JP3827050B2 - IC card and semiconductor integrated circuit device - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to an IC card and a semiconductor integrated circuit device, and more particularly to a technology effective for use in security protection technology in a semiconductor integrated circuit device such as an IC card and a one-chip microcomputer with a built-in program.
[0002]
[Prior art]
An IC card is an apparatus mainly used for holding information that cannot be rewritten without permission, encrypting data using an encryption key that is secret information, and decrypting ciphertext. Since the IC card does not have a power source, when it is inserted into a reader / writer, the IC card can be operated by receiving power. When the operation becomes possible, a command is received from the reader / writer, and data is transferred to / from the reader / writer according to the command. As for the IC card, there is “IC Card” written by Junichi Mizusawa, edited by Ohmu Publishing Electronic Information Communication Society.
[0003]
The IC card is used for storing important information and performing cryptographic processing in the card because programs and important information are sealed in an IC card chip. It was considered that the difficulty of decrypting the encryption processing with the IC card was the same as the difficulty of decrypting the encryption algorithm. However, it has been suggested that the contents of encryption processing and the encryption key may be easily estimated by observing and analyzing the current consumption when the IC card performs encryption processing. This danger is described in 8.5.1.1 Passtve protective mechantsms (page 263) in "Smart Card Handbook" by John Wiley & sons W. Rankl & W. Effing.
[0004]
[Problems to be solved by the invention]
The CMOS circuit constituting the IC card chip consumes current when the output state changes from 1 to 0 or from 0 to 1. In particular, since the bus of the data bus 203 has a large electric capacity, when the bus value changes from 1 to 0 or from 0 to 1, a large current is consumed. Therefore, the observation of current consumption suggests the possibility of knowing what is operating in the IC card chip.
[0005]
For example, consider a case where data is transferred to a 16-bit precharge bus. The precharge bus is a bus that aligns all bus values to “0” before data transfer. When data having the same number of “1” bits, for example, “88” and “11” are transferred to this bus as hexadecimal numbers having “1” bits of 2, the current waveform Are expected to have approximately the same waveform. This is because, since the number of bits changed from “0” to “1” is the same, the current is consumed in the same manner and the same current waveform is obtained. If data having a different number of “1” bits, for example, “89” or “19” in which the number of “1” bits is 3, the number of “1” bits is 2. Current consumption is different from data. This is because the bus value for three bits has changed from “0” to “1”, and that much current is consumed. Therefore, the current consumption is increased by 1 bit compared to the data in which the previous 2 bits have changed. In general, there is a regularity that the current waveform becomes higher as the number of “1” bits is larger. It seems that the transferred data can be estimated from this regularity.
[0006]
In view of this, the inventors of the present application described above for a semiconductor integrated circuit device that performs a certain data processing operation by a built-in program such as the above-described IC card and a one-chip microcomputer mounted on the IC card. It has led to the development of security technology that can more reliably prevent the contents of cryptographic processing and the decryption of cryptographic keys by observing current consumption.
[0007]
SUMMARY OF THE INVENTION An object of the present invention is to provide an IC card and a semiconductor integrated circuit device that realize enhanced security. The above and other objects and novel features of the present invention will be apparent from the description of this specification and the accompanying drawings.
[0008]
[Means for Solving the Problems]
The outline of a typical invention among the inventions disclosed in the present application will be briefly described as follows. That is, it includes a data processing device and a ROM in which data processing procedures including security information processing by the data processing device are written, and the operating voltage is reduced when the external terminal is electrically connected to an external device such as a read / write device. In an IC card or a semiconductor integrated circuit device including a data processing device and a ROM in which a data processing procedure by the data processing device is written and in which a data processing operation according to the data processing procedure is performed, Means for changing the timing of the data processing operation is provided.
[0009]
DETAILED DESCRIPTION OF THE INVENTION
FIG. 1 shows an external view of an embodiment of an IC card to which the present invention is applied. The IC card has a card 101 made of a plastic case and an IC card chip 102 made of a one-chip microcomputer or the like as shown by a dotted line mounted inside the card 101. The IC card further has a plurality of contacts (electrodes) 103 connected to the external terminals of the IC card chip 102. The plurality of contacts 103 include a power supply terminal VCC, a power supply reference potential terminal VSS, a reset input terminal RES bar, a clock terminal CLK, a data terminal I / O-1 / IRQ bar, and an I / O-, as will be described later with reference to FIG. 2 / IRQ bar. The IC card is supplied with power from the external coupling device through a reader / writer (not shown) through the contact 103, and performs data communication with the external coupling device.
[0010]
FIG. 2 is a schematic block diagram showing an embodiment of an IC card chip (semiconductor integrated circuit device) mounted on the IC card according to the present invention. Each circuit block in the figure is formed on a single semiconductor substrate such as single crystal silicon, although it is not particularly limited by a known CMOS integrated circuit manufacturing technique.
[0011]
The configuration of the IC card chip according to the present invention is basically the same as that of a microcomputer. The configuration includes a clock generation circuit 205, a central processing unit (hereinafter sometimes simply referred to as a CPU) 201, a ROM (Read Only Memory) 206, a RAM (Random Access Memory) 207, an EEPROM (Electrical Erasable Programmable Read Only Memory) 208, and the like. Storage device, a random number generation circuit (RNG) 209, an input / output port (I / O port) 202, and the like, and a false current generation circuit 210 added according to the present invention.
[0012]
The clock generation circuit 205 receives an external clock CLK supplied from a reader / writer (external coupling device) (not shown) via the contact 103 in FIG. 1, forms a system clock signal synchronized with the external clock signal, and generates it as a chip. This is a circuit to be supplied inside. The CPU 201 is a device that performs logical operations and arithmetic operations, and the storage devices 206, 207, and 208 are devices that store programs and data. The I / O (input / output) port 202 is a device that communicates with the reader / writer. The data bus 204 and the address bus 203 are buses that connect the devices to each other.
[0013]
Of the storage devices 206, 207, and 208, the ROM 206 is a memory in which stored contents are fixed in a nonvolatile manner, and is a memory that mainly stores programs. A volatile memory (hereinafter referred to as a RAM) 207 is a memory in which stored information can be freely rewritten. However, when power supply is interrupted, the stored contents are not erased. Since the supply of power is interrupted when the IC card is removed from the reader / writer, the contents of the RAM 207 are not retained.
[0014]
The nonvolatile memory (hereinafter referred to as EEPROM) 208 is a rewritable nonvolatile memory, and information once written therein is retained therein even when power supply is stopped. This EEPROM needs to be rewritten and is used to store data that should be retained even if the IC card is removed from the reader / writer. For example, when an IC card is used as a prepaid card, the prepaid frequency is rewritten every time it is used. The frequency in this case is held in the EEPROM 208 because it must be stored and held in the IC card even if it is removed from the reader / writer. The random number generation circuit 209 generates a random number used for encryption processing or the like.
[0015]
The CPU 201 has the same configuration as a so-called microprocessor. That is, although not shown in detail, an instruction register therein, an instruction written in the instruction register, a micro instruction ROM for decoding various micro instructions or control signals, an arithmetic circuit, a general purpose register (RG6, etc.) And an input / output circuit such as a bus driver and a bus receiver coupled to the internal bus BUS. The CPU 201 reads an instruction stored in the ROM 206 or the like and performs an operation corresponding to the instruction. The CPU 201 captures external data input via the I / O port 202, reads out data such as instructions from the read-only memory ROM and fixed data necessary for instruction execution, and reads data from the RAM and EEPROM. Write and read operations are controlled.
[0016]
The CPU 201 receives a system clock signal generated from the clock generation circuit 205 and operates with an operation timing and a period determined by the system clock signal. The CPU 201 is mainly composed of a CMOS circuit, that is, a circuit composed of a P-channel MOSFET and an N-channel MOSFET. Although not particularly limited, the CPU 201 synchronizes the CMOS static circuit capable of static operation such as a CMOS static flip-flop, the charge precharge to the signal output node, and the signal output to the signal output node in synchronization with the system clock signal. And a CMOS dynamic circuit.
[0017]
FIG. 3 is an equivalent circuit diagram of the IC card chip shown in FIG. The current I flowing between the power supply voltage VCC and the circuit ground potential is the current I flowing through each circuit block of the bus line, CPU, ROM, volatile memory, nonvolatile memory, RNG, and pseudo current generating circuit. _BUS , I _CPU , I _MEM1 , I _MEM2 , I _RNG , I _DUM Sum of (I _BUS + I _CPU + I _MEM1 + I _MEM2 + I _RNG + I _DUM ). RNG current I _RNG And false current signal I _DUM Are different every time even in the same internal state and the same operation.
[0018]
The decryption of the encryption algorithm is presumed to be based on statistical analysis of the change in the sum of currents flowing in the IC card. Therefore, in this embodiment, as one technique for making such analysis substantially impossible, the current I of the false current generation circuit is detected by the change in the current. _DUM The structure which adds is taken. In this case, the current I _DUM Is an irregular current value independent of the operation of each internal circuit. In other words, the internal circuit has non-reproducibility from a statistical point of view so that the same state and the same operation are different each time.
[0019]
FIG. 4 shows a current waveform diagram for explaining the present invention. The signal current I1 represents the total sum of currents generated with the data processing. In the example of FIG. 3, I1 = I _BUS + I _CPU + I _MEM1 + I _MEM2 + I _RNG It can be expressed as. On the other hand, the current I2 is a pseudo current, and the current value is changed. As described above, the meaning of this change is not related to the internal circuit operation and has irregularity. That is, a current waveform having non-reproducibility as described above is provided.
[0020]
When the pseudo current as described above is built in an IC card, or when built in a semiconductor integrated circuit device such as a one-chip microcomputer mounted on an IC card or the like, the current observed at the power supply terminal is The current is I1 + I2. For this reason, since the circuit current I1 + I2 includes the pseudo current I2, the contents of encryption processing and the estimation of the encryption key by the statistical method as described above can be prevented.
