JP2012243047A - Computer system and semiconductor memory - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a semiconductor memory having high security and a computer system equipped with the semiconductor memory.SOLUTION: Host equipment 2 includes: a conversion part 12 for converting a command D1 to be transmitted to a semiconductor memory 3 by a predetermined arithmetic operation to generate a first conversion value; and a transmission part 14 for transmitting the first conversion value and a command to the semiconductor memory 3. The semiconductor memory 3 includes: a control part 23 for controlling access from the host equipment 2 to the semiconductor memory 3; and a reception part 21 for receiving the first conversion value and the command from the host equipment 2. The control part 23 includes; a conversion part 33 for converting the command received by the reception part 21 by a predetermined arithmetic operation to generate a second conversion value; and a determination part 34 for, when the first conversion value received by the reception part 21 and a second conversion value generated by the conversion part 33 are not coincident, determining that the access is unauthorized.

Description

  The present invention relates to a computer system and a semiconductor memory device, and more particularly to a computer system including a host device and a semiconductor memory device that can be externally connected to the host device.

  An information processing apparatus in which data stored in a semiconductor memory can be used by an external device by detachably connecting a memory card on which the semiconductor memory is mounted to an external device such as a host computer has been put into practical use. .

  Some memory cards of this type are equipped with a specific security technique in order to prevent unauthorized copying of data stored in a semiconductor memory. For example, in Patent Document 1 below, a semiconductor memory in which encrypted data is stored, a detection unit that outputs predetermined key data when addresses are input to the semiconductor memory in a specific order, and reading from the semiconductor memory A semiconductor memory device is disclosed that includes a data conversion unit that decrypts the data using the key data.

JP-A-9-106690

  However, in the semiconductor memory device disclosed in Patent Document 1, there is a possibility that the encryption may be decrypted by analyzing a large number of samples, and there is no restriction on the entire area of the semiconductor memory from the external device. Is accessible. For this reason, once the encryption is decrypted, all data stored in the semiconductor memory is illegally decrypted, so that the security is not sufficient.

  The present invention has been made in view of such circumstances, and an object of the present invention is to obtain a semiconductor storage device having high security and a computer system including the same.

  A computer system according to a first aspect of the present invention includes a host device and a semiconductor storage device externally connectable to the host device, and the host device performs a predetermined operation on a command to be transmitted to the semiconductor storage device. A first generation unit that generates a first conversion value by converting the first conversion value and a transmission unit that transmits the first conversion value and the command to the semiconductor storage device, and the semiconductor storage device Includes a control unit that controls access from the host device to the semiconductor memory device, and a reception unit that receives the first conversion value and the command from the host device, and the control unit includes A second generation unit that generates a second conversion value by converting the command received by the reception unit by the predetermined calculation; and the first conversion value received by the reception unit; If the serial and the second the second transformation value generating unit has generated does not match and is characterized in that it comprises a determination unit determines that the unauthorized access.

  According to the computer system according to the first aspect, the host device transmits the first conversion value and the command to the semiconductor memory device. The semiconductor memory device generates a second conversion value by converting the received command, and determines that the access is unauthorized when the received first conversion value does not match the second conversion value. In this way, not only the command but also the first conversion value is transmitted from the host device to the semiconductor memory device, and when the first conversion value does not match the second conversion value, it is determined that the access is unauthorized. Signal transmission / reception between the host device and the semiconductor memory device can be complicated. As a result, the security of the semiconductor memory device can be improved.

  The computer system according to a second aspect of the present invention is the computer system according to the first aspect, in particular, the semiconductor memory device is configured to receive the first conversion value that the semiconductor memory device intends to receive from the host device. A storage unit for storing, and the determination unit further includes an illegal operation when the first conversion value received by the reception unit does not match the first conversion value stored in the storage unit. It is characterized in that it is determined that the access is correct.

  According to the computer system according to the second aspect, the determination unit determines that the access is unauthorized when the received first conversion value does not match the first conversion value stored in the storage unit. Accordingly, when a conversion value different from the first conversion value to be received is transmitted from the host device, it can be determined that the access is unauthorized, and thus the security of the semiconductor memory device can be further improved. .

  The computer system according to a third aspect of the present invention is the computer system according to the second aspect, in particular, the first conversion value received by the receiving unit is stored in the storage unit. The transmission unit does not transmit the command when it does not match the conversion value.

