JP2009258850A - Semiconductor memory device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a semiconductor memory device for excluding any illegal copy product in a short period at low costs without altering any current security system. <P>SOLUTION: The semiconductor memory device includes: an interface part 31 for communicating with the outside; a command analysis part 32 connected to the interface part 31; a data selector 33 for reading secret data as a key for security release from a memory area 34, and for applying the key data to a command analysis part 32 based on an instruction from a command analysis part 32; the memory area 34 logically divided into a plurality regions for storing a plurality of key data; and an access monitor 35 for monitoring access from a game console 20 to another device in a game cartridge 10 through the interface part 31. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a semiconductor memory device, and more particularly to a semiconductor memory device used as a game supply medium in a portable game machine.

  In portable game machines, cartridges containing semiconductor memory with security functions are used as a game supply medium. However, illegally copied products are rampant due to security breaches, putting pressure on affiliates' profits. ing.

  As a countermeasure against this action, it is most effective to modify the security system, but it is not easy to modify if a large number of game consoles have already become widespread.

  In addition, with semiconductor memory with security functions, there is a problem that the modification of functions takes a huge investment and development period, and illegal copy products are left open. This is the current situation.

  For example, Patent Document 1 discloses a configuration of a semiconductor memory card that is controlled to activate a security process when the usage time is longer than the activation time of the security process. When this is applied to a portable game machine, Even when an appropriate user is using, the security process is activated after a predetermined time, which is uncomfortable for the user.

  Further, in the security processing of Patent Document 1, since the semiconductor memory can be accessed until a predetermined time elapses, the game software is read during that time, and is not suitable for application to a game supply medium.

JP 2005-182627 A

  The present invention has been made to solve the above problems, and provides a semiconductor memory device capable of eliminating illegal copy products at low cost and in a short period of time without modifying the current security system. The purpose is to do.

  According to a first aspect of the present invention, there is provided a semiconductor memory device comprising: a first memory storing at least program data for executing a program; a second memory storing information indicating a progress of the program; A security chip that exchanges information with at least one of the first and second memories via a bus, stores indispensable data necessary for execution of the program, and controls the output of the security chip, , Monitoring external access to any of the first and second memories, preparing the essential data with a predetermined access to the monitored object as a trigger, and sending the security chip from the external When there is a data read request, the essential data is output.

  According to a second aspect of the present invention, the indispensable data includes significance data for making the program data read from the first memory significant data.

  According to a third aspect of the present invention, the indispensable data includes address data for reading the program data from the first memory.

  According to a fourth aspect of the present invention, in the semiconductor memory device according to the present invention, the monitoring target of the security chip is the first memory, and the predetermined access is a predetermined data from the first memory. Read.

  According to a fifth aspect of the present invention, in the semiconductor memory device according to the present invention, the monitoring target of the security chip is the second memory, and the predetermined access is a predetermined data to the second memory. Write.

  According to a sixth aspect of the present invention, in the semiconductor memory device according to the present invention, the monitoring target of the security chip is the second memory, and the predetermined access is a predetermined data from the second memory. Read.

  According to a seventh aspect of the present invention, in the semiconductor memory device according to the seventh aspect, the program data stored in the first memory is data that is at least partially encrypted, and the significant data is the encrypted data. Key data for decrypting the program data.

  In the semiconductor memory device according to an eighth aspect of the present invention, the program data is encrypted for each reading unit, and the key data is set for each reading unit.

  According to a ninth aspect of the present invention, in the semiconductor memory device according to the ninth aspect, the program data stored in the first memory is incomplete data in which data is partially lost, and the significant data is not valid. It is complementary data that complements complete data.

  According to a tenth aspect of the present invention, in the semiconductor memory device according to the present invention, the program data partially lacks data for each reading unit, and the complementary data is set for each reading unit.

  In a semiconductor memory device according to an eleventh aspect of the present invention, the security chip includes an access monitor that monitors the predetermined access to the monitoring target, a storage unit that stores the significant data, and the access monitor. An access pointer for setting a pointer address corresponding to the address of the significant data stored in the storage unit after confirming the predetermined access to the monitoring target, and the data read request from the outside If there is, the significant data is read out from the area of the storage unit corresponding to the pointer address set in the access pointer and output.