[0021]
FIG. 5 shows a schematic configuration diagram of an embodiment of the pseudo current generating circuit. In this embodiment, a random number is generated by fetching an output signal of an oscillation circuit into a register using a timing generator output asynchronous with the oscillation frequency as a clock. The register is a shift register, and generates a random number composed of binary information by converting it into a binary signal depending on whether the oscillation output input at the timing of the clock is higher or lower than the logic threshold voltage of the input unit.
[0022]
The random number is used as input data for the selector. The selector turns on / off a switch corresponding to each bit of the random number by a clock, and causes a charge-up current to flow through the capacitors C1 to C4. The capacitors C1 to C4 are not particularly limited, but their capacitance values are set separately. By making the capacitance values of the four capacitors different as described above, 16 types of current values are generated including only combinations of no charge-up, and 81 types of charge-up and discharge are included. be able to. Since such a combination can be generated irregularly by random numbers, the pseudo current can be generated with a simple configuration.
[0023]
The selector generates a pseudo current in synchronization with a clock. Since the CPU or the like performs a series of data processing in synchronization with the clock, the current I flowing through each circuit block is _BUS , I _CPU , I _MEM1 , I _MEM2 , I _RNG Etc. are also generated in synchronization with the clock. Therefore, pseudo current I _DUM Is generated in synchronization with the clock, it is possible to effectively and effectively make it impossible to estimate the contents of encryption processing and the encryption key by observing the current change by the statistical method.
[0024]
FIG. 6 shows a specific circuit diagram of an embodiment of the pseudo current generating circuit. In this embodiment, clocked inverter circuits are connected in cascade, and an oscillation circuit output is supplied to the first stage circuit. The operation of the clocked inverter circuit is controlled by a timing generator output asynchronous with the output of the oscillation circuit. The output signal of each stage of the cascaded clocked inverter circuit is supplied to the input of the clocked inverter circuit constituting the drive circuit. Each clocked inverter circuit constituting the drive circuit is provided with a capacitor (capacitor) charged up by the pseudo current as described above. Each clocked inverter circuit constituting the drive circuit is supplied with the output of the timing generator inverted by the inverter circuit.
[0025]
The inverter circuit connected in cascade is not particularly limited, but its driving capability is set separately. As a result, each cascade-connected inverter circuit that receives the oscillation circuit output is put into an operating state when the timing generator output is at one level (for example, high level), and the signal supplied to each inverter circuit is delayed. It is transmitted with a delay time corresponding to. When the output of the timing generator is at the other level (for example, low level), the output high impedance state is set. Therefore, the output signal of each stage when the timing generator output changes to the other level (for example, low level) is held as the input signal of the drive circuit.
[0026]
When the timing generator output is at one level, the output of each inverter circuit constituting the drive circuit is brought into a high impedance state. Therefore, each capacitor retains the previous charge state. When the timing generator output changes to the other level, the output signal of each stage is held as the input signal of the drive circuit as described above, and the level of the input signal depends on the operation state of the drive circuit. When the voltage is higher than the logic threshold voltage, a low level output signal is formed, and when it is low, a high level output signal is formed.
[0027]
When the level of the input signal is higher than the logic threshold voltage of the drive circuit, a low level output signal is formed, but if the charge is accumulated in the capacitor at that time, it is discharged, and if there is no charge in the capacitor, the current is Does not flow. Conversely, when the level of the input signal is lower than the logic threshold voltage of the drive circuit, a high-level output signal is formed. If charge is accumulated in the capacitor at that time, charge-up corresponding to the difference is made. If a current flows and there is no charge, a charge-up current up to the power supply voltage VCC flows. As described above, in addition to the fact that the signal level of each stage due to the difference in delay time of the clocked inverter circuits connected in series is a kind of random number, the state of the charge held in the previous capacitor is as described above. The charge-up current or discharge current is made different. That is, the charge itself held in the capacitor has an element as a random number.
[0028]
Therefore, the current value depends on the combination of the signal level at each stage of the inverter circuit connected in series due to the asynchronous output of the oscillation output and the timing generator output that samples it, and the amount of charge previously held in the capacitor. As a result, a huge number of pseudo-currents can be formed, and even if one-chip microcomputer is accessed several times under the same conditions and conditions, pseudo-currents with irregularity or reproducibility can be generated. it can. In this case, since the current supplied from the power supply voltage VCC side and the current flowing to the ground potential are different depending on the presence or absence of the accumulated charge in the capacitor, the current analysis can be further complicated. Since the pseudo current is generated in synchronization with the clock, the decryption of the encryption key by the current analysis can be effectively prevented in the same manner as described above.
[0029]
FIG. 7 shows a schematic configuration diagram of another embodiment of the pseudo current generating circuit. In this embodiment, the output signal of the oscillation circuit is counted by a counter, and the counted output is sampled by a timing generator output asynchronous with the oscillation frequency and transferred to a register as data. Capacitors C1 to C6 similar to the above are connected to each stage of the register. Also in this configuration, the random number is generated by sampling the count output of the counter, and the combination of the state of the charge held by the capacitors C1 to C6 and the high level output and the low level output corresponding to the random number Similarly, a pseudo current consisting of a huge number of combinations can be generated in synchronization with the clock.
[0030]
FIG. 8 is a block diagram showing an embodiment of the interface unit in the random number generation circuit RNG module shown in FIG. A data bus constituting the one-chip microcomputer is provided with a flip-flop (flag) that holds random number generation bits. The random number generated by the random number generation circuit is held in a random number storage register and can be read from the data bus. The operation state of the random number generation circuit is set in the flip-flop so that it can be read from the data bus.
[0031]
The CPU receives the random number generated by the RNG module via the random number storage register and uses it for the encryption signal processing as described above. The CPU can set the random number generation bit to put the random number generation circuit into an operating state or a stop state. Such an operation state of the random number generation circuit can be determined by reading a status bit by the CPU.
[0032]
FIG. 9 shows a flowchart of one embodiment for explaining the random number obtaining operation by the CPU. In step (1), a “random number generation bit” is set. With such a set of “random number generation bits” (for example, logic 1), the random number generation circuit starts operation.
[0033]
In step (2), it is determined whether the “status bit” is in a random number generation complete state. That is, when the random number generation circuit generates a random number and stores it in the random number storage register, it sets the “status bit”. If the “status bit” is not set (eg, logic 0), the process returns to the determination of step (2) and waits until the “status bit” is set (eg, logic 1).
[0034]
In step (3), since a valid random number is stored in the random number storage register, the CPU designates and reads the random number storage register.
[0035]
In step (4), the “status bit” is set to the state transition to “random number generating”. That is, the “status bit” is reset to logic 0 as described above.
[0036]
In step (5), it is determined whether the random number read from the random number storage register has a desired data length. If the random number is not the desired data length, the process returns to step (2) and the above operation is repeated. When the random number read from the random number storage register has a desired data length, the process proceeds to step (6) to reset the “random number generation bit” and terminate the random number generation operation.
[0037]
FIG. 10 shows an overall configuration diagram of an embodiment of the random number generation circuit RNG module. The output of the oscillation circuit 1 is input to the shift register 805 as input data. The shift clock of the shift register 805 is formed by a counter 1 that counts the oscillation output of an oscillation circuit 2 different from the oscillation circuit 1. That is, the shift clock of the shift register 805 is formed by dividing the oscillation signal of the oscillation circuit 2 by the counter 1.
[0038]
The multi-bit signal output from each stage of the shift register 805 is corrected through an oscillation circuit output adjustment circuit and output as input data to a random number storage register (shift register) 808. The register clock 812 used for the shift operation of the random number storage register 808 is further divided by the counter 2 that receives the count output of the counter 1. The output signal of the counter 2 is supplied to the counter 3 to form the status bit generation signal 813, and the status bit 810 is stored in a flip-flop or the like.
[0039]
The output signal of the flip-flop storing the random number generation bit is supplied as an operation control signal to the oscillation circuits 1 and 2 and the counters 1, 2 and 3 as a control signal. When this control signal is set to an active level such as a high level, for example, the oscillation circuits 1 and 2 and the counters 1, 2, and 3 are brought into an operation state, and the oscillation operation and the counting operation are validated. When the control signal is set to an inactive level such as a low level, the oscillation circuits 1 and 2 and the counters 1, 2 and 3 are in an inoperative state, that is, the oscillation circuits 1 and 2 stop the oscillation operation, and the counter 1 2, 3 stop the counting operation.
[0040]
The oscillation circuits 1 and 2 have different oscillation frequencies from each other, and the oscillation frequencies are intentionally changed as described later. Further, the shift clock of the random number storage register 808 is divided by the counter 2 with respect to the shift clock of the shift register 805, and the bit pattern stored in the random number storage register is irregular for each random number generation operation. To have sex.
[0041]
FIG. 11 is a block diagram showing an embodiment of the oscillation circuits 1 and 2 shown in FIG. In this embodiment, an oscillation circuit is constituted by a PLL (phase locked loop) circuit. Originally, the PLL circuit is used to form a stable frequency signal so as to be phase-locked to a predetermined reference frequency. In contrast, in this embodiment, the oscillation output is used to be unstable by the phase control operation of the PLL circuit.
[0042]
The reference signal is formed by a comparison oscillation circuit. This oscillation circuit is not a highly stable oscillation circuit such as a crystal oscillation circuit but an unstable oscillation circuit such as a ring oscillator. The oscillation signal of the comparison oscillation circuit and the divided output obtained by dividing the oscillation output of the voltage controlled oscillation circuit are compared by a phase comparator, and a detection signal UP or DOWN corresponding to the phase difference (frequency difference) is obtained. A control voltage is generated by supplying the low-pass filter, and the oscillation frequency of the voltage controlled oscillation circuit is controlled. As a result, the oscillation frequency of the voltage controlled oscillation circuit is oscillated at a frequency obtained by multiplying the oscillation frequency of the comparison oscillation circuit by a frequency corresponding to the frequency division ratio of the frequency divider circuit.
