JP2013131868A - Temperature sensor, encryption device, encryption method, and individual information generation device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To detect ambient temperature by using a digital circuit and protect a fault attack that analyzes an inside key by applying stress of high temperature or low temperature to an encryption device.SOLUTION: A temperature sensor 100 comprises a metastability type PUF (Physically Unclonable Function) circuit 101, a frequency detection unit 102, a storage unit 103, and a temperature determination unit 104. The frequency detection unit 102 detects a frequency at which the metastability type PUF circuit 101 outputs a predetermined value. The storage unit 103 prestores data representing relation between ambient temperature and the frequency at which the metastability type PUF circuit 101 outputs the predetermined value. The temperature determination unit 104 determines ambient temperature on the basis of the frequency detected by the frequency detection unit 102 and the data stored in the storage unit 103. An encryption device 110 inhibits execution of encryption processing if the ambient temperature determined by the temperature determination unit 104 is out of a predetermined range.

Description

  The embodiments discussed herein relate to temperature detection techniques.

  In recent years, with regard to products such as printer cartridges, batteries such as batteries, and cartridges for game machines, many clone products from manufacturers different from those of genuine products have been seen. A clone product is a product having functions equivalent to those of a regular product manufactured using the results of analysis of the internal structure of a regular product and analysis of an IC (integrated circuit) chip present in the regular product. Among these clones, there are many cases of infringing on the intellectual property rights of authorized manufacturers that manufacture genuine products, and anti-clone technology is strongly demanded.

  As a technique for preventing such a cloned product, an authentication function is given to a regular product. One effective means for realizing this authentication function is PUF (Physically Unclonable Function). Although details will be described later, the secret information generated from the PUF cannot be specified by analysis by observation with a microscope. Therefore, implementing an authentication function by incorporating a PUF into a product that requires countermeasures against the above-mentioned cloned products and generating secret information with the PUF is an effective countermeasure against the cloned products. High nature.

  The PUF is a function that returns different outputs for each electronic device in which the PUF is mounted in response to a certain same input. However, it is not necessary to individually set functions that output different values for each device, and the same circuit (even if it is analyzed with a microscope, it looks the same and its output value cannot be specified). Realize this function. In other words, the PUF uses a slight difference in physical characteristics such as signal delay and element characteristics in the device to make its output completely different for each device. Therefore, this output is a value unique to the device (referred to as “individual information”).

  When an ideal PUF is mounted on a device, the device always outputs the same individual information (reproducibility), while the PUF mounted on different devices outputs completely different individual information (uniqueness). ). The output information of the PUF in such a device can be compared to human biological information such as “fingerprint”. Fingerprints have the same properties as the output information of an ideal PUF, that is, the same person does not change with age (reproducibility), but different between different people (uniqueness).

  Also, if PUFs having the same circuit configuration have such ideal reproducibility and uniqueness, a clone chip cannot be generated when an attacker disassembles the circuit and analyzes the inside.

This PUF is also used to generate identification information (ID) and an encryption key. Therefore, the authentication function can be realized using the PUF.
Many electronic device products require unique IDs individually. Conventionally, in many cases, an operation of writing a different value for each device as an ID in a nonvolatile memory has been performed in the manufacturing stage. If the PUF is used for generating the ID, not only can the ID be securely stored in the IC chip, but also the cost of the writing operation can be reduced.

  In addition, when a product including a cryptographic function uses a PUF, security is improved. As a specific example, there is a smart card in which an integrated circuit for recording information is assembled on a card. Also, in order to guarantee the confidentiality of communication, an encryption function is essential for a SIM (Subscriber Identification Module) card used for a mobile phone, a terminal connected to a wireless Internet, and the like. If a PUF is used to generate an encryption key used for encryption in these devices, the risk of the encryption key being analyzed by an attacker is greatly reduced and safety is improved.

Next, some basic circuit configuration examples of the PUF will be described.
In the following description of the present specification, a high level at two logical levels having different potentials is expressed as a value “1”, and a low level is expressed as a value “0”.

  The well-known PUFs can be broadly classified into two types: delay type PUFs and metastability type PUFs. Here, the metastability type PUF will be described.

  The metastability type PUF is a PUF that uses an indefinite state of a digital circuit. As examples of PUFs classified as metastability type PUFs, butterfly type PUFs and SRAM-PUFs are known.

First, the SRAM-PUF will be described.
Since the initial value of the memory cell immediately after the start of power supply to the SRAM (Static Random Access Memory) is determined from a complicated internal state depending on the device, it is a random value. The SRAM-PUF uses this initial value variation. In the SRAM-PUF, the memory cell address corresponds to the challenge, the initial value of the memory cell specified by the memory cell address corresponds to the response, and the latch part of the butterfly PUF described later is the memory of the SRAM-PUF. Corresponds to a cell.

Next, the butterfly type PUF will be described. The butterfly type PUF realizes a PUF using a metastable of an RS latch circuit.
First, the metastable will be described with reference to FIGS. 1A and 1B.

FIG. 1A illustrates a configuration example of an RS latch circuit. This RS latch circuit is composed of NAND (Negative AND) circuits 11 and 12.
The input of this RS latch circuit is negative logic. In the drawings, a negative logic signal is represented by adding an overbar on the signal name. However, in this specification, a negative logic signal is represented by “#”. Therefore, for example, the set input of the RS latch circuit of FIG. 1A is expressed as “#S”, and the reset input is expressed as “#R”.

  The set input “#S” and the output of the NAND circuit 12 are input to the two inputs of the NAND circuit 11, respectively. Further, the reset input “#R” and the output of the NAND circuit 11 are input to the two inputs of the NAND circuit 12, respectively. Further, the output of the NAND circuit 11 becomes the output Q of the RS latch circuit. The NAND circuit 12 outputs the output “#Q”.

FIG. 1B is a truth table of the RS latch circuit of FIG. 1A. In this truth table, the set input S and the reset input R are expressed in positive logic.
As can be seen from the truth table, the RS latch circuit of FIG. 1A holds the output value as it is when the input S = 0 and the input R = 0, so that Q = Q and “#Q” = “#” Q ". In the RS latch circuit, when the input S = 0 and the input R = 1, the output value is reset, Q = 0, and “#Q” = 1. Further, in this RS latch circuit, when the input S = 1 and the input R = 0, the output value is set so that Q = 1 and “#Q” = 0.

  If the RS latch circuit of FIG. 1A is any combination of the above inputs, the output logic is stable. However, in the RS latch circuit, Q = “# Q” = 1 when the input S = 1 and the input R = 1. That is, in this case, the logical value of Q, which should originally indicate the opposite logic, and the logical value of “#Q” are all “1”. At this time, both outputs of the RS latch circuit are in an unstable state of the intermediate potential. Such an unstable state that is abnormal as a digital circuit is called a metastable. In general, in order to avoid such a metastable state, input of S = 1 and R = 1 to the RS latch circuit is prohibited.