  According to the computer system according to the third aspect, when the received first conversion value does not match the first conversion value stored in the storage unit, a command is transmitted from the host device to the semiconductor storage device. Not. Therefore, transmission / reception of signals between the host device and the semiconductor memory device can be further complicated, and the security of the semiconductor memory device can be further improved.

  The computer system according to a fourth aspect of the present invention is the computer system according to any one of the first to third aspects, and in particular, the host device is a predetermined location in the data representing the first conversion value. A processing unit that processes the first conversion value by inserting indefinite value data into the control unit, and the control unit performs processing from the first conversion value after processing received by the reception unit. It further includes a restoration unit that restores the previous first conversion value.

  According to the computer system of the fourth aspect, the processing unit processes the first converted value by inserting indefinite value data at a predetermined location in the data representing the first converted value. Therefore, since the first conversion value transmitted from the host device to the semiconductor memory device can be complicated, the security of the semiconductor memory device can be further improved.

  The computer system according to a fifth aspect of the present invention is the computer system according to any one of the first to fourth aspects, and in particular, the host device inserts indefinite value data at a predetermined location in the command. The processing unit further includes a processing unit that processes the command, and the control unit further includes a restoration unit that restores the command before processing from the command after processing received by the receiving unit. It is what.

  According to the computer system of the fifth aspect, the processing unit processes the command by inserting indefinite value data at a predetermined location in the command. Therefore, since the command transmitted from the host device to the semiconductor memory device can be complicated, the security of the semiconductor memory device can be further improved.

  The computer system according to a sixth aspect of the present invention is the computer system according to any one of the first to fifth aspects, and in particular, the transmission unit transmits the command after transmitting the first conversion value. The determination unit further determines that the access is unauthorized when a time interval between a transmission time related to the first conversion value and a transmission time related to the command is outside a predetermined allowable range. To do.

  According to the computer system of the sixth aspect, the determination unit determines that the unauthorized access is performed when the time interval between the transmission time related to the first conversion value and the transmission time related to the command is outside a predetermined allowable range. judge. In this way, by setting an allowable range for the time interval between the transmission time related to the first conversion value and the transmission time related to the command, and determining that the access is unauthorized when the time interval is outside the allowable range. Thus, the security of the semiconductor memory device can be further improved.

  The computer system according to a seventh aspect of the present invention is the computer system according to any one of the first to sixth aspects, and in particular, the first generator is configured by any one of a plurality of predetermined operations. The first conversion value is generated by converting the command.

  According to the computer system which concerns on a 7th aspect, a 1st production | generation part produces | generates a 1st conversion value by converting a command by either of the some calculation prescribed | regulated previously. Accordingly, a plurality of types of first conversion values are generated for the same command, and the first conversion values transmitted from the host device to the semiconductor memory device can be complicated, so that the security of the semiconductor memory device is further improved. It becomes possible to do.

  In the computer system according to the eighth aspect of the present invention, particularly in the computer system according to any one of the first to seventh aspects, when the determination unit determines unauthorized access, the control unit includes: As the response process for the host device, any one of a process of returning dummy data, a process of returning an error code, and a process of not returning any data is selected and executed indefinitely. is there.

  According to the computer system according to the eighth aspect, when the determination unit determines that the access is unauthorized, the control unit returns the dummy data as a response process to the host device, the process of returning an error code, Any of the processes that do not return any data is selected indefinitely and executed. Therefore, compared with a case where an error code is always returned for unauthorized access, a third party who performs unauthorized access is less likely to notice that unauthorized access has failed. Therefore, it is possible to delay the time to start re-analysis.

  A semiconductor memory device according to a ninth aspect of the present invention is a semiconductor memory device that can be externally connected to a host device, and includes a control unit that controls access from the host device to the semiconductor memory device, and the host device. A reception unit that receives a command and a first conversion value generated by converting the command by a predetermined calculation, and the control unit receives the command received by the reception unit. The generation unit that generates the second conversion value, the first conversion value received by the reception unit, and the second conversion value generated by the generation unit do not coincide with each other by performing the conversion according to A determination unit that determines that the access is unauthorized.

  According to the semiconductor memory device of the ninth aspect, the host device transmits the first conversion value and the command to the semiconductor memory device. The semiconductor memory device generates a second conversion value by converting the received command, and determines that the access is unauthorized when the received first conversion value does not match the second conversion value. In this way, not only the command but also the first conversion value is transmitted from the host device to the semiconductor memory device, and when the first conversion value does not match the second conversion value, it is determined that the access is unauthorized. Signal transmission / reception between the host device and the semiconductor memory device can be complicated. As a result, the security of the semiconductor memory device can be improved.