[0043]
In this embodiment, the oscillation output for comparison, the frequency-divided output of the voltage-controlled oscillation circuit, and the output of the oscillation circuit are transmitted to the capacitors provided in the low-pass filter for smoothing the phase detection signal UP or DOWN, respectively. The control voltage is varied. One or more of these circuits and capacitors can be used. The comparison oscillation output and the frequency-divided output of the voltage control type oscillation circuit are controlled so as to be synchronized by the PLL, but the control voltage can be fluctuated because the frequency is different. On the other hand, the control voltage supplied to the voltage controlled oscillation circuit changes irregularly by adding the oscillation output formed by the unstable oscillation circuit that is asynchronous with these, and the voltage controlled oscillation circuit is changed. Control.
[0044]
In other words, in addition to the control voltage formed by the PLL circuit in the original feedback loop, the noise component due to the oscillation signal formed by the unstable oscillation circuit is added to the control voltage, which is asynchronous with them. Oscillation control operation is performed, so that it is possible to form an oscillation circuit output whose frequency varies with time and does not have a certain regularity. Thereby, a random frequency fluctuation oscillation circuit suitable for the random number generation circuit can be configured.
[0045]
FIG. 12 shows a circuit diagram of an embodiment of the unstable oscillation circuit provided in FIG. This oscillation circuit is basically composed of a ring oscillator. In other words, an odd number of signal delay elements composed of resistors and capacitors (capacitors) are connected to the output of the CMOS inverter circuit, and five in the figure are connected in a ring state to constitute an oscillation circuit. In this embodiment, such a ring oscillator can be regarded as performing an unstable oscillation operation because the characteristics of each circuit element have temperature dependency and power supply dependency.
[0046]
In this embodiment, in addition to the relatively small fluctuations due to the temperature dependence and power supply dependence of the element characteristics as described above, the resistance as the delay means is provided with a resistance that is selectively connected in parallel via a switch. The variable resistance circuit is configured by. The delay element is made variable by controlling the switch by the output of the comparison oscillation circuit, the output of the frequency dividing circuit, and the oscillation output of the switch. In other words, when the MOSFET as a switch is in an on state, the resistance value is reduced and the delay time is shortened to increase the oscillation frequency. When the MOSFET as a switch is in an off state, the resistance value is increased. The delay time becomes longer and the oscillation frequency is lowered.
[0047]
As described above, the delay time of each of the three variable delay circuits is asynchronous, and the amount of change in each delay time is different, so that the oscillation output of the oscillation circuit is complicated with a relatively large fluctuation range. It will fluctuate. By applying such an oscillating circuit to the oscillating circuits 1 and 2 of FIG. 10 or either the oscillating circuit 1 or 2, random numbers having irregularity can be generated.
[0048]
FIG. 13 shows a circuit diagram of another embodiment of the unstable oscillation circuit provided in FIG. This oscillation circuit is basically composed of a ring oscillator. In other words, an odd number of signal delay elements composed of resistors and capacitors (capacitors) are connected to the output of the CMOS inverter circuit, and five in the figure are connected in a ring state to constitute an oscillation circuit. Then, a variable resistance circuit is configured by providing a resistor as one of the delay means, which is selectively connected in parallel via a switch. An unstable oscillating operation can be performed by controlling the switch by the oscillation output as described above. Since the oscillation circuit shown in the figure obtains an unstable oscillation output by using its own oscillation output, it may be used as a comparative oscillation circuit in the embodiment shown in FIG. .
[0049]
FIG. 14 is a block diagram showing another embodiment of the oscillation circuits 1 and 2 shown in FIG. Also in this embodiment, an oscillation circuit is constituted by a PLL (phase locked loop) circuit. In this embodiment, the time constant of the low-pass filter of the PLL circuit is made extremely small to form a control voltage that varies greatly corresponding to the phase comparison outputs UP and DOWN. As a result, the voltage controlled oscillation circuit can greatly change the oscillation frequency and generate a large fluctuation in the frequency of the output signal.
[0050]
FIG. 15 shows a block diagram of an embodiment of the output adjustment circuit of FIG. In the register 805 of FIG. 10, as a result of the logic threshold voltage shifting to the high level side or the low level side due to variations in the element process of the shift register, the oscillation output of the oscillation circuit 1 and the asynchronous output thereof are synchronized as described above. Even when a clock formed based on the oscillation output of the oscillation circuit 2 is used, there may be a case where the occurrence frequency of a specific bit pattern is increased.
[0051]
The oscillation circuit output adjustment circuit operates to perform adjustment when such a specific bit pattern is generated. In this embodiment, a multi-input EOR (exclusive OR) circuit is used. The multi-input EOR circuit forms an output signal such as a logic 1 if the number of logic 1s is an odd number among input signals composed of a plurality of bits, and a logic 0 otherwise. Thereby, even if the frequency of a specific bit pattern becomes high, it can be converted into irregular data by the logical processing as described above.
[0052]
The output adjustment circuit can detect any simple bit pattern such as all-bit 0 or all-bit 1 in addition to the multi-input EOR as described above, and can change it. good. For example, by adding or subtracting the bit pattern generated immediately before the generated bit pattern, or by shifting or inverting the digit in the addition or subtraction, the generation of a complicated bit pattern can be generated. It may be what you do.
[0053]
FIG. 16 is a block diagram showing another embodiment of the random number generation circuit according to the present invention. In this embodiment, two oscillation circuits 2701 and 2702 that perform an oscillation operation asynchronously with each other are used, and the oscillation output of one oscillation circuit 2701 is supplied to the input terminal IN of a flip-flop 2703 that performs a binary conversion operation. The oscillation output formed by the other oscillation circuit 2702 is sequentially divided by frequency dividing circuits 2705, 2706, and 2707, respectively, so that three frequency division signals are formed. Four types of clocks are formed by combining the oscillation output and each of the frequency-divided outputs, and one is selected via the selector 2708 and supplied to the clock terminal CK of the flip-flop 2703.
[0054]
The flip-flop 2703 determines the high level / low level of the oscillation output input to the input terminal IN based on the rising edge or falling edge of the clock supplied to the clock terminal CK, and outputs the logic 1 or logic from the output terminal OUT. A binary signal of 0 is output and stored in a random number storage register. Since the cycle of the clock supplied to the clock terminal CK changes as described above, the random number generation speed can be changed. Such a change in the random number speed is a function mainly provided in the cryptographic operation circuit, and allows the user to specify the random number speed, but when using such a random number generation circuit, It is also useful for making it impossible to estimate the contents of encryption processing and the encryption key by substantially invalidating the observation of the current change by the statistical method.
[0055]
Although not particularly limited, the selector 2708 selects any one using the previous random number stored in the random number storage register 2704. As a result, the bit pattern generated by the flip-flop 2703 can be set variously compared with the case where the oscillation circuits 2701 and 2702 are simply oscillated asynchronously, and random numbers having no reproducibility can be generated. Also good.
[0056]
FIG. 17 is a block diagram showing another embodiment of the random number generation circuit according to the present invention. In this embodiment, a counter 2745, a setting register 2746, and a counter / setting register comparator 2747 are used in place of the frequency dividing circuit and the selector as shown in FIG. 16, and are input to the clock terminal CK of the flip-flop 2743. The frequency (period) of the clock to be changed is changed. The comparator 2747 compares the set value set in the setting register 2746 with the count value of the counter 2845, and generates a clock pulse if they match. That is, a pulse obtained by dividing the oscillation output of the oscillation circuit 2742 can be formed in accordance with the set value set in the setting register 2746.
[0057]
Even in this case, the set value supplied to the setting register 2746 is used for speed control that simply generates a random number, and by setting the previous random number generated in the random number storage register as described above, a random number is set. The generation rate itself can be random.
[0058]
FIG. 18 is a principal block diagram showing an embodiment of a semiconductor integrated circuit device according to the present invention. In this embodiment, the pseudo-current generation unit 2805 includes a random number generation circuit that generates a random number using a shift register or the like using two different frequency signals, and the irregularity as described above is generated according to the random number. A pseudo current generation circuit is provided that generates a current or a non-reproducible current for a signal processing operation in the same state and conditions several times.
[0059]
In this embodiment, an oscillation circuit 2804 that forms a frequency signal as data out of the two frequency signals is controlled to be in an oscillation state and an oscillation stop state by an oscillation circuit control circuit. The CPU 2801 inputs a command indicating an oscillation state or an oscillation stop state to the oscillation circuit control circuit 2806 via the bus line 2802. When the CPU 2801 inputs a command for instructing the oscillation state to the oscillation circuit control circuit, the oscillation circuit control circuit 2806 sets the oscillation circuit 2804 in the oscillation state in response to the command. When the oscillation circuit 2804 is brought into an oscillation state, a random number as described above is generated, and a pseudo current according to the random number as described above is included in the power supply terminal of the semiconductor integrated circuit device.
[0060]
When the CPU 2801 inputs a command instructing the oscillation stop state to the oscillation circuit control circuit, the oscillation circuit control circuit 2806 puts the oscillation circuit 2804 into the oscillation stop state in response to the command. When the oscillation circuit 2804 is brought into an oscillation stop state, the generation of random numbers as described above is stopped. Thereby, the pseudo current as described above is removed from the power supply terminal of the semiconductor integrated circuit device. Alternatively, only a constant current according to a constant random number flows, which is substantially equivalent to the removal of the pseudo current. The CPU appropriately switches between the operating state and the stopped state of the oscillation circuit 2804 in the software. Therefore, when statistically analyzing the operation of the microcomputer over a large number of times, the pseudo-current is compared with the case where the pseudo-current is not generated and the case where the pseudo-current is generated. Is equivalent to generating
[0061]
FIG. 19 is a block diagram showing the principal part of another embodiment of the semiconductor integrated circuit device according to the present invention. In this embodiment, as described above, the oscillation circuit control circuit instructs the operation state and the stop state of the random number generator internal oscillation circuit by a command from the CPU. When the random number generator internal oscillation circuit is activated, it supplies an oscillation signal to the random number generation register to generate a random number indicating the operation time of the false signal generator control circuit.