Next, a butterfly type PUF using such a metastable RS latch circuit will be described. FIG. 2 is a configuration example of this butterfly type PUF.
This butterfly type PUF 10 is configured to input the same value A to both the set input “#S” and the reset input “#R” of the RS latch circuit of FIG. 1A. Here, the output Q and the output “#Q” of the RS latch circuit, which are the outputs of the butterfly type PUF 10, are B and C, respectively. That is, the butterfly type PUF 10 provides an input for setting the metastable state to the RS latch circuit, and a circuit configured to use a signal output from the output terminal of the RS latch circuit as an output of the butterfly type PUF 10. It is.

  In this butterfly type PUF 10, when the input A = 0, the output B and the output C are both 1, and the output value is stable in this state. However, when the value A is changed from 0 to 1, the state where the output B is 1 and the output C is 0 and the state where the output B is 0 and the output C is 1 occur. The output is undefined. This is because the RS latch circuit is placed in a metastable state and its output is indeterminate. The butterfly PUF 10 is a PUF that uses this uncertainty.

  The output of this butterfly type PUF 10 takes one of two values (0 and 1). However, when the butterfly-type PUF 10 is mounted on a device, there are three modes: one that always outputs 0, one that always outputs 1, and one whose output is not determined by 0 and 1, that is, one that outputs a random number. The output mode is reproducible. Therefore, a plurality of butterfly-type PUFs 10 can be mounted on a device, and the output obtained from each can be used as individual-specific information about the device on which the butterfly-type PUF 10 is mounted.

Next, FIG. 3 will be described. FIG. 3 illustrates an individual-specific information generation apparatus that is a background art.
The individual-specific information generation apparatus 20 is configured by mounting n PUFs 21 on the device 1 which is an electronic device. In FIG. 3, the butterfly type PUF 10 illustrated in FIG. 2 is drawn on each of the PUFs 21-1, 21-2, 21-3, 21-4, 21-5, and 21-6. It is not limited. The PUF 21 may be, for example, either a delay type PUF or a metastability type PUF.

  In the individual-specific information generation device 20, which one to select from the n PUFs 21 mounted corresponds to the challenge described above. FIG. 3 represents a state in which PUFs 21-1, 21-2, 21-3, 21-4, 21-5, and 21-6 are selected by this challenge. Since the output RES [5: 0] of each of the six PUFs 21 has a binary value (0 or 1), these values are arranged to form a 6-bit bit string. This bit string becomes a response and can be used as individual information of the device 1. Note that the number of individual information patterns that can be taken by the individual information generation apparatus 20 is 2 6 power patterns, that is, 64 patterns, because a total of six PUFs 21 are selected.

  However, as described above, the PUF 21 may output a random number. FIG. 3 represents a case where PUFs 21-3 and 21-4 out of a total of six PUFs 21 output random numbers. If such a PUF 21 that outputs a random number is included in the selection by the challenge, the response that should be invariant in the device 1 may have a different value and the reproducibility is lost. It cannot be used as other information.

  In this regard, a technique is known in which the individual-specific information generation apparatus 20 includes a code error correction circuit. In this technology, a bit string formed by arranging the outputs of the PUFs 21 selected by the challenge is input to the code error correction circuit, and the output is used as a response of the individual-specific information generation apparatus 20. That is, the random number included in the bit string generated from the PUF 21 as described above is corrected by the code error correction circuit, so that the device 1 always obtains the same response to the same challenge. In this technique, the reproducibility of the output of the individual-specific information generation apparatus 20 is ensured in this way.

  As other background arts, several techniques for generating a random number by using a difference in physical characteristics of an electronic device are known. One of them is a technique of random number generation that obtains a digital output value that is not uniquely determined with respect to a digital input value, and equalizes the appearance frequencies of “0” and “1” in the digital output value.

  By the way, as one example of use of the PUF, there is generation of an encryption key used for information encryption as described above. This utilizes the difficulty of analysis, which is one of the features of PUF. However, in recent years, a technique called “fault attack” has become a problem for cryptographic functions. Next, this fault attack will be described.

Various types of encryption are used as the basic technology of the security system. This encryption method is roughly divided into a public key method and a common key method.
Public key cryptography is a scheme that uses different keys for encryption and decryption, and instead of publishing the key for encryption (public key), the key for decrypting the ciphertext (secret key) Is a method of maintaining security by making secret information only for the receiver. On the other hand, the common key encryption method is a method that uses the same key (common key) for encryption and decryption, and this common key is a secret that is not disclosed to third parties except the sender and the receiver. It is a method that keeps safety by using information.

  In a fault attack, stress such as overvoltage, high temperature, low temperature, etc. is applied to a device on which an encryption function according to such a method is mounted, and an abnormality (Fault) is generated in the data value inside the device. Then, using the abnormal output value at that time, the secret information (the above-mentioned secret key or common key) stored in the device is obtained, and the secret information is decrypted using the secret information. .

  This fault attack is known as a real threat. For example, in OpenSSL widely used in electronic commerce, RSA cryptography, which is one of public key cryptosystems, is used. It has been reported that a fault attack with respect to an environment in which this OpenSSL is mounted on an FPGA (Field-Programmable Gate Array) has been successful and the secret information of the RSA cipher has been decrypted.

  As another background art, there is known a technique for preventing an influence on the output of the static circuit, which is caused by a power supply fluctuation caused by the operation of the active circuit in the output circuit constituted by the active circuit and the static circuit.

Japanese Patent No. 3604673 Japanese Patent Laid-Open No. 10-51295

Jae W. Lee and five others, “A Technique Tow Build A Secret Key in Integrated Circuits with Identification and Authentication・ Applications (A technique to build a secret key in integrated circuits with identification and authentication applications), IEEE VLSI Circuits Symposium, June 2004 Moon Sandeep S. Kumar and four others, “Extended Abstract: The Butterfly P. F. F. Protecting I P. On Every F. P. G. A. (Extend Abstract: The Butterfly PUF: Protecting IP on every FPGA), IEEE International Workshop on Hardware-Oriented Security and Trust-HOST), 2008 G. Edward. Suh, and one other, “Physical Unclonable Functions for Device Authentication and Secret Key Generation ”, Design Automation Conference, June 2007 Daisuke Suzuki and one other person, “The Glitch PUF: A New, The New Delay PY F Architecture Exploiting Glitch Shapes” Delay-PUF Architecture Exploiting Glitch Shapes), Cryptographic Hardware and Embedded Systems 2010 (CHES 2010), Lecture Notes in Computer Science- LNCS), 2010, 6225 (Volume 6225), p. 366-382 Andrea Pellegrini, two others, "Fault-Based Attack of RSA Authentication", Design Automation and Test in Europe 2010 (Design, Automation and Test in Europe-DATE 2010), 2010

  As described above, the fault attack is an attack in which secret information stored in the device is obtained by intentionally generating an abnormality in the encryption processing device. The secret information generated using the PUF is difficult to analyze, but if a fault attack is performed on the cryptographic function that is processed using this secret information, the secret information is obtained by the attacker. There is a possibility that. Therefore, a countermeasure against a fault attack on the cryptographic function is required. One countermeasure is to monitor the environmental temperature of the device and detect the presence or absence of temperature stress on the device.