  According to the present invention, it is possible to obtain a semiconductor memory device having high security and a computer system including the same.

It is a figure which simplifies and shows the whole structure of the computer system which concerns on embodiment of this invention. It is a block diagram which simplifies and shows the structure of a host apparatus. 1 is a block diagram showing a simplified configuration of a semiconductor memory device. It is a block diagram which shows the structure of a control part concretely. It is a figure which shows the structure of a memory | storage part. It is a figure which simplifies and shows table data. It is a flowchart which shows the processing content in a host apparatus. It is a flowchart which shows the processing content in a semiconductor memory device. It is a figure which shows the example of a process of the hash value by a process part. It is a figure which shows the example of the process of the command by a process part. It is a figure which simplifies and shows table data. It is a flowchart which shows the processing content in a semiconductor memory device. It is a figure which simplifies and shows table data.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In addition, the element which attached | subjected the same code | symbol in different drawing shall show the same or corresponding element.

  FIG. 1 is a diagram showing a simplified overall configuration of a computer system 1 according to an embodiment of the present invention. The computer system 1 includes a host device 2 as an external device and a semiconductor storage device 3 such as a memory card that can be detachably connected to the host device 2.

  FIG. 2 is a block diagram showing a simplified configuration of the host device 2. As shown by the connection relationship in FIG. 2, the host device 2 includes a command generation unit 11, a conversion unit 12, a processing unit 13, a transmission unit 14, a control unit 15, and a reception unit 16.

  FIG. 3 is a block diagram showing a simplified configuration of the semiconductor memory device 3. As shown by the connection relationship in FIG. 3, the semiconductor memory device 3 includes a receiving unit 21, a transmitting unit 22, a control unit 23, and a storage unit 24.

  FIG. 4 is a block diagram specifically illustrating the configuration of the control unit 23. As shown by the connection relationship in FIG. 4, the control unit 23 includes a restoration unit 31, a holding unit 32, a conversion unit 33, and a determination unit 34.

  FIG. 5 is a diagram illustrating a configuration of the storage unit 24. The storage unit 24 includes a storage area AR1 in which arbitrary content data D7 is stored, and a storage area AR2 in which table data D12 is stored. The storage area AR1 is an area accessible from the host device 2, and the storage area AR2 is an area inaccessible from the host device 2. Note that the storage area AR1 and the storage area AR2 may be configured as separate IC chips.

  FIG. 6 is a simplified diagram showing table data D12A as a first example of table data D12. The table data D12A describes the correspondence between a plurality of commands scheduled to be transmitted from the host device 2 to the semiconductor memory device 3 and the hash value of each command.

  FIG. 7 is a flowchart showing the processing contents in the host device 2, and FIG. 8 is a flowchart showing the processing contents in the semiconductor memory device 3. Hereinafter, the operation of the computer system 1 according to the present embodiment will be described with reference to FIGS.

  First, in step P <b> 101, the command generation unit 11 generates a command D <b> 1 to be transmitted to the semiconductor memory device 3.

  Next, in step P102, the conversion unit 12 generates a hash value D2 by converting the command D1 by an operation using a predetermined hash function.

  Next, in step P103, the processing unit 13 processes the hash value D2 according to a predetermined rule, thereby generating a processed hash value D3.

  FIG. 9 is a diagram illustrating an example of processing of the hash value D2 by the processing unit 13. As shown in FIG. 9A, the hash value D2 is given as a total of 8 bytes of data consisting of upper 4 bytes of data D2U and lower 4 bytes of data D2L. Further, the processing unit 13 has a time counter, and as shown in FIG. 9B, the counter value D20 of the time counter is a total consisting of upper 4 bytes of data D20U and lower 4 bytes of data D20L. It is given as 8-byte data. Then, the processing unit 13 generates a hash value D3 having a data length of 16 bytes in total by arranging the data D2U, D20U, D2L, and D20L in this order from the upper side as shown in FIG. 9C. To do. Regarding the hash value D3 in this example, the hash value D2 before processing is included in the most significant 4 bytes and the second 4 bytes from the lower side.

  Next, in step P104, the transmission unit 14 transmits the hash value D3 to the semiconductor memory device 3.

  Next, in step P201, the receiving unit 21 receives the hash value D3 from the host device 2, and inputs the received hash value D3 to the control unit 23.

  Next, in step P202, the restoration unit 31 restores the hash value D11 corresponding to the hash value D2 before processing by extracting the highest 4 bytes from the hash value D3 and the second 4 bytes from the lower side. . The restored hash value D11 is held by the holding unit 32.