[0062]
The pseudo current generator generates a pseudo current having a current value specified by a frequency signal formed by the random number generator internal oscillation circuit and a random number generated by a clock signal from the timing generator. Since the generation time of the pseudo current is specified by the random number generation register, the time when the pseudo current corresponding to the random number is included and the time ratio where the pseudo current is not included change with the passage of time. . Therefore, when statistically analyzing the operation of the microcomputer many times, the time ratio between the case where the pseudo current is not generated and the case where the pseudo current is generated is relatively compared with each other. The pseudo-current can be further widened.
[0063]
FIG. 20 is a block diagram showing the principal part of another embodiment of the semiconductor integrated circuit device according to the present invention. Generally, a one-chip microcomputer is provided with a sleep (SLEEP) mode. In this sleep mode, the operation of the internal circuit is stopped and the statistical analysis of the operation of the microcomputer as described above is not performed. In such a sleep mode SLEEP or low power consumption mode, the operation of the pseudo current generator is stopped to reduce power consumption. That is, when the SLEEP signal enters the high-level sleep mode, the operations of the oscillation circuit and the pseudo current generator are stopped to reduce current consumption.
[0064]
FIG. 21 is a block diagram showing the principal part of still another embodiment of the semiconductor integrated circuit device according to the present invention. In this embodiment, a determination circuit for a data reference area in a program is added. In FIG. 21, four examples of the storage device 1, the storage device 2, and the register 1 and the register 2 are prepared as examples of the data reference area. The storage devices 1 and 2 are storage areas such as ROM, RAM, and EEPROM, for example, and the registers 1 and 2 are I / O ports and specific registers, for example.
[0065]
A pseudo current generator is provided corresponding to each data reference area on a one-to-one basis. That is, a pseudo-current generator 3207 is provided for the storage device 1 timing generator 3206, and a pseudo-current generator 3209 is provided for the storage device 2 timing generator 3208, and the register 1 timing generator 3210. Is provided with a pseudo-current generation unit 3211, and the register 2 timing generator 3212 is provided with a pseudo-current generation unit 3213.
[0066]
The area determination circuit 3204 takes in address information and the like output from the CPU 3201 via the bus line 3203. The interrupt control circuit 3202 enables / disables the operation of the operation area determination circuit 3204 by an interrupt operation. If the operation area determination circuit is validated, the address on the bus line is monitored, and if an address corresponding to one of the storage devices 1 and 2 or the registers 1 and 2 is designated, a pseudo current generation corresponding to each is generated. Operate the turning part.
[0067]
For example, when the storage device 1 is RAM, the storage device 2 is assigned to the EEPROM, the register 1 is assigned to the I / O port 1, and the register 2 is assigned to the I / O port, the CPU 3201 is accessing the RAM Then, a random number is generated using the clock formed by the timing generator 3206 for the storage device 1 and the oscillation output formed by the oscillation circuit 3205, and a pseudo current is generated by the pseudo current generator 3207. When the CPU 3201 is accessing the EEPROM, a random number is generated using the clock formed by the timing generator 3208 for the storage device 2 and the oscillation output formed by the oscillation circuit 3205, thereby generating a pseudo current generator 3209. Generates a false current.
[0068]
Similarly, when the CPU 3201 inputs / outputs data using the I / O port 1, it generates a random number using the clock formed by the register 1 timing generator 3210 and the oscillation output formed by the oscillation circuit 3205. Thus, a pseudo current is generated by the pseudo current generator 3211. When the CPU 3201 inputs / outputs data using the I / O port 2, a random number is generated using the clock formed by the register 2 timing generator 3212 and the oscillation output formed by the oscillation circuit 3205. Thus, the pseudo current generator 3213 generates a pseudo current.
[0069]
As described above, since the pseudo current generation unit itself is switched for each address space accessed by the CPU 3201, the pseudo current generation unit itself forms an irregular current as described above, and generates a pseudo current. By switching the parts themselves, the combination of irregular currents can be further complicated.
[0070]
FIG. 22 is a block diagram showing the principal part of still another embodiment of the semiconductor integrated circuit device according to the present invention. In this embodiment, an address generated by the CPU and data exchanged by the CPU are used instead of the random number. That is, the pseudo current value is made different according to the address formed by the CPU. The operation of the pseudo current generator control circuit is enabled / disabled as described above by a command from the CPU or the like. When the operation is enabled from the pseudo current generator control circuit, the pseudo current generator input generation circuit takes in the address signal on the bus line, regards it as a random number, and synchronizes it with the timing generator clock. Form. At this time, even when the address is the same, when viewed as a current waveform in relation to the timing of the timing generator, the same effect as a different pseudo current can be exhibited.
[0071]
In a one-chip microcomputer such as an IC card chip, a program is executed at a certain fixed timing in synchronization with an external clock. In addition, when executing a normal program, the number of instruction execution cycles is fixed each time, and as a result, the current waveform is also fixed.
[0072]
The method of estimating the contents of encryption processing and the encryption key by the statistical current analysis uses the above-described operation characteristics of the one-chip microcomputer. That is, when the same operation is performed every time the input data to the IC card is changed, the same command is always executed at a specific timing. Therefore, when there is a feature of the consumption current waveform depending on the input data, it is considered that the feature can be detected relatively easily by comparing the current waveform on the same time axis. Furthermore, if there is a dependency of the consumption current waveform on security information such as encryption keys or data on the algorithm of encryption processing, this data dependency is made obvious by accumulating it through statistical processing, and security information is illegally obtained. Will end up.
[0073]
In the present inventor, in order to realize an IC card and a semiconductor integrated circuit device that realizes enhanced security, an apparatus that generates a random signal instead of or in addition to the generation of the false current as described above. I thought about changing the procedure or timing of cryptographic processing. By doing so, the procedure and timing of the encryption process change every time, so that the current consumption waveform as seen on the time axis changes. The timing for performing specific cryptographic processing will change, and by comparing the current waveforms on the time axis as described above, analysis of data dependency can be made difficult, in other words, virtually impossible. .
[0074]
FIG. 23 is a schematic block diagram showing one embodiment of an IC card chip (semiconductor integrated circuit device) mounted on the IC card according to the present invention. Each circuit block shown in the figure is formed on a single semiconductor substrate such as single crystal silicon, although it is not particularly limited by a known semiconductor integrated circuit manufacturing technique as in FIG.
[0075]
As described above, the IC card chip 401 according to the present invention has a central processing unit (CPU) 413, a ROM (Read Only Memory) 410, a RAM (Random Access Memory) 411, and an EEPROM (Electrical Erasable Programmable Read Only Memory) 412. And the like, a random number generator 402 and a timing generation circuit 406 added by the present invention, and a storage device such as an input / output port (I / O port) 414.
[0076]
As shown in FIG. 2, the timing generation circuit 406 includes a clock generation circuit that receives a clock signal supplied from an external terminal (not shown) and generates a clock signal necessary for the operation of an internal circuit such as the CPU 413. In addition, when the cryptographic operation circuit (RNG module) is mounted, a random number necessary for the cryptographic circuit formed by the random number generator 402 may be used in combination. For example, the random number generator 402 may be a part related to random number generation in FIGS.
[0077]
In this embodiment, the random number generator 402 generates a random number, that is, a random signal. Roughly described, the timing generation circuit 406 configures a timer that makes the interval variable by the generated random number, and changes the timing by inserting CPU interrupt processing at random. The interval generation circuit 403 receives and holds the random number. The underflow determination circuit 405 connects the selector 408 to the interval generation circuit 403 side when the output of the counter 407 is zero, and sets (loads) the random number as the initial value of the counter 407. When an initial value corresponding to the random number is set in the counter 407, the underflow determination circuit 405 detects it and switches the selector 408 to the decrementer 404 side. As a result, the counter output is input to the decrementer 404, the calculation operation of −1 is performed, and the counter output is input to the counter 407 through the selector 408, whereby the count down operation of −1 is performed.
[0078]
When the underflow determination circuit 405 detects that the output of the counter 407 has become zero by the down-counting operation, the underflow determination circuit 405 generates an interrupt request signal 409 to the CPU 413 and switches the selector 408 to the counter 407 to generate an interval. The random number input in 403 is reloaded as an initial value. Since the output of the counter 407 is not zero by the reloaded initial value, the underflow determination circuit 405 switches the selector 408 to the decrementer 404 and performs the down-counting operation again as described above.
[0079]
By repeating the operation as described above, the interrupt request 409 at random timing is input from the timing generation circuit 406 to the CPU 413, and the original data processing is interrupted each time, and another interrupt request corresponding to the interrupt request is generated. Data processing is performed. Since the data processing by this interruption is intended to change the current waveform on the time axis as described above, appropriate data processing that does not adversely affect the original data processing operation, such as the RAM 411, Reading operation of an EEPROM or the like is performed.
[0080]
FIG. 24 is a timing chart for explaining an example of the operation of the IC card chip according to the present invention. The random number 501 (random number A) formed by the random number generator is loaded into the counter as the initial value 502, the down-counting operation is performed as described above, and the count value becomes smaller corresponding to the counting operation of -1. . In the figure, a change in the count value 504 due to such a down-counting operation is represented by a straight line descending to the right.
[0081]
During the down-counting operation as described above, the IC card chip performs original data processing such as encryption processing 507. When the count value 504 becomes zero, an interrupt request 505 is generated. Therefore, the encryption process 507 is interrupted and an interrupt process 508 is executed instead. At the same time as this interrupt request, the random number generator 501 forms a random number B different from the above in the random number generator, is loaded into the counter as the initial value 503, and the down-counting operation is performed as described above. When the certain interrupt operation is finished, the interrupted encryption process 507 is executed again. When the count value 504 becomes zero, an interrupt request is generated again.
[0082]
The interval 506 at which the interrupt request as described above is made changes randomly by the random number 501 formed by the random number generator, in other words, irregularly or without reproducibility. As described above, the interrupt processing unrelated to the original data processing of the IC card chip is randomly inserted, so that the procedure and timing of the encryption processing changes every time, and the current consumption waveform changes on the time axis. become. As a result, the timing for performing the specific encryption process changes, and the data dependence analysis can be made substantially impossible by comparing the current waveforms on the time axis as described above.
