JP5124244B2 - Semiconductor integrated circuit, security method, security program, and recording medium - Google Patents

Description

  The present invention relates to a semiconductor integrated circuit, a security protection method, a security program, and a recording medium, and more particularly, a semiconductor integrated circuit that protects the security of a circuit configuration and a program, a security method in the semiconductor integrated circuit, and a security program And a recording medium.

  In recent years, semiconductor integrated circuits have been able to be easily changed in function according to the requirements of devices and systems using programmable devices such as FPGAs (Field Programmable Gate Arrays). Since the device is a commercially available device, a technique for protecting the program and identifying the circuit configuration is required.

  For example, when a circuit for preventing counterfeiting is mounted as a function of the semiconductor integrated circuit, it is necessary to prevent confidential information for preventing forgery from being acquired by a circuit operation for preventing forgery.

  With the operation of a circuit that requires concealment such as anti-counterfeiting, information on anti-counterfeiting can be acquired and information analysis may be performed to know what the anti-counterfeiting technology is. For this reason, it is necessary to appropriately prevent forgery and improve security. In particular, it is necessary to increase security by restricting access to registers related to the operation of the anti-counterfeit circuit.

  In other words, in recent years, due to the increase in the scale of semiconductor integrated circuits, many types of functions have been incorporated into semiconductor integrated circuits, and many people have become involved in the development and design of circuits. In addition, a circuit requiring confidentiality such as forgery prevention and another circuit are being developed together. In the development situation of such semiconductor integrated circuits, there are also circuits that perform common operations such as setting to registers mounted in the semiconductor integrated circuits, debugging functions, etc., especially register access and debugging functions, etc. Is common I / F control. Since the semiconductor integrated circuit is shared in this way, there is a possibility that a method for setting a register of an internal circuit requiring confidentiality or a debug control method may be easily known. There is a risk that internal processing signals and data may be output by debugging.

  Conventionally, as a method for preventing program protection and circuit configuration specification in a semiconductor integrated circuit, a method for protecting configuration data by encryption is generally used.However, when circuit configuration data is protected by encryption, It is necessary to store the encrypted information inside the semiconductor integrated circuit, and there is a problem that the circuit design for that is extremely complicated, the decryption takes time, and the startup is delayed.

  Conventionally, as a method for preventing the specification of a circuit configuration in a semiconductor integrated circuit, a method such as erasing a part type name of a device or physically concealing a substrate specific portion with silicon or the like has been used.

  However, when such a method is used, a malicious third party can remove the concealed material, so that the circuit configuration can be specified relatively easily, or the repair or repair by the manufacturer is necessary. There is a problem that the concealed material interferes with difficult work.

  Therefore, conventionally, a gate circuit for controlling access from the external circuit to the internal logic is provided in the field programmable gate array, and the permission key preset in the internal permission key setting register and the external circuit are input. There has been proposed a circuit configuration specific prevention method that compares a permission key and releases the lock of the gate circuit and permits access from the external circuit to the internal logic if they match (see Patent Document 1).

  That is, this conventional technique prevents the program from operating unless the device program and the structure of the machine number have the same configuration without covering up the entire circuit configuration, thereby preventing the circuit configuration from being specified.

JP 2006-18577 A

  However, in the prior art described in the above publication, from the external circuit to the internal circuit, provided that the permission key set in the internal permission key setting register in advance matches the permission key input from the external circuit. However, for external permission keys, there are currently key generation technologies that automatically generate a large number of various permission keys, and these key generation technologies generate permission keys. If it is input to the semiconductor integrated circuit, there is a possibility that the permission key that matches the permission key set in the semiconductor integrated circuit may be easily input, and the semiconductor integrated circuit can be accessed relatively easily. Therefore, ensuring higher security is required.

  Accordingly, the present invention provides a semiconductor integrated circuit, a security protection method, a security protection program, and a recording medium that can ensure higher confidentiality at a lower cost with respect to the specification of the internal circuit configuration and the content of the operation. The purpose is that.

The present invention relates to an externally inaccessible register group which is directly referred to by a functional module and cannot be accessed from the outside as a register to which a semiconductor integrated circuit refers to a functional module executing various data processing, and a register value from the outside. A set of externally accessible registers to be set, and a function to copy the register values set in the registers of the externally accessible registers to the registers of the externally inaccessible registers by an external copy instruction When the copy instruction is in a period other than the copy available period determined according to the input signal, the copy restriction process for prohibiting the copy is performed , and the copy available period is an operation of the functional module. In a period when the frame gate signal indicating the state indicates the non-operating state of the functional module It, characterized in that it is a period that is determined and based on the timing of the copy permission trigger is generated based on the frame gate signal a signal obtained by delaying the.

Further, according to the present invention, when the functional module has a plurality of child functional modules, the externally accessible register group and the externally inaccessible register group each have a predetermined number of registers corresponding to the child functional modules. , as the copy restriction process, the plurality herring roe functions of the modules, only the register of the external inaccessible registers that correspond to a predetermined child feature modules for which security is required, performs the copy control processing described above.

  According to the present invention, the semiconductor integrated circuit is referred to by the functional module that executes various data processing, and the externally inaccessible register group that the functional module directly refers to and cannot be accessed from the outside, and the externally registered register And an externally accessible register group in which a value is set, and by copying instructions from the outside, the register value set in the register of the externally accessible register group is copied to the register of the externally inaccessible register group, If the copy instruction is in a period other than the predetermined copy enable period, copy restriction processing is performed to prohibit the copy, so copy the register value settings to the registers in the externally inaccessible register group that directly controls the operation of the functional modules. It is difficult to set the register value only for the possible period. It is difficult to obtain the relationship between the register value of the register and the operation of the functional module from the outside, and it is much cheaper to specify the internal circuit configuration of the semiconductor integrated circuit and the content of the operation. Even higher confidentiality can be ensured.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. In addition, since the Example described below is a suitable Example of this invention, various technically preferable restrictions are attached | subjected, However, The scope of the present invention limits this invention especially in the following description. As long as there is no description of the effect, it is not restricted to these aspects.

  1 to 7 are diagrams showing a first embodiment of a semiconductor integrated circuit, a security protection method, a security protection program, and a recording medium according to the present invention. FIG. 1 shows a semiconductor integrated circuit according to the present invention, a security protection method, 1 is a block configuration diagram of an ASIC 1 as a semiconductor integrated circuit to which a first embodiment of a security program and a recording medium is applied, a CPU (Central Processing Unit) 2 as a peripheral circuit, and a debugging device 3. FIG.

  In FIG. 1, the CPU 2 inputs and outputs control signals and data for accessing the register unit 11 for setting the operation of the ASIC 1 with the ASIC 1, and the debug device 3 evaluates the function of the ASIC 1. For this purpose, a signal inside the ASIC 1 circuit or a result of data processing (for example, image data) is extracted from the ASIC 1. For example, input of a signal or data for taking the image data from the ASIC 1 into an external memory or the like. Output.

  As shown in FIG. 2, the ASIC 1 includes a register unit 11, a plurality of functional modules M1 to Mn, a debug I / F 12, a copy control unit CSn, an inaccessible register group RBn, and the like. And accessible register groups RA1 to RAn corresponding to the functional modules M1 to Mn.

  Each of the accessible register groups RA1 to RAn of the register unit 11 is connected to the corresponding function module M1 to Mn, but between the function module RAn and the function module Mn, there is a copy control unit (copy control means) CSn. And an inaccessible register group RBn.

  The accessible register groups RA1 to RAn have a common interface circuit configuration and can be accessed from the CPU2 outside the ASIC1.

  The register unit 11 of the ASIC 1 receives control signals and data signals from the CPU 2 for accessing the accessible register groups RA1 to RAn for setting the operations of the functional modules M1 to Mn of the ASIC1, and each functional module. M1 to Mn perform functional operations such as data processing of image data input from the outside according to register values set in the corresponding accessible register groups RA1 to RAn of the register unit 11, but the functional module Mn Performs a functional operation according to the register value set in the inaccessible register group RBn. That is, the functional module Mn is a concealment circuit that performs a processing function that requires confidentiality such as forgery prevention and requires confidentiality of information such as circuit configuration and operation.

