JP2013037417A - Memory system, information processor, memory device, and memory system operation method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a technique that can prevent a memory device from being copied.SOLUTION: A memory information protection system 1A comprises: a memory device 20A that has a plurality of storage parts; and an information processor 10 that executes information processing. The memory device 20A includes as the plurality of storage parts: a first storage part 201 that stores second information associated with first information; and a second storage part 202 that stores the first information. The information processor 10 includes: acquisition means that acquires the first information and the second information; and a comparator 115 that determines the validity of a combination of the first storage part 201 and the second storage part 202 by using the first information and the second information. If it is determined by the comparator 115 that the combination of the first storage part 201 and the second storage part 202 is invalid, the information processor 10 disables execution of the information processing.

Description

  The present invention relates to information protection technology.

  A technique is known in which a memory device storing application software is attached to an information processing device, and the application software stored in the memory device is executed in the information processing device to realize a predetermined function.

  Such a memory device is equipped with a security function to prevent duplication of the memory device due to reading of application software. For example, in Patent Document 1, application software is stored in a memory device in an encrypted state, and the information processing device can execute the application software without acquiring key data for decrypting the application software. It is configured not to be able to. Therefore, in Patent Document 1, copying of the memory device is restricted until appropriate key data is acquired.

JP 2009-258850 A

  However, in Patent Document 1, when key data corresponding to encrypted application software is specified, there is a possibility that the memory device storing the application software is copied without permission without permission.

  The possibility that such a memory device is copied without permission is not limited to storing application software, but stores data other than application software (for example, data used for executing application software). It can also occur for memory devices.

  SUMMARY An advantage of some aspects of the invention is that it provides a technique that makes it difficult to duplicate a memory device.

  A first aspect of a memory system according to the present invention includes a memory device having a plurality of storage units and an information processing device that executes information processing, and the memory device includes first information as the plurality of storage units. And a second storage unit that stores the first information, and the information processing apparatus obtains the first information and the second information. Means, and using the first information and the second information, determination means for determining the validity of the combination of the first storage unit and the second storage unit, and the information processing apparatus includes: If the determination unit determines that the combination is not valid, the information processing is disabled.

  A second aspect of the memory system according to the present invention is the first aspect, wherein the information processing apparatus is based on the first information acquired from the second storage unit by the acquisition unit. Generating means for generating third information, wherein the determining means determines the validity of the combination by comparing the second information with the third information generated by the generating means. To do.

  A third aspect of the memory system according to the present invention is the first aspect or the second aspect, wherein the first storage unit has an OTP (One Time Programmable) area, and Two pieces of information are stored in the OTP area.

  A fourth aspect of the memory system according to the present invention is the third aspect, wherein the second storage unit further stores the second information and is stored in the OTP area. The information is information read from the second storage unit and written in the OTP area of the first storage unit based on an instruction from the information processing apparatus.

  A fifth aspect of the memory system according to the present invention is the second aspect, wherein the generation means uses the first information and a key to determine a MAC (Message Authentication Code) value. The first storage unit stores, as the second information, a MAC value generated in advance using the first information and the common key that is common to the key. The validity of the combination is determined by comparing the MAC value stored in one storage unit with the MAC value generated by the generating means.

  Further, a sixth aspect of the memory system according to the present invention is the fifth aspect, wherein the information processing apparatus holds the key so that it cannot be read from the outside.

  A seventh aspect of the memory system according to the present invention is any one of the first to sixth aspects, wherein the first information is unique identification information.

  An eighth aspect of the memory system according to the present invention is any one of the first aspect to the seventh aspect, wherein the information processing apparatus controls issuance of a command to the first storage unit. First command issuance control means for controlling and second command issuance control means for controlling issuance of commands to the second storage unit, and when the judgment means judges that the combination is not valid, The one command issue control means stops issuing commands to the first storage unit, and the second command issue control means stops issuing commands to the second storage unit.

  Further, a ninth aspect of the memory system according to the present invention is any one of the first aspect to the eighth aspect, wherein the first storage unit stores encrypted encrypted information. The information processing apparatus includes: key generation means for generating key information used for information decryption; decryption means for acquiring the encryption information and decrypting the acquired encryption information based on the key information; And the key generation unit generates the key information when the determination unit determines that the combination is valid, and the determination unit determines that the combination is not valid The key generation means does not generate the key information.

  According to a tenth aspect of the memory system of the present invention, the memory system includes a memory device having a plurality of storage units and an information processing apparatus that executes information processing, and at least two of the plurality of storage units. Each of them stores related information related to each other, and the information processing apparatus is acquired from each of the at least two storage units and from each of the at least two storage units. And determining means for determining the validity of the combination of the at least two storage units by using each related information, and the information processing apparatus uses the determination means to determine that the combination of the at least two storage units is not valid. If it is determined, the information processing is disabled.

  A memory device according to the present invention is a memory device that supplies information to an information processing device that performs information processing, the first storage unit storing second information related to the first information, and the first A second storage unit that stores one information, and the information processing apparatus uses the acquisition unit that acquires the first information and the second information, and the first information and the second information. Determining means for determining the validity of the combination of the first storage section and the second storage section, and the memory device, when the determination means determines that the combination is not valid, The information is supplied to the information processing apparatus that makes the execution impossible.