[0083]
FIG. 25 is a waveform diagram for explaining an example of the operation of the IC card chip according to the present invention. In order to facilitate understanding of the present invention, FIG. 1A shows an operation waveform in a normal IC card chip for comparison, and FIG. 2B shows an IC card according to the present invention. A waveform diagram of the chip is shown.
[0084]
In FIG. 9A, the same current (I1 = I2) is generated in the first (1st tracing) and second power supply currents I1 and I2 because the same signal is transmitted to the bus Bus and the same circuit operates. It will be. In this way, the program is executed at a certain fixed timing, and the number of instruction execution cycles is fixed each time. As a result, the current waveforms are the same as described above.
[0085]
As shown in FIG. 5B, when a random interrupt process is inserted, even if the same encryption process is performed in the first time and the second time, a dummy routine (dummy routine) caused by an interrupt is performed each time. ) Are executed at different timings, and the current waveform of the first current I1 is different from that of the second current I2 (I1 ≠ I2). As a result, in the IC card or the like according to the present invention, there is no particular dependency on the consumption current waveform for the security information such as the encryption key and the data on the algorithm of the encryption process. Deciphering can be made hard.
[0086]
FIG. 26 is a schematic block diagram showing another embodiment of an IC card chip (semiconductor integrated circuit device) mounted on the IC card according to the present invention. In this embodiment, a random number setting register 415 is provided instead of the random number generator 402. The random number setting register 415 is loaded with a random number generated by a random number generation program by the CPU 413. Although not particularly limited, the CPU 413 executes a random number generation program built in the ROM 410 in response to an interrupt request, and loads a random number generated by performing random number generation processing such as multiplication and addition into the random number setting register 415. Process.
[0087]
In the timing generation circuit 406, by causing the interval generation circuit 403 to load the generated random number, an interrupt request at a random interval is generated in the same manner as described above, and each time a random number is formed by the program, the original data processing To return to. Therefore, when the IC card is connected to the reader / writer, the CPU 413 may first execute the random number generation program in response to the connection. In this configuration, since random numbers are generated in software, the circuit can be simplified.
[0088]
FIG. 27 is a schematic block diagram showing another embodiment of an IC card chip (semiconductor integrated circuit device) mounted on the IC card according to the present invention. In this embodiment, an oscillator 416 is provided in place of the random number generator 402. The oscillator 416 is a ring oscillator that utilizes changes in device characteristics in response to changes in the temperature of the device and changes in power supply voltage, and the time constant is changed as shown in FIGS. 12 and 13 by its own oscillation signal. A ring oscillator or an oscillation circuit that performs an unstable oscillation operation using a PLL circuit as shown in FIGS. 11 and 14 may be used.
[0089]
In this embodiment, the clock cycle of the counter changes corresponding to the fluctuation of the oscillation frequency of the oscillator 416, and the cycle (interval) in which the underflow determination circuit 405 determines all zeros is different even with the same count value. In the same manner as described above, a random interrupt request is made.
[0090]
In this embodiment, a monitoring register 417 is added. Thereby, it can be monitored from the program of the CPU 413 whether or not random timing insertion is functioning normally. In response to the interrupt request 409, the flip-flop F / F in the monitoring register 417 is set. The monitoring register 417 can be read from the CPU 413 via the data bus. The monitoring means described above has an important meaning in that it is easy to create a program against illegal information acquisition using physical destruction of an IC card chip (one-chip microcomputer). It is.
[0091]
FIG. 28 is a schematic block diagram showing still another embodiment of an IC card chip (semiconductor integrated circuit device) mounted on the IC card according to the present invention. In this embodiment, using a random signal formed by the random number generator 402 and the timing generation circuit 406, a pseudo process consisting of the above instructions is inserted into the CPU 413 to change the timing.
[0092]
The timing generation circuit 406 uses the random number generator 402 to supply random instruction insertion timing. The CPU 413 fetches an instruction from the ROM 410 via the address bus and the data bus, and executes the instruction. The fetched instruction is sent from the instruction register 4014 to the instruction decoder 4008 via the instruction change circuit 4004. In response to the signal from the instruction decoder 4008, the control circuit 4009 controls the arithmetic unit 4013 and other circuits to control the execution of the instruction.
[0093]
Normally, the instruction from the instruction register 4014 is sent to the instruction decoder 4008 without being changed in the instruction change circuit 4004. However, when the instruction insertion timing is requested, the instruction change circuit 4004 changes the instruction to a no-operation instruction (NOP instruction). Further, at this time, although not shown in this drawing, an update stop signal of the program counter 4012 is outputted. This update stop signal instructs to stop the update of the program counter 4012 accompanying instruction execution. This is to prevent the program counter 4012 from being excessively changed by the NOP instruction inserted by the instruction change circuit 4004.
[0094]
FIG. 29 is a timing chart for explaining an example of the operation of the IC card chip of FIG. This figure shows a timing chart in the case of a normal operation where no instruction insertion timing is required. The CPU fetches an instruction from the ROM via the address bus and the data bus and executes the instruction. That is, the fetched instruction is sent from the instruction register to the instruction decoder via the instruction change circuit to execute the instruction. That is, the process from instruction fetch from the ROM to its execution is sequentially performed as A-B-C-D-E-F.
[0095]
FIG. 30 is a timing chart for explaining another example of the operation of the IC card chip of FIG. This figure shows a timing chart when instruction insertion timing is requested. That is, if instruction insertion timing 1407 occurs when executing instruction B, instruction B is changed at this time and NOP instruction 1406 is executed. When the NOP instruction 1406 is executed, the instruction B fetch cycle 1402 is performed again. In this way, in FIG. 30, the instruction insertion timing 1407 is used to insert an instruction that does not adversely affect normal cryptographic processing, and the timing is changed.
[0096]
FIG. 31 is a timing chart for explaining an example of still another operation of the IC card chip of FIG. This figure shows a timing chart in the case of a normal operation where no instruction insertion timing is required. The CPU fetches an instruction from the ROM via the address bus and the data bus and executes the instruction. That is, the fetched instruction is sent from the instruction register to the instruction decoder via the instruction change circuit to execute the instruction. That is, the process from instruction fetch from the ROM to its execution is sequentially performed as A-B-C-D-E-F. This timing diagram is for comparison with FIG. 32 described next.
[0097]
FIG. 32 is a timing chart for explaining still another example of the operation of the IC card chip of FIG. Normally, in the IC card chip that executes instructions as shown in FIG. 31, the following instruction execution is changed according to the request for instruction insertion timing. For example, when the instruction B on the fetched data bus is set in the instruction register 1705 and the instruction insertion timing 1708 is requested, the instruction B is changed at this time, and is not a NOP instruction, The difference is that a branch instruction BRAB to the program counter is used.
[0098]
When the branch instruction BRAB to the current program counter is executed as described above, it is not necessary to stop changing the program counter unlike when the MOP instruction is executed. This is because the inserted instruction BRAB is a branch instruction to the current PC, and the value of the program counter is correctly updated by executing this instruction. When the instruction BRAB is executed, the instruction B fetch cycle 1702 is performed again.
[0099]
As a result of the random change of the command, even if the same encryption processing is performed in the first time and the second time as shown in FIG. 25B, the command change is executed each time. The timing is different, and correspondingly, the current waveform of the first current I1 and the second current I2 can be different (I1 ≠ I2). As a result, in the IC card or the like according to the present invention as described above, there is no particular dependency on the consumption current waveform for the security information such as the encryption key or the data on the algorithm of the encryption process, and the current waveform analysis is performed as described above. This makes it difficult to decrypt the encryption key.
[0100]
The idea of the invention according to this application is to change the consumption current waveform when viewed on the time axis irregularly, in other words, without reproducibility. As a means for changing the current consumption on the time axis, instead of inserting the pseudo process as described above, or by giving a random fluctuation to the frequency of the clock itself in the same way, It is possible to change the current consumption when viewed.
[0101]
In a one-chip microcomputer such as an IC card chip, a program is executed at a certain fixed timing in synchronization with an external clock. In addition, when executing a normal program, the number of instruction execution cycles is fixed each time, and as a result, the current waveform is also fixed. Therefore, if the phase of the internal clock is changed when viewed on the time axis in relation to the external clock, the timing for performing specific encryption processing will change slightly, and the current waveform will be changed as described above. By comparing on the time axis, data dependency analysis can be made virtually impossible.
[0102]
FIG. 33 is a schematic block diagram showing still another embodiment of an IC card chip (semiconductor integrated circuit device) mounted on the IC card according to the present invention. The IC card chip according to the present invention comprises a CPU 413, a storage device such as a ROM 410, a RAM 411, and an EEPROM 412, an input / output port (I / O port) 414, and the like, and a random number generation circuit 402 added according to the present invention. , A control register 421 and a clock generation circuit 418.
[0103]
The clock generation circuit 418 receives an external clock CLK supplied from the outside of the one-chip microcomputer and changes its frequency to form an internal clock 420 of the microcomputer. Whether or not the clock generation circuit 418 changes the frequency can be controlled by a frequency jitter enable signal 422. The frequency jitter enable signal 422 can be controlled from a program by setting it in the control register 421 by the CPU 413. The method for enabling ON / OFF control of random timing according to the present invention is not limited to this embodiment, and can be applied to all of the present invention. For example, the random timing function of the present invention can be turned off when synchronization is necessary when the IC card communicates with the reader / writer.
[0104]
The clock generation circuit 418 changes the frequency of the internal clock signal 420 using the random number formed by the random number generation circuit 402. For this reason, the random number generation circuit 402 is required. However, when the cryptographic operation circuit (RNG module) is mounted, the random number required by the random number generator 402 may be used together. Good. For example, the random number generator 402 may be a part related to random number generation in FIGS.
[0105]
FIG. 34 is a block diagram showing an embodiment of a clock generation circuit mounted on the IC card chip (semiconductor integrated circuit device) shown in FIG. In this embodiment, a PLL circuit including a phase comparator 4110, a low-pass filter 4111, a VCO (voltage controlled oscillation circuit) 4112, and a frequency divider 4113 is used. Capacitors C1 to Cn are connected to a capacitor C0 that holds the control voltage of the VCO 4112 through a MOSFET Q that is switch-controlled by a frequency Zic enable signal. Random numbers formed by the random number generation circuit are input to the other ends of these capacitors C1 to Cn.
