JP5356583B2 - Semiconductor memory device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To obtain a semiconductor memory device with a higher level of security than ever before. <P>SOLUTION: An address generation part 9 generates a second address in a second normal area 22B based on a first address corresponding to the second normal area 22B when access to a first normal area 22A is determined to be normal based on a result of determination by a determination part 7. However, when the access to the first normal area 22A is determined to be illegal, the address generation part 9 does not generate the second address in the second normal area 22B based on the first address corresponding to the second normal area 22B. <P>COPYRIGHT: (C)2013,JPO&amp;INPIT

Description

  The present invention relates to a semiconductor memory device.

  An information processing apparatus in which data stored in a semiconductor memory can be used by an external device by detachably connecting a memory card on which the semiconductor memory is mounted to an external device such as a host computer has been put into practical use. .

  Some of such memory cards are equipped with a specific security technology in order to prevent unauthorized copying of data stored in a semiconductor memory. For example, in Patent Document 1 below, a semiconductor memory in which encrypted data is stored, a detection unit that outputs predetermined key data when addresses are input to the semiconductor memory in a specific order, and reading from the semiconductor memory A semiconductor memory device including a data conversion unit that decrypts the data using the key data is disclosed.

JP-A-9-106690

  However, in the semiconductor memory device disclosed in Patent Document 1, there is a possibility that the encryption may be decrypted by analyzing a large number of samples, and there is no restriction on the entire area of the semiconductor memory from the external device. Is accessible. For this reason, once the encryption is decrypted, all data stored in the semiconductor memory is illegally decrypted, so that the security is not sufficient.

  The present invention has been made in view of the above circumstances, and an object of the present invention is to obtain a semiconductor memory device with improved security compared to the prior art.

A semiconductor memory device according to the present invention generates a second address in the memory unit based on a memory unit having at least a first partial region and a second partial region and a first address in a command input from an external device. Based on the result of analysis by the analysis unit, the analysis unit for analyzing the transition history of at least one of the command type and the first address in the command, and the access to the memory unit is normal A determination unit configured to determine whether the second partial area is valid when access to the first partial area is normal based on a result of determination by the determination unit. When the second address in the second partial area is generated based on the first address corresponding to the area, while access to the first partial area is illegal , Wherein corresponding to the second partial region without generating the second address of the second partial region on the basis of the first address, the address generator accesses to the first partial region is completed After the shift to the access to the second partial area, the second address in the first partial area is not generated based on the first address corresponding to the first partial area. is there.

According to the semiconductor memory device of the present invention, the memory unit has at least a first partial region and a second partial region. Then, when the access to the first partial area is illegal, the address generation unit does not generate the second address in the second partial area based on the first address corresponding to the second partial area. As a result, since the external device cannot access the second partial area of the memory unit, it is avoided that highly confidential data stored in the second partial area is read out by unauthorized access. it can. As a result, it is possible to improve security as compared to the case where access to the first partial area and access to the second partial area are permitted at the same time.

In addition, according to the semiconductor memory device of the present invention, the address generator, after completing the access to the first partial area and shifting to the access to the second partial area, corresponds to the first partial area. The second address in the first partial area is not generated based on one address. Accordingly, after the access to the first partial area is completed and the access to the second partial area is completed, the first partial area of the memory unit cannot be accessed from the external device. It is possible to prevent the highly confidential data stored in the memory from being read out by unauthorized access.

1 is a block diagram showing a configuration of a semiconductor memory device according to a first embodiment of the present invention. It is a figure which shows the structure of a memory part. It is a figure which shows the data storage area which a determination part has. It is a figure which shows the memory map which a memory map change part has. It is a figure which shows the condition of the memory part visible from an external apparatus. It is a figure which shows the condition of the memory part visible from an external apparatus. It is a block diagram which shows the structure of the semiconductor memory device concerning Embodiment 2 of this invention. It is a figure which shows the data storage area which a determination part has. It is a block diagram which shows the structure of the semiconductor memory device concerning Embodiment 3 of this invention. It is a figure which shows the data storage area which a determination part has. It is a figure which shows the structure of a memory part regarding the 1st modification. It is a figure which shows the memory map which a memory map change part has about the 1st modification. It is a figure which shows the data storage area which a determination part has regarding the 2nd modification. It is a figure which shows the data storage area which a determination part has regarding the 3rd modification. It is a figure which shows the data storage area which a determination part has regarding the 4th modification. It is a figure which shows the data storage area which a determination part has regarding the 5th modification. It is a figure which shows the normal area of a memory part regarding the 6th modification. It is a figure which shows the normal area of a memory part regarding the 7th modification. It is a figure which shows a memory part regarding the 7th modification.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In addition, the element which attached | subjected the same code | symbol in different drawing shall show the same or corresponding element.