  An information processing apparatus according to the present invention is an information processing apparatus that receives information from a memory device and executes information processing, and the memory device stores second information related to the first information. A first storage unit; and a second storage unit configured to store the first information. The information processing apparatus includes: an acquisition unit configured to acquire the first information and the second information; the first information; And determining means for determining the correctness of the combination of the first storage unit and the second storage unit using the second information, and the information processing apparatus determines that the combination is not valid by the determining means. If it is determined, the information processing is disabled.

  A memory system operation method according to the present invention is a memory system operation method including a memory device and an information processing device that executes information processing, and is a) stored in a first storage unit of the memory device. Obtaining the second information related to the first information and the first information stored in the second storage unit of the memory device; and b) the first information obtained in the step a) and In the step of determining the validity of the combination of the first storage unit and the second storage unit using the second information, and c) in the step b), when it is determined that the combination is not valid, And making the information processing impossible.

  An eleventh aspect of a memory system according to the present invention includes a memory device having a plurality of storage units, and an information processing device that executes information processing. A first storage unit that stores one information; and a second storage unit that stores second information related to the first information, wherein the information processing apparatus acquires the first information and the second information. And an acquisition unit that determines the validity of a combination of the first storage unit and the second storage unit using the first information and the second information, and the information processing apparatus includes: When the determination unit determines that the combination is not valid, the information processing is disabled.

  A twelfth aspect of the memory system according to the present invention is the eleventh aspect, in which the information processing apparatus is based on the first information acquired from the first storage unit by the acquisition unit. Generating means for generating third information, wherein the determining means determines the validity of the combination by comparing the second information with the third information generated by the generating means. To do.

  A thirteenth aspect of the memory system according to the present invention is the eleventh aspect or the twelfth aspect, wherein the first storage unit has an OTP (One Time Programmable) area, One information is stored in the OTP area.

  Further, a fourteenth aspect of the memory system according to the present invention is the thirteenth aspect, wherein the second storage unit further stores the first information and is stored in the OTP area. The information is information read from the second storage unit and written in the OTP area of the first storage unit based on an instruction from the information processing apparatus.

  The fifteenth aspect of the memory system according to the present invention is the twelfth aspect, wherein the generation means uses the first information and a key to determine a MAC (Message Authentication Code) value. The second storage unit stores, as the second information, a MAC value generated in advance using the first information and the common key that is common to the key, and the determination means includes the first information (2) The validity of the combination is determined by comparing the MAC value stored in the storage unit with the MAC value generated by the generating unit.

  According to the present invention, it becomes possible to make duplication of a memory device difficult.

It is a figure which shows the external appearance structure of a memory information protection system. It is a figure for demonstrating the outline | summary of the bind authentication performed with a memory information protection system. It is a block diagram which shows the function structure of the memory information protection system which concerns on 1st Embodiment. It is a figure which shows the detailed structure of a message authentication code production | generation part. It is a figure for demonstrating the initialization operation | movement of a memory information protection system. It is a figure for demonstrating the bind authentication operation | movement of a memory information protection system. It is a block diagram which shows the function structure of the memory information protection system which concerns on 2nd Embodiment.

  Each embodiment will be described below with reference to the drawings. In addition, the element which attached | subjected the same code | symbol in different drawing shall show the same or corresponding element.

<1. First Embodiment>
[1-1. Configuration Overview]
FIG. 1 is a diagram showing an external configuration of a memory information protection system (also simply referred to as “memory system”) 1A. FIG. 2 is a diagram for explaining the outline of the bind authentication executed in the memory information protection system 1A.

  As illustrated in FIG. 1, the memory information protection system 1A includes an information processing device 10 and a memory device 20A.

  The memory device 20A has a plurality of storage units configured by a semiconductor memory such as a mask ROM or a flash memory.

  The memory device 20A stores application information used to execute an application in at least one of the plurality of storage units. The application information includes, for example, a program as application software executed by the information processing apparatus 10 which is a kind of computer device and / or data used when executing the application software.

  Further, the memory device 20A stores mutually related information (also referred to as “related information”) in each of at least two storage units among the plurality of storage units.

  The memory device 20A has an aspect like a card or a cartridge, for example. The memory device 20 </ b> A is configured to be detachable from the information processing device 10, and the memory device 20 </ b> A is used while being attached to the information processing device 10.

  The information processing apparatus 10 that uses information stored in the memory device 20A includes, for example, a personal computer (personal computer), a portable information terminal device such as a PDA (Personal Digital Assistant), or an image processing device. When the application software stored in the memory device 20A is a game program, the information processing device 10 functions as a game device body such as a stationary game machine or a portable game machine.

  In such a memory information protection system 1A, the information processing apparatus 10 uses the related information stored in each of at least two storage units among the plurality of storage units in the memory device 20A, and uses the at least two storage units. Perform "bind authentication" to determine the validity of the combination.