  According to a twelfth aspect of the present invention, in the semiconductor memory device according to the twelfth aspect, the security chip monitors the predetermined access to the monitoring target, and the access monitor performs the predetermined access to the monitoring target. A key data generation unit that generates the key data based on a function after confirmation, and outputs the key data generated by the key data generation unit when there is an external data read request .

  According to the semiconductor memory device of the first aspect of the present invention, the security chip prepares indispensable data necessary for executing the program read from the first memory when there is a predetermined access to the monitoring target. However, since a configuration is adopted in which indispensable data is output when there is a data read request from the outside to the security chip, a security operation by the security chip is executed when the program is executed. The manufacturer of illegal copy products is indispensable if it finds out that a freeze occurs after a request to read out essential data from the outside to the security chip, but does not know what the predetermined access to the monitored object is Data cannot be read and the program cannot be executed. It takes time to determine what a given access to a monitored object is, it can dramatically increase the time it takes to replicate a program and delay the time until an illegal copy product of a program data is released . As a configuration that exhibits such an effect, a security chip is mounted on a semiconductor memory device, and it is only necessary to add software related to security when creating program data. It is possible to eliminate illegal copy products at low cost and in a short period of time.

  According to the semiconductor memory device of the second aspect of the present invention, the indispensable data includes the significance data for making the program data read from the first memory significant data. Unless obtained, the program data cannot be made significant, the program cannot be executed, and the analysis of the security chip by the manufacturer of the illegal copy product can be hindered.

  According to the semiconductor memory device of the third aspect of the present invention, the security chip prepares address data with a predetermined access to the monitoring target as a trigger, and there is a data read request from the outside to the security chip. In this case, the address data is output, so the manufacturer of the illegal copy product cannot easily know what triggers the address data to be prepared, and the manufacture of the illegal copy product. Security chip analysis by a person.

  According to the semiconductor memory device of the present invention, the monitoring target of the security chip is the first memory, and the security chip is triggered by reading predetermined data from the first memory. Because the essential data is prepared, the manufacturer of illegal copy products cannot easily know what triggers the essential data is prepared, and the analysis of the security chip by the manufacturer of illegal copy products Can be inhibited.

  According to the semiconductor memory device of the fifth aspect of the present invention, the monitoring target of the security chip is the second memory, which is indispensable in the security chip using a predetermined data write to the second memory as a trigger. Because the data is prepared, the illegal copy product manufacturer cannot easily know what triggers the essential data, and the illegal copy product manufacturer can analyze the security chip. Can be inhibited.

  According to the semiconductor memory device of the sixth aspect of the present invention, the monitoring target of the security chip is the second memory, and the security chip uses the reading of predetermined data from the second memory as a trigger. Because the essential data is prepared, the manufacturer of illegal copy products cannot easily know what triggers the essential data is prepared, and the analysis of the security chip by the manufacturer of illegal copy products Can be inhibited.

  According to the semiconductor memory device of the seventh aspect of the present invention, at least a part of the program data stored in the first memory is encrypted, and the significant data is the encrypted program data. Since it is the key data to be decrypted, the manufacturer of the illegal copy product can execute the unencrypted part but cannot execute it until the encrypted part is decrypted. Production can be hindered.

  According to the semiconductor memory device of the present invention, the program data is encrypted for each reading unit, and the key data is set for each reading unit. As the process progresses, a plurality of ciphers must be released, and the production of illegal copy products can be more effectively hindered.

  According to the semiconductor memory device of the ninth aspect of the present invention, since the program data stored in the first memory is incomplete data partially lacking data, the manufacturer of illegal copy products Even if it is possible to execute a portion in which data is not missing, it cannot be executed until the missing portion is supplemented, so that the production of illegal copy products can be hindered.