  In addition, a battery, which is one of the above-described examples of products in which PUF is used as a countermeasure against clones, may be monitored for temperature from the viewpoint of safety to prevent a fire accident. In addition, some of the battery clones are inferior to the regular ones, and there are concerns about ignition accidents due to abnormal heat generation, and temperature monitoring may be required by law.

  As described above, in a scene where the PUF is used, temperature monitoring may be required together. Since the temperature sensor used for temperature monitoring is a completely different device from the PUF, conventionally, the PUF and the temperature sensor are individually mounted. In particular, the PUF is generally composed of a digital circuit, whereas the temperature sensor is generally composed of an analog circuit. Since analog circuits are said to be less likely to benefit from miniaturization due to process miniaturization, even if the digital circuit PUF is miniaturized with process miniaturization, the temperature sensor is not so miniaturized. As a result, a reduction in mounting cost is suppressed.

  In view of the above-described problems, the temperature sensor described later in this specification enables detection of the ambient temperature using a digital circuit.

  One of the temperature sensors described later in this specification includes a metastability type PUF circuit, a frequency detection unit, a storage unit, and a temperature determination unit. Here, the frequency detection unit detects the frequency at which the metastability type PUF circuit outputs a predetermined value. The storage unit stores in advance data representing the relationship between the ambient temperature and the frequency with which the metastable PUF circuit outputs a predetermined value. The temperature determination unit determines the ambient temperature based on the frequency detected by the frequency detection unit and the data stored in the storage unit.

  One of the encryption devices described later in this specification includes an output value generation circuit, an encryption key generation unit, an encryption processing unit, and an encryption processing control unit in addition to the temperature sensor described above. Here, the output value generation circuit is a circuit that outputs a constant value or an indefinite value without uniquely determining an output value generated for an input value. The encryption key generation unit generates an encryption key based on the output value of the output value generation circuit. The encryption processing unit performs information encryption processing using the encryption key generated by the encryption key generation unit. Then, when the ambient temperature determined by the temperature determination unit is outside the predetermined range, the encryption processing control unit controls the encryption processing unit to prohibit the execution of the encryption process.

  One of the individual-specific information generation apparatuses described later in this specification includes an output value generation circuit, an individual-specific information generation unit, and an individual-specific information output control unit. Here, the output value generation circuit outputs a constant value or an indefinite value without uniquely determining the output value generated for the input value. The individual information generating unit generates individual information based on the output value of the output value generation circuit. The individual information output control unit prohibits the output of the individual information generated by the individual information generation unit when the ambient temperature determined by the temperature determination unit is outside the predetermined range.

  The temperature sensor described later in this specification has an effect that the ambient temperature can be detected by a digital circuit.

It is an example of a structure of RS latch circuit. It is a truth table of the RS latch circuit of FIG. 1A. It is an example of composition of a butterfly type PUF. It is an individual information generation apparatus of background art. It is a functional block diagram of one Example of an encryption apparatus. It is a functional block diagram of one Example of the information generation apparatus classified by individual. It is a structural example of the encryption apparatus provided with the information generation apparatus classified by individual. It is a 1st example of a structure of the information generation apparatus classified by individual. It is a specific structural example of an ID determination circuit. It is FIG. (1) explaining the method of determination of ambient temperature by the temperature determination sequencer 431. FIG. It is FIG. (2) explaining the method of determination of ambient temperature by the temperature determination sequencer 431. FIG. It is an example of template information. It is a 2nd example of a structure of the information generation apparatus classified by individual. It is a 3rd example of a structure of the information generation apparatus classified by individual. It is a block diagram of one Example of an encryption processing system.

First, FIG. 4 will be described. FIG. 4 is a functional block diagram of an embodiment of the encryption apparatus.
In FIG. 4, the encryption device 110 includes a temperature sensor 100. The temperature sensor 100 includes a metastability type PUF circuit 101, a frequency detection unit 102, a storage unit 103, and a temperature determination unit 104.

  As described above, the metastability type PUF circuit 101 is a PUF that uses an indefinite state of a digital circuit, and more specifically, is, for example, the above-described butterfly type PUF or SRAM-PUF.

The frequency detection unit 102 detects the frequency at which the metastability type PUF circuit 101 outputs a predetermined value.
The storage unit 103 stores in advance data representing the relationship between the ambient temperature and the frequency with which the metastable PUF circuit 101 outputs the predetermined value.

The temperature determination unit 104 determines the ambient temperature based on the frequency detected by the frequency detection unit 102 and the data stored in the storage unit 103.
Although the details will be described later, the frequency at which the metastability type PUF circuit 101 outputs a predetermined value monotonously changes with respect to the ambient temperature. Therefore, by performing the above, it becomes possible to detect the ambient temperature using the metastability type PUF which is a digital circuit.

  The encryption device 110 includes an output value generation circuit 111, an encryption key generation unit 112, an encryption processing unit 113, and an encryption processing control unit 114, in addition to the temperature sensor 100 configured as described above.

  The output value generation circuit 111 is a circuit that outputs a constant value or an indefinite value without uniquely determining an output value generated with respect to an input value. PUF.

The encryption key generation unit 112 generates an encryption key based on the output value of the output value generation circuit 111.
The encryption processing unit 113 performs information encryption processing using the encryption key generated by the encryption key generation unit 112.

  When the ambient temperature determined by the temperature determination unit 104 of the temperature sensor 100 is outside the predetermined range, the encryption processing control unit 114 controls the encryption processing unit 113 to prohibit the execution of the encryption process.

  The encryption apparatus 110 having such a configuration protects the above-described fault attack due to temperature stress by detecting temperature stress that causes the ambient temperature to be outside the predetermined range and prohibiting execution of encryption processing. can do.

  The metastability type PUF circuit 101 of the temperature sensor 100 is shared as the output value generation circuit 111, and the encryption key generation unit 112 generates an encryption key based on the output value of the metastability type PUF circuit 101. Also good.

  Further, the encryption key generation unit 112 may prohibit the output of the encryption key when the ambient temperature determined by the temperature determination unit 104 is outside a predetermined range. In this way, protection against fault attacks is further strengthened.

  Further, as represented by a broken line in FIG. 4, the encryption device 110 may further include a communication unit 115 that exchanges data with a server device (not shown) via a communication network. In such a configuration, the storage unit 103 of the temperature sensor 100 is arranged in the server device. In this way, by configuring the storage unit 103 to be disposed at a location that is physically separated from the other components constituting the encryption device 110, the storage unit 103 is observed with a microscope or the like. It is possible to reduce the possibility of decryption based on the analysis by the method.