  Specifically, as illustrated in FIG. 2, the information processing apparatus 10 includes the related information D1 stored in the first semiconductor memory 201 in the memory device 20A and the related information D2 stored in the second semiconductor memory 202. And get. Then, the information processing apparatus 10 performs bind authentication to determine the validity of the combination of the first semiconductor memory 201 and the second semiconductor memory 202 using the acquired related information D1 and D2.

  In the bind authentication, when the validity of the combination of the storage units is not confirmed, the information processing apparatus 10 regards the installed memory device as an unauthorized one and makes it impossible to perform information processing in the information processing apparatus 10. To do.

  Note that such bind authentication is performed before the normal operation is started in the information processing apparatus 10, that is, in response to power-on of the information processing apparatus 10, the information processing apparatus 10 is activated and the power is supplied to the memory device 20A. It is preferably executed at the time when the operation as a system is started. 2 shows a mode in which the memory device 20A has two semiconductor memories 201 and 202 as a storage unit for simplification of illustration. However, the memory device 20A is not limited to two semiconductor memories. You may have another memory | storage part. That is, in this case, the two semiconductor memories and the other storage units correspond to the plurality of storage units, and the two semiconductor memories that are authentication targets of the combination in the bind authentication correspond to the at least two storage units. It will be.

  As described above, when the validity of the combination of at least two storage units in the memory device is not confirmed, the memory information protection system regards the installed memory device as an irregular one and performs information processing in the information processing device. Therefore, it is difficult to execute an application using a non-regular memory device. That is, by simply extracting data stored in a regular memory device and simply copying the memory device, it is difficult to pass the bind authentication, so it becomes difficult for the unauthorized duplicator to copy the memory device.

[1-2. Function block]
Next, functions of the memory information protection system 1A will be described in detail. FIG. 3 is a block diagram showing a functional configuration of the memory information protection system 1A according to the first embodiment. FIG. 4 is a diagram illustrating a detailed configuration of the message authentication code generation unit.

  As shown in FIG. 3, the information processing apparatus 10 constituting the memory information protection system 1 </ b> A includes an overall control unit 100 and a memory control unit (memory controller) 110.

  The overall control unit 100 is configured as a microcomputer and mainly includes a CPU, a RAM, a ROM, and the like. The overall control unit 100 implements various functions by reading a program stored in the ROM and executing the program by the CPU.

  Specifically, the overall control unit 100 functionally realizes the command generation unit 101 by executing the above-described program.

  The command generation unit 101 has a function of generating an instruction code related to a command to the memory device 20A or a command including the instruction code and an address. For example, when reading data stored in the memory device 20A, a command (also referred to as “read command”) including a read instruction code and an address of data to be read is generated by the command generation unit 101.

  The command generated by the command generation unit 101 is input to the memory control unit 110 via the internal bus 120.

  The memory control unit 110 includes command issue control units 111 and 119, encryption units 112 and 118, decryption units 113 and 117, a message authentication code generation unit 114, a comparator 115, and a key generation unit 116. And performs various controls on the memory device 20A.

  The command issuance control unit 111 controls issuance of commands to the first storage unit 201 in the memory device 20A.

  The other command issuance control unit 119 controls issuance of commands to the second storage unit 202 in the memory device 20A.

  The encryption units 112 and 118 have a function of encrypting and outputting input information. The information encrypted by the encryption unit 112 is supplied to the first storage unit 201 in the memory device 20A via an interface (not shown). Further, the information encrypted by the encryption unit 118 is supplied to the second storage unit 202 in the memory device 20A via the interface.

  The decoding units 113 and 117 have a function of decoding and outputting information transmitted from the memory device 20A. That is, the decoding unit 113 decodes the information transmitted from the first storage unit 201 of the memory device 20A, and the decoding unit 117 decodes the information transmitted from the second storage unit 202 of the memory device 20A. Turn into.

  The message authentication code generation unit 114 generates a message authentication code (MAC) based on the unique ID (also referred to as “unique ID” or “UID”) 2U stored in the second storage unit 202. It has a function.

  Specifically, the message authentication code generation unit 114 includes a hardware key 141 and a calculation unit 142 as shown in FIG.

  The hardware key 141 is fixed key data mounted on the chip as hardware. The hardware key 141 uses, for example, a plurality of inverters (NOT circuits) corresponding to the bit length of the hardware key 141 to clamp the input of each inverter to the power supply voltage (Vcc) or GND (ground potential). Can be realized.

  The calculation unit 142 performs a predetermined MAC calculation based on the input hardware key 141 and the unique ID 2U, and outputs a message authentication code (also referred to as “MAC value”). As a predetermined MAC calculation method executed by the calculation unit 142, for example, a calculation method using a hash function such as SHA-1 or MD5, or a calculation method using a block encryption algorithm such as CBC-MAC. Can be adopted.

  As described above, the message authentication code generation unit 114 functions as a generation unit that generates a MAC value using the hardware key 141 and the unique ID 2U.

  The MAC value generated by the message authentication code generation unit 114 is output to the comparator 115.