Embodiment 1 FIG.
FIG. 1 is a block diagram showing a configuration of a semiconductor memory device 1A according to Embodiment 1 of the present invention. The semiconductor memory device 1A is a memory card, for example, and can be detachably connected to an external device 10 such as a host computer.

  As shown in FIG. 1, the semiconductor memory device 1A includes an input / output unit 2, a command analysis unit 3, a command execution unit 4, a memory unit 5, an analysis unit 6A, a determination unit 7, and a memory map change unit 8. ing. The memory unit 5 is a semiconductor memory such as a ROM, a RAM, or a flash memory. The command execution unit 4 has an address generation unit 9. The determination unit 7 has a data storage area 11. In the example shown in FIG. 1, the data storage area 11 is configured as a part of the memory unit 5. However, the data storage area 11 may be provided outside the memory unit 5.

  FIG. 2 is a diagram illustrating a configuration of the memory unit 5. As shown in FIG. 2, the memory unit 5 has a common area 21, a normal area 22, and a dummy area 23. The normal area 22 stores highly confidential data. The common area 21 stores data that is less confidential than the data stored in the normal area 22, for example, data necessary for the activation process. In the dummy area 23, dummy data is stored. The dummy data is a trap code or a program or data for giving a warning to an unauthorized access to a user. For example, image data or audio data such as “This access is illegal” or “This memory has been illegally copied” is stored in the dummy area 23.

  For simplification of explanation, in the example shown in FIG. 2, the common area 21 is an area of physical addresses B100 to B199, the normal area 22 is an area of physical addresses B200 to B299, and the dummy area 23 is a physical address B300. It is the area | region of -B399.

  Hereinafter, the operation of the semiconductor memory device 1A will be described.

  Referring to FIG. 1, command S <b> 1 is input to command analysis unit 3 from external device 10 via input / output unit 2. The command analysis unit 3 analyzes the contents of the input command S1, and outputs a command type S2 and a logical address S3. Here, the command type means the type of instruction such as read, write, and mode change. Further, for example, there are a plurality of types of leads, such as lead 0, lead 1, and lead 2, and these are also distinguished by command types. The command type S2 and the logical address S3 are input to the command execution unit 4. The logical address S3 is input to the analysis unit 6A.

  The analysis unit 6A analyzes a past access pattern from the external device 10 to the memory unit 5. Specifically, in the semiconductor memory device 1A according to the first embodiment, the analysis unit 6A analyzes the transition history of the logical address S3. Data S4 related to the result of analysis by the analysis unit 6A is input to the determination unit 7.

  The determination unit 7 determines whether access from the external device 10 to the memory unit 5 is normal or unauthorized based on the data S4. Specifically, it is as follows.

  FIG. 3 is a diagram illustrating the data storage area 11 included in the determination unit 7. The data storage area 11 stores sample data S9A. The sample data S9A is data related to the transition history of the logical address S3 when the external device 10 normally accesses the memory unit 5. The target application is operated in advance to normally access the memory unit 5 from the external device 10, and the transition history of the logical address S3 at that time is analyzed. At least a part of the obtained analysis result (particularly a part other than the sequential access) is stored in advance in the data storage area 11 as sample data S9A.

  The determination unit 7 compares the transition history (data S4) input from the analysis unit 6A with the transition history (sample data S9A) read from the data storage area 11, and the transition history given by the data S4 is sample data. If it matches a part of the transition history given in S9A, it is determined that the access from the external device 10 to the memory unit 5 is normal. On the other hand, when the transition history given by the data S4 does not match any of the transition histories given by the sample data S9A, the determination unit 7 determines that the access from the external device 10 to the memory unit 5 is illegal. To do.