  Note that the output value generation circuit 111 may stop the output value generation operation when the communication unit 115 does not receive the data stored in the storage unit 103. In this way, protection against attacks for decryption is further strengthened.

Next, FIG. 5 will be described. FIG. 5 is a functional block diagram of an embodiment of the individual-specific information generation apparatus.
In FIG. 5, the individual-specific information generation apparatus 120 is configured to be mounted on the device 1 that is an electronic device, and generates individual-specific information about the device 1.

  The individual information generation apparatus 120 includes a temperature sensor 100. The temperature sensor 100 is configured in the same manner as that of the encryption device 110 of FIG. 4, and includes a metastability type PUF circuit 101, a frequency detection unit 102, a storage unit 103, and a temperature determination unit 104. Yes.

The individual-specific information generation apparatus 120 includes an output value generation circuit 121, an individual-specific information generation unit 122, and an individual-specific information generation control unit 123 along with the temperature sensor 100.
The output value generation circuit 121 is similar to the output value generation circuit 111 included in the encryption device 110 of FIG. 4, but the output value generated for the input value is not uniquely determined but is a fixed value or indefinite. More specifically, for example, the above-described various PUFs.

The individual information generation unit 122 generates individual information based on the output value of the output value generation circuit 121.
The individual-specific information generation control unit 123 prohibits the output of individual-specific information generated by the individual-specific information generation unit 122 when the ambient temperature determined by the temperature determination unit 104 of the temperature sensor 100 is outside the predetermined range. .

  The individual-specific information generation device 120 having such a configuration detects temperature stress that causes the ambient temperature to be outside a predetermined range and prohibits output of individual-specific information. Therefore, even if an encryption device that performs information encryption processing using this individual information as an encryption key is provided in the individual information generation device 120, the above-described fault attack due to temperature stress on the encryption device is protected. can do.

  Note that the metastability type PUF circuit 101 of the temperature sensor 100 is shared as the output value generation circuit 121, and the individual information generation unit 122 generates individual information based on the output value of the metastability type PUF circuit 101. It may be.

Next, specific configurations of the encryption device 110 and the individual information generation device 120 will be described.
First, FIG. 6 will be described. FIG. 6 illustrates a configuration example of the encryption device 110 provided with the individual-specific information generation device 120.

  The encryption device 110 includes an individual-specific information generation device 120, a CPU 210, a cryptographic operation unit 220, a ROM 230, a RAM 240, and a communication interface unit 250. Each of these components is connected to the bus line 260 and is configured to be able to exchange various data with each other under the control of the CPU 210.

  The individual-specific information generation device 120 is mounted on a chip 200 that is a semiconductor integrated circuit, and generates individual-specific information about the chip 200. A specific configuration of the individual-specific information generation apparatus 120 will be described later.

  A CPU (Central Processing Unit) 210 is a central processing unit that manages the operation of each component of the encryption device 110, and also provides the function of the encryption processing control unit 114 in FIG.

  The cryptographic operation unit 220 performs encryption processing of various types of information and decryption processing of encrypted data, and is an example of the encryption processing unit 113 in FIG. In the present embodiment, the cryptographic operation unit 220 includes a public key coprocessor 221 and a common key coprocessor 222. Here, the public key coprocessor 221 performs encryption and decryption processing using RSA encryption, elliptic curve encryption, and the like, which are typical public key cryptosystems. In addition, the common key coprocessor 222 performs encryption and decryption processing using an AES cipher that is a typical common key cryptosystem. Instead of providing the cryptographic operation unit 220 in the encryption device 110, the CPU 210 may be configured to perform encryption and decryption processing performed by the cryptographic operation unit 220.

  A ROM (Read Only Memory) 230 is a non-volatile semiconductor memory in which a control program executed by the CPU 210 and unique parameters used by the cryptographic calculator 220 in encryption and decryption processing are stored in advance. When the supply of power to the encryption device 110 is started, the CPU 210 reads out this control program from the ROM 230 and starts its execution, whereby the operation management of each component of the encryption device 110 can be performed. .

  A RAM (Random Access Memory) 240 is a volatile semiconductor memory used as a working storage area as necessary when the CPU 210 and the cryptographic operation unit 220 perform various processes.

  The communication interface unit 250 exchanges data with the server device 300 via the communication network 310, and is an example of the communication unit 115 in FIG. That is, the communication interface unit 250 is used when the storage unit 103 of the temperature sensor 100 described above is arranged in the server device 300. Therefore, when the storage unit 103 is disposed on the chip 200, the communication interface unit 250 is not necessary.

  In the encryption device 110, the cryptographic operation unit 220 performs information encryption processing using the individual information generated by the individual information generation device 120 based on the output value of the output value generation circuit 111 as an encryption key. . The individual-specific information used as the encryption key in this encryption process is also used for the decryption process performed on this encrypted information.

  In addition, when the individual information generated by the individual information generation apparatus 120 is used for generating the encryption key, post-processing (Post Processing) for further improving the entropy of the generated individual information may be performed. . An example of post-processing performed for this purpose is the use of a linear feedback shift register (LFSR). The LFSR is a counter constituted by a shift register that is fed back by an exclusive OR circuit, and can improve the entropy of individual-specific information. Therefore, by generating the encryption key using the data string output from the LFSR, it becomes possible to generate an encryption key with higher randomness. The LFSR may be configured and used as dedicated hardware, or may be realized by software using the CPU 210.

  Next, FIG. 7 will be described. FIG. 7 illustrates a first example of the configuration of the individual-specific information generation apparatus 120, and generates individual-specific information using a butterfly-type PUF that is an example of the metastability-type PUF described above. .

7 includes a butterfly type PUF unit 410, an oscillator 401, a selector 402, a PUF output unit 420, and a temperature detection unit 430.
The butterfly type PUF unit 410 is an example of the output value generation circuit 111 in FIG. 4 and the output value generation circuit 121 in FIG. 5, and includes a plurality of latches 411 including a butterfly type PUF. Here, it is assumed that 128 latches 411 are selected by a challenge given to the individual-specific information generation apparatus 120.

  The oscillator 401 generates a clock signal to be supplied to the latch 411. The generated clock signal becomes an input signal to the butterfly PUF in the latch 411 (a signal corresponding to the input A in FIG. 2).

  Based on the selection signal from the ID determination circuit 421, the selector 402 selects one output cyclically from the outputs of the 128 latches 411 selected by the challenge, and inputs them to the PUF output unit 420. The selector 402 selects one output from the outputs of the 128 latches 411 based on the selection signal from the temperature determination sequencer 431 and stores the selected output in the register 433.

  Next, the PUF output unit 420 will be described. The PUF output unit 420 is an example of the individual information generation unit 122 in FIG. 5, and generates individual information based on the output value of the butterfly type PUF unit 410. As described above, since the individual-specific information generated by the PUF output unit 420 is used as the encryption key in the encryption device 110 of FIG. 6, the PUF output unit 420 is connected to the encryption key generation unit 112 of FIG. An example.