  That is, the CPU 2 inputs the address signal addr, the write control signal wr, and the write data w_data of the accessible register groups RA1 to RAn to the register unit 11, sets the register value, etc., and also uses the read control signal rd. Then, read data r_data which is a register value written in each accessible register group RA1 to RAn is read from accessible register group RA1 to RAn. The CPU 2 performs access to each of the accessible register groups RA1 to RAn using the address addr, and the decoder DR decodes this address addr to access each register of the accessible register groups RA1 to RAn.

  Each of the accessible register groups RA1 to RAn is a collection of a plurality of registers for each of the functional modules M1 to Mn, and each of the functional modules M1 to Mn is a setting of each register of the corresponding accessible register group RA1 to RAn. Although the operation is performed according to the value (register value), the functional module Mn operates according to the register value set in the register group RBn as described above. The register value of the accessible register group RAn controlled by the copy control unit CSn is copied to the register group RBn.

  The debug I / F 12 is an interface for connecting the ASIC 1 to the debug device 3 and inputting / outputting internal signals and data for debugging operation processing in the ASIC 1 to / from the debug device 3. The signals from M1 to Mn are selected and output to the debugging device 3.

  Of the functional modules M1 to Mn, the functional module Mn performs a processing function requiring confidentiality such as forgery prevention as described above, and requires confidentiality of information such as circuit configuration and operation. It is a secret circuit.

  Therefore, the ASIC 1 is provided with an inaccessible register group RBn that cannot be accessed from the outside as registers that define the operation of the functional module Mn, and the accessible register group RAn corresponding to the functional module Mn of the register unit 11 is: Like the other accessible register groups RA1 to RAn-1 of the register unit 11, the CPU 2 can access them. Since the inaccessible register group RBn cannot be accessed (read, write) from the outside, the register value setting in the register group RBn for operating the functional module Mn that is a secret circuit is set to the accessible register group RAn. Is copied to the inaccessible register group RBn, and the copy control unit CSn controls the copy by timing the copy of the register value of the accessible register group RAn to the register group RBn.

  That is, the accessible register group RAn and the inaccessible register group RBn have a configuration in which each register has a one-to-one correspondence, and the register value is set to the inaccessible register group RBn by an external CPU 2 This is done by copying the register value set in the possible register group RAn. As shown in FIG. 3, the write control signal regAn_wr and the write data w_data are input from the CPU 2 to the accessible register group RAn, and the read data r_data is read from the accessible register group RAn by the CPU 2. The inaccessible register group RBn is not connected to the address addr, the read control signal rd, and the write control signal wr, which are control signals for accessing from the outside such as the CPU 2, and cannot be accessed from the outside.

  The copy control unit CSn includes a delayed frame gate signal fgate_R from the counter CN (see FIG. 4), A register write data regAn_data from the accessible register group RAn, a write control signal regAn_wr from the CPU 2, a reset signal reset, and a frame. The gate signal fgate is input, and based on these signals, the copy of the A register write data regAn_data from the accessible register group RAn to the inaccessible register group RBn is controlled by the copy timing.

  As shown in FIG. 4, the copy control unit CSn includes a copy enable period setting circuit 20, a shift register 31, an AND circuit 32, and the like. The copy enable period setting circuit 20 includes trigger generation circuits 21, 22 and combinations. A circuit 23 is provided. In the ASIC of this embodiment, the same synchronous clock is used for all the clocks, and the synchronous clock is not shown in each figure. In the copy control unit CSn, when the CPU 2 executes a program of ROM (Read Only Memory) or RAM (Random Access Memory), register values are set in the register groups RA1 to RAn accessible from the CPU 2. Among these programs, the security protection program performs copy control of register values recorded on a recording medium such as a CD (Compact Disc), a CD-RW (Compact Disc Rewritable), a DVD (Digital Video Disk), or a flexible disk. Thus, the security control program for executing the security processing is read into a memory (not shown) and introduced, thereby constructing a copy control unit CSn for executing the security processing described later. In debugging, register values from an emulator or the like are set in the accessible register groups RA1 to RAn.

  Further, the inaccessible register group RBn includes a selector SE and a plurality of flip-flops FF1 to FFm as registers. The A register write data regAn_data and B from the accessible register group RAn through the copy unit CSn are input to the selector SE. The register write data regBn_data is input, and the copy control signal regBn_ctl from the copy control unit CSn is input to the select terminal of the selector SE. When a copy control signal regBn_ctl of High (high) is input, the selector SE selects the A register write data regAn_data, and flip-flops FF1 to FFm as registers corresponding to the registers of the accessible register group RAn. The A register write data regAn_data are sequentially copied as B register write data regBn_data.

  The copy control unit CSn outputs the A register write data regAn_data from the accessible register group RAn as it is to the selector SE of the inaccessible register group RBn, and generates the copy control signal regBn_ctl to select the selector SE of the inaccessible register group RBn. Output to the select terminal.

  The write control signal regAn_wr is input to the shift register 31, and the shift register 31 delays the write control signal regAn_wr by a predetermined timing and outputs it to the AND circuit 32 as the write control signal regBn_wr.

  The trigger generation circuit 21 and the trigger generation circuit 22 of the copyable period setting circuit 20 include flip-flops 21a and 22a, NOT circuits 21b and 22b, and NOR circuits 21c and 22c, respectively. The trigger generation circuit 21 includes a frame gate. The signal fgate is input, and the delayed frame gate signal fgate_R is input from the counter CN to the trigger generation circuit 22.

  As shown in FIG. 5, when the frame gate signal fgate becomes Low, the counter CN generates a delayed frame gate signal fgate_R that becomes Hi after a time corresponding to the set value from when the frame gate signal fgate becomes Low. 22 to output.

  The trigger generation circuit 21 generates a trigger that becomes Hi when the frame gate signal fgate rises, and outputs the trigger to the combinational circuit 23. The trigger generation circuit 22 sets the copy permission trigger TR () that becomes Hi when the delay frame gate signal fgate_R rises. 5) is output to the combinational circuit.

  In the combinational circuit 23, a NOR circuit 23a, an OR circuit 23b, an AND circuit 23c, a flip-flop 23d, a NOT circuit 23e, and a NOR circuit 23f are sequentially connected, and the output of the NOR circuit 23f at the final stage is input to the AND circuit 32. The

  The trigger from the trigger generation circuit 21 and the output of the NOT circuit 23e are input to the NOR circuit 23a in the first stage, and the NOR circuit 23a performs a NOR process on the trigger from the trigger generation circuit 21 and the output from the NOT circuit 23e. Output to the circuit 23b. Further, the copy permission trigger TR from the trigger generation circuit 22 is input to the OR circuit 23b, and the OR circuit 23b performs an OCR process on the output of the NOR circuit 23a and the copy permission trigger TR and outputs the result to the AND circuit 23c. Further, a reset signal reset for initialization is input to the AND circuit 23c. The AND circuit 23c performs an AND process on the output of the OR circuit 23b and the reset signal reset and outputs the result to the flip-flop 23d. The flip-flop 23d holds the output from the AND circuit 23c by a clock and outputs it to the NOT circuit 23e. The NOT circuit 23e inverts the output of the flip-flop 23d and outputs it to the NOR circuit 23f, and also to the NOR circuit 23a. return. The NOR circuit 23f receives the output from the NOT circuit 23e and the frame gate signal fgate. As shown in FIG. 5, the NOR circuit 23f performs these NOR processes, the frame gate signal fgate is Low, and the Hi copy is permitted. A copy enable period signal Cokt that becomes Hi only after the trigger TR is input is output to the AND circuit 32 to set a copy enable period between the registers.

  That is, the copy enable period setting circuit 20 receives the frame gate signal fgate, the delayed frame gate signal fgate_R, and the reset signal reset for initialization, and after being reset by the reset signal reset, as shown in FIG. The gate signal fgate is in the low register accessible period, and the Hi signal is output to the AND circuit 32 until the frame gate signal fgate becomes Hi by the copy permission trigger TR generated from the delayed frame gate signal fgate_R. Then, based on the write control signal regBn_w obtained by delaying the write control signal regAn_wr by the shift register 31, the Hi copy control signal regBn_ctl is sent from the AND circuit 32 to the selector of the inaccessible register group RBn. And outputs it to the E.

  The inaccessible register group RBn receives the A register write data regAn_data input from the accessible register group RAn during the register copy control period when the copy control signal regBn_ctl is Hi. Write sequentially to FF1 to FFn and copy.