  Next, in step P203, the determination unit 34 determines whether or not the hash value D11 held by the holding unit 32 matches any hash value registered in the table data D12.

  If the hash value D11 matches the registered hash value (that is, if the result of determination in step P203 is “YES”), then in step P204, the control unit 23 sends a command request D4 from the transmission unit 22 to the host device 2. Send to. The command request D4 is input to the control unit 15 after being received by the receiving unit 16.

  Next, in step P105, the control unit 15 determines whether or not the command request D4 is received within a predetermined time after transmitting the hash value D3.

  When the command request D4 is received within the predetermined time (that is, when the result of determination in step P105 is “YES”), the control unit 15 next inputs the command transmission command D5 to the processing unit 13 in step P106. . Receiving the command transmission command D5, the processing unit 13 processes the command D1 according to a predetermined rule, thereby generating a processed command D1.

  FIG. 10 is a diagram illustrating an example of processing of the command D1 by the processing unit 13. As shown in FIG. 10A, the command D1 is given as a total of 8 bytes of data including upper 4 bytes of data D1U and lower 4 bytes of data D1L. Further, the processing unit 13 has a time counter, and as shown in FIG. 10B, the counter value D30 of the time counter is a total consisting of upper 4 bytes of data D30U and lower 4 bytes of data D30L. It is given as 8-byte data. Then, as shown in FIG. 10C, the processing unit 13 arranges the data D1U, D30U, D1L, and D30L in this order from the upper side, thereby generating a command D6 having a data length of 16 bytes in total. . Regarding the command D6 in this example, the command D1 before processing is included in the uppermost 4 bytes and the second 4 bytes from the lower side.

  Next, in step P107, the transmission unit 14 transmits the command D6 to the semiconductor memory device 3.

  Next, in step P205, the reception unit 21 receives the command D6 from the host device 2, and inputs the received command D6 to the control unit 23.

  Next, in Step P206, the restoration unit 31 restores the command D13 corresponding to the command D1 before processing by extracting the most significant 4 bytes from the command D6 and the second 4 bytes from the lower side.

  Next, in step P207, the conversion unit 33 generates a hash value D14 by converting the command D13 by an operation using the same hash function as that of the conversion unit 12.

  Next, in step P208, the determination unit 34 determines whether or not the hash value D14 generated by the conversion unit 33 matches the hash value D11 held by the holding unit 32.

  When the hash value D14 matches the hash value D11 (that is, when the result of determination in step P208 is “YES”), the determination unit 34 determines that access from the host device 2 is normal access. In this case, in step P209, the control unit 23 accesses the storage unit 24 according to the content of the command D13. When the command D13 is, for example, a read command, the content data D7 is read from the storage area AR1 according to the address accompanying the command D13, and the read content data D7 is transmitted from the transmission unit 22 to the host device 2. If the command D13 is a write command, for example, the content data accompanying the command D13 is written into the storage area AR1 according to the address accompanying the command D13.

  In the flowchart illustrated in FIG. 8, when the hash value D11 held by the holding unit 32 does not match any hash value registered in the table data D12 (that is, the result of determination in step P203 is “NO”). The determination unit 34 determines that the access from the host device 2 is an unauthorized access. In this case, in step P210, the control unit 23 transmits random dummy data D8 from the transmission unit 22 to the host device 2 (first response process). Alternatively, a predetermined error code D9 is transmitted from the transmission unit 22 to the host device 2 (second response process). Alternatively, no data is transmitted to the host device 2 (third response process). For example, when the remainder value obtained by dividing the data D20L by “3” is “0”, the first response process is executed, and when the remainder value is “1”, the second response process is executed. When the value is “2”, the third response process is executed.

  In the flowchart shown in FIG. 8, when the hash value D14 generated by the conversion unit 33 does not match the hash value D11 held by the holding unit 32 (that is, when the determination result in step P208 is “NO”). ), A response process similar to the above is performed in step P210.

<First Modification>
FIG. 11 is a diagram schematically illustrating table data D12B as a second example of table data D12. In the table data D12B, in addition to the table data D12A, an allowable range regarding a time interval between the transmission time of the hash value D3 and the transmission time of the command D6 is described for each command. The upper limit value and the lower limit value of the allowable range are set based on a time interval assumed when normal access is performed.