  The comparator 115 compares the MAC value generated by the message authentication code generation unit 114 with the MAC value acquired from the first storage unit 201, and outputs a comparison result. Specifically, when the two MAC values match, the comparator 115 outputs a signal indicating a match (match signal) as a comparison result. When the two MAC values do not match, the comparator 115 indicates that they do not match. The indicated signal (mismatch signal) is output as a comparison result.

  The comparison result output from the comparator 115 is output to the command issue control units 111 and 119. In the command issuance control units 111 and 119 described above, when a mismatch signal is input as a comparison result, subsequent command issuance is stopped.

  The comparison result output from the comparator 115 is also output to the key generation unit 116.

  The key generation unit 116 has a function of generating key information according to the comparison result input from the comparator 115.

  Specifically, when two MAC values match, that is, when a match signal is input as a comparison result, the key generation unit 116 generates key information used for encryption / decryption of information based on the unique ID. . On the other hand, when the two MAC values do not match, that is, when a mismatch signal is input as a comparison result, the key generation unit 116 invalidates the unique ID and does not generate an encryption key.

  The generated key information is output to the encryption unit 112 and the decryption unit 113, and is used for the encryption process in the encryption unit 112 and the decryption process in the decryption unit 113.

  On the other hand, the memory device 20A attached to the information processing apparatus 10 having the above-described configuration includes a first storage unit 201, a first in-memory control unit 211 that controls the first storage unit 201, and a second storage unit. Unit 202 and a second in-memory control unit 212 that controls the second storage unit 202.

  The first storage unit 201 is a non-volatile semiconductor memory such as a mask ROM, a flash memory, or an EPROM, and has a normal storage area 231 that stores encrypted data (encrypted data). The first storage unit 201 also has an OTP (One Time Programmable) area 232 in addition to the normal recording area 231. The OTP area 232 is an area in which writing can be performed only once, and information stored in the OTP area 232 cannot be erased and rewritten after writing. Such an OTP area 232 may be realized by physically securing a part of the entire storage area of the first storage unit 201 as a fuse type storage area, or the OTP area 232 of the first storage unit 201. You may implement | achieve by making the in-memory control part 211 control so that a part of all the storage areas cannot be rewritten.

  The first in-memory control unit 211 has a command analysis unit 221.

  The command analysis unit 221 analyzes a command for the first storage unit 201 issued from the command issuance control unit 111, and issues an execution instruction for a predetermined operation according to the command. For example, when the command issued from the command issue control unit 111 is a data read command from the first storage unit 201, a read instruction code and read address data are extracted from the read command, and a read signal Read address data is applied to the first storage unit 201. Receiving the read signal and the read address data, the first storage unit 201 outputs the data to be read stored at the read address.

  The second storage unit 202 is a non-volatile semiconductor memory such as a mask ROM, flash memory, or EPROM, and stores application information such as programs and / or data. The second storage unit 202 is generated in advance using a unique ID (unique ID) 2U that is identification information unique to the memory device 20A, and a key (common key) that is common to the unique ID 2U and the hardware key 141. The MAC value 2M is further stored. The unique ID 2U and the MAC value 2M are stored in advance in the second storage unit 202 at the time of factory shipment.

  Since the MAC value 2M is information generated using the unique ID 2U, the unique ID 2U and the MAC value 2M are also referred to as “related information” associated with each other.

  The second in-memory control unit 212 includes a decryption unit 225, a command analysis unit 226, and an encryption unit 227.

  The decryption unit 225 has a function of decrypting the encrypted command issued from the command issuance control unit 119 and encrypted by the encryption unit 118. The command decrypted by the decryption unit 225 is transmitted to the command analysis unit 226.

  The command analysis unit 226 has the same function as the command analysis unit 221, analyzes a command for the second storage unit 202, and gives an instruction to execute a predetermined operation according to the command.

  The encryption unit 227 has a function of encrypting data read from the second storage unit 202. The encrypted data encrypted by the encryption unit 227 is supplied to the information processing apparatus 10 via the interface.

[1-3. Initialization operation of memory information protection system 1A]
Here, the operation of the memory information protection system 1A will be described. The operation of the memory information protection system 1A includes an initialization operation executed when the power is turned on and a bind authentication operation executed after the initialization operation is completed. Hereinafter, the initialization operation and the bind authentication operation will be described in this order. FIG. 5 is a diagram for explaining the initialization operation of the memory information protection system 1A.

  The initialization operation is an operation for storing the MAC value 2M stored in the second storage unit 202 in the OTP area 232 of the first storage unit 201, and is executed when the power is turned on as described above.

  Specifically, before the initialization operation starts, the memory device 20A is mounted on the information processing device 10, and the memory device 20A and the information processing device 10 are electrically connected. Then, in response to power-on of the information processing apparatus 10, the information processing apparatus 10 is activated, and power is supplied from the information processing apparatus 10 to the memory device 20A, so that an initialization operation is started.

  As shown in FIG. 5, in the initialization operation, first, the command generation unit 101 generates a read command of the MAC value 2M stored in the second storage unit 202, and the read command of the generated MAC value 2M is The command issuance control unit 119 is set ((S1) in FIG. 5).

  Then, the command issuance control unit 119 issues a read command for the MAC value 2M (S2). The issued read command of the MAC value 2M is transmitted to the encryption unit 118.