The PUF output unit 420 includes an ID determination circuit 421, a shift register 422, and an entropy compression unit 423.
The ID determination circuit 421 is a circuit that outputs a predetermined numerical value based on the output of the latch 411 selected by the selector 402. In the individual-specific information generation apparatus 20 in FIG. 3, it has been described that the reproducibility of the output is ensured by using the code error correction circuit. In this embodiment, the output of the latch 411 is obtained by using the ID determination circuit 421. Is a random number, the reproducibility of the output of the individual-specific information generation apparatus 120 is ensured.

  In this embodiment, when the output value of the latch 411 input to the ID determination circuit 421 is a constant value (fixed value) “0”, the ID determination circuit 421 outputs a numerical value “00”. . When the output value of the latch 411 input to the ID determination circuit 421 is a fixed value “1”, the ID determination circuit 421 outputs a numerical value “11”.

  Furthermore, when the output value of the latch 411 input to the ID determination circuit 421 is an indefinite value that takes both “0” and “1” (that is, when the output value of the latch 411 is a random number). The ID determination circuit 421 outputs a numerical value “10” or “01”. However, when the frequency at which the output value of the latch 411 is “1” is higher than the frequency at which it is “0” (that is, when the frequency at which the output value is “1” is higher than 50 percent). The ID determination circuit 421 outputs a numerical value “10”. When the frequency at which the output value of the latch 411 is “1” is lower than the frequency at which the output value is “0” (that is, when the frequency at which the output value is “0” is higher than 50%), the ID determination The circuit 421 outputs a numerical value “01”.

  Under the condition that the power supply voltage and the ambient temperature are constant, when the output value of the latch 411 is a random number, the output frequency of each value output by the latch 411 is substantially constant in each latch 411, and reproducibility. have. Therefore, the ID determination circuit 421 outputs the numerical value “10” or “01” according to the frequency with which the output value of the latch 411 is “1” in this way, as described above. Ensuring the reproducibility of the individual information by the code error correction circuit is not essential.

Here, FIG. 8 will be described. FIG. 8 illustrates a specific configuration example of the ID determination circuit 421.
The ID determination circuit 421 in FIG. 8 outputs “00” when the output values for 1023 consecutive bits from the latch 411 selected by the selector 402 are all “0”, and outputs 1023 bits for the consecutive 1023 bits. When all the output values are “1”, “11” is output. Further, the ID determination circuit 421 has 512 or more output values corresponding to 1023 bits of which the value is “0” (that is, 50% or more of the output value is “0”). Outputs “01”. Further, the ID determination circuit 421 has 512 or more output values for the 1023 bits corresponding to the value “1” (that is, when 50% or more of the output values are “1”). Outputs “10”.

  The ID determination circuit 421 includes a bit number converter 501, an adder 502, a register 503, reduction operation circuits 504 and 506, AND (logical product) circuits 505 and 508, a NOT (negative) circuit 507, and an OR (logical sum). A circuit 509 is provided.

  The bit number converter 501 converts the 1-bit output value output from the latch 411 into 10-bit data. The 1-bit output value is used as the least significant bit value, and the least significant bit is converted into the least significant bit. Data obtained by adding “0” for the upper 9 bits is output.

The adder 502 adds the 10-bit data output from the bit number converter 501 to the 10-bit data stored in the register 503, and outputs the addition result.
The register 503 stores the 10-bit addition result output from the adder 502. Accordingly, the bit number converter 501, the adder 502, and the register 503 constitute a counter circuit that counts the number of output values output from the latch 411 selected by the selector 402. When this number is 512 or more and 1023 or less, the value of the most significant bit in the 10-bit data stored in the register 503 is “1”, and when this number is 0 or more and 511 or less The value of the most significant bit is “0”. The value of the most significant bit is derived as an upper bit output (ID [1]) of the 2-bit output from the ID determination circuit 421 and is also one of inputs to the AND circuits 505 and 508. The

  Note that each time the register 503 receives an output of a value of 1023 bits from the latch 411 selected by the selector 402, the values of all stored bits are reset to “0”. At each reset, a selection signal is sent to the selector 402, and the selection of the output of the latch 411 is switched to the next one.

  The reduction operation circuits 504 and 506 are both circuits that perform a reduction operation on 10-bit data stored in the register 503. However, the reduction operation circuit 504 performs a logical product reduction operation on the 10-bit data, whereas the reduction operation circuit 506 performs a logical OR operation on the 10-bit data. Therefore, the reduction operation circuit 504 outputs the value “1” only when all the values of the 10-bit data are “1”, and at least one bit value of the 10-bit data is “0”. ", The value" 0 "is output. On the other hand, the reduction operation circuit 506 outputs a value “1” when the value of at least 1 bit among the 10-bit data is “1”, and all the values of the 10-bit data are “0”. "0" is output only when

  The AND circuit 505 receives the output of the reduction operation circuit 504 and the value of the most significant bit described above among the 10-bit data stored in the register 503. Therefore, the AND circuit 505 is used only when the number of output values output from the selected latch 411 is “1” is 1023 (that is, only when the output values are all “1”). ) Output the value “1”, otherwise output the value “0”.

  On the other hand, the AND circuit 508 receives the output of the reduction operation circuit 506 and the value obtained by inverting the value of the most significant bit in the 10-bit data stored in the register 503 by the NOT circuit 507. The Therefore, the AND circuit 508 outputs a value “1” when the number of output values output from the selected latch 411 is “1” is 1 or more and 511 or less. In other cases, that is, when the number of output values output from the selected latch 411 is “1”, or 512 or more and 1023 or less, the AND circuit 508 outputs the value “ "0" is output.

  The outputs of the AND circuits 505 and 508 are input to the OR circuit 509. Therefore, the OR circuit 509 is one or more when the value of at least one of the outputs of the AND circuits 505 and 508 is “1”, that is, the output value of the selected latch 411 is “1”. When the number is 511 or less or 1023, the value “1” is output. On the other hand, in other cases, that is, when the number of output values of the selected latch 411 being “1” is 0 or 512 or more and 1022 or less, the OR circuit 509 changes the value “0”. Output. The output of the OR circuit 509 is derived as the lower bit output (ID [0]) of the 2-bit output from the ID determination circuit 421.

  To summarize the above operations, when the number of output values corresponding to “1” is 0 among the output values of 1023 bits from the selected latch 411 (that is, the output values are all “0”). In this case, the output of the ID determination circuit 421 is “0” for both the upper and lower bits. Further, when the number of values “1” among the output values for 1023 bits is 1023 (that is, when all the output values are “1”), the output of the ID determination circuit 421 is output. Is “1” for both the upper and lower bits. Further, when the number of values “1” among the output values for 1023 bits is 1 or more and 511 or less (that is, when 50% or more of the output values is “0”), the ID In the output of the determination circuit 421, the upper bit is “0” and the lower bit is “1”. If the number of “1” s among the output values for 1023 bits is 512 or more and 1022 or less (that is, 50% or more of the output values is “1”), the ID determination In the output of the circuit 421, the upper bit is “1” and the lower bit is “0”.