  Note that the ASIC 1 performs processing operations according to the set values (register values) of the accessible register groups RA1 to RAn after the functional modules M1 to Mn set the register values in the corresponding accessible register groups RA1 to RAn. The processing operation of performing is repeated. In the frame gate signal fgate, the Low period is a register accessible period, and the Hi period is a functional operation period in which the functional modules M1 to Mn operate in accordance with a register setting value (register value).

  That is, the copy control unit CSn starts the copy permission trigger TR output at the falling edge of the delayed frame gate signal fgate_R, and finishes the copyable period that ends at the rising edge of the frame gate signal fgate. The A register write data regAn_data of the accessible register group RAn is allowed to be copied to the inaccessible register group RBn as the B register write data regBn_data, with a limited timing. Otherwise, copy restriction processing for prohibiting copying is performed.

  Next, the operation of this embodiment will be described. The ASIC 1 of the present embodiment secures higher confidentiality at a lower cost with respect to the specification of the internal circuit configuration of the functional module Mn, which is a secret circuit, and the content of the operation.

  That is, the ASIC 1 has a plurality of functional modules M1 to Mn. Among these functional modules M1 to Mn, the functional modules M1 to Mn-1 do not require confidentiality and are accessed from the outside. The register unit 11 performs an operation corresponding to the register value setting from the CPU 2 to the accessible register groups RA1 to RAn-1.

  However, the ASIC 1 is equipped with a functional module Mn as a secret circuit, and the functional module Mn is a functional module based on a set value (register value) in an accessible register group RAn corresponding to the functional module Mn. The operation content of Mn needs to be kept secret.

  Therefore, the ASIC 1 of this embodiment includes the inaccessible register RBn that cannot be accessed from the outside as an operation register of the functional module Mn, and the accessible register group RAn that is accessible from the outside corresponding to the functional module Mn. The A module write data regAn_data, which is the register value set to, is copied to the inaccessible register RBn only when there is a write control signal wr that is a copy instruction from the outside during a predetermined copy enable period. Let Mn perform the action.

  That is, when the write control signal wr, the address signal addr, and the write data w_data are sent from the CPU 2, the ASIC 1 decodes the write control signal wr and the address signal addr by the decoder DR of the register unit 11, and the frame gate signal fgate. In the register accessible period in which is low, write data w_data is written to the registers of the corresponding accessible register groups RA1 to RAn.

  Since the functional modules Ma to Mn-1 are not concealment circuits, they can operate according to the write data w_data that is a register value set in the register units RA1 to RAn-1.

  However, the functional module Mn is a secret circuit, and the accessible register group RAn corresponding to the functional module Mn that is the secret circuit can be accessed externally, but cannot be accessed by setting the function module Mn as a set value. The register group RBn is a register that cannot be accessed from the outside, and the A register write data regAn_data set by writing from the CPU 2 to the accessible register group RAn that can be accessed from the outside remains in the inaccessible register group RBn. Is not set.

  Therefore, the ASIC 1 uses the copy control unit CSn to copy the A register write data regAn_data set in the accessible register group RAn to the inaccessible register group RBn that cannot be accessed externally. The copy timing is limited to a predetermined copy available period.

  That is, as shown in FIG. 5, the copy control unit CSn receives the frame gate signal fgate to the trigger generation circuit 21 of the copy enable period setting circuit 20, and the frame gate signal fgate is set to Low, which is the register accessible period. When switched, the trigger generation circuit 21 outputs a Hi trigger to the combinational circuit 23 of the copy control unit CSn, and the delayed frame gate signal fgateR obtained by delaying the frame gate signal fgate is copied from the counter CN to the copyable period setting circuit 20. , The trigger generation circuit 22 generates a copy permission trigger TR and outputs it to the combinational circuit 23 of the copy control unit CSn. In the combinational circuit 23, the frame gate signal fgate is Low and the Hi copy permission trigger TR is input by the trigger from the trigger generation circuit 21, the copy permission trigger TR from the trigger generation circuit 22, and the reset signal reset. After that, the copy enable period signal Cokt that becomes Hi only is output to the AND circuit 32, the copy enable period between registers is set, and the copy enable period signal Cokt is output to the AND circuit 32 of the copy control unit CSn. .

  That is, as shown in FIG. 5, the copy enable period setting circuit 20 generates a copy enable period signal Cokt that becomes Hi only during the period after the frame gate signal fgate is Low and the Hi copy permission trigger TR is input. The data is output to the AND circuit 32 and a copy available period is set.

  During the register accessible period when the frame gate signal fgate is Low, after the write data w_data from the CPU 2 is written in the accessible register group RAn as the A register write data regAn_data, the copy available period signal Cokt becomes Hi and the copy is performed. When the write control signal regBn_w obtained by delaying the Hi write control signal regAn_wr by the shift register 31 is input to the AND circuit 32, the AND circuit 32 sends the Hi copy control signal regBn_ctl to the inaccessible register group RBn. To the selector SE.

  When the copy control signal regBn_ctl becomes Hi, the selector SE of the inaccessible register group RBn uses the A register write data regAn_data written in the accessible register group RAn input via the copy control unit CSn to the inaccessible register group RBn. The B register write data regBn_data is copied to the flip-flops FF1 to FFm, which are registers.

  The functional module Mn operates during the period when the frame gate signal is Hi (functional operation period) according to the A register write data regAn_data which is the register value set in the inaccessible register group RBn, that is, the B register write data regBn_data. To do.

  However, as shown in FIGS. 5H to 5J, the copy control unit CSn is in a register accessible period in which the frame gate signal fgate is Low, but is in a period other than the copy available period in which the copy enable period signal Cokt is Low. During this period, even if the write control signal regAn_wr becomes Hi and the write data w_data from the CPU 2 is written in the accessible register group RAn as the A register write data regAn_data, the copy control signal regBn_ctl is not set to Hi, and the accessible register The copying of the A register write data regAn_data of the group RAn as the B register write data regBn_data to the inaccessible register group RBn is prohibited.

  Therefore, in order to make it impossible to access the inaccessible register group RBn, which is a register for determining the operation of the functional module Mn, which is a confidential circuit requiring confidentiality, from the outside such as the CPU 2, etc., and to perform necessary operations. The write data w_data is set in the externally accessible accessible register group RAn, and the write data w_data set in the accessible register group RAn is set in the B register in the inaccessible register group RBn only for a limited timing such as a copy enable period. It is possible to copy as write data regBn_data and not to copy during a period other than the limited copy available period. As a result, it is possible to increase security for access to the inaccessible register group RBn, which is a register for the functional module Mn, which is a secret circuit, and for debugging control, and to collect information on register setting operations and debugging. The confidential data from the collected information cannot be analyzed, and the confidentiality of the internal circuit configuration of the ASIC 1 and the content of the operation can be ensured at lower cost and higher confidentiality.

  The copy available period is not limited to the copy available period shown in FIG. 5. For example, as shown in FIG. 6, when the frame gate signal fgate is Low, which is the register accessible period, the copy permission trigger is set. It may be a copy available period that starts when TR becomes Hi and ends when the copy permission trigger TR becomes Hi again. Further, as shown in FIG. 7, the copy possible period is set to the timing when the copy permission trigger TR is input twice as shown in FIG. 7, and the end timing is set to the frame gate signal fgate as shown in FIG. It may be the rising edge or the input timing of the copy permission trigger TR again as shown in FIG.

  8 and 9 are diagrams showing a second embodiment of the semiconductor integrated circuit, security method, security program, and recording medium of the present invention. FIG. 8 shows the semiconductor integrated circuit, security method, It is a principal part circuit block diagram of copy control part CSnb of ASIC to which 2nd Example of a security program and a recording medium is applied.

  The present embodiment is applied to the ASIC 1, the CPU 2, which is the peripheral circuit of the first embodiment, and the ASIC 1, the CPU 2, and the debug device 3 similar to the debug device 3. In the description of the present embodiment, Constituent parts similar to those in the first embodiment are denoted by the same reference numerals, description thereof is omitted, and parts not shown in the drawings are described using the reference numerals used in the first embodiment as they are.

  In this embodiment, if there is a write control signal regAn_wr which is a copy instruction in a period other than the copy enable period, the subsequent copy operation is prohibited even if the write control signal regAn_wr is present in the copy enable period. .

