10 using the SD memory card authentication information Ps in the memory 22, While outputting the decrypted data to the host computer 30, the data recording unit 23 b records the decrypted data in the data area 42 of the SD memory card 40. Otherwise, the same processing as in FIGS. 2B and 2C of the first embodiment is performed.

  According to the present embodiment, SD memory card authentication information Ps stored in the memory 22 and debug information including decrypted data can be recorded in the data area 42 of the SD memory card 40. As a result, it is possible to have the flexibility of increasing the number of users permitted to access.

(Embodiment 7)
Next, a debugging system according to Embodiment 7 of the present invention will be described.

<Configuration>
FIG. 12 is a block diagram showing the configuration of the debugging system according to the seventh embodiment of the present invention. Based on the configuration of the sixth embodiment shown in FIG. 10, the read / write device 20 further includes a timer 26, and the secure information input / output unit (SDIO) 23 further includes a data erasing unit 23c. Since other configurations are the same as those in FIG. 10, the same reference numerals are given to the same portions, and descriptions thereof are omitted.

<Operation>
The operation of the debug system of this embodiment will be described with reference to the flowchart shown in FIG.

  The processing of the authentication unit 23a in the read / write device 20 shown in FIG. 13A is different from that of the sixth embodiment, and the processing by the timer 26 and the processing by the data recording unit 23b and the data erasing unit 23c are added. That is, after the mutual authentication is successful and the SD memory card authentication information Ps is stored in the memory 22, the authentication unit 23 a confirms that a predetermined authentication valid time has elapsed and the device stored in the memory 22 in advance. The unique identification information Pd and the newly stored SD memory card authentication information Ps are changed. The data recording unit 23b records the changed SD memory card authentication information Ps in the protected area 41 of the SD memory card 40, and the data erasing unit 23c further stores the previous SD memory recorded in the protected area 41. The card authentication information Ps is deleted, and the updating of the device-specific identification information Pd and the SD memory card authentication information Ps is completed. The other processes are the same as those in FIGS. 11B, 11C, and 11D of the sixth embodiment.

  According to the present embodiment, the SD memory card authentication information Ps stored in the protected area 41 of the SD memory card 40 is periodically changed, so that the security can be further improved.

(Embodiment 8)
Next, a debugging system according to the eighth embodiment of the present invention will be described.

<Configuration>
The configuration of the debugging system of the present embodiment is the same as that of the first embodiment.

<Operation>
The operation of the debug system according to the present embodiment will be described with reference to the flowchart shown in FIG.

  The processing of the command transmission / reception unit 21 in the read / write device 20 shown in FIG. 14B and the processing of the microprocessor 10 shown in FIG. 14C are different from those of the first embodiment.

  That is, as shown in FIG. 14B, the command transmission / reception unit 21 in the read / write device 20 reads the SD memory card authentication information Ps from the memory 22, and stores the SD memory card authentication information Ps in the debug interface 11 in the microprocessor 10. Send. The command transmission / reception unit 21 receives a command request from the command input unit 31 of the host computer 30 and transmits the command to the debug interface 11 in the microprocessor 10.

  On the other hand, as shown in FIG. 14C, the microprocessor 10 stores the SD memory card authentication information Ps received by the debug interface 11 in the memory 12. Next, the CPU 13 executes the program 12 a stored in the memory 12 in accordance with the content of the command received by the debug interface 11 and outputs execution result data to the encryption processing unit 14. The encryption processing unit 14 reads the SD memory card authentication information Ps stored in the memory 12, encrypts the program execution result data using the SD memory card authentication information Ps, and reads the encrypted data via the debug interface 11. Send to. In the first embodiment (FIG. 2), encryption is performed using the encryption key information Pe, whereas in the present embodiment, encryption is performed using the SD memory card authentication information Ps received from the read / write device 20.