  According to the semiconductor memory device of the tenth aspect of the present invention, the program data is partially lost for each read unit, and the complementary data is set for each read unit. As the program progresses, it must be supplemented with a plurality of supplementary data, and the production of illegal copy products can be more effectively inhibited.

  According to the semiconductor memory device of the eleventh aspect of the present invention, when there is an external data read request, the significant data is read from the area of the storage unit corresponding to the pointer address set in the access pointer. Therefore, the manufacturer of the illegal copy product cannot easily understand how the significant data is read out, and the manufacture of the illegal copy product can be hindered.

  According to the semiconductor memory device of the twelfth aspect of the present invention, when there is a data read request from the outside, the key data generated by the key data generation unit is output. Since the significance data is read out and the significance data is not stored, the significance data cannot be found, and the analysis of the security chip becomes more difficult.

<Introduction>
Prior to the description of the invention, an example of a security function of a semiconductor memory device employed in a portable game machine will be described.

  The portable game machine employs a configuration in which a part storing game software called a game cartridge is inserted into a game machine body called a game console.

  The game cartridge has a ROM (read only memory) for storing game software (program data) and a semiconductor memory (for example, a flash memory) capable of writing and reading operations for storing information indicating the progress of the program (backup data). And. The game storage ROM is provided with a security function, and the game console itself is also provided with a security function, and the two function as a pair. Therefore, if the security cannot be released even if data is extracted from the game storage ROM, the game software cannot be executed. However, the security program is decrypted, and the security-released product is rampant as an illegal copy product. Yes.

  As an illegal copy product configuration, a microSD card (registered trademark) that stores a decrypted security program is attached to a card that simulates a game cartridge, thereby breaking the security on the game console and executing the game. Etc. are adopted.

  As described above, even if the security is extremely strictly applied, once it is broken, the game program itself can be easily duplicated, so that illegal copy products are rampant.

  Therefore, the inventor provides a new security function so that the security operation is executed when the game program is executed even when the security function assigned to the game storage ROM is broken, thereby reproducing the game program. Has reached the technical idea of dramatically increasing the time required for copying and delaying the time until illegal copy products come out.

<Embodiment>
<Device configuration>
FIG. 1 is a block diagram showing a configuration of a game cartridge 10 in an embodiment of a semiconductor memory device according to the present invention.

  As shown in FIG. 1, the game cartridge 10 has a game storage ROM 1 (first memory) in which game software (program) is stored, and writing / reading that stores information (backup data) indicating the progress of the program. A flash memory 2 (second memory) as an operable memory and a security chip 3 are provided.

  The game cartridge 10 is connected to a game console 20 that is a main body of the game machine. The game console 20 reads out and executes the game software from the game storage ROM 1, and executes predetermined games to the flash memory 2 as necessary during the execution of the game. Write data.

  The game storage ROM 1 is provided with a security function, and the game console 20 itself is also provided with a security function, and the two perform a security operation as a pair.

  Here, the game console 20, the game storage ROM 1 and the flash memory 2 are conventional products, and the security functions given to the game storage ROM 1 and the game console 20 are not modified, and only the security chip 3 is provided. It is a new configuration.

  Next, the configuration of the security chip 3 will be described with reference to the block diagram shown in FIG. As shown in FIG. 2, the security chip 3 is based on an interface (I / F) unit 31 that communicates with the outside, a command analysis unit 32 connected to the interface unit 31, and an instruction from the command analysis unit 32. A data selector 33 that reads out key data (significant data) for decryption, which is indispensable data necessary for execution of the program, from the memory area 34 and gives it to the command analysis unit 32, and is logically divided into a plurality of areas Thus, a memory area 34 in which a plurality of key data is stored, and an access monitor 35 that monitors access from the game console 20 to other devices in the game cartridge 10 via the interface unit 31 are provided. .

  The command analysis unit 32 analyzes a command received from the outside via the interface unit 31. When a data read command is received, the command analysis unit 32 reads predetermined data from the memory area 34 via the data selector 33 and transmits it to the outside of the chip. It has a function to do.