  FIG. 12 is a flowchart showing the processing contents in the semiconductor memory device 3 according to this modification. If the hash value D14 generated by the conversion unit 33 matches the hash value D11 held by the holding unit 32 (that is, if the result of determination in step P208 is “YES”), then in step P211 The determination unit 34 determines whether or not the time interval between the transmission time of the hash value D3 and the transmission time of the command D6 is within the allowable range set for the command D6. The transmission time of the hash value D3 is obtained by extracting the counter value D20 from the hash value D3, and the transmission time of the command D6 is obtained by extracting the counter value D30 from the command D6.

  When the time interval between the two is within the allowable range (that is, when the determination result in Step P211 is “YES”), the determination unit 34 determines that the access from the host device 2 is a normal access. In this case, in step P209, the control unit 23 accesses the storage unit 24 according to the content of the command D13. On the other hand, when the time interval between the two is outside the allowable range (that is, when the determination result in step P211 is “NO”), the determination unit 34 determines that the access from the host device 2 is an unauthorized access. To do. In this case, in step P210, the control unit 23 transmits random dummy data D8 from the transmission unit 22 to the host device 2, or transmits a predetermined error code D9 from the transmission unit 22 to the host device 2, or the host device 2 Does not send any data.

<Second Modification>
FIG. 13 is a diagram showing simplified table data D12C as a third example of table data D12. In this modification, a plurality of hash functions (md5, sha1, sha256, etc.) are prepared as hash functions for converting the command D1 by the conversion unit 12, and the conversion unit 12 randomly selects a plurality of hash functions. As a result, a hash value D2 is generated from the command D1. In the table data D12C, a hash value when each hash function is selected is described. In addition, an allowable time regarding a time interval between the transmission time of the hash value D3 and the transmission time of the command D6 is also set for each hash function.

  In the flowchart shown in FIG. 8, in step P203, the determination unit 34 determines whether the hash value D11 stored in the storage unit 32 matches any hash value registered in the table data D12C. To do. For example, regarding the read command READ1, if the hash value D11 held by the holding unit 32 matches any of the hash values A1, A2, and A3 registered in the table data D12C, the result of the determination in step P203 is “YES”.

<Third Modification>
In the above embodiment, the processing unit 13 has inserted the counter value of the time counter into the hash value and the command, respectively, but may insert a random value instead of the counter value.

  In the above embodiment, the conversion units 12 and 33 convert the command into a hash value by an operation using a hash function, but convert the command by an exclusive OR operation using an arbitrary key that differs for each command. May be. Alternatively, the command may be converted using a compression algorithm such as a Huffman code or Shannon code, an audio codec such as LPC (Linear Predictive coding) or Fourier transform, and an image codec such as RLE (Run Length Encoding) or wavelet transform.

<Summary>
According to the computer system 1 according to the present embodiment, the host device 2 transmits the hash value D2 (first conversion value) and the command D1 to the semiconductor memory device 3. The semiconductor memory device 3 generates a hash value D14 (second conversion value) by converting the received command D1, and if the received first conversion value does not match the second conversion value, unauthorized access is made. Is determined. As described above, not only the command but also the first conversion value is transmitted from the host device 2 to the semiconductor memory device 3, and when the first conversion value does not match the second conversion value, it is determined that the access is illegal. Thus, transmission / reception of signals between the host device 2 and the semiconductor memory device 3 can be complicated. As a result, the security of the semiconductor memory device 3 can be improved.

  Further, according to the computer system 1 according to the present embodiment, the determination unit 34 is illegal when the received first conversion value does not match the first conversion value stored in the storage unit 24. Judged as access. Accordingly, when a conversion value different from the first conversion value to be received is transmitted from the host device 2, it can be determined that the access is unauthorized, and thus the security of the semiconductor memory device 3 can be further improved. It becomes.

  Further, according to the computer system 1 according to the present embodiment, when the received first conversion value does not match the first conversion value stored in the storage unit 24, the host device 2 performs semiconductor storage. The command D1 is not transmitted to the device 3. Therefore, transmission / reception of signals between the host device 2 and the semiconductor memory device 3 can be further complicated, and the security of the semiconductor memory device 3 can be further improved.

  Further, according to the computer system 1 according to the present embodiment, the processing unit 13 inserts the indefinite value data D20 into a predetermined location in the data D2 representing the first conversion value, thereby performing the first conversion. Process the value. Accordingly, since the first conversion value transmitted from the host device 2 to the semiconductor memory device 3 can be complicated, the security of the semiconductor memory device 3 can be further improved.