  In FIG. 8, the copy control unit (copy control means) CSnb is connected between the accessible register group RAn and the inaccessible register group RBn for the functional module Mn of the ASIC 1 of the first embodiment. A copyable period setting circuit 20, a shift register 31, and an AND circuit 32 similar to those in the embodiment are mounted, and an erroneous timing detection circuit 40 is mounted.

  Similar to the first embodiment, the copy enable period setting circuit 20 generates a copy enable period signal Cokt that sets a copy enable period from the delayed frame gate signal fgate_R, the frame gate signal fgate, and the reset signal reset from the counter CN. And output to the erroneous timing detection circuit 40.

  The A register write data regAn_data, the frame gate signal fgate, and the reset signal reset are input to the erroneous timing detection circuit 40, and the write control signal regBn_wr obtained by delaying the write control signal regAn_wr by the shift register 31 by a predetermined timing is input to the AND circuit 32. And the flag flg which is an output signal of the erroneous timing detection circuit 40 is input, and the AND circuit 32 selects the copy control signal regBn_ctl of Hi when the write control signal regBn_wr and the flag flg are both Hi, the selector of the inaccessible register group RBn. Output to SE.

  The erroneous timing detection circuit 40 includes an XOR circuit 40a, an OR circuit 40b, an AND circuit 40c, an OR circuit 40d, and a flip-flop 40e. In the XOR circuit 40a, the A register write data regAn_data and the inaccessible register group RBn are written. B register write data regBn_data is input. The XOR circuit 40a performs an XOR process on the A register write data regAn_data and the B register write data regBn_data, and outputs a Hi signal to the OR circuit 40b when the two are different. Output signal is inverted and the frame gate signal fgate is inverted and the copy enable period signal Cokt from the copy enable period setting circuit 20 is input.

  The OR circuit 40b performs OCR processing of these inputs and outputs the processing result to the AND circuit 40c. The flag flg that is the output of the flip-flop 40e is further input to the AND circuit 40c. The AND circuit 40c performs an AND process on these inputs, and if both inputs are Hi, outputs a Hi signal to the OR circuit 40d. The OR circuit 40d further receives a reset signal reset for initialization. Inverted input.

  If any of the inputs is Hi, the OR circuit 40d outputs a signal that becomes Hi to the flip-flop 40e. The flip-flop 40e holds the input from the OR circuit 40d, and the AND circuit 32 and the AND circuit 40c. Is output as a flag flg.

  The erroneous timing detection circuit 40 holds a state indicating whether or not the A register write data regAn_data of the accessible register group RAn is copied to the inaccessible register group RBn as the B register write data regBn_data during the copy enable period. That is, the erroneous timing detection circuit 40 outputs the A register write data regAn_data to the selector SE of the inaccessible register group RBn, and XORs the A register write data regAn_data and the B register write data regBn_data held in the inaccessible register group RBn. Based on the comparison result of the circuit 40a, the frame gate signal fgate and the copy enable period signal Cokt from the copy enable period setting circuit 20, the write control signal regAn_wr which is a copy instruction during the copy enable period, that is, the write control signal regBn_wr The A register write data regAn_data is copied to the inaccessible register group RBn, and the A register write data regAn_d It is determined whether ta and the B register write data regBn_data match, and when the A register write data regAn_data is appropriately copied to the inaccessible register group RBn in the copy enable period, the flag flg that the flip-flop 40e outputs to the AND circuit 32 Is set to Hi, and the AND circuit 32 inputs the write control signal regBn_wr so that the AND circuit 32 can output the Hi copy control signal regBn_ctl to the selector SE of the inaccessible register group RBn, and the A register write data regAn_data inaccessible register Allows copying to group RBn.

  However, when the write control signal regAn_wr (write control signal regBn_wr) is input during a period other than the copy enable period, the erroneous timing detection circuit 40 differs between the A register write data regAn_data and the B register write data regBn_data, and the flip-flop 40e The output flag flg is Low, prohibiting the output of the copy control signal regBn_ctl from the AND circuit 32. Once the flag flg is Low, the output of the AND circuit 40c is always Low, and thereafter the reset signal Until the reset resets the flip-flop 40e, the output of the copy control signal regBn_ctl from the AND circuit 32 is prohibited even during the normal copy available period.

  Next, the operation of this embodiment will be described. When the copy control unit CSnb of the present embodiment performs a copy operation in response to a write control signal regAn_wr that is a copy instruction in a period other than the copy enable period, the copy control signal CSnnb performs a subsequent copy operation, for example, in the copy enable period. Even if there is regAn_wr, it is prohibited.

  That is, when the reset signal reset is input to the erroneous timing detection circuit 40 of the copy control unit CSnb, the flip-flop 40e is reset, and the flag flg output to the AND circuit 32 and the AND circuit 40c becomes Hi.

  In this state, as shown in FIG. 9, the copy control unit CSnb can copy in the register accessible period T1, for example, among the register accessible periods T1, T2, T3... With the frame gate signal fgate being Low. A Hi copy enable period signal Cokt is input from the period setting circuit 20 to the erroneous timing detection circuit 40 to enter a copy enable period. When the write control signal Bn_wr obtained by delaying the write control signal regAn_wr by the shift register 31 is input to the AND circuit 32 during this copy enable period, the AND circuit 32 performs copy control as shown by the register copy operation D1 in FIG. The signal regBn_ctl is output to the select terminal of the selector SE of the inaccessible register group RBn, and the selector SE sequentially outputs the A register write data regAn_data input to the input terminal to the flip-flops FF1 to FFm which are registers. Copy as regBn_data. The inaccessible register group RBn outputs the B register write data regBn_data that is copied and held to the XOR circuit 40a of the erroneous timing detection circuit 40. The XOR circuit 40a outputs the B register write data regBn_data and the A register write data regAn_data. , And when the B register write data regBn_data and the A register write data regAn_data are different, a signal that becomes Hi is output, and when the B register write data regBn_data and the A register write data regAn_data are the same, a signal that becomes Low is output. .

  Therefore, in the register accessible period T2 in FIG. 9, when the write control signal regAn_wr is input during a period other than the register copy enabled period, the register accessible period T2, and therefore, the accessible register group RAn includes the A Although the register write data regAn_data is written, the copy enable period setting circuit 20 does not output the Hi copy enable period signal Cokt to the erroneous timing detection circuit 40 as described above. Accordingly, the erroneous detection timing detection circuit 40 outputs the flag flg with the flip-flop 40e being Low to the AND circuit 32, and the AND circuit 32 sends the copy control signal regBn_ctl to the inaccessible register group RBn as shown by a broken line in FIG. Is not output. As a result, the A register write data regAn_data of the accessible register group RAn is not copied to the inaccessible register group RBn.

  Then, since the output of the flip-flop 40e is fed back to the AND circuit 40c and the flip-flop 40e continues to output the Low flag, the erroneous timing detection circuit 40 keeps this copy disabled state and registers access to FIG. As shown in the possible period T3, the AND circuit 32 does not output the Hi copy control signal regBn_ctl and inhibits copying even if the write control signal regAn_wr is input during the register copy enabled period thereafter.

  As described above, the copy control unit CSnb of the ASIC 1 of the present embodiment prohibits the subsequent copy operation when the write control signal regAn_wr which is a copy instruction is in a period other than the copy available period. It is possible to secure a higher level of secrecy at a lower cost with respect to the contents of the identification and operation.

  10 to 13 are diagrams showing a third embodiment of the semiconductor integrated circuit, security method, security program and recording medium of the present invention. FIG. 10 shows the semiconductor integrated circuit, security method of the present invention, It is a principal part circuit block diagram of ASIC50 to which the 3rd Example of a security program and a recording medium is applied.

  As in the first embodiment, the present embodiment is applied to the case where the CPU 2 and the debugging device 3 that are peripheral circuits are connected to the ASIC 50 that is a semiconductor integrated circuit. In the description, the same components as those in the first embodiment are denoted by the same reference numerals, the description thereof is omitted, and the portions used in the first embodiment are also used as they are for the portions not shown. explain.

  In FIG. 10, an ASIC 50 includes a register unit 11, a plurality of functional modules M1 to Mn, a debug I / F 12, a copy control unit CSn, an inaccessible register group RBn, and the like similar to the ASIC 1 of the first embodiment. The register comparison unit 51 includes a comparison unit (comparison unit) 52 and a register (comparison result holding unit) 53.