  The processing of the decryption unit 24 in the read / write device 20 shown in FIG. 14D is the same as that of the first embodiment (FIG. 2D), and the decryption unit 24 receives the encrypted data from the microprocessor 10. Then, the reading of the SD memory card authentication information Ps into the memory 22 is confirmed, the encrypted data is decrypted using the SD memory card authentication information Ps in the memory 22, and the decrypted data is output to the host computer 30.

  According to the present embodiment, the authentication information Ps is read from the SD memory card 40 after mutual authentication, and the SD memory card authentication information Ps is transferred to the microprocessor 10. Since encryption is performed using Ps, and the read / write device 20 performs decryption using the SD memory card authentication information Ps, and sends the decrypted data to the host computer 30 for debugging, the security can be further improved. it can.

(Embodiment 9)
Next, a debugging system according to Embodiment 9 of the present invention will be described.

<Configuration>
The configuration of the debugging system of the present embodiment is the same as that of the first embodiment.

<Operation>
The operation of the debugging system of this embodiment will be described using the flowchart shown in FIG.

  The processes in FIGS. 15C and 15D are different from those in the eighth embodiment (FIG. 14).

  As shown in FIG. 15C, the microprocessor 10 stores the SD memory card authentication information Ps received by the debug interface 11 in the memory 12. Next, the CPU 13 executes the program 12 a stored in the memory 12 in accordance with the content of the command received by the debug interface 11 and outputs execution result data to the encryption processing unit 14. The encryption processing unit 14 reads the encryption key information Pe and the SD memory card authentication information Ps stored in the memory 12, and encrypts the program execution result data using the read encryption key information Pe. Further, the key information Pe is encrypted using the read SD memory card authentication information Ps, and each encrypted data is transmitted to the read / write device 20 via the debug interface 11.

  On the other hand, as shown in FIG. 15 (d), the decryption unit 24 in the read / write device 20 receives the encrypted data from the microprocessor 10, confirms reading of the SD memory card authentication information Ps into the memory 22, The encrypted key information Pe is decrypted using the SD memory card authentication information Ps in the memory 22, the encrypted data is decrypted using the decrypted key information Pe, and the decrypted data is output to the host computer 30.

  According to the present embodiment, the microprocessor 10 encrypts the key information Pe for encryption using the SD memory card authentication information Ps, and the key information Pe encrypted by the read / write device 20 is used as the SD memory card authentication information. Since the decryption is performed using Ps, the encrypted data is decrypted using the decrypted key information Pe, and the decrypted data is sent to the host computer 30 for debugging, the security can be further improved.

  The technology of the present invention is useful as a secure and convenient debugging system and its read / write device using SDIO that has a proven record in copyright protection of video and music data and an SD memory card as a memory device. It is.

The block diagram which shows the structure of the debug system in Embodiment 1 of this invention. The flowchart which shows operation | movement of the debugging system in Embodiment 1 of this invention. The flowchart which shows operation | movement of the debugging system in Embodiment 2 of this invention. The block diagram which shows the structure of the debug system in Embodiment 3 of this invention. The flowchart which shows operation | movement of the debugging system in Embodiment 3 of this invention. The block diagram which shows the structure of the debug system in Embodiment 4 of this invention. The flowchart which shows operation | movement of the debugging system in Embodiment 4 of this invention. Block diagram showing a configuration of a debugging system according to a fifth embodiment of the present invention The flowchart which shows operation | movement of the debugging system in Embodiment 5 of this invention. Block diagram showing a configuration of a debugging system according to Embodiment 6 of the present invention The flowchart which shows operation | movement of the debug system in Embodiment 6 of this invention. Block diagram showing a configuration of a debugging system according to a seventh embodiment of the present invention The flowchart which shows operation | movement of the debugging system in Embodiment 7 of this invention. The flowchart which shows the operation | movement of the debugging system in Embodiment 8 of this invention. The flowchart which shows operation | movement of the debugging system in Embodiment 9 of this invention.