  Further, according to the computer system 1 according to the present embodiment, the processing unit 13 processes the command D1 by inserting the indefinite value data D30 at a predetermined location in the command D1. Accordingly, since the command D1 transmitted from the host device 2 to the semiconductor memory device 3 can be complicated, the security of the semiconductor memory device 3 can be further improved.

  Further, according to the computer system 1 according to the present embodiment, the determination unit 34, when the time interval between the transmission time related to the first conversion value and the transmission time related to the command is outside a predetermined allowable range, Judged as unauthorized access. In this way, by setting an allowable range for the time interval between the transmission time related to the first conversion value and the transmission time related to the command, and determining that the access is unauthorized when the time interval is outside the allowable range. Thus, the security of the semiconductor memory device 3 can be further improved.

  Further, according to the computer system 1 according to the present embodiment, the conversion unit 12 (first generation unit) converts the command D1 by any one of a plurality of predefined operations, thereby converting the first conversion. Generate a value. Accordingly, a plurality of types of first conversion values are generated for the same command D1, and the first conversion values transmitted from the host device 2 to the semiconductor memory device 3 can be complicated. It is possible to further improve the performance.

  Further, according to the computer system 1 according to the present embodiment, when the determination unit 34 determines unauthorized access, the control unit 23 returns a dummy data D8 as a response process to the host device 2, Either the process of returning the error code D9 or the process of not returning any data is selected indefinitely and executed. Therefore, compared with a case where an error code is always returned for unauthorized access, a third party who performs unauthorized access is less likely to notice that unauthorized access has failed. Therefore, it is possible to delay the time to start re-analysis.

DESCRIPTION OF SYMBOLS 1 Computer system 2 Host apparatus 3 Semiconductor memory device 12 Conversion part 13 Processing part 14 Transmission part 21 Reception part 23 Control part 24 Storage part 31 Restoration part 32 Holding part 33 Conversion part 34 Determination part

Claims (9)

A host device,
A semiconductor storage device externally connectable to the host device;
With
The host device is
A first generation unit that generates a first conversion value by converting a command to be transmitted to the semiconductor memory device by a predetermined operation;
A transmission unit for transmitting the first conversion value and the command to the semiconductor memory device;
Have
The semiconductor memory device
A control unit that controls access from the host device to the semiconductor storage device;
A receiving unit that receives the first conversion value and the command from the host device;
Have
The controller is
A second generation unit that generates a second conversion value by converting the command received by the reception unit by the predetermined calculation;
A determination unit that determines unauthorized access when the first conversion value received by the reception unit and the second conversion value generated by the second generation unit do not match;
Including a computer system. The semiconductor memory device
The semiconductor storage device further includes a storage unit that stores the first conversion value scheduled to be received from the host device,
The determination unit further determines that the access is unauthorized when the first conversion value received by the reception unit does not match the first conversion value stored in the storage unit. The computer system described in 1.   3. The transmission unit does not transmit the command when the first conversion value received by the reception unit does not match the first conversion value stored in the storage unit. Computer system. The host device is
A processing unit that processes the first conversion value by inserting data of an indefinite value at a predetermined location in the data representing the first conversion value;
The controller is
The computer system according to claim 1, further comprising a restoration unit that restores the first converted value before processing from the first converted value after processing received by the receiving unit. . The host device is
A processing unit that processes the command by inserting indefinite value data at a predetermined location in the command;
The controller is
The computer system according to claim 1, further comprising a restoration unit that restores the command before processing from the command after processing received by the reception unit. The transmission unit transmits the command after transmitting the first conversion value,
The determination unit further determines unauthorized access when a time interval between a transmission time related to the first conversion value and a transmission time related to the command is outside a predetermined allowable range. The computer system according to any one of the above.   The said 1st production | generation part produces | generates a said 1st conversion value by transform | converting the said command by either of the predetermined some calculation, The statement of any one of Claims 1-6 Computer system.   When the determination unit determines that the access is unauthorized, the control unit performs a process of returning dummy data, a process of returning an error code, and a process of not returning any data as a response process to the host device. The computer system according to claim 1, wherein any one of them is selected and executed. A semiconductor storage device that can be externally connected to a host device,
A control unit that controls access from the host device to the semiconductor storage device;
A receiving unit for receiving a command and a first conversion value generated by converting the command by a predetermined calculation from the host device;
With
The controller is
A generation unit that generates a second conversion value by converting the command received by the reception unit by the predetermined calculation;
A determination unit that determines unauthorized access when the first conversion value received by the reception unit does not match the second conversion value generated by the generation unit;
A semiconductor memory device.

Images