  Instead of configuring the ID determination circuit 421 only with hardware as in the configuration example of FIG. 8, a program (software) that realizes the function of the ID determination circuit 421 with an arithmetic processing device is created, and the program is executed as the calculation. You may comprise so that it may be performed with a processing apparatus.

Returning to the description of FIG.
The shift register 422 outputs 2 from the ID determination circuit 421 when one of the 128 latches 411 outputs of the butterfly-type PUF unit 410 is sequentially selected by the selector 402 and input to the ID determination circuit 421. Bit numbers are stored sequentially.

  The entropy compression unit 423 performs entropy compression on a bit string of 256 (128 × 2) bits arranged in the shift register 422, and outputs the obtained value as a result of generating individual information (response).

  If the value stored in the shift register 422 is used as a response as it is, the selection order by the selector 402 of the 128 latches 411 and the arrangement order of the bit strings stored in the shift register 422 have a one-to-one correspondence. Therefore, if this correspondence is inferred, there is a possibility that the value of the response to the challenge (selection of the latch 411) can be inferred. The entropy compression unit 423 is for making this estimation difficult.

  As the entropy compression unit 423, for example, a one-way function circuit is used. In the one-way function circuit, if the input is unique, the output is uniquely determined, but it is a very difficult function to obtain the input from the output. In this embodiment, a circuit that obtains a hash function value for the input bit string is used as the entropy compression unit 423. More specifically, as this circuit, a circuit that obtains a hash function value based on SHA-256, which is a hash function adopted in the Federal Information Processing Standard (FIPS), is used. By using this entropy compression unit 423, it becomes extremely difficult to guess the challenge from the response, and safety is improved.

In the individual information generation apparatus 120 in FIG. 7, individual information is generated as described above.
Next, the temperature detection unit 430 will be described. The temperature detection unit 430 includes a temperature determination sequencer 431, a nonvolatile memory 432, and a register 433.

  Based on the output of the latch 411 stored in the register 433 and the data stored in the non-volatile memory 432, the temperature determination sequencer 431 is arranged around the chip 200 on which the individual information generation device 120 is mounted. Determine the temperature. Here, if the determination result of the ambient temperature is outside the predetermined temperature range, an encryption processing stop signal is output. When the encryption processing stop signal is received by the CPU 210, the CPU 210 controls the cryptographic operation unit 220 to prohibit the encryption processing unit 220 from executing the encryption processing. The encryption processing stop signal is also sent to the entropy compression unit 423, and when receiving the encryption processing stop signal, the entropy compression unit 423 stops outputting the individual information.

The nonvolatile memory 432 stores template information to be described later. In order to prevent estimation of individual information generated by the individual information generation device 120 due to leakage of template information, it is preferable to use a non-volatile memory 432 having tamper resistance.
The register 433 stores a bit string output from the latch 411 and selected by the selector 402 based on a selection signal from the temperature determination sequencer 431.

Here, a method of determining the ambient temperature by the temperature detection unit 430 will be described with reference to FIGS. 9A and 9B.
In the butterfly type PUF 10 of FIG. 2, the values of the outputs B and C are changed to 0 or 1 at the rising timing when the input A changes from 0 to 1. Therefore, when a clock signal is applied to the butterfly type PUF 10 as the input A, a bit string is output as the outputs B and C. Therefore, if a clock signal is input to the butterfly type PUF 10 for 2 million cycles, for example, a bit string of 2 million bits is output from the butterfly type PUF 10.

  Here, as illustrated in FIG. 9A, this 2 million-bit bit string is divided into a total of 2048 sections (kukan1, kukan2,..., Kukan2048) having 1024 bits as one section. Then, in the 1024-bit bit string for each section, the number of bits having a value of 1 is counted, and the frequency at which bits having a value of 1 are included in the bit string is calculated for each section. FIG. 9B is an example of a graph plotting the calculation results when the ambient temperature of the semiconductor chip on which the butterfly-type PUF 10 is formed is 25 ° C. (room temperature) and 85 ° C.

  The inventor conducted the above-described experiment using ten or more semiconductor chips (FPGA: Field-Programmable Gate Array). As a result of this experiment, it was found that even when a plurality of butterfly-type PUFs 10 are formed on a single semiconductor chip, the tendency of the graph obtained from the above calculation results differs depending on the ambient temperature of the semiconductor chip. .

  That is, in the butterfly-type PUF 10 obtained from the graph of FIG. 9B, it was found that when the ambient temperature increases, the ratio of 1 included in the output bit string increases. On the other hand, in the butterfly-type PUF 10, when the ambient temperature rises, the ratio of 1 included in the output bit string decreases, or the ratio of 1 included in the output bit string with respect to the change in the ambient temperature. I also found that there are things that hardly change.

  Therefore, the temperature determination sequencer 431 in FIG. 7 uses the fact that the frequency of the predetermined value “1” in the bit string output from the latch 411 of the butterfly-type PUF unit 410 changes according to the ambient temperature, and the ambient temperature is calculated from this frequency. Make an estimate. More specifically, the temperature determination sequencer 431 estimates the ambient temperature of the chip 200 as described below.

  First, for each latch 411 of the butterfly-type PUF unit 410 formed on the chip 200, the average value of the above-described interval with respect to the ambient temperature of the chip 200 and the frequency with which a bit having a value of 1 is included in the output bit string A relationship with (average frequency) is obtained for each chip 200. Next, for each chip 200, a latch 411 in which the change in average frequency with respect to the ambient temperature monotonously increases or decreases is selected from the obtained relationship. Then, template information representing the above-described relationship for the selected latch 411 is generated and stored in the nonvolatile memory 432. The table of FIG. 10 is an example of this template information, which is for different chips 200 (“chip A” and “chip B”), and the ambient temperature and frequency for each of the two selected latches 411. The relationship is shown in table format.

When detecting the ambient temperature, the temperature determination sequencer 431 first outputs a selection signal to the selector 402 and outputs the latch 411 in which the above relationship is represented by the above template information stored in the nonvolatile memory 432. To select. Then, the bit string that is the output of the selected latch 411 is sent to the register 433 via the selector 402. The register 433 stores this bit string synchronized with the clock signal generated by the oscillator 401.
In the present embodiment, the number of bits of the bit string stored in the register 433 is 1024 bits corresponding to the bit string of one section described above, but it may not be this number of bits.

  Next, the temperature determination sequencer 431 reads the bit string stored in the register 433, and counts the number of bits having a value of 1 in the bit string. Then, the ratio of the number of bits to the number of bits of the bit string is calculated as the frequency at which bits having a value of 1 are included in the bit string. Here, the temperature determination sequencer 431 reads the ambient temperature associated with this frequency with reference to the above-described template information stored in the nonvolatile memory 432, and uses the read ambient temperature of the chip 200. Use the ambient temperature judgment result.