  Further, when the access monitor 35 confirms the access from the game console 20 to another predetermined device in the game cartridge 10, the access monitor 35 sets the pointer address of the access pointer 331 in the data selector 33 to a predetermined value. The pointer address set by the access pointer 331 is address information for accessing key data stored in a predetermined area of the memory area 34. In the example of FIG. 2, for example, the pointer address is set in the area corresponding to the 0th address. Stores key data "a". Therefore, the key data “a” can be read only when the pointer address of the access pointer 331 is set to “0”.

  The access monitor 35 changes the pointer address of the access pointer 331 every time it confirms access from the game console 20 to another predetermined device in the game cartridge 10, for example, after the pointer address “0”. Is changed to "1", the next is "2", etc. When the pointer address is set to "1", the key data "b" is set, and when the pointer address is set to "2" Can read the key data "c".

  When the command analysis unit 32 receives a data read command, the data selector 33 reads the key data from the memory area 34 according to the read instruction from the command analysis unit 32 and according to the pointer address of the access pointer 331 at that time. For example, when a read instruction is received from the command analysis unit 32, if the pointer address of the access pointer 331 is “0”, the key data “a” is read.

<Security operation>
Next, the security operation by the game cartridge 10 will be described using the flowchart shown in FIG. 3 with reference to FIGS.

  When the user connects the game cartridge 10 to the game console 20 and performs a predetermined game start procedure, first, the game console 20 reads an initial program of the game from the game storage ROM 1 and the game is executed (step S1). . At this point, the initial program of the game is read by a pair of security functions of the security function given to the game storage ROM 1 and the security function given to the game console 20. Is not working.

  Since the initial program of the game is not encrypted, when the game progresses and reaches a predetermined stage, the game console 20 flashes trigger data that triggers the security operation of the security chip 3, such as data A ′. Write to the memory 2 (step S2).

  When the access monitor 35 in the security chip 3 confirms that the trigger data A ′ has been written to the flash memory 2, it sets the pointer address of the access pointer 331 in the data selector 33 to a predetermined value. In this case, since the first trigger data is written after the game is started, the pointer address is set to “0” (step S3).

  Next, the game console 20 reads continuous game data following the initial program, for example, data A from the game storage ROM 1 (step S4). This data A is data for continuing the game, but the data A is encrypted and cannot be executed as it is, and it is necessary to make the key data that is a pair significant. This is the key data “a” stored in the area corresponding to the 0th address of the memory area 34 in the security chip 3. Here, the continuous game data is read as a set of data, referred to as data for one read unit, encrypted for each read unit, and key data is set for each read unit. .

  The data reading in step S4 may be performed prior to the writing of the trigger data in step S2 to the flash memory 2.

  Here, the setting of what trigger data is to be determined may be determined at the time of creating the game program and incorporated into the game program. Further, before an event that requires the continuous game data A occurs, a setting in which the trigger data A ′ is written in a specific area of the flash memory 2 is incorporated in the game program. Until the key data is read, a rule such that the next trigger data is not written in a specific area of the flash memory 2 is incorporated in the game program.

  Next, the game console 20 issues a data read command to the security chip 3, and when the command analysis unit 32 that has received the command confirms that it is a data read command, it issues a read instruction to the data selector 33. . When receiving a read instruction, the data selector 33 reads key data from the memory area 34 in accordance with the pointer address of the access pointer 331 at that time (step S5). In this case, since the pointer address is set to “0”, the key data “a” is read out.

  The read key data “a” is transmitted to the game console 20 via the interface unit 31, and the continuation game data A is decrypted into significant data, and the game proceeds (step S6).

  Next, if there is continuing game data to be read, the game console 20 repeats the operations in step S2 and subsequent steps. If there is no continuing game data, the game console 20 executes the game program until the game ends. When the operation after step S2 is repeated, the trigger data A ′ is changed to the trigger data B ′, the pointer address is set to “1”, and the key data “b” is read out. Needless to say.

<Specific examples of security operations>
Next, a specific example of the security operation described above will be described taking an adventure game as an example.