  The comparator 52 receives the output of the accessible register group RAn and the output of the inaccessible register group RBn, and the comparator 52 compares the output of the accessible register group RAn and the output of the inaccessible register group RBn. The comparison result value RH is output to the register 53 and the functional module Mn.

  The register 53 is a register that stores the comparison result value RH of the comparison unit 52. For example, as illustrated in FIG. 11, the register 53 corresponds to each register of the accessible register group RAn and each register of the inaccessible register group RBn. A register comparison result value RH having a 16-bit width from “0” to “15” is stored.

  That is, each function module M1 to Mn of the ASIC 50 includes a plurality of child function modules, and the function module Mn that is a secret circuit also includes child function modules Mns1 to Mnsm as shown in FIG. Of these child function modules Mns1 to Mnsm, only the child function modules Mns2 and Mns3 are secret circuits that require confidentiality, and the other child function modules Mns1, Mns4 to Mnsm do not require confidentiality.

  Now, the accessible register group RAn and the inaccessible register group RBn each have a register, and the accessible register group RAn and the inaccessible register group RBn correspond to the respective registers. That is, the accessible register group RAn and the inaccessible register group RBn have the same number of registers.

  Then, the comparison unit 52 compares the values of the registers of the accessible register group RAn for the functional module Mn and the registers of the inaccessible register group RBn for each bit, and outputs the comparison result value RH to the functional module Mn. At the same time, it is stored in the register 53.

  The stored value of the comparison result value RH of the register 53 in FIG. 11 is a comparison result value RH that is a comparison result of the register values of the registers of the accessible register group RAn and the registers of the inaccessible register group RBn, and is “0001h”. And “0002h” are addresses of the registers that store and hold the comparison result value RH. In FIG. 11, “1” indicates that the corresponding register values of the accessible register group RAn and the inaccessible register group RBn match, and “0” indicates the accessible register group RAn and the inaccessible register. It shows that the corresponding register values of the group RBn are different. In the register 53, when the address addr is specified as “0001h” and “0002h” by the CPU 2, the read control is performed by the read control signal rd, and the value of the address addr “0001h” or the address addr “0002h” is set. Read as read data r_data.

  As shown in FIG. 13, this read value is the result of the managed register, and the function register address RAnadd, which is the address of each register of the accessible register group RAn of the functional module Mn, and each register value of the inaccessible register group RBn. The function register address RBnadd which is the address of the register for confirming the information and the information on which bit of the confirmation register stores the comparison result value RH are managed. For example, the result of the address 1000h as the accessible register group RAn and the inaccessible register group RBn register is “0001h” described in the confirmation address RBnadd whose function register address RAnadd is “1000h” from the comparison result management table of FIG. The comparison result is stored in “0” bits.

  Now, since “1” is stored in the [0] bit of the address addr “0001h” in FIG. 11, the function register address RAnadd “1000h” of the accessible register group RAn and the inaccessible register group RBn. It is shown that the register values of the corresponding addresses match. In addition, “0” indicating that the register value is different is stored in the [3] bit of the confirmation register address RBnadd “0002h”, but the corresponding function register address RAnadd is “10014”. It is.

  Therefore, by comparing the comparison result management table of the register 53 of the register comparison unit 51 with the address signal addr and the read signal rd by the CPU 2, the comparison result value of the register of the accessible register group RAn and the register of the inaccessible register group RBn. RH can be obtained.

  On the other hand, the register comparison unit 52 outputs the comparison result value RH of the register of the accessible register group RAn and the register of the inaccessible register group RBn to the function module Mn. The function module Mn is based on the comparison result value RH. Then, it controls whether or not to output the output of the child function modules Mns2 and Mns3 requiring confidentiality among the child function modules Mns1 to Mnsm to the debug device 3.

  That is, as shown in FIG. 12, the function module Mn which is a secret circuit is not required for all the child function modules Mns1 to Mnsm to be confidential. In the case of FIG. 12, only the child function modules Mnsw and Mns3 are used. Suppose that requires confidentiality. In this case, the function module Mn has its outputs from the child function modules Mns1 to Mnsm of the next stage in turn, and the outputs of the child function modules Mns1 to Mnsm of each stage. The selector MSEn selects the data input from the child function modules Mns1 to Mnsm and outputs the selected data to the debug I / F 12 according to the selection from the selection unit 55. The selection unit 55 instructs selection by the selector MSEn by setting a register value in the accessible register group RAn.

  The selectors KMSEa and KMSEb are disposed on the output side of the confidential function modules Mns2 and Mns3 among the functional modules M1 to Mn of the functional module Mn. The selectors KMSEa and KMSEb correspond to the selectors KMSEa and KMSEb. The outputs of the child function modules Mns2 and Mns3 and the outputs of the child function modules Mns1 and Mns2 preceding the corresponding child function modules Mns2 and Mns3 are input. Specifically, the output of the child function module Mns2 and the output of the child function module Mns1 are input to the selector KMSEa, and the output of the child function module Mns3 and the output of the selector KMSEa are input to the selector KMSEb.

  Each selector MSEa, MSEb receives the comparison result value RH from the register comparison unit 60 of FIG. 10, and when the comparison result value RH is “1”, that is, the correspondence between the accessible register group RAn and the inaccessible register group RBn. When the register values to be matched match, the outputs of the corresponding child function modules Mns2 and Mns3 are output to the child function modules Mns3 and Mns4 in the next stage, but when the comparison result value RH is “0”, that is, accessible. When the corresponding register values of the register group RAn and the inaccessible register group RBn do not match, the outputs of the child function modules Mns1 and Mns2 in the previous stage of the corresponding child function modules Mns2 and Mns3 are sent to the child function modules Mns3 and Mns4 in the next stage. Output.

  Therefore, the functional module Mn does not copy from the accessible register group RAn to the inaccessible register group RBn in a copyable period that is an appropriate timing, and when the values of the accessible register group RAn and the inaccessible register group RBn are different, The processing results of the child function modules Mns2 and Mns3 that require confidentiality can be changed to processing results that have no influence even if known, and can be output to the debugging device 3. As a result, the confidentiality of the child function modules Mns2 and Mns3 that require confidentiality can be ensured appropriately and reliably.

  Further, as described above, the comparison result value RH between the register of the accessible register group RAn and the register of the inaccessible register group RBn is obtained by controlling with the address signal addr and the read signal rd from the CPU 2 outside the ASIC 50. The setting status of the registers in the inaccessible register group RBn can be confirmed.

  Further, in the ASIC 1 of the present embodiment, the function module Mn requiring confidentiality has a plurality of child function modules Mns1 to Mnsm, and the accessible register group RAn and the inaccessible register group RBn are respectively connected to the child function modules Mns1 to Mnsm. The copy control unit CSn includes a register of the accessible register group RAn corresponding to the secret child function modules Mns2 and Mns3 among the plurality of child function modules Mns1 to Mnsm. Copying of register values to registers in the inaccessible register group RBn is prohibited.

  Therefore, it is possible to prevent the operation results of the child function modules Mns2 and Mns3 as confidential circuits requiring confidentiality from the plurality of child function modules Mns1 to Mnsm from being acquired from the outside, and more appropriately and easily. Can protect confidentiality.

  14 and 15 are diagrams showing a fourth embodiment of the semiconductor integrated circuit, security method, security program and recording medium of the present invention. FIG. 14 shows the semiconductor integrated circuit, security method, It is a principal part circuit block diagram of ASIC60 to which the 4th Example of a security program and a recording medium is applied.

  The present embodiment is applied to the case where the CPU 2 and the debug device 3 which are peripheral circuits are connected to the ASIC 60 which is a semiconductor integrated circuit, as in the first embodiment. In the description, the same components as those in the first embodiment are denoted by the same reference numerals, the description thereof is omitted, and the portions used in the first embodiment are also used as they are for the portions not shown. explain.

  In FIG. 14, the ASIC 60 includes a register unit 11, a plurality of functional modules M1 to Mn, a debug I / F 12, a copy control unit CSn, an inaccessible register group RBn, and the like similar to the ASIC 1 of the first embodiment. The register comparison unit 61 includes a comparison unit 62 and a register 63.