  The temperature determination sequencer 431 may calculate the frequency also in other sections of the bit string output from the latch 411 and determine the ambient temperature based on the average value of the frequencies calculated for each section. . In this case, the ambient temperature associated with the calculated frequency is obtained for each section from the template information, and the range from the lower limit value to the upper limit value of the obtained ambient temperature is detected as the ambient temperature of the chip 200. As a result.

  Next, FIG. 11 will be described. FIG. 11 illustrates a second example of the configuration of the individual-specific information generation apparatus 120, and generates individual-specific information using a butterfly-type PUF that is an example of the metastability-type PUF described above. .

The second example illustrated in FIG. 11 is different from the first example illustrated in FIG. 7 in that the nonvolatile memory 432 is not provided. Here, this difference will be described.
In the individual-specific information generation device 120 in FIG. 11, the template information described above is stored in a storage device (not shown) included in the server device 300. When referring to the template information, the temperature determination sequencer 431 makes an inquiry to the server apparatus 300 via the communication interface unit 250 and the communication network 310 to acquire the template information.

  By configuring the individual-specific information generation apparatus 120 as shown in FIG. 11, leakage of template information from the individual-specific information generation apparatus 120 is prevented, and the nonvolatile memory 432 is not required. The 120 can be downsized.

  Note that the temperature determination sequencer 431 stops the operation of each latch 411 of the butterfly PUF unit 410, for example, by stopping the operation of the oscillator 401 when the template information cannot be acquired from the server device 300. You may do it.

  Next, FIG. 12 will be described. FIG. 12 illustrates a third example of the configuration of the individual-specific information generation apparatus 120, and generates individual-specific information using an SRAM-PUF that is an example of the metastability type PUF described above. .

  The individual-specific information generation apparatus 120 in FIG. 12 includes an SRAM-PUF unit 440, a selector 402, a PUF output unit 420, and a temperature detection unit 430. That is, the third example is different from the first example shown in FIG. 13 in place of the butterfly-type PUF unit 410 and the oscillator 401 that generates the clock signal to be supplied to the latch 411 of the butterfly-type PUF unit 410. The difference is that an SRAM-PUF unit 440 is provided.

  As described above, the SRAM-PUF unit 440 is an example of a metastability type PUF, and is a PUF that uses variations in initial values of memory cells immediately after the start of power supply to the SRAM. Here, it is assumed that 128 pieces are selected from the many SRAM memory cells 441 provided in the SRAM-PUF unit 440 by the challenge given to the individual-specific information generation apparatus 120.

The selector 402 selects one output at a time from the outputs of the 128 SRAM memory cells 441 selected by the challenge, and inputs them to the PUF output unit 420. Further, the selector 402 selects one of the SRAM memory cells 441 based on the selection signal from the temperature determination sequencer 431, reads the stored content, and stores it in the register 433.
The PUF output unit 420 and the temperature detection unit 430 are the same as those provided in the first example of FIG.

  In the individual-specific information generation device 120 in FIG. 12, the initial value at the time of power supply is sequentially obtained from the SRAM memory cell 441 by repeatedly supplying and stopping power to the SRAM-PUF unit 440. The ID determination circuit 421 outputs “00” when the initial values of 1023 consecutive bits from the SRAM memory cell 441 selected by the selector 402 are all “0”, and outputs 1023 consecutive bits. If all the initial values are “1”, “11” is output. In addition, the ID determination circuit 421 has 512 or more initial values for 1023 bits whose value is “0” (that is, 50% or more of the output value is “0”). Outputs “01”. Further, the ID determination circuit 421 has 512 or more initial values for the 1023 bits whose value is “1” (that is, 50% or more of the output value is “1”). Outputs “10”.

  The shift register 422 outputs from the ID determination circuit 421 when one of the outputs of the 128 SRAM memory cells 441 of the SRAM-PUF unit 440 is sequentially selected by the selector 402 and input to the ID determination circuit 421. 2-bit numerical values are sequentially stored.

  The entropy compression unit 423 performs entropy compression on a bit string of 256 (128 × 2) bits arranged in the shift register 422, and outputs the obtained value as a result of generating individual information (response).

  Based on the output of the latch 411 stored in the register 433 and the data stored in the non-volatile memory 432, the temperature determination sequencer 431 is arranged around the chip 200 on which the individual information generation device 120 is mounted. Determine the temperature. Here, if the determination result of the ambient temperature is outside the predetermined temperature range, an encryption processing stop signal is output. When the encryption processing stop signal is received by the CPU 210, the CPU 210 controls the cryptographic operation unit 220 to prohibit the encryption processing unit 220 from executing the encryption processing. The encryption processing stop signal is also sent to the entropy compression unit 423, and when receiving the encryption processing stop signal, the entropy compression unit 423 stops outputting the individual information.

The method for determining the ambient temperature by the temperature determination sequencer 431 is also the same as that in the first example of FIG.
That is, for each of the SRAM memory cells 441, the relationship between the ambient temperature of the chip 200 and the average value (average frequency) of the above-described interval with respect to the frequency at which the bit having a value of 1 is included in the output bit string is represented by the chip 200. Ask for each. Next, for each chip 200, the SRAM memory cell 441 in which the change in average frequency with respect to the ambient temperature monotonously increases or decreases is selected from the obtained relationship. Then, template information representing the above-described relationship for the selected latch 411 is generated and stored in the nonvolatile memory 432.

  When detecting the ambient temperature, the temperature determination sequencer 431 first outputs a selection signal to the selector 402, and the SRAM memory cell 441 in which the above relationship is represented by the above template information stored in the nonvolatile memory 432. To select. Then, the content of the selected SRAM memory cell 441 is sent to the register 433 via the selector 402. The register 433 stores this bit string synchronized with the repeated supply and stop of power to the SRAM-PUF unit 440. The temperature determination sequencer 431 reads the bit string stored in the register 433, and counts the number of bits having a value of 1 in the bit string. Then, the ratio of the number of bits to the number of bits of the bit string is calculated as the frequency at which bits having a value of 1 are included in the bit string. Here, the temperature determination sequencer 431 reads the ambient temperature associated with this frequency with reference to the above-described template information stored in the nonvolatile memory 432, and uses the read ambient temperature of the chip 200. Use the ambient temperature judgment result.

  Note that the configuration of the individual-specific information generation apparatus 120 illustrated in FIG. 12 may be modified and configured as in the second example illustrated in FIG. That is, the template information described above may be stored in a storage device that the server device 300 has. In the case of such a configuration, the temperature determination sequencer 431 makes an inquiry to the server apparatus 300 via the communication interface unit 250 and the communication network 310 as in the second example when referring to the template information. Just do it.