[0106]
Since the low-level or high-level signal corresponding to the random number is input to the capacitors C1 to Cn, charge dispersion occurs between the capacitors C0 and the capacitor C0 and the control voltage is changed. As a result, the frequency of the oscillation signal formed by the VCO changes, and the period of the clock signal formed by dividing the frequency changes. As described above, by randomly changing the cycle of the operation clock, it is possible to make the analysis by comparing the current waveform in the cryptographic processing or the like on the time axis as described above substantially impossible. The frequency jitter enable is a signal for controlling whether or not the frequency is changed. When the frequency jitter enable is set to a low level, the MOSFET Q is turned off so that the control voltage by the random number as described above does not change. it can.
[0107]
FIG. 35 is a block diagram showing another embodiment of the clock generation circuit mounted on the IC card chip (semiconductor integrated circuit device) shown in FIG. In this embodiment, frequency dividing circuits 4114, 4115 and 4116 having different frequency dividing ratios, a switching synchronization circuit 4117, a clock switching circuit 4118 and a selector 4119 are used. The clock switching circuit 4118 is activated by a clock frequency division enable signal and controls the selector 4119 according to a random number to select one of the three frequency division outputs for output.
[0108]
When the division ratio is different such as 1/2, 1/4, and 1/8, the switching synchronization circuit 4117 monitors the waveform that is currently being output at the time of switching, detects the end timing, and detects the clock switching circuit. Is instructed to switch the secretor 4119. As a result, the microcomputer clock has continuity, in other words, the cycle is switched without generating noise such as a hazard. Thus, by changing the timing of data processing by changing the division ratio of the operation clock at random, analysis by comparing the current waveform in encryption processing etc. on the time axis as described above Can be made virtually impossible. The clock frequency division enable is a signal for controlling whether or not the frequency is changed according to the frequency division ratio, and can selectively stop the frequency division ratio switching by a random number.
[0109]
FIG. 36 is a block diagram showing still another embodiment of the clock generation circuit mounted on the IC card chip (semiconductor integrated circuit device) shown in FIG. In this embodiment, a clock delay amount generation circuit 4102, a switching synchronization circuit 4121 and a clock delay amount switching circuit 4122 are used. The clock delay amount switching circuit 4122 is activated by a clock delay enable signal, and controls the clock delay amount generation circuit according to a random number to change and output the delay amount of the clock signal CLK supplied from the outside.
[0110]
In the clock delay amount generation circuit, the resistor R2 is selectively connected in parallel to the resistor R1 through the switch MOSFETQ among the delay circuit including the inverter circuit IV and the resistor R1 and the capacitor C provided at its output. Such variable delay circuits are connected in series in a plurality of stages, and switches at each stage are switch-controlled by switch control signals S1 to S3 corresponding to the random numbers. The switching synchronization circuit 4121 monitors the input clock signal CLK, detects its change timing, and instructs the clock delay amount switching circuit 4122 to change the switch control signals S1 to S3 corresponding to the random numbers. Thereby, although the microcomputer clock has the same frequency as the input clock signal CLK, the delay amount, that is, the phase of the microcomputer clock is changed corresponding to the random number.
[0111]
FIG. 37 is a schematic block diagram showing still another embodiment of an IC card chip (semiconductor integrated circuit device) mounted on the IC card according to the present invention. The IC card chip according to the present invention comprises a CPU 413, a storage device such as a ROM 410, a RAM 411, and an EEPROM 412, an input / output port (I / O port) 414, and the like, and a random number generation circuit 402 added according to the present invention. The timing generation circuit 406, the bus right request circuit 419, and the bus right arbitration circuit 420 are used. In addition to the CPU 413, if there is a peripheral circuit that becomes a bus master, such as a DMAC (direct memory access control circuit), the bus right request circuit 419 and the bus right arbitration circuit 420 exist. it can.
[0112]
In this embodiment, the CPU 413 releases the bus right to change the data processing timing. The timing generation circuit 406 receives the random number from the random number generator 402 and instructs the bus right request circuit 419 about the bus cycle insertion timing. At this timing, the bus right request circuit 419 outputs a bus right request signal to the bus right arbitration circuit 420. The bus right arbitration circuit 420 negates the bus right CPU permission signal and asserts the bus right permission signal at the break of the bus cycle. The CPU 413 abandons the bus right by negating the bus right CPU permission signal, and stops outputting the address bus and the read signal.
[0113]
The bus right request circuit receives the bus right grant signal and outputs an address bus and a read signal to access the memory. When such bus cycle insertion timing is asserted, it becomes possible to insert a memory access cycle regardless of the original encryption processing. Similarly to the above, in the IC card or the like according to the present invention, security information such as an encryption key or encryption There is no particular dependency on the consumption current waveform with respect to the data in the processing algorithm, and the decryption of the encryption key by analyzing the current waveform can be made difficult as described above.
[0114]
FIG. 38 is a timing chart for explaining an example of the operation of the IC card chip of FIG. When the bus right request signal 2502 is asserted, the bus right CPU permission signal 2504 is negated and the bus right permission signal 2506 is asserted. In response to the negation of the bus right CPU permission signal 2504, the CPU bus cycle is interrupted and the bus right request circuit bus cycle 2511 is performed. As described above, the timing at which the bus right request signal is asserted changes randomly according to the random number, and the interval becomes irregular. For this reason, as described above, there is no particular dependency on the current consumption waveform for security information such as an encryption key or data on the algorithm for encryption processing, and the decryption of the encryption key by the analysis of the current waveform is substantially performed as described above. Can be impossible.
[0115]
FIG. 39 is a schematic block diagram showing still another embodiment of an IC card chip (semiconductor integrated circuit device) mounted on the IC card according to the present invention. The IC card chip according to the present invention comprises a CPU 413, a storage device such as a ROM 410, a RAM 411, and an EEPROM 412, an input / output port (I / O port) 414, and the like, and a random number generation circuit 402 added according to the present invention. The timing generation circuit 406 and the wait request circuit 421 are used.
[0116]
In this embodiment, the data processing timing is changed by inserting wait cycles randomly into the bus cycle of the CPU 413. The timing generation circuit 406 receives the random number from the random number generator 402 and instructs the wait request circuit 421 to insert the wait request signal. At this timing, the wait request circuit 421 asserts a wait request signal for the bus cycle to the CPU 413. When the wait request signal is asserted, the CPU 413 performs a bus cycle longer than a normal bus cycle.
[0117]
As described above, the timing at which the wait request signal is asserted changes randomly corresponding to the random number, and the interval becomes irregular. For this reason, as described above, there is no particular dependency on the current consumption waveform for security information such as an encryption key or data on the algorithm for encryption processing, and the decryption of the encryption key by the analysis of the current waveform is substantially performed as described above. Can be impossible.
[0118]
FIG. 40 is a timing chart for explaining an example of the operation of the IC card chip of FIG. When receiving a wait insertion timing signal generated randomly from the timing generation circuit 406, the wait request circuit 421 asserts a wait request signal to the CPU 413. When the wait request signal is asserted, the CPU 413 executes the bus cycle 2706 longer than the normal bus cycles 2704 and 2705.
[0119]
The wait insertion timing signal is randomly generated corresponding to the random number generated by the random number generator 402 as described above, and the interval becomes irregular. Therefore, as described above, the current consumption waveform for the security information such as the encryption key and the data on the algorithm of the encryption process is not particularly dependent. As a result, the decryption of the encryption key by the analysis of the current waveform is performed as described above. It can be made virtually impossible.
[0120]
FIG. 41 is a schematic block diagram showing a further embodiment of an IC card chip (semiconductor integrated circuit device) mounted on the IC card according to the present invention. The configuration of the IC card chip according to the present invention comprises a timer that makes the interval variable by the random number generated by the random number generator 402 as shown in FIG. 23 and inserts the interrupt processing of the CPU 413 at random. To change the timing. In addition to this, a pseudo-current generation circuit 422 is also mounted so that a pseudo-current is generated by a random number generated by the random number generator 402.
[0121]
That is, by combining the one that generates a false current as in the embodiment typified by FIG. 2 and the like and the one that changes the procedure and timing of encryption processing by interruption as in the embodiment in FIG. The dependency of the consumption current waveform on the security information such as the encryption key and the data on the algorithm of the encryption processing is eliminated, and it becomes possible to make the decryption of the encryption key by analyzing the current waveform as described above more difficult.
[0122]
FIG. 42 is a schematic block diagram showing a further embodiment of an IC card chip (semiconductor integrated circuit device) mounted on the IC card according to the present invention. The configuration of the IC card chip according to the present invention comprises a timer that makes the interval variable by the random number generated by the random number generator 402 as shown in FIG. 28, and the instruction executed by the CPU 413 is changed. The program is replaced with a NOP instruction or a branch instruction to the current program counter and executed. In this way, instruction insertion that does not adversely affect normal cryptographic processing is performed, and the timing is changed. In addition to this, a pseudo-current generation circuit 422 is also mounted so that a pseudo-current is generated by a random number generated by the random number generator 402.
[0123]
That is, by combining the one that generates a false current as in the embodiment typified by FIG. 2 and the like and the one that changes the instruction of encryption processing by interruption as in the embodiment in FIG. Thus, the dependency of the consumption current waveform on the security information and the data on the algorithm of the encryption process is eliminated, and the decryption of the encryption key by the analysis of the current waveform as described above can be made more difficult.
[0124]
As described above, pseudo-currents with irregularities that are not related to internal circuit operation are generated and the reproducibility is impaired, and the operation on the time axis of the data processing procedure is randomly changed and consumed. What changes the current waveform may be selected and combined as appropriate from the above embodiments in addition to FIG. 41 and FIG.