  In FIG. 14, in order to simplify the drawing, the decoder DR, the functional modules M1 to Mn, and the copy control unit CSn of the register unit 11 are omitted, and among the accessible register groups RA1 to RAn, confidential information is omitted. The accessible register groups RA1 to RAn-1 other than the accessible register group RAn corresponding to the functional module Mn requiring the above are omitted.

  Although not shown, the function module Mn includes a plurality of child function modules Mns1 to Mnsm as in the third embodiment, and the accessible register group RAn is for the number of child function modules corresponding to the child function modules Mns1 to Mnsm. Register groups (hereinafter referred to as child module register groups) Ar1 to Arm are provided.

  In addition, the inaccessible register group RBn corresponds to the child function modules Mns1 to Mnsm, and also corresponds to the child function module register groups Ar1 to Arm of the accessible register group RAn (hereinafter referred to as child module registers). Called group) Br1-Brm.

  Each of the child module register groups Ar1 to Arm includes a plurality of registers (indicated by flip-flops FF in FIG. 14), and each of the child module register groups Br1 to Brm has a corresponding child module. The number of registers corresponding to the register groups Ar1 to Arm is provided.

  As described above, the copy control unit CSn controls the period during which copying is possible for the child module registers Ar1 to Arm of the accessible register group RAn, and the register values of the registers cannot be accessed during the copyable period. Copied to the corresponding registers in each of the sub-module register groups Br1 to Brm of the register group RBn.

  The register comparison unit 61 includes a comparison unit (comparison unit) 62 and a register (comparison result holding unit) 63. The comparison unit 62 includes the pair of child module registers Ar1 to Arm and the child module. Register group comparison units 61a to 61m corresponding to the register groups Br1 to Brm are provided. Each of the register group comparison units 61a to 61m includes AND circuit groups 61aa to 61ma corresponding to the registers of the corresponding child module register groups Ar1 to Arm and the child module register groups Br1 to Brm, and the AND circuit groups 61aa to 61ma. The AND circuits 61ab to 61mb that take the AND of the outputs are provided, and each AND circuit of the AND circuit groups 61aa to 61ma has a register corresponding to each of the child module register groups Ar1 to Arm and the child module register groups Br1 to Brm. If the register values are the same, “1” is output, and if they are different, “0” is output. Each of the AND circuits 61ab to 61mb outputs “1” to the register 63 when all the AND circuit outputs of the AND circuit groups 61aa to 61ma connected thereto are “1”, and is connected to itself. When the outputs of all AND circuits of the AND circuit groups 61aa to 61ma are “0”, “0” is output to the register 63.

  The register 63 includes comparison value registers hr1 to hrm corresponding to the numbers corresponding to the child module register groups Ar1 to Arm and the child module register groups Br1 to Brm, that is, the number corresponding to the number of the register group comparison units 61a to 61m. The total AND circuits 61ab to 61mb output the output values to the corresponding comparison value registers hr1 to hrm.

  The comparison value registers hr1 to hrm of the register 63 are read as read data r_data by the address signal addr and the read control signal rd from the CPU 2.

  Therefore, in the ASIC 60 of this embodiment, copying is performed from the accessible register group RAn to the inaccessible register group RBn at an appropriate timing, and all register values of the registers in the accessible register group RAn and the inaccessible register group RBn are the same. Sometimes, all AND circuits in the AND circuit groups 61aa to 61ma output “1”, and each total AND circuit 61ab to 61mb outputs “1” to the corresponding comparison value registers hr1 to hrm of the register 63.

  However, the ASIC 60 does not copy the accessible register group RAn to the inaccessible register group RBn at an appropriate timing, and when the register values of the accessible register group RAn and the inaccessible register group RBn are different, the total AND circuit 61ab Of AND circuits 61 to 61 ma of AND circuits 61 a to 61 ma, AND circuits connected to registers having different register values output “0”, and the AND circuits 61 aa to 61 ma to which the AND circuits belong The circuits 61ab to 61mb output “0” to the corresponding comparison value registers hr1 to hrm of the register 63.

  By controlling with the address signal addr and the read signal rd from the CPU 2 outside the ASIC 60, the comparison value registers hr1 to hrm of the register 63 can be obtained as read data r_data, and for the child modules of the inaccessible register group RBn The register setting status for each of the register groups Ar1 to Arm and the child module register groups Br1 to Brm can be confirmed.

  Thus, in the ASIC 60 of this embodiment, the functional module Mn has a plurality of child functional modules Mns1 to Mnsm, and the accessible register group RAn has a number of child module register groups (children corresponding to the child functional modules Mns1 to Mnsm). External accessible register group) Ar1 to Arm, and the inaccessible register group RBn corresponds to the child functional modules Mns1 to Mnsm, and the child module registers Ar1 to Arm of the accessible register group RAn. Module registers (child external inaccessible registers) Br1 to Brm are provided. The register 63 holds the comparison result of the comparison unit 62 in units of the child module register groups Ar1 to Arm and the child module register groups Br1 to Brm.

  Therefore, the result of comparing the register values of the child module register groups Ar1 to Arm and the child module register groups Br1 to Brm corresponding to the child function modules Mns1 to Mnsm can be acquired from the outside during debugging, A person who properly uses the ASIC 60 can confirm whether or not the register values of the inaccessible register group RBn, which has good operability and cannot be accessed from the outside, have a desired setting.

  The ASIC 60 described above appropriately copies register values in register groups in the child module register groups Ar1 to Arm of the accessible register group RAn and the child module register groups Br1 to Brm of the inaccessible register group RBn. Is stored in the comparison value registers kr1 to krn of the register 67. However, the result of copy propriety is not limited to the register group unit. For example, as shown in FIG. Alternatively, the data may be stored in register units of the register group and taken out to the outside. In FIG. 15, the same components as those in FIG. 14 are denoted by the same reference numerals, and the description thereof is omitted.

  In FIG. 15, the register comparison unit 65 includes the comparison unit 66 and the same register 63 as described above, and the comparison unit 66 includes the same AND circuit groups 61aa to 61ma and the selection circuit SK. The comparison outputs of the groups 61aa to 61ma are collectively input to the selection circuit SK. An address signal addr is input from the CPU 2 to the selection circuit SK. The selection circuit SK receives from one AND circuit group 61aa to 61ma among the comparison outputs input from the AND circuit groups 61aa to 61ma based on the address signal addr. The comparison output is selected and output to the register 67.

  The register 67 includes comparison value registers kr1 to krn corresponding to the number of registers mounted in the child module register groups Ar1 to Arm and the child module register groups Br1 to Brm. The comparison results of the AND circuit groups 61aa to 61ma selected by the selection circuit SK are stored in krn.

  The comparison value registers kr1 to krn of the register 67 are read as read data r_data by the address signal addr and the read control signal rd from the CPU 2.

  Therefore, the comparison results in register units of the child module register groups Ar1 to Arm and the child module register groups Br1 to Brm of the child function modules Mns1 to Mnsm selected by the address signal addr from the CPU2 are obtained as the address signal addr from the CPU2. The read data r_data can be read by the read control signal rd. As a result, it is possible to confirm for each bit of the register whether or not the registers of the inaccessible register group RBn are set from the outside, and when the register setting is missed for a person who properly uses the ASIC 60 Even so, it is possible to check the register setting state with good operability.

  16 and 17 are diagrams showing a fifth embodiment of the semiconductor integrated circuit, security method, security program, and recording medium of the present invention. FIG. 16 shows the semiconductor integrated circuit, security method, It is a principal part circuit block diagram of copy control part CSnc of ASIC which applied 5th Example of the security program and the recording medium.

  The present embodiment is applied to the ASIC 1, the CPU 2, which is the peripheral circuit of the first embodiment, and the ASIC 1, the CPU 2, and the debug device 3 similar to the debug device 3. In the description of the present embodiment, Constituent parts similar to those in the first embodiment are denoted by the same reference numerals, description thereof is omitted, and parts not shown in the drawings are described using the reference numerals used in the first embodiment as they are.

  In the present embodiment, the copy operation in the debug mode is limited to one time, and subsequent copy operations are prohibited even during the copy available period.

  In FIG. 16, the copy control unit (copy control means) CSnc is connected between the accessible register group RAn and the inaccessible register group RBn for the functional module Mn of the ASIC 1 of the first embodiment. A copy enable period setting circuit 20, a shift register 31, and an AND circuit 32 similar to those of the embodiment are mounted, and a copy restriction circuit 70, a trigger generation circuit 71, and an AND circuit 72 are mounted.