  The first to third examples of the configuration of the individual information generation device 120 described so far are all configured to share the same PUF for generation of individual information and temperature detection. Yes. That is, when it is detected using the PUF that the ambient temperature of the chip 200 is outside the predetermined temperature range, the individual-specific information generation apparatus 120 stops outputting the individual-specific information and performs encryption processing. A signal to stop execution was output. Here, when it is detected that the ambient temperature of the chip 200 is outside the predetermined temperature range, the operation of the PUF itself may be further stopped. In addition, the CPU 210 that has received the above-described signal performs control to prohibit execution of the encryption processing by the cryptographic calculator 220, and does not invalidate all subsequent outputs from the individual-specific information generation device 120. You may aim at the further improvement of safety.

  As described above, instead of sharing the same PUF for generation of individual information and temperature detection, separate PUFs may be mounted for generation of individual information and temperature detection. That is, as in the configuration of the encryption processing system 600 illustrated in FIG. 13, a dedicated PUF may be mounted on each of the temperature detection device 610 and the individual-specific information generation device 620.

  In the configuration of FIG. 13, the temperature detection device 610 detects the ambient temperature using its own PUF, and when it is detected that the ambient temperature is outside the predetermined temperature range, A stop signal is output to the information generation device 620 and the encryption device 630. The individual-specific information generation device 620 generates individual-specific information using the PUF that it owns, but stops receiving the individual-specific information when it receives the stop signal described above. The encryption device 630 performs information encryption processing using the individual-specific information generated by the individual-specific information generation device 620. When the above-described stop signal is received, the encryption device 630 executes the encryption processing. Cancel.

  In this way, by installing separate PUFs for individual information generation and temperature detection, it becomes possible to use PUFs having characteristics suitable for each function, thus improving the performance of each function. To do. In temperature measurement performed using a PUF, it is preferable to use a PUF that is sensitive to temperature changes. On the other hand, in the generation of individual information, since it is necessary to generate stable individual information regardless of changes in ambient temperature, it is preferable that the PUF used for generation has less influence on temperature changes. Therefore, by using a dedicated PUF for generating individual-specific information and a PUF for temperature measurement, an improvement in performance can be expected for each of the two functions.

  It should be noted that the temperature detection using the PUF described above can be applied to voltage detection. In other words, in an environment where the ambient temperature is constant, the ambient temperature is constant by using a PUF having a relationship in which the voltage applied for operation and the frequency of outputting a predetermined value (for example, 1) change monotonously. It is also possible to detect the voltage in the environment.

1 device 10 butterfly type PUF
11, 12 NAND circuit 20, 120, 620 Individual information generation device 21, 21-1, 21-2, 21-3, 21-4, 21-5, 21-6 PUF
DESCRIPTION OF SYMBOLS 100 Temperature sensor 101 Metastability type | mold PUF circuit 102 Frequency detection part 103 Memory | storage part 104 Temperature determination part 110,630 Encryption apparatus 111,121 Output value generation circuit 112 Encryption key generation part 113 Encryption process part 114 Encryption process control part 115 Communication unit 122 Individual information generation unit 123 Individual information generation control unit 200 Chip 210 CPU
220 Cryptographic operator 221 Public key coprocessor 222 Common key coprocessor 230 ROM
240 RAM
DESCRIPTION OF SYMBOLS 250 Communication interface part 260 Bus line 300 Server apparatus 310 Communication network 401 Oscillator 402 Selector 410 Butterfly type PUF part 411 Latch 420 PUF output part 421 ID determination circuit 422 Shift register 423 Entropy compression part 430 Temperature detection part 431 Temperature determination sequencer 432 Nonvolatile Memory 433 Register 440 SRAM-PUF unit 441 SRAM memory cell 501 Bit number converter 502 Adder 503 Register 504, 506 Reduction operation circuit 505, 508 AND circuit 507 NOT circuit 509 OR circuit 600 Encryption processing system 610 Temperature detection device

Claims (10)

Metastability type PUF circuit,
A frequency detection unit for detecting a frequency at which the metastability type PUF circuit outputs a predetermined value;
A storage unit in which data representing a relationship between an ambient temperature and the frequency at which the metastable PUF circuit outputs the predetermined value is stored in advance, and a frequency detected by the frequency detection unit is stored in the storage unit. A temperature determination unit for determining the ambient temperature based on the data
Temperature sensor with Metastability type PUF circuit,
A frequency detection unit for detecting a frequency at which the metastability type PUF circuit outputs a predetermined value;
A storage unit in which data representing the relationship between the ambient temperature and the frequency at which the metastable PUF circuit outputs the predetermined value is stored in advance;
A temperature determination unit that determines an ambient temperature based on the frequency detected by the frequency detection unit and the data stored in the storage unit;
A temperature sensor comprising,
An output value generation circuit for outputting a constant value or an indefinite value without uniquely determining an output value generated with respect to an input value;
An encryption key generation unit for generating an encryption key based on an output value of the output value generation circuit;
An encryption processing unit that performs encryption processing of information using the encryption key generated by the encryption key generation unit, and the encryption processing when the ambient temperature determined by the temperature determination unit is outside a predetermined range An encryption processing control unit that controls the unit to prohibit the execution of the encryption processing,
An encryption device comprising:   The encryption apparatus according to claim 2, wherein the metastability type PUF circuit is shared as the output value generation circuit.   The encryption apparatus according to claim 2 or 3, wherein the encryption key generation unit prohibits output of the encryption key when the ambient temperature determined by the temperature determination unit is outside a predetermined range. A communication unit that exchanges data with the server device via the communication network;
The storage unit is arranged in the server device;
The encryption device according to claim 2 or 3.   The encryption apparatus according to claim 5, wherein the output value generation circuit stops the output value generation operation when the communication unit does not receive the data stored in the storage unit. Detecting the frequency with which the metastability type PUF circuit outputs a predetermined value,
Based on the data stored in the storage unit in which data representing the relationship between the ambient temperature and the frequency at which the metastable PUF circuit outputs the predetermined value is stored in advance, and the detected frequency Determine the ambient temperature,
An encryption key is generated based on an output value of a digital circuit that outputs a constant value or an indefinite value without uniquely determining an output value for an input value,
Encrypt information using the encryption key,
When the ambient temperature determined by the determination of the ambient temperature is within a predetermined range, information encryption processing is performed using the encryption key, and when the ambient temperature is outside the predetermined range, Prohibit execution of encryption processing,
Encryption method.   The encryption method according to claim 7, wherein the digital circuit is a metastability type PUF circuit in which the frequency is detected. The temperature sensor according to claim 1,
An output value generation circuit for outputting a constant value or an indefinite value without uniquely determining an output value generated with respect to an input value;
The individual-specific information generation unit that generates individual-specific information based on the output value of the output value generation circuit, and when the ambient temperature determined by the temperature determination unit is outside a predetermined range, the individual-specific information generation unit Individual information output control unit that prohibits output of generated individual information,
An individual-specific information generation apparatus comprising:   The individual-specific information generation apparatus according to claim 9, wherein the metastability type PUF circuit is shared as the output value generation circuit.