  The encryption unit 118 performs encryption processing on the read command having the MAC value of 2M. The read command having the MAC value 2M encrypted by the encryption unit 118 is transmitted to the decryption unit 225 of the memory device 20A (S3).

  The decryption unit 225 performs a decryption process on the read command of the encrypted MAC value 2M. The decrypted read command with the MAC value of 2M is output to the command analysis unit 226 (S4).

  The command analysis unit 226 analyzes the read command of the MAC value 2M, gives the read signal and read address data of the MAC value 2M to the second storage unit 202, and stores the MAC value 2M stored in the second storage unit 202. A read operation is executed (S5).

  The second storage unit 202 outputs the stored MAC value 2M to the encryption unit 227 in response to the instruction to execute the read operation of the MAC value 2M (S6).

  The encryption unit 227 performs an encryption process on the MAC value 2M input from the second storage unit 202. The encrypted MAC value 2M is transmitted to the decryption unit 117 of the information processing apparatus 10 (S7).

  The decryption unit 117 decrypts the encrypted MAC value 2M. The decrypted MAC value 2M is transmitted to the command issuance control unit 111 (S8).

  Here, the command generation unit 101 generates a write command (MAC value write command) for writing the MAC value 2M to the OTP area 232 provided in the first storage unit 201, and the generated MAC value write command Is set in the command issuance control unit 111 (S9).

  The command issuance control unit 111 issues a MAC value write command (S10). The issued MAC value write command is transmitted to the command analysis unit 221 of the memory device 20A.

  The command analysis unit 221 analyzes the MAC value write command, and causes the first storage unit 201 to perform a write operation for storing the MAC value 2M in the OTP area 232 (S11). By the write operation, the MAC value 2M is stored in the OTP area 232 of the first storage unit 201.

  As described above, in the initialization operation, the MAC value 2M stored in the second storage unit 202 is read based on an instruction from the information processing apparatus 10, and the MAC value 2M is read from the OTP area of the first storage unit 201. 232 is written. The initialization operation may be an operation that is executed every time the information processing apparatus 10 is activated, or may be an operation that is executed only once when power is first supplied to the memory device 20A. Even if the initialization operation is performed every time the information processing apparatus 10 is started, the OTP area 232 is a storage area in which information cannot be erased and rewritten. Thus, the MAC value 2M stored in the OTP area 232 is not changed. That is, in the initialization operation executed after the first initialization operation, rewriting to the OTP area 232 is not performed.

[1-4. Bind authentication operation of memory information protection system 1A]
Next, the bind authentication operation will be described in detail. FIG. 6 is a diagram for explaining the bind authentication operation of the memory information protection system 1A.

  The bind authentication operation is an operation for determining the validity of the combination of the first storage unit 201 and the second storage unit 202 in the memory device 20A. The memory after the initialization operation is completed or after the initialization operation is completed This is executed when the information processing apparatus 10 is activated by mounting the apparatus 20A.

  Specifically, as shown in FIG. 6, in the bind authentication operation, first, the command generation unit 101 generates a read command for the unique ID 2U stored in the second storage unit 202, and reads the generated unique ID 2U. The command is set in the command issuance control unit 119 ((B1) in FIG. 6).

  Then, the command issue control unit 119 issues a read command with the unique ID 2U (B2). The issued read command of the unique ID 2U is transmitted to the encryption unit 118.

  The encryption unit 118 performs encryption processing on the read command with the unique ID 2U. The read command with the unique ID 2U encrypted by the encryption unit 118 is transmitted to the decryption unit 225 of the memory device 20A (B3).

  The decryption unit 225 decrypts the encrypted read command with the unique ID 2U. The decrypted read command with the unique ID 2U is output to the command analysis unit 226 (B4).

  The command analysis unit 226 analyzes the read command of the unique ID 2U, gives a read signal and read address data of the unique ID 2U to the second storage unit 202, and performs a read operation of the unique ID 2U stored in the second storage unit 202. (B5).

  The second storage unit 202 outputs the stored unique ID 2U to the encryption unit 227 in response to the instruction to execute the reading operation of the unique ID 2U (B6).

  The encryption unit 227 performs an encryption process on the unique ID 2U input from the second storage unit 202. The encrypted unique ID 2U is transmitted to the decryption unit 117 of the information processing apparatus 10 (B7).

  The decryption unit 117 performs decryption processing on the encrypted unique ID 2U to obtain the decrypted unique ID 2U. Thus, the command issue control unit 119, the encryption unit 118, and the decryption unit 117 function as an acquisition unit that acquires the unique ID 2U stored in the second storage unit 202. The decrypted unique ID 2U is transmitted to the message authentication code generation unit 114 and the key generation unit 116 (B8).

  The message authentication code generation unit 114 generates a MAC value (message authentication code) of the unique ID 2U using the unique ID 2U, and outputs the generated MAC value to the comparator 115 (B9).

  Here, the command generation unit 101 generates a read command (OTP region information read command) for information stored in the OTP region 232 of the first storage unit 201, and sends the generated OTP region information read command to the command issue control unit. 111 is set (B10).