  The trigger generation circuit 71 includes a flip-flop 71a, a NOT circuit 71b, and a NOR circuit 71c. The frame generation signal fgate is input to the trigger generation circuit 71.

  The trigger generation circuit 71 generates a trigger that becomes Hi when the frame gate signal fgate rises, and outputs the trigger to the AND circuit 72. The AND circuit 72 further receives a debug mode signal debug_mode that becomes Hi in the debug mode. .

  The AND circuit 72 outputs the debug copy number limiting signal Ds to the copy limiting circuit 70 when the debug mode signal debug_mode is in the Hi debug mode and becomes Hi at the rising edge of the frame gate signal fgate.

  Similar to the first embodiment, the copy enable period setting circuit 20 generates a copy enable period signal Cokt that sets a copy enable period from the delayed frame gate signal fgate_R, the frame gate signal fgate, and the reset signal reset from the counter CN. To the copy restriction circuit 70.

  The copy limit circuit 70 receives the A register write data regAn_data, the frame gate signal fgate, the reset signal reset, and the debug copy number limit signal Ds from the AND circuit 72. The AND circuit 32 receives the write control signal regAn_wr. The write control signal regBn_wr delayed by a predetermined timing in the shift register 31 and the flag flg that is the output signal of the copy restriction circuit 70 are input, and the AND circuit 32 has the Hi signal when both the write control signal regBn_wr and the flag flg are Hi. The copy control signal regBn_ctl (see FIG. 17) is output to the selector SE of the inaccessible register group RBn.

  The copy restriction circuit 70 includes an XOR circuit 70a, an OR circuit 70b, an AND circuit 70c, an OR circuit 70d, and a flip-flop 70e. In the XOR circuit 70a, the A register write data regAn_data and the inaccessible register group RBn are written. B register write data regBn_data is input. The XOR circuit 70a performs XOR processing on the A register write data regAn_data and the B register write data regBn_data, and outputs a signal that becomes Hi to the OR circuit 70b when the two are different. Output signal is inverted and the frame gate signal fgate is inverted and the copy enable period signal Cokt from the copy enable period setting circuit 20 is input.

  The OR circuit 70b performs OCR processing of these inputs and outputs the processing result to the AND circuit 70c. The AND circuit 70c further outputs a flag flg as an output of the flip-flop 70e and the AND circuit 72 during debugging. A copy number limiting signal Ds is input. The AND circuit 70c performs an AND process on these inputs, and outputs a Hi signal to the OR circuit 70d when all the inputs are Hi, and the OR circuit 70d further receives a reset signal reset for initialization. Inverted input.

  If any of the inputs is Hi, the OR circuit 70d outputs a signal that becomes Hi to the flip-flop 70e. The flip-flop 70e holds the input from the OR circuit 70d, and the AND circuit 32 and the AND circuit 70c. Is output as a flag flg.

  The copy restriction circuit 70 is in the debug mode, and whether or not the A register write data regAn_data of the accessible register group RAn is copied to the inaccessible register group RBn as the B register write data regBn_data during the copy possible period. Hold. That is, the copy restriction circuit 70 outputs the A register write data regAn_data to the selector SE of the inaccessible register group RBn, and also uses the A register write data regAn_data and the B register write data regBn_data held by the inaccessible register group RBn. Based on the comparison result in 70a, the frame gate signal fgate, and the copy enable period signal Cokt from the copy enable period setting circuit 20, the A register write data is appropriately generated by the write control signal regAn_wr, that is, the write control signal regBn_wr, in the copy enable period. regAn_data is copied to the inaccessible register group RBn and A register write data regAn_data and B register are written It is determined whether the data regBn_data matches, and when the A register write data regAn_data is appropriately copied to the inaccessible register group RBn during the copyable period, the flip-flop 70e sets the flag flg output to the AND circuit 32 as Hi, and AND When the circuit 32 inputs the write control signal regBn_wr, the AND circuit 32 can output the Hi copy control signal regBn_ctl to the selector SE of the inaccessible register group RBn and copy the A register write data regAn_data to the inaccessible register group RBn. Is possible.

  In addition, when the write control signal regAn_wr (write control signal regBn_wr) is input in a period other than the copy enable period in the debug mode, the copy restriction circuit 70 receives the A register write data regAn_data and the B register write data regBn_data. In contrast, the flag flg output from the flip-flop 70e becomes Low, prohibiting the output of the copy control signal regBn_ctl from the AND circuit 32, and once the flag flg becomes Low, the output of the AND circuit 70c is always Low. Henceforth, until the reset signal reset resets the flip-flop 70e, the output of the copy control signal regBn_ctl from the AND circuit 32 is prohibited even during the normal copy available period.

  That is, when the reset signal reset is input, the copyable period setting circuit 70 of the copy control unit CSnc resets the flip-flop 70e, and the flag flg output to the AND circuit 32 and the AND circuit 70c becomes Hi. .

  In this state, as shown in FIG. 17, the copy control unit CSnc can perform copying in, for example, the register accessible period T1 among the register accessible periods T1, T2, T3... With the frame gate signal fgate being Low. A Hi copy enable period signal Cokt is input from the period setting circuit 20 to the copy enable period setting circuit 70 to enter a copy enable period. When the write control signal Bn_wr obtained by delaying the write control signal regAn_wr by the shift register 31 is input to the AND circuit 32 during this copy enabled period, the AND circuit 32 sends the copy control signal regBn_ctl to the selector SE of the inaccessible register group RBn. The selector SE copies the A register write data regAn_data input to the input terminal to the flip-flops FF1 to FFm, which are registers, as B register write data regBn_data. The inaccessible register group RBn outputs the B register write data regBn_data that is copied and held to the XOR circuit 40a of the copy restriction circuit 70, and the XOR circuit 40a outputs the B register write data regBn_data and the A register write data regAn_data. In comparison, when the B register write data regBn_data and the A register write data regAn_data are different, a signal that becomes Hi is output, and when it is the same, a signal that becomes Low is output.

  Then, when the copy restriction circuit 70 enables a single copy operation in the debug mode, it prohibits the subsequent copy operation.

  That is, as shown in FIG. 17, when the write control signal regAn_wr is input in the register copy enable period in which the first frame gate signal fgate is Low, the write is performed to the accessible register group RAn at the timing of the write control signal regAn_wr. The A register write data regAn_data thus copied is copied to the inaccessible register group RBn at the timing of the copy control signal regBn_wr generated from the write control signal regAn_wr in the shift register 31.

  When the debug mode signal debug_mode is Hi in the debug mode, when the frame gate signal fgate rises, the trigger generation circuit 71 outputs a signal that becomes Hi when the frame gate signal fgate rises to the AND circuit 72. 72 outputs the debug copy number limiting signal Ds to the AND circuit 70c of the copy limiting circuit 70 as shown in FIG.

  Therefore, as shown in FIG. 17, the flag flg is switched from Hi to Low, and the subsequent copy operation is prohibited.

  That is, for example, in the register accessible period T2 and the register accessible period T3 in FIG. 17, the copy control circuit 70 outputs the Low flag flg to the AND circuit 32. Therefore, the accessible register group RAn includes an A register. The write data regAn_data is written, but the AND circuit 32 does not output the copy control signal regBn_ctl to the inaccessible register group RBn as indicated by a broken line in FIG. As a result, the A register write data regAn_data of the accessible register group RAn is not copied to the inaccessible register group RBn.

  The copy restriction circuit 70 keeps this copy disabled state because the output of the flip-flop 70e is fed back to the AND circuit 70c and the flip-flop 70e keeps outputting a Low flag.

  As described above, the copy control unit CSnc of the ASIC 1 of the present embodiment performs a copy from the accessible register group RAn to the inaccessible register group RBn by the write control signal regAn_wr which is a copy instruction in the debug mode for monitoring the internal operation state. Is limited to a preset number of times (in the above example, once).

  Therefore, in order to set the register value again in debug mode, it is necessary to perform a hard reset, and in order to illegally obtain information related to the functional module Mn etc. that is a confidential circuit, A hard reset is required every time an action such as setting various registers on a trial basis is performed, and it is possible to increase the trouble for the illegal action and further protect the confidentiality of the internal information of the ASIC 1.