[0125]
FIG. 43 is a timing chart for explaining an example of still another operation of the IC card chip (semiconductor integrated circuit device) mounted on the IC card according to the present invention. A random number 511 (random number A) formed by the random number generator is loaded into the counter as an initial value 512, a down-count operation is performed, and the count value is decreased corresponding to a count operation of -1. In the figure, the change in the count value 514 due to such a down-counting operation is represented by a straight line descending to the right.
[0126]
During the down-counting operation as shown in the figure, the IC card chip performs a plurality of data processes that can be executed in parallel, such as process A 518, process B 519, and process C 520, in a time-sharing manner. When the count value 514 becomes zero, the process A518 being executed is interrupted and a task schedule process is executed instead. Simultaneously with this task scheduling process, the random number generator 511 forms a random number B different from the above in the random number generator, is loaded into the counter as the initial value 513, and the down-counting operation is performed as described above. After the certain process, the task schedule process ends and the execution of the different process B519 is resumed. Then, when the count value 514 becomes zero, the task schedule process is operated again.
[0127]
The interval 516 for executing the above processing changes irregularly by the random number 511 formed by the random number generator. In this way, the process to be performed in the IC card chip is divided into a plurality of processes, the execution order and timing of each change, and the consumption current waveform when viewed on the time axis changes. As a result, the timing for performing a process including a specific encryption process changes, and the data dependency can be made difficult to analyze by comparing the current waveforms on the time axis as described above. In this case, the data processing can be efficiently performed because the parallel processing interval can be used instead of the pseudo processing as described above.
[0128]
The effects obtained from the above embodiment are as follows. That is,
(1) An operating voltage including a data processing device and a ROM in which data processing procedures including security information processing by the data processing device are written, and an external terminal is electrically connected to an external device such as a read / write device. In an IC card or a semiconductor integrated circuit device in which a data processing operation is performed according to the data processing procedure, including a data processing device and a ROM in which the data processing procedure by the data processing device is written. By providing a means for changing the timing of the data processing operation, the current consumption waveform changes on the time axis as described above because the procedure and timing of encryption processing changes each time and the current consumption waveform changes on the time axis. Improve security by making data dependency analysis of comparison virtually impossible The effect that it can be obtained.
[0129]
(2) As a means for irregularly changing the timing of the data processing procedure, the security can be realized with a simple configuration by randomly inserting a pseudo process into the data processing procedure. An effect is obtained.
[0130]
(3) By using interrupt processing from a timer set by a random number as means for irregularly inserting pseudo processing into the above data processing procedure, the above security can be effectively achieved with a simple configuration. The effect that it can be obtained.
[0131]
(4) By providing a register for monitoring whether an interrupt operation by the interrupt process is being performed, it is possible to determine whether or not the interrupt process function is operating normally by a CPU program. The effect that reliability can be made high is acquired.
[0132]
(5) As a means for irregularly inserting pseudo processing into the above data processing procedure, interrupt processing from a constant count output corresponding to fluctuations in oscillation frequency formed by an unstable oscillation circuit is used. As a result, it is possible to effectively achieve confidentiality protection with a simple configuration.
[0133]
(6) As a means for irregularly inserting pseudo-processing into the above data processing procedure, effective security can be achieved with a simple configuration by inserting another instruction at a timing set by a random number. The effect that it can be obtained.
[0134]
(7) As the other instruction, while using a no-operation instruction, by stopping the update of the program counter at the time of the instruction, the data processing procedure can be performed without affecting the data processing by the original instruction. The effect that it can be changed irregularly is obtained.
[0135]
(8) By using a branch instruction to the current program counter as the other instruction, the above data can be easily taken into consideration without affecting the data processing by the original instruction without considering the operation of the program counter. The effect that the processing procedure can be changed irregularly is obtained.
[0136]
(9) A bus right request circuit and a bus right arbitration circuit are used as means for irregularly inserting pseudo processing into the data processing procedure, and the bus right request circuit uses the bus right request circuit at a timing set by a random number. By obtaining the above and temporarily interrupting the bus cycle by the CPU, an effect of realizing effective security can be obtained.
[0137]
(10) By using a wait request circuit as means for irregularly inserting pseudo-processing into the above data processing procedure, the bus request cycle by the wait request circuit is lengthened by the wait request circuit at a timing set by a random number. Thus, it is possible to achieve effective security with a simple configuration.
[0138]
(11) As a means for irregularly changing the timing of the data processing procedure, the security can be realized with a simple configuration by irregularly changing the cycle of the operation clock signal of the data processing apparatus. Is obtained.
[0139]
(12) As a means for irregularly changing the period of the operation clock signal, a clock generation circuit composed of a PLL circuit is used, and a capacitor that holds the control voltage of the VCO in the PLL circuit is connected to a plurality of switches by a switching means. By selectively connecting one electrode of a capacitor and supplying a voltage signal corresponding to a random number to the other end of the plurality of capacitors, a random clock signal can be changed over a wide range. The effect of further strengthening the protection can be obtained.
[0140]
(13) As means for irregularly changing the period of the operation clock signal, specified by a random number from among a plurality of divided outputs formed by a plurality of divider circuits receiving a clock signal supplied from an external end By selectively outputting one frequency-divided output through a selector, it is possible to change a random clock signal in a relatively wide range with a simple configuration, thereby enhancing security. The effect of being able to be obtained.
[0141]
(14) As means for irregularly changing the period of the operation clock signal, the delay amount of the variable delay circuit receiving the clock signal supplied from the external end is controlled by a random number, so that the configuration can be simplified. Since the random clock signal can be changed in a relatively wide range, the effect of enhancing the security can be obtained.
[0142]
(15) Using a non-controlled oscillation circuit and a first shift register receiving the oscillation output as a random number generation circuit for forming the random number, a clock signal for performing a shift operation of the first shift register is the oscillation output As a result, the random number can be easily generated.
[0143]
(16) As the random number generation circuit, a shift register that receives the VCO output of the PLL circuit is used. The PLL circuit uses the oscillation output of the non-controlled oscillation circuit as a reference signal, and forms the control signal for the VCO. By changing the capacitance value of the low-pass filter based on the non-controlled oscillation output and the frequency-divided output of the VCO, frequency fluctuations can be made large and irregular, and random numbers can be generated effectively. The effect that it can be made is acquired.
[0144]
(17) As means for changing the timing of the data processing operation, by switching a plurality of data processing that can be executed in parallel according to a random number, the above-described security is achieved and the efficiency of the data processing is improved. The effect of being able to be obtained.
[0145]
(18) A data processing procedure including a ROM to which an operating voltage is supplied by electrically connecting an external terminal to a read / write device, and in which a data processing procedure by the data processing device and the data processing device is written. In the semiconductor integrated circuit device in which data input / output operations are performed according to the above, the provision of means for irregularly changing the timing of the data processing procedure, the procedure and timing of the encryption processing changes every time when viewed on the time axis. Since the consumption current waveform changes, it is possible to substantially enhance the security of the semiconductor integrated circuit device by making it impossible to analyze the data dependency of comparing the current waveform on the time axis as described above. An effect is obtained.
[0146]
(19) As a means for irregularly changing the timing of the data processing procedure, the pseudo-processing is irregularly inserted into the data processing procedure, so that the confidentiality of the semiconductor integrated circuit device can be simplified. The effect that protection is realizable is acquired.
[0147]
(20) By using interrupt processing from a timer set by a random number as means for irregularly inserting pseudo processing into the data processing procedure, the semiconductor integrated circuit device can be effectively configured with a simple configuration. The effect that the confidentiality protection can be realized.
[0148]
(21) By providing a register 1 for monitoring that an interrupt operation by the interrupt process is being performed, it is possible to determine whether or not the interrupt process function is operating normally by a CPU program. There is an effect that the reliability of the security protection function of the circuit device can be increased.
[0149]
(22) As means for irregularly changing the timing of the data processing procedure, the period of the operation clock signal of the data processing apparatus is irregularly changed, whereby the security of the semiconductor integrated circuit device can be protected with a simple configuration. The effect that can be realized is obtained.
[0150]
(23) As a means for irregularly changing the period of the operation clock signal, a clock generation circuit configured by a PLL circuit is used, and a capacitor that holds the control voltage of the VCO in the PLL circuit is connected to a plurality of switches by a switching means. By selectively connecting one electrode of a capacitor and supplying a voltage signal corresponding to a random number to the other end of the plurality of capacitors, a random clock signal can be changed over a wide range. There is an effect that the security of the integrated circuit device can be further enhanced.
[0151]
(24) As a means for irregularly changing the cycle of the operation clock signal, specified by a random number among a plurality of frequency division outputs formed by a plurality of frequency divider circuits receiving a clock signal supplied from an external end By selectively outputting one frequency-divided output via a selector, random clock signals can be changed in a relatively wide range with a simple configuration, so that the security of the semiconductor integrated circuit device can be protected. The effect that the reinforcement | strengthening can be aimed at is acquired.
[0152]
(25) As means for irregularly changing the period of the operation clock signal, the delay amount of the variable delay circuit that receives the clock signal supplied from the external end is controlled by a random number. Since the random clock signal can be changed in a relatively wide range, it is possible to enhance the security of the semiconductor integrated circuit device.
[0153]
(26) As a random number generation circuit for forming the random number, a non-controlled oscillation circuit and a first shift register that receives the oscillation output are used, and a clock signal for performing a shift operation of the first shift register is the oscillation output. As a result, it is possible to easily generate random numbers in the semiconductor integrated circuit device.
[0154]
(27) As means for changing the timing of the data processing operation, by switching a plurality of data processing that can be executed in parallel according to a random number, the semiconductor integrated circuit device is protected and the data processing efficiency is improved. The effect that it can aim at is acquired.
[0155]
The invention made by the inventor has been specifically described based on the embodiments. However, the invention of the present application is not limited to the embodiments, and various modifications can be made without departing from the scope of the invention. Nor. For example, the IC card may be one in which a plurality of semiconductor integrated circuit devices are mounted in addition to one in which one semiconductor integrated circuit device is mounted. In this case, the pseudo current generation circuit may be mounted on any one of the semiconductor integrated circuit devices. The random number generation circuit for generating the pseudo current may be anything other than the one that uses the asynchronous oscillation signal, such as one that samples a signal obtained by amplifying random noise using a clock.