  Before the adventure game progresses and the boss character dungeon is entered, the game console 20 always saves data. With this operation, the trigger data A ′ is written in the flash memory 2, and the security chip 3 sets “0” to the pointer address of the access pointer 331.

  As the game further progresses, a boss character will be encountered, but since the subsequent data is encrypted as continuous game data A, the game console 20 reads the continuous game data A from the game storage ROM 1 and In order to decrypt the encryption, a data read command is issued to the security chip 3 to read the key data “a” from the security chip 3.

  The game console 20 having acquired the key data “a” decrypts the continued game data A and advances the game after meeting the boss character.

<Effect>
When the game cartridge 10 described above is used, even if the security function assigned to the game storage ROM 1 is broken, the security operation by the security chip 3 is executed when the game program is executed. The time required can be dramatically increased, and the time until an illegal copy product is released can be delayed.

  That is, a manufacturer of an illegal copy product breaks the security function assigned to the game storage ROM 1 to read a game program from the game storage ROM 1 and activates a software emulator to advance the game.

  However, even if the initial program of the game can be executed, it freezes in the middle when it comes to executing the continuous game data A.

  The manufacturer of the illegal copy product finds out that this freeze occurs after issuing a data read command to the security chip 3, inspects the security chip 3 and responds to the data read command, It is determined that data (key data “a”) has been read.

  Then, after trial and error and confirming that the same data is always read out in the same situation, the data is emulated using an FPGA (Field Programmable Gate Array) or the like.

  As a result, the continuation game data A can be executed and the game proceeds. However, if the next continuation game data is also encrypted, it is frozen again.

  Again, the security chip 3 is inspected to find out that some data (key data) has been read in response to the data read command. However, since this is different from the previous data, the data is used using an FPGA or the like. Is emulated.

  In this way, manufacturers of illegal copy products are frequently frozen as the game progresses, and it is necessary to investigate the cause of the freeze and emulate the key data each time. The game cannot be ended until all key data stored in the security chip 3 is acquired.

  Normally, the game can be duplicated in an extremely short time required for the operation of the emulator, but since the game data is encrypted, the duplicated game can be executed according to the progress of the game. It is necessary to obtain key data, which requires trial and error by humans, and manufacturing illegal copy products requires significantly longer time than when game data is not encrypted. Become. Therefore, an illegal copy product manufacturer cannot sell an illegal copy product immediately after the start of sales of a new game, and a legitimate manufacturer determines the period that contributes to the most sales immediately after the start of sale. The sales can be continued without being disturbed, and the decline in sales due to illegal copy products can be suppressed.

  Thus, according to the semiconductor memory device of the present invention, it is possible to eliminate illegal copy products at a low cost and in a short period of time without modifying the current security system.

<Mounting example 1>
In the embodiment described above, the access monitor 35 in the security chip 3 constantly monitors access to the flash memory 2 and confirms that the trigger data has been written to the flash memory 2 before accessing. The operation for setting the pointer address of the pointer 331 to a predetermined value has been described.

  Access to the flash memory 2 is frequently performed in addition to writing trigger data, and writing trigger data is only one of the normal operations. Even if it can be detected that the key data “a” is changed to the key data “b”, it is difficult to know what is the trigger, and the key data “a” is stored in the memory area 34 in the security chip 3. The key data that is being played cannot be read out unless the game progresses.

  As described above, by controlling the access pointer 331 using normal access to the flash memory 2, security can be further improved.

  Note that the control of the access pointer 331 is not limited to data writing to the flash memory 2, and data reading from the flash memory 2 may be used as a trigger, and access to the flash memory 2 may be used. However, the reading of data from the game storage ROM 1 may be used as a trigger. Again, the manufacturer of illegal copy products cannot easily know what is the trigger.

  Of course, the access from the game console 20 to the security chip 3 may be used for controlling the access pointer 331 more simply. In this case, there is an advantage that the program becomes simpler in developing the program.