  Then, the command issuance control unit 111 issues an OTP area information read command (B11). The issued OTP region information read command is transmitted to the command analysis unit 221 of the memory device 20A.

  The command analysis unit 221 analyzes the OTP area information read command and causes the information stored in the OTP area 232 to be read (B12).

  The first storage unit 201 outputs the MAC value stored in the OTP area 232 in response to the instruction to execute the read operation of the OTP area information (B13). The MAC value stored in the OTP area 232 is information stored by the initialization operation executed before the bind authentication operation, and is transmitted to the comparator 115 of the information processing apparatus 10 by the read operation.

  As described above, the command issue control unit 111 functions as an acquisition unit that acquires the MAC value stored in the OTP area 232 of the first storage unit 201.

  The comparator 115 compares the MAC value generated by the message authentication code generation unit 114 with the MAC value stored in the OTP area 232 of the first storage unit 201 and determines whether the two MAC values match. The comparison result indicating is output (B14). The comparison result output from the comparator 115 is input to the command issue control units 111 and 119 and the key generation unit 116.

  The comparison result output from the comparator 115 indicates the authentication result of bind authentication. That is, when a match signal indicating that two MAC values match is output as a comparison result, bind authentication has been established. On the other hand, when a mismatch signal indicating that the two MAC values do not match is output as a comparison result, the bind authentication is not established.

  Thus, the comparator 115 functions as a determination unit that determines the validity of the combination of the first storage unit 201 and the second storage unit 202.

  When bind authentication is established, that is, when it is determined that the combination of the first storage unit 201 and the second storage unit 202 is valid, the key generation unit 116 sets the unique ID 2U input from the decryption unit 117. Based on this, key information used for encryption / decryption of information is generated, and the key information is output to the encryption unit 112 and the decryption unit 113 (B15).

  Thereafter, in the memory information protection system 1A, the write data to be written in the first storage unit 201 is encrypted using the key information in the encryption unit 112 and then supplied to the memory device 20A. Also, the encrypted data stored in the first storage unit 201 can be decrypted by the decryption unit 113 using the key information.

  If bind authentication is not established, that is, if it is determined that the combination of the first storage unit 201 and the second storage unit 202 is not valid, the key generation unit 116 does not generate key information. Thereby, when bind authentication is not established, data is written to the first storage unit 201, and the encrypted data (encryption information) stored in the first storage unit 201 is decrypted to be usable data. It becomes impossible to get.

  When the bind authentication is not established, the command issue control units 111 and 119 refuse to accept the command and stop issuing the command.

  As described above, the information processing apparatus 10 performs the bind authentication for determining the validity of the combination of the storage units in the memory device 20A before the start of the normal information processing. The information processing in the apparatus 10 is disabled.

  As described above, the memory information protection system 1A includes the memory device 20A having a plurality of storage units and the information processing device 10 that executes information processing. The memory device 20A includes, as a plurality of storage units, a first storage unit 201 that stores second information (MAC value) related to the first information (unique ID), and a second storage unit 202 that stores first information. have. The information processing apparatus 10 determines the validity of the combination of the first storage unit 201 and the second storage unit 202 using the acquisition unit that acquires the first information and the second information, and the first information and the second information. And a comparator 115. Then, when the comparator 115 determines that the combination of the first storage unit 201 and the second storage unit 202 is not valid, the information processing apparatus 10 disables information processing.

  As described above, in the memory information protection system 1A, in order for the information processing apparatus to execute information processing, the legitimacy of the combination of the storage units in the memory apparatus is required. In order to replicate, it is necessary to specify a valid combination of storage units in the memory device. Therefore, in the memory information protection system 1A, it is difficult for the unauthorized duplicator to duplicate the memory device.

<2. Second Embodiment>
Next, a second embodiment of the present invention will be described. The memory information protection system 1B according to the second embodiment has substantially the same structure and function as the memory information protection system 1B except that the MAC value is stored in the first storage unit 201 in advance. Common parts are denoted by the same reference numerals and description thereof is omitted. FIG. 7 is a block diagram showing a functional configuration of the memory information protection system 1B according to the second embodiment.

  As illustrated in FIG. 7, the memory device 20B of the memory information protection system 1B stores a MAC value 1M used for bind authentication in the first storage unit 201.

  The MAC value 1M is preferably stored in a storage area such as an OTP area that cannot be erased and rewritten.

  According to such a memory information protection system 1B, since the MAC value 1M is stored in the first storage unit 201 in advance, it is not necessary to execute the initialization operation for storing the MAC value in the first storage unit 201. The operation can be simplified. Further, since it is not necessary to store the MAC value in the second storage unit 202, the second storage unit 202 can be used effectively.

<3. Modification>
Although the embodiments have been described above, the present invention is not limited to the contents described above.

  For example, in each of the above embodiments, the mode of performing the bind authentication using the first storage unit 201 storing the MAC value and the second storage unit 202 storing the unique ID 2U is illustrated, but the present invention is not limited thereto.