[0156]
The semiconductor integrated circuit device may be anything as long as the data input / output operation is performed according to the data processing procedure including the data processing device and the ROM in which the data processing procedure by the data processing device is written. For example, in addition to the IC card chip as described above, it can be widely applied to various semiconductor integrated circuit devices that require security protection such as a one-chip microcomputer for games and the like. The present invention can be widely used in various IC cards and semiconductor integrated circuit devices that require security protection.
[0157]
【The invention's effect】
The effects obtained by the representative ones of the inventions disclosed in the present application will be briefly described as follows. That is, it includes a data processing device and a ROM in which data processing procedures including security information processing by the data processing device are written, and the operating voltage is reduced when the external terminal is electrically connected to an external device such as a read / write device. In an IC card or a semiconductor integrated circuit device including a data processing device and a ROM in which a data processing procedure by the data processing device is written and in which a data processing operation according to the data processing procedure is performed, By providing a means to change the timing of data processing operation, the current waveform is compared on the time axis as described above because the procedure and timing of encryption processing changes each time and the current consumption waveform changes on the time axis. Enhance data security by making it virtually impossible to analyze data dependencies It is possible to achieve.
[Brief description of the drawings]
FIG. 1 is an external view showing an embodiment of an IC card to which the present invention is applied.
FIG. 2 is a schematic block diagram showing an embodiment of an IC card chip mounted on an IC card according to the present invention.
3 is an equivalent circuit diagram of the IC card chip shown in FIG. 2. FIG.
FIG. 4 is a current waveform diagram for explaining the present invention.
FIG. 5 is a schematic configuration diagram showing one embodiment of a pseudo current generating circuit according to the present invention.
FIG. 6 is a specific circuit diagram showing one embodiment of a pseudo current generating circuit according to the present invention.
FIG. 7 is a schematic configuration diagram showing another embodiment of the pseudo current generating circuit according to the present invention.
8 is a block diagram showing an example of an interface unit of the cryptographic operation circuit of FIG. 2;
FIG. 9 is a flowchart of one embodiment for explaining a random number obtaining operation by a CPU.
10 is an overall configuration diagram showing an example of the cryptographic operation circuit of FIG. 2; FIG.
11 is a block diagram showing an embodiment of the oscillation circuits 1 and 2 of FIG.
12 is a circuit diagram showing an embodiment of an unstable oscillation circuit provided in FIG. 11. FIG.
13 is a circuit diagram showing another embodiment of the unstable oscillation circuit provided in FIG. 11. FIG.
14 is a block diagram showing another embodiment of the oscillation circuits 1 and 2 of FIG.
15 is a block diagram showing an embodiment of the output adjustment circuit of FIG.
FIG. 16 is a block diagram showing another embodiment of the random number generation circuit according to the present invention.
FIG. 17 is a block diagram showing another embodiment of a random number generation circuit according to the present invention.
FIG. 18 is a block diagram of relevant parts showing one embodiment of a semiconductor integrated circuit device according to the present invention;
FIG. 19 is a block diagram of relevant parts showing another embodiment of a semiconductor integrated circuit device according to the present invention;
FIG. 20 is a block diagram of relevant parts showing another embodiment of a semiconductor integrated circuit device according to the present invention;
FIG. 21 is a block diagram of relevant parts showing still another embodiment of the semiconductor integrated circuit device according to the present invention;
FIG. 22 is a block diagram of relevant parts showing still another embodiment of the semiconductor integrated circuit device according to the present invention;
FIG. 23 is a schematic block diagram showing an embodiment of an IC card chip mounted on an IC card according to the present invention.
FIG. 24 is a timing chart for explaining an example of the operation of the IC card chip according to the present invention;
FIG. 25 is a waveform diagram for explaining an example of the operation of the IC card chip according to the present invention.
FIG. 26 is a schematic block diagram showing another embodiment of an IC card chip mounted on an IC card according to the present invention.
FIG. 27 is a schematic block diagram showing another embodiment of an IC card chip mounted on an IC card according to the present invention.
FIG. 28 is a schematic block diagram showing still another embodiment of an IC card chip mounted on an IC card according to the present invention.
29 is a timing chart for explaining an example of the operation of the IC card chip of FIG. 28. FIG.
30 is a timing chart for explaining an example of the operation of the IC card chip of FIG. 28. FIG.
FIG. 31 is a timing chart for explaining still another example of the operation of the IC card chip of FIG.
32 is a timing chart for explaining yet another example of the operation of the IC card chip of FIG. 28. FIG.
FIG. 33 is a schematic block diagram showing still another embodiment of an IC card chip mounted on an IC card according to the present invention.
34 is a block diagram showing an embodiment of a clock generation circuit mounted on the IC card chip of FIG. 33. FIG.
35 is a block diagram showing another embodiment of the clock generation circuit mounted on the IC card chip of FIG. 33. FIG.
36 is a block diagram showing still another embodiment of the clock generation circuit mounted on the IC card chip of FIG. 33. FIG.
FIG. 37 is a schematic block diagram showing still another embodiment of an IC card chip mounted on an IC card according to the present invention.
FIG. 38 is a timing chart for explaining an example of the operation of the IC card chip of FIG. 37;
FIG. 39 is a schematic block diagram showing still another embodiment of an IC card chip mounted on an IC card according to the present invention.
40 is a timing chart for explaining an example of the operation of the IC card chip of FIG. 39. FIG.
FIG. 41 is a schematic block diagram showing a further embodiment of an IC card chip mounted on an IC card according to the present invention.
FIG. 42 is a schematic block diagram showing a further embodiment of an IC card chip mounted on an IC card according to the present invention.
FIG. 43 is a timing chart for explaining an example of still another operation of the IC card chip (semiconductor integrated circuit device) mounted on the IC card according to the present invention;
[Explanation of symbols]
DESCRIPTION OF SYMBOLS 201 ... Central processing unit (CPU), 202 ... I / O port, 203 ... Address bus, 204 ... Data bus, 205 ... Clock generation circuit, 206 ... ROM, 207 ... RAM, 208 ... EEPROM, 209 ... Operation circuit for encryption 210 ... False current generation circuit,
401: IC card chip, 402: random number generation circuit, 403 ... interval generation circuit, 404 ... decrementer, 405 ... underflow determination circuit, 406 ... timing generation circuit, 407 ... counter (register), 408 ... selector, 409 ... interrupt 410, ROM, 411, RAM, 412, EEPROM, 413, CPU, 414, I / O, 415, random number setting register, 416, oscillator, 4004, instruction change circuit, 4008, instruction decoder, 4009, control circuit, 4011: Adder, 4012 ... Program counter, 4013 ... Operation unit, 4014 ... Instruction register, 418 ... Clock generation circuit, 419 ... Bus right request circuit, 420 ... Bus right arbitration circuit, 421 ... Control register, 421 ... Wait request circuit .

Claims (7)

An IC card including a data processing device and a ROM in which data processing procedures including security information processing by the data processing device are written, an operation voltage is supplied from the outside, and an operation according to an external input is performed,
Control means for changing the timing of the data processing operation according to the data processing procedure,
The control means is means for inserting a pseudo process into the data processing operation,
The control means uses a bus right request circuit and a bus right arbitration circuit, acquires the bus use right by the bus right request circuit at a timing set by a random number, and temporarily interrupts the bus cycle by the CPU. IC card characterized by An IC card including a data processing device and a ROM in which data processing procedures including security information processing by the data processing device are written, an operation voltage is supplied from the outside, and an operation according to an external input is performed,
Control means for changing the timing of the data processing operation according to the data processing procedure,
The control means is means for inserting a pseudo process into the data processing operation,
An IC card characterized in that the control means uses a wait request circuit and causes the wait request circuit to lengthen a bus cycle by the wait request circuit at a timing set by a random number. An IC card including a data processing device and a ROM in which data processing procedures including security information processing by the data processing device are written, an operation voltage is supplied from the outside, and an operation according to an external input is performed,
Control means for changing the timing of the data processing operation according to the data processing procedure,
The control means changes a cycle of an operation clock signal of the data processing apparatus, and the control means uses a clock generation circuit constituted by a PLL circuit, and a capacitor that holds the control voltage of the VCO in the PLL circuit. In addition, an IC card is characterized in that one electrode of a plurality of capacitors is selectively connected by a switch means, and a voltage signal corresponding to a random number is supplied to the other end of the plurality of capacitors. In any one of Claims 1 thru | or 3 ,
A random number generating circuit for forming the random number;
The random number generation circuit includes a non-controlled oscillation circuit and a first shift register that receives the oscillation output,
The IC card, wherein the first shift register is configured such that a clock signal for performing a shift operation is asynchronous with the oscillation output. In claim 4 ,
The random number generation circuit includes a PLL circuit and a shift register that receives a VCO output of the PLL circuit,
The PLL circuit uses the oscillation output of the non-controlled oscillation circuit as a reference signal, and the capacitance value of the low-pass filter forming the control signal of the VCO is based on the non-controlled oscillation output and the divided output of the VCO. An IC card characterized by being changed. A semiconductor integrated circuit device including a data processing device and a ROM in which a data processing procedure including security information processing by the data processing device is written, an operation voltage is supplied from the outside, and an operation according to an external input is performed,
Control means for changing the timing of the data processing operation according to the data processing procedure,
The control means changes the cycle of the operation clock signal of the data processing device,
The control means uses a clock generation circuit composed of a PLL circuit, and selectively connects one electrode of the plurality of capacitors to the capacitor holding the control voltage of the VCO in the PLL circuit by the switch means. A semiconductor integrated circuit device, wherein a voltage signal corresponding to a random number is supplied to the other end of the capacitor. In claim 6 ,
A random number generating circuit for forming the random number;
The random number generation circuit includes a non-controlled oscillation circuit and a first shift register that receives the oscillation output,
In the semiconductor integrated circuit device, the clock signal for performing the shift operation is asynchronous with the oscillation output.

Images