Explanation of symbols

10 Microprocessor 11 Debug interface 12 Memory 13 CPU
14 Encryption processing unit 20 Read / write device 21 Command transmission / reception unit 22 Memory 23 Secure information input / output unit (SDIO)
23a Authentication unit 23b Data recording unit 23c Data erasing unit 24 Decoding unit 25 Attachment detection unit 26 Timer 27 Removal detection unit 30 Host computer 31 Command input unit 32 Output display unit 40 SD memory card (secure information recording medium)
41 Protect area 42 Data area Pd Identification information unique to the read / write device Pe Key information for encryption Ps Authentication information of the secure information recording medium (SD memory card authentication information)

Claims (9)

A read / write device connected to a microprocessor and a host computer for debugging the microprocessor,
A memory for storing device-specific identification information;
A secure information recording medium in which authentication information is stored in a protected area can be mounted, and the authentication information of the secure information recording medium is mutually authenticated with the device-specific identification information of the memory, and when the information matches, the secure information A secure information input / output unit having an authentication unit for transferring and storing the authentication information from a recording medium to the memory;
A command transmission / reception unit for receiving a command from the host computer and transmitting the received command to the microprocessor;
A read / write device comprising: a decryption unit that decrypts encrypted data received from the microprocessor using the authentication information stored in the memory and transmits the decrypted data to the host computer.   The read / write device according to claim 1, wherein the command transmission / reception unit is configured to be activated upon confirmation that the authentication information from the secure information recording medium is stored in the memory.   The secure information input / output unit further includes a mounting detection unit that detects that the secure information recording medium is mounted, and the authentication unit is configured to be activated when the mounting detection unit indicates that detection is valid. The read / write device according to claim 1, wherein the read / write device is provided.   4. The apparatus according to claim 1, further comprising a timer, wherein the authentication unit is configured to update the mutual authentication when the timer confirms that a predetermined authentication valid time has elapsed. The read / write device according to 1.   Further, a removal detection unit that detects that the secure information recording medium has been removed from the secure information input / output unit, and the authentication unit discards the mutual authentication when the removal detection unit indicates that detection is valid. The read / write device according to claim 1, wherein the read / write device is configured to perform.   Further, the secure information input / output unit further comprises a data recording unit for recording the authentication information and the decrypted data stored in the memory in a data area of the secure information recording medium. The read / write device according to any one of the above. Furthermore, a timer, a data recording unit and a data erasing unit are provided,
The authentication unit changes the authentication information stored in the memory when the timer confirms that a predetermined authentication valid time has elapsed,
The data recording unit records the changed authentication information in the memory in a protected area of the secure information recording medium,
4. The read / write device according to claim 1, wherein the data erasing unit is configured to erase previous authentication information in the protected area of the secure information recording medium. 5. The read / write device according to any one of claims 1 to 7,
A microprocessor capable of communicating with the read / write device;
A debugging system comprising a host computer capable of communicating with the read / write device and debugging the operation of the microprocessor;
The command transmission / reception unit in the read / write device reads the authentication information in the memory and transmits it to the microprocessor,
The microprocessor encrypts the program execution result data using the received authentication information, transmits the encrypted data to the read / write device,
The debugging system configured such that the decryption unit in the read / write device decrypts the encrypted data in accordance with the authentication information read from the memory. The read / write device according to any one of claims 1 to 7,
A microprocessor capable of communicating with the read / write device;
A debugging system comprising a host computer capable of communicating with the read / write device and debugging the operation of the microprocessor;
The command transmission / reception unit in the read / write device reads the authentication information in the memory and transmits it to the microprocessor,
The microprocessor encrypts program execution result data using encryption key information, encrypts the key information using the received authentication information, and stores the encrypted data and encryption key information. Sent to the read / write device,
The decrypting unit in the read / write device is configured to decrypt the encrypted key information according to the authentication information read from the memory, and to decrypt the encrypted data using the decrypted key information system.

Images