  Specifically, bind authentication may be performed using the first storage unit 201 that stores the unique ID 2U and the second storage unit 202 that stores the MAC value. In this case, the information processing apparatus 10 generates a MAC value using the unique ID 2U acquired from the first storage unit 201, and compares the generated MAC value with the MAC value acquired from the second storage unit 202. Thus, bind authentication for determining the validity of the combination of the first storage unit 201 and the second storage unit 202 is performed.

  In the case of performing the bind authentication using the first storage unit 201 that stores the unique ID 2U and the second storage unit 202 that stores the MAC value as in the modification example, in the initialization operation of the first embodiment, The operation of storing the unique ID 2U stored in the second storage unit 202 in the OTP area 232 of the first storage unit 201 is performed.

  In each of the above embodiments, the memory device 20A (20B) is detachable from the information processing device 10, but the present invention is not limited to this. Specifically, when data is exchanged between the memory device 20A (20B) and the information processing device 10 by wireless communication, the memory device 20A (20B) is detachable from the information processing device 10. It does not have to be configured.

  In each of the above embodiments, the MAC value is used as the evaluation value used for authentication determination in the bind authentication, but the present invention is not limited to this.

  Specifically, without using the hardware key 141, a calculation process using a hash function may be performed on the unique ID 2U to calculate a hash value, and bind authentication may be performed using the hash value as an evaluation value. .

  More specifically, the memory information protection system according to the first modification stores a hash value in the first storage unit 201 and a unique ID 2U in the second storage unit 202 before starting the bind authentication operation. Yes. When the bind authentication operation is started, the information processing apparatus 10 calculates a hash value using the unique ID 2U acquired from the second storage unit 202 and acquires a hash value from the first storage unit 201. The information processing apparatus 10 performs bind authentication by comparing the hash value calculated using the unique ID 2U with the hash value acquired from the first storage unit 201.

  Furthermore, information (for example, unique ID) stored in each of the first storage unit 201 and the second storage unit 202 of the memory device may be used as it is as an evaluation value used for bind authentication.

  More specifically, in the memory information protection system according to the second modification, the information processing apparatus 10 stores information (for example, a unique ID) stored in each of the first storage unit 201 and the second storage unit 202 of the memory device. Acquire bind authentication by simply comparing the two.

  However, when the reliability of each bind authentication executed in each of the above embodiments, the first modified example, and the second modified example is compared, the memory information protection systems 1A and 1B according to each of the above embodiments are executed. The reliability of bind authentication is the highest. On the other hand, the reliability of the bind authentication executed in the memory information protection system according to the second modification is the lowest.

  Specifically, in the memory information protection systems 1A and 1B of the above embodiments, since the hardware key 141 is also used for generating the MAC value, the unauthorized duplicator generates the MAC value used for the bind authentication. It is difficult and the reliability of bind authentication is high.

  For example, even if the unique ID 2U is acquired by the unauthorized duplicator, the unauthorized duplicator cannot generate the MAC value used for the bind authentication as long as the confidentiality of the hardware key 141 is maintained.

  On the other hand, in the memory information protection system according to the first modification, when the unique ID 2U is acquired by the unauthorized duplicator, the algorithm of the hash function is publicly disclosed. It becomes possible to generate a hash value to be used. In this way, when the possibility that an unauthorized replicator obtains an evaluation value used for bind authentication becomes high, the reliability of bind authentication becomes low.

  Since the memory information protection system according to the second modification is configured to use the unique ID stored in the storage unit 202 as it is as an evaluation value for bind authentication, the evaluation value used for bind authentication is acquired by an unauthorized duplicator. There is a high possibility, and it can be said that the reliability of the bind authentication executed in the second modification is even lower than the reliability of the bind authentication executed in the first modification.

  Therefore, in order to make it difficult for an unauthorized duplicator to duplicate a memory device, it is preferable to employ highly reliable bind authentication.

  In each of the above embodiments, the hardware key 141 is exemplified as a key used for generating the MAC value, but the present invention is not limited to this.

  Specifically, the key used for generating the MAC value may be stored in a storage unit in the information processing apparatus 10. The key used for generating the MAC value is a key managed in the information processing apparatus 10 and is held so as not to be read from the outside.

1A, 1B Memory information protection system (memory system)
DESCRIPTION OF SYMBOLS 10 Information processing apparatus 20A, 20B Memory apparatus 100 Overall control part 101 Command generation part 110 Memory control part 111,119 Command issue control part 112,118 Encryption part 113,117 Decryption part 114 Message authentication code generation part 115 Comparator 116 Key generation unit 141 Hardware key 142 Calculation unit 201 First storage unit 202 Second storage unit 211, 212 In-memory control unit D1, D2 Each related information 2M MAC value 2U Unique ID

Claims (18)