<Mounting example 2>
In the embodiment, by writing the trigger data A ′ into the flash memory 2, the access monitor 35 in the security chip 3 sets the pointer address of the access pointer 331 to “0”, and the security chip from the game console 20. 3 is issued, the data selector 33 reads the key data “a” stored in the area corresponding to the 0th address of the memory area 34 in the security chip 3 to read the game console 20. The game console 20 explained the operation of decrypting the continuous game data A using the key data “a”.

  Actually, as shown in FIG. 2, the key data is not limited to one. The key data “b” for the continuation game data B is indicated by the access monitor 35 by the trigger data B ′. The pointer address is set to “1”, and the key data “b” stored in the area corresponding to the first address in the memory area 34 is read in response to the data read command from the game console 20. Similarly, there are a plurality of combinations such as a combination of trigger data C ′, continuous game data C and key data “c”, and a combination of trigger data D ′, continuous game data D and key data “d”. It is desirable that As a result, a plurality of key data are required to advance the game, and a great deal of time is required to completely decrypt the game program.

  Note that when different data is written to the flash memory 2 such as trigger data A ′, B ′, and C ′, these data are not duplicated, so that a specific area of the flash memory 2 is overwritten one after another. A method may be adopted. In this way, by limiting the writing of trigger data to a specific area, there is an advantage that it is easy to make both hardware and software. Of course, it goes without saying that trigger data may be written to different areas of the flash memory 2 one after another.

  In addition, in the initial state, data is not written or meaningless data is written in a specific area of the flash memory 2 where the trigger data is written. As a result, an illegal copy product manufacturer cannot obtain useful information even if the flash memory 2 is analyzed, resulting in difficulty in decoding the game program.

<Mounting example 3>
In the embodiment, the access monitor 35 in the security chip 3 constantly monitors the access to the flash memory 2, confirms that the trigger data has been written to the flash memory 2, and sets the access pointer 331. Although the operation of setting the pointer address to a predetermined value has been described, the access monitor 35 may be configured to perform the following processing when a specific access that triggers control of the access pointer 331 is not detected. .

  The simplest is the process of not reacting. This corresponds to a process of waiting without detecting any specific access and waiting.

  Next, a process of changing the pointer address of the access pointer 331 to an undefined value may be performed. As a result, the pointer address periodically becomes undefined, so that the analysis work of the security chip 3 by the manufacturer of the illegal copy product can be confused.

  Finally, as the most desirable process, there is a process of outputting a random value from the data selector 33 when a specific access is not detected. Thereby, the analysis of the security chip 3 by cut-and-try can be made more difficult.

<Mounting example 4>
In the embodiment, for example, save data performed by the game console 20 is used as trigger data, and data included in a game program stored in the game storage ROM 1 is used as trigger data. Using game program data has the advantage of being easy to create in terms of software creation.

  However, using data generated by the game program is more difficult to analyze than using the game program data itself as trigger data, and is desirable from the viewpoint of security.

  More specifically, in the flow described with reference to FIG. 3, the data A ′ is generated by the initial program of the game in progress before the data A ′ is written in the flash memory 2 in step S2. The generation method may include a generation program in advance in the game program so that some data is generated and output every time the game reaches a predetermined stage.

<Mounting example 5>
In the embodiment, when a data read command for the security chip 3 is issued from the game console 20, the data selector 33 is stored in an area corresponding to the 0th address of the memory area 34 in the security chip 3. In the example of reading the key data “a”, the access pointer 331 is not provided in the data selector 33, and the key data is read from the memory area 34 when the access monitor 35 detects a specific access as a trigger. A configuration may be adopted in which the data is read and stored in a buffer memory or the like (not shown) provided in the security chip 3. Then, when the data read command for the security chip 3 from the game console 20 is issued, the key data stored in the buffer memory or the like may be read and output.

  Since the key data is read in order, there is no problem even if the access monitor 35 is configured to read and buffer each time a specific access serving as a trigger is detected.

  By adopting such a configuration, there is an advantage that the access pointer 331 becomes unnecessary and it is easy to make it in terms of hardware and software.