  The invention made by the present inventor has been specifically described based on the preferred embodiments. However, the present invention is not limited to the above, and various modifications can be made without departing from the scope of the invention. Needless to say.

  The present invention can be used for a semiconductor integrated circuit such as an ASIC that protects circuit configuration and program security, a security protection method, a security program, and a recording medium.

1 is a block configuration diagram of an ASIC and peripheral circuits to which a first embodiment of the present invention is applied. FIG. The circuit block block diagram of ASIC of FIG. FIG. 3 is a main circuit block configuration diagram of FIG. 2. FIG. 4 is a detailed circuit configuration diagram of a copy control unit and an inaccessible register group in FIGS. 2 and 3; The timing diagram of the signal of each part of FIG. The figure which shows the example of the other timing period of the copy possible period of FIG. The figure which shows the example of the further another timing period of the copy possible period of FIG. The detailed circuit block diagram of the copy control part of the ASIC and the inaccessible register group to which the second embodiment of the present invention is applied. FIG. 9 is a timing diagram of signals at various parts in FIG. 8. The principal part circuit block diagram of ASIC to which 3rd Example of this invention is applied. The figure which shows an example of the comparison result stored in the register | resistor of the register | resistor comparison part of FIG. FIG. 11 is a detailed circuit block configuration diagram of the functional module of FIG. 10. FIG. 11 is a diagram illustrating a register address of the register group in FIG. 10, a confirmation register address for confirming a comparison result of register values of the register group and the inaccessible register group, and a bit value in which the value is stored. The principal part circuit block diagram of ASIC to which 4th Example of this invention is applied. The principal part circuit block diagram of another ASIC to which the 4th example of the present invention is applied. The principal part circuit block diagram of the copy control part of ASIC to which 5th Example of this invention is applied. FIG. 17 is a timing diagram of signals of each unit of the copy control unit in FIG. 16.

Explanation of symbols

1 ASIC
2 CPU
3 Debugging Device 11 Register Unit 12 Debug I / F
M1 to Mn function module CSn copy control unit RBn inaccessible register group DR decoder RA1 to RAn accessible register group addr address signal wr write control signal rd read control signal w_data write data CN counter fgate frame gate signal fgate_R delayed frame gate signal regAn_data A Register write data regAn_wr Write control signal reset Reset signal 20 Copyable period setting circuit 21, 22 Trigger generation circuit 21a, 22a Flip-flop 21b, 22b NOT circuit 21c, 22c NOR circuit 23 Combination circuit 23a NOR circuit 23b OR circuit 23c AND circuit 23d Flip-flop 23e NOT circuit 23f NOR circuit 31 Register 32 AND circuit SE selector FF1 to FFm flip-flop regBn_ctl copy control signal TR copy permission trigger CSnb copy control unit 40 erroneous timing detection circuit Cokt copy enable period signal 40a XOR circuit 40b OR circuit 40c AND circuit 40d OR circuit 40e flip-flop 50 ASIC
51 Register Comparison Unit 52 Comparison Unit 53 Register 55 Selection Unit Mns1-Mnsm Child Functional Module MSEn Selector KMSEa, KMSEb Selector 60 Register Comparison Unit 61 Register Comparison Unit 62 Comparison Unit 63 Register Ar1-Arm Child Module Registers Br1-Brm Child Module Register group 61aa to 61ma AND circuit group 61ab to 61mb Total AND circuit hr1 to hrm Comparison value register 65 Register comparison unit 66 Comparison unit 67 Register SK selection circuit CSnc Copy control unit 70 Copy restriction circuit 70a XOR circuit 70b OR circuit 70c AND circuit 70d OR circuit 70e flip-flop 71 trigger generation circuit 71a flip-flop 71b NOT circuit 71c NOR circuit 72 AND circuit Ds debug The number of copies limited signal

Claims (12)

A functional module that executes various data processing;
An externally inaccessible register group having a plurality of registers in which register values to be referred to by the functional module are set and inaccessible from the outside;
An externally accessible register group having a register corresponding to each register of the externally inaccessible register group and having a register value set from the outside;
Copy having a function of copying the register value set in the external accessible register group to the external inaccessible register group in accordance with an external copy instruction and prohibiting the copy in accordance with an input signal A copy control means for performing a restriction process ,
The copy control means is a period of time during which a frame gate signal indicating the operating state of the functional module indicates a non-operating state of the functional module and is generated based on a signal obtained by delaying the frame gate signal A semiconductor integrated circuit , wherein copying to the inaccessible register group is prohibited in a period other than a copy enable period determined based on a trigger timing . In the semiconductor integrated circuit, the functional module has a plurality of child functional modules, and the externally accessible register group and the externally inaccessible register group each have a predetermined number of registers corresponding to the child functional modules. ,
Claims wherein the copy control means, of the plurality herring function module, only for the external inaccessible registers that correspond to a predetermined child function module that requires confidentiality, and performs the copy restriction process Item 14. A semiconductor integrated circuit according to Item 1.   3. The copy control unit according to claim 1, wherein when the copy instruction is in a period other than the copy available period, the copy control unit prohibits the copy by all copy instructions after the copy instruction. Semiconductor integrated circuit.   The semiconductor integrated circuit includes a comparison unit that compares a register value of the externally accessible register group and a register value of the externally inaccessible register group, and a comparison result holding unit that holds a comparison result by the comparison unit so that the comparison result can be read from the outside. The semiconductor integrated circuit according to claim 1, further comprising:   In the semiconductor integrated circuit, the functional module has a plurality of child functional modules, and the externally accessible register group and the externally inaccessible register group each have a predetermined number of registers corresponding to the child functional modules. An externally accessible register group and a child externally inaccessible register group are included, and the comparison result holding unit holds the comparison result of the comparing unit in units of the child externally accessible register group and the child externally inaccessible register group. 5. The semiconductor integrated circuit according to claim 4, wherein:   In the semiconductor integrated circuit, the functional module has a plurality of child functional modules, and the externally accessible register group and the externally inaccessible register group each have a predetermined number of registers corresponding to the child functional modules. An externally accessible register group and a child externally inaccessible register group, and the comparing means compares register values of corresponding registers of the child externally accessible register group and the child externally inaccessible register group, and The result holding means holds a comparison result in register units of the child external accessible register group and the external inaccessible register group corresponding to an arbitrary child functional module among the plurality of child functional modules. Item 5. The semiconductor integrated circuit according to Item 4.   The copy control means, in a debug mode for monitoring an internal operation state, restricts copying from the externally accessible register group to the externally inaccessible register group by the copy instruction to a preset number of times. The semiconductor integrated circuit according to claim 1.   This is a security protection method for protecting the security of a semiconductor integrated circuit equipped with a functional module that executes various data processing according to the register value set in the register, and is a register of an externally accessible register group that can be accessed from the outside. The function module directly refers to the register value setting processing for setting the register value for operating the function module and the register value set in the register of the externally accessible register group in response to an external copy instruction. A copy process for copying to a register of an externally inaccessible register group that operates as an externally inaccessible group, and a copy control process for prohibiting the copy process when the copy instruction is in a period other than a predetermined copyable period; A security method characterized in that:   9. The security method according to claim 8, wherein, in the copy control process, when the copy instruction is in a period other than the copy available period, the copy according to all copy instructions after the copy instruction is prohibited. The security method described.   The security method includes a comparison process for comparing register values of the externally accessible register group and the externally inaccessible register group, a comparison result holding process for holding a comparison result in the comparison process so that the comparison result can be read from the outside, and The security method according to claim 8 or 9, characterized in that: A security protection program for protecting the security of a semiconductor integrated circuit equipped with a functional module that executes various data processing according to a register value set in a register,
A register value setting processing step for setting a register value for operating the functional module in a register of an externally accessible register group that can be accessed from the outside;
In response to a copy instruction from the outside, the function module directly refers to the register value set in the register of the externally accessible register group and copies it to the register of the externally inaccessible register group that cannot be accessed externally. A copy processing step;
A copy control processing step for prohibiting the copy process when the copy instruction is in a period other than the copy available period determined according to the input signal ;
The copy permission period is a period in which a frame gate signal indicating an operation state of the functional module indicates a non-operation state of the functional module, and a copy permission generated based on a signal obtained by delaying the frame gate signal A security program characterized by a period determined based on a trigger timing .   A computer-readable recording medium on which the security program according to claim 11 is recorded.

Images