A memory device having a plurality of storage units;
An information processing apparatus for executing information processing;
With
The memory device includes the plurality of storage units,
A first storage unit for storing second information related to the first information;
A second storage unit for storing the first information;
Have
The information processing apparatus includes:
Obtaining means for obtaining the first information and the second information;
Determination means for determining the validity of the combination of the first storage unit and the second storage unit using the first information and the second information;
Have
The information processing apparatus is a memory system that disables the information processing when the determination unit determines that the combination is not valid. The information processing apparatus includes:
Generating means for generating third information based on the first information acquired from the second storage by the acquiring means;
Further comprising
The memory system according to claim 1, wherein the determination unit determines the validity of the combination by comparing the second information with the third information generated by the generation unit. The first storage unit has an OTP (One Time Programmable) area,
The memory system according to claim 1, wherein the second information is stored in the OTP area. The second storage unit further stores the second information,
The second information stored in the OTP area is information read from the second storage unit and written in the OTP area of the first storage unit based on an instruction from the information processing apparatus. Item 4. The memory system according to Item 3. The generation means generates a MAC (Message Authentication Code) value as the third information using the first information and the key,
The first storage unit stores, as the second information, a MAC value generated in advance using the first information and the common key that is common to the key,
The memory according to claim 2, wherein the determination unit determines the validity of the combination by comparing the MAC value stored in the first storage unit with the MAC value generated by the generation unit. system.   The memory system according to claim 5, wherein the information processing apparatus holds the key so that it cannot be read from outside.   The memory system according to claim 1, wherein the first information is unique identification information. The information processing apparatus includes:
First command issuance control means for controlling issuance of commands to the first storage unit;
Second command issuance control means for controlling issuance of commands to the second storage unit;
Have
When the determination unit determines that the combination is not valid, the first command issue control unit stops issuing commands to the first storage unit, and the second command issue control unit includes the second command issue control unit. 8. The memory system according to claim 1, wherein issuing of commands to the storage unit is stopped. The first storage unit stores encrypted encryption information,
The information processing apparatus includes:
Key generation means for generating key information used for decrypting the information;
Decryption means for obtaining the encryption information and decrypting the obtained encryption information based on the key information;
Further comprising
When the determination unit determines that the combination is valid, the key generation unit generates the key information,
The memory system according to claim 1, wherein the key generation unit does not generate the key information when the determination unit determines that the combination is not valid. A memory device having a plurality of storage units;
An information processing apparatus for executing information processing;
With
Of the plurality of storage units, each of at least two storage units stores related information related to each other,
The information processing apparatus includes:
Obtaining means for obtaining the related information from each of the at least two storage units;
Determination means for determining the validity of the combination of the at least two storage units using each related information acquired from each of the at least two storage units;
Have
The information processing apparatus is a memory system that disables the information processing when the determination unit determines that the combination of the at least two storage units is not valid. A memory device that supplies information to an information processing device that executes information processing,
A first storage unit for storing second information related to the first information;
A second storage unit for storing the first information;
Have
The information processing apparatus includes:
Obtaining means for obtaining the first information and the second information;
Determination means for determining the validity of the combination of the first storage unit and the second storage unit using the first information and the second information;
Have
The memory device is configured to supply information to an information processing device that disables the information processing when the determination unit determines that the combination is not valid. An information processing device that receives information from a memory device and executes information processing,
The memory device includes:
A first storage unit for storing second information related to the first information;
A second storage unit for storing the first information;
Have
The information processing apparatus includes:
Obtaining means for obtaining the first information and the second information;
Determination means for determining the validity of the combination of the first storage unit and the second storage unit using the first information and the second information;
Have
The information processing apparatus makes the information processing unexecutable when the determination unit determines that the combination is not valid. An operation method of a memory system including a memory device and an information processing device that executes information processing,
a) obtaining second information related to the first information stored in the first storage unit of the memory device and the first information stored in the second storage unit of the memory device;
b) using the first information and the second information acquired in step a) to determine the validity of the combination of the first storage unit and the second storage unit;
c) In the step b), if it is determined that the combination is not valid, the information processing is disabled.
A method for operating a memory system comprising: A memory device having a plurality of storage units;
An information processing apparatus for executing information processing;
With
The memory device includes the plurality of storage units,
A first storage unit for storing first information;
A second storage unit for storing second information related to the first information;
Have
The information processing apparatus includes:
Obtaining means for obtaining the first information and the second information;
Determination means for determining the validity of the combination of the first storage unit and the second storage unit using the first information and the second information;
Have
The information processing apparatus is a memory system that disables the information processing when the determination unit determines that the combination is not valid. The information processing apparatus includes:
Generating means for generating third information based on the first information acquired from the first storage by the acquiring means;
Further comprising
The memory system according to claim 14, wherein the determination unit determines the validity of the combination by comparing the second information with the third information generated by the generation unit. The first storage unit has an OTP (One Time Programmable) area,
The memory system according to claim 14, wherein the first information is stored in the OTP area. The second storage unit further stores the first information,
The first information stored in the OTP area is information read from the second storage unit and written to the OTP area of the first storage unit based on an instruction from the information processing apparatus. Item 17. The memory system according to Item 16. The generation means generates a MAC (Message Authentication Code) value as the third information using the first information and the key,
The second storage unit stores, as the second information, a MAC value generated in advance using the first information and the common key common to the key,
The memory according to claim 15, wherein the determination unit determines the validity of the combination by comparing the MAC value stored in the second storage unit with the MAC value generated by the generation unit. system.

Images