<Mounting Example 6>
In the embodiment, the configuration in which the encrypted continuous game data is made significant by decrypting it using the key data has been described. However, the continuous game data is incomplete data partially lacking data, A configuration may be adopted in which complementary data (significant data) that becomes significant by complementing it is stored in the memory area 34 in the security chip 3 as indispensable data necessary for executing the program. That is, in the memory area 34, instead of the key data “a”, “b”,..., The complementary data “a”, “b”,. -You may take the structure that is stored.

  In this case, the continuous game data is partially missing for each reading unit, and the complementary data is set for each reading unit.

  In this case, the game console 20 obtains complete continuation game data (significant data) by complementing the incomplete continuation game data read from the game storage ROM 1 with the complement data read from the security chip 3. Can do.

  Since it is desired to make the memory area 34 in the security chip 3 as small as possible, it is desirable that the complementary data is sufficiently smaller than the incomplete continuation game data.

<Mounting example 7>
In the embodiment described above, the key data is described as being prepared in advance in the memory area 34 in the security chip 3, but the key data generation unit that is generated in the security chip 3 by the function that generates the key data. It is good also as a structure which has.

  In this case, every time the access monitor 35 detects a specific access as a trigger, the key data generation unit generates key data based on the function, and the generated key data is stored in a buffer memory or the like (not shown) in the security chip 3. In other words, the data may be temporarily stored and the key data may be output when a data read command is issued from the game console 20. This configuration has an advantage that the configuration is simplified because neither the data selector 33 nor the memory area 34 is required.

  Also, since the key data is generated every time a specific access that triggers is detected, the manufacturer of the illegal copy product cannot find the key data, making the analysis of the security chip 3 more difficult. be able to.

  Further, instead of generating key data every time a specific access serving as a trigger is detected, information indicating that a specific access serving as a trigger is detected (including information on the type of access) is stored in the buffer memory in the security chip 3. Or the like (not shown), and when a data read command is issued from the game console 20, key data may be generated and output based on the accumulated information.

<Modification 1>
In the embodiment described above, the configuration in which the continuous game data encrypted using the key data is decrypted has been described. However, the continuous game data is not encrypted, and an address in the game storage ROM 1 is used. Even if the memory area 34 in the security chip 3 is in an unknown state, the address data of the continuous game data is stored as indispensable data necessary for executing the program. good. That is, the address data “a”, “b”... Of the continuous game data “A”, “B”. A configuration may be adopted. This operation will be described with reference to the flowchart shown in FIG.

  When the user connects the game cartridge 10 to the game console 20 and performs a predetermined game start procedure, first, the game console 20 reads an initial program of the game from the game storage ROM 1 and the game is executed (step S11). . Note that the game console 20 can read out the initial program of the game because the address in the game storage ROM 1 is known in advance.

  At this point, the initial program of the game is read by a pair of security functions of the security function given to the game storage ROM 1 and the security function given to the game console 20. Is not working.

  When the initial program of the game proceeds and reaches a predetermined stage, the game console 20 writes trigger data, for example, data A ′, which triggers the security operation of the security chip 3 in the flash memory 2 (step S12).

  When the access monitor 35 in the security chip 3 confirms that the trigger data A ′ has been written to the flash memory 2, it sets the pointer address of the access pointer 331 in the data selector 33 to a predetermined value. In this case, since the first trigger data is written after the game is started, the pointer address is set to “0” (step S13).

  Next, the game console 20 tries to read continuous game data, for example, data A following the initial program from the game storage ROM 1, but the address data of the data A in the game storage ROM 1 is unknown. Therefore, first, a data read command is issued to the security chip 3, and when the command analysis unit 32 receiving it issues a data read command, it issues a read instruction to the data selector 33.

  When the data selector 33 receives a read instruction, it reads out continuation game data, for example, address data in the game storage ROM 1 storing data A, from the memory area 34 in accordance with the pointer address of the access pointer 331 at that time (step S14). ). In this case, since the pointer address is set to “0”, the address data “a” is read out. The address data “a” is given to the game storage ROM 1, and the continuous game data “A” is read from the game storage ROM 1 in accordance with the address data “a” (step S15). The continuation game data “A” is transmitted to the game console 20 and the game proceeds.

  Next, when there is continuous game data to be read, the game console 20 repeats the operations in step S12 and subsequent steps. When there is no continuous game data, the game console 20 executes the game program until the game ends.

  As described above, in order to read the continuation game data, the address data which is indispensable data must first be acquired. In order to acquire the address data, it is necessary to write the trigger data to the flash memory 2. Since it takes time to analyze the game, it becomes difficult to decipher the game program.

<Modification 2>
In the embodiment and the first modification described above, key data for decryption and continuation game data partially lacking data are complemented as examples of indispensable data necessary for executing the program. Although the supplementary data to be performed and the address data indicating the address of the continuation game data have been described above, the essential data is not limited thereto.

  For example, among the program data, encrypted continuous game data may be stored in the memory area 34 of the security chip 3 and the key data may be stored in the game storage ROM 1 instead of the encrypted continuous game data. Even if the encrypted continuous game data is stored in the internal memory 34 and the key data is stored in the game storage ROM 1, the security functions are the same. Rather, since part of the program data does not exist in the game storage ROM 1, it is possible to increase factors that inhibit duplication by illegal copy product manufacturers.

  Further, various parameters and FAT (file management information) may be used as indispensable data and stored in the security chip 3.

1 is a block diagram showing a configuration of an embodiment of a semiconductor memory device according to the present invention. It is a block diagram explaining the structure of a security chip. 3 is a flowchart illustrating a security operation of the semiconductor memory device according to the present invention. 6 is a flowchart illustrating a security operation of a modification of the semiconductor memory device according to the present invention.

Claims (12)

A first memory storing at least program data for executing the program;
A second memory for storing information indicating the progress of the program;
A security chip that exchanges information with at least one of the first and second memories via a bus, stores indispensable data necessary for the execution of the program, and controls its output;
The security chip is
The access from the outside to either the first or the second memory is monitored, the essential data is prepared with a predetermined access to the monitoring target as a trigger, and the external data to the security chip is prepared. A semiconductor memory device that outputs the indispensable data when there is a read request. The essential data is
The semiconductor memory device according to claim 1, further comprising significance data for making the program data read from the first memory significant data. The essential data is
The semiconductor memory device according to claim 1, comprising address data for reading the program data from the first memory. The monitoring target of the security chip is the first memory,
The semiconductor memory device according to claim 1, wherein the predetermined access is reading of predetermined data from the first memory. The monitoring target of the security chip is the second memory,
The semiconductor memory device according to claim 1, wherein the predetermined access is writing of predetermined data to the second memory. The monitoring target of the security chip is the second memory,
The semiconductor memory device according to claim 1, wherein the predetermined access is reading predetermined data from the second memory. The program data stored in the first memory is at least partly encrypted data,
3. The semiconductor memory device according to claim 2, wherein the significant data is key data for decrypting the encrypted program data. The program data is encrypted for each reading unit,
The semiconductor memory device according to claim 7, wherein the key data is set for each reading unit. The program data stored in the first memory is incomplete data partially missing data,
The semiconductor memory device according to claim 2, wherein the significance data is complementary data that complements incomplete data. The program data is partially missing for each read unit,
The semiconductor memory device according to claim 9, wherein the complementary data is set for each reading unit. The security chip is
An access monitor for monitoring the predetermined access to the monitoring target;
A storage unit for storing the significance data;
An access pointer that sets a pointer address corresponding to the address of the significant data stored in the storage unit after the access monitor confirms the predetermined access to the monitoring target;
10. The significant data is read out from an area of the storage unit corresponding to the pointer address set in the access pointer and output when there is a request to read out the data from the outside. The semiconductor memory device described. The security chip is
An access monitor for monitoring the predetermined access to the monitoring target;
The access monitor includes a key data generation unit that generates the key data based on a function after confirming the predetermined access to the monitoring target;
The semiconductor memory device according to claim 7, wherein the key data generated by the key data generation unit is output when the data read request is received from the outside.

Images