  Specifically, an example will be described with reference to FIG. Here, it is assumed that the common area 21 is first accessed and then the normal area 22 or the dummy area 23 is accessed. In normal access from the external device 10 to the common area 21, for example, it is assumed that access is performed in the order of “logical address A100 → A199 → A101”. In this case, data specifying the order of “logical addresses A100 → A199 → A101” is stored in advance in the data storage area 11 as sample data S9A.

  In the actual operation, when the access is normal, the external device 10 accesses the common area 21 in the order of “logical address A100 → A199 → A101”. In this case, since the transition history given by the data S4 and the transition history given by the sample data S9A match each other, the determination unit 7 determines that access from the external device 10 to the memory unit 5 is normal.

  On the other hand, in the actual operation, it is assumed that the sequential access of “logical address A100 → A101 →... → A199” is performed from the external device 10 to the common area 21. In this case, since the transition history given by the data S4 and the transition history given by the sample data S9A do not match each other, the determination unit 7 determines that access from the external device 10 to the memory unit 5 is illegal.

  Referring to FIG. 1, data S <b> 5 regarding the result of determination by determination unit 7 is input to memory map change unit 8.

  FIG. 4 is a diagram showing the memory maps 30A and 30B included in the memory map changing unit 8. As shown in FIG. 4, the memory map changing unit 8 has two memory maps 30A and 30B. Based on the data S5 input from the determination unit 7, one of the memory maps 30A and 30B is used as data S6. This is provided to the command execution unit 4 (specifically, the address generation unit 9).

  The memory map 30 </ b> A is a memory map for correctly converting the logical address corresponding to the normal area 22 shown in FIG. 2 into a physical address in the normal area 22. For example, as shown in FIG. 4, the logical address A200 indicating the start address of the normal area 22 is correctly converted to the physical address B200 that is the start address in the normal area 22.

  On the other hand, the memory map 30B is a memory map for converting the logical address corresponding to the normal area 22 shown in FIG. 2 into a physical address in the dummy area 23 instead of the normal area 22. For example, as shown in FIG. 4, the logical address A200 indicating the head address of the normal area 22 is converted into a physical address B300 which is the head address in the dummy area 23.

  Referring to FIG. 1, memory map changing unit 8 selects memory map 30 </ b> A when access from external device 10 to memory unit 5 is normal based on data S <b> 5 input from determination unit 7. If the access from the external device 10 to the memory unit 5 is illegal, the memory map 30B is selected and provided to the command execution unit 4.

  The address generation unit 9 performs address conversion (so-called logical-physical conversion) on the logical address S3 input from the command analysis unit 3 based on the memory map 30A or the memory map 30B input from the memory map change unit 8. A physical address S7 in the memory unit 7 is generated.

  5 and 6 are diagrams illustrating the state of the memory unit 5 as seen from the external device 10. When the memory map 30 </ b> A is provided to the address generation unit 9 (that is, when the access is normal), the external device 10 can access the common area 21 and the normal area 22 as shown in FIG. 5. In this case, referring to FIG. 1, desired data (data S8) in the common area 21 or the normal area 22 is read from the memory unit 5 and transmitted to the external device 10 via the input / output unit 2. .

  On the other hand, when the memory map 30B is provided to the address generation unit 9 (that is, when access is illegal), the external device 10 can access the common area 21 and the dummy area 23 as shown in FIG. However, the normal area 22 cannot be accessed. In this case, referring to FIG. 1, the desired data in the common area 21 or the dummy data (data S8) in the dummy area 23 is read from the memory unit 5 and sent to the external device 10 via the input / output unit 2. Sent.

  As described above, according to the semiconductor memory device 1A according to the first embodiment, the determination unit 7 determines whether the access to the memory unit 5 is normal or illegal based on the transition history of the logical address S3. To do. When the access to the memory unit 5 is illegal, the memory map changing unit 8 converts the memory map 30B that does not convert the logical address corresponding to the normal area 22 into the physical address in the normal area 22, and the address generation unit 9 to provide. As a result, when the access is illegal, the normal area 22 of the memory unit 5 cannot be accessed from the external device 10 as shown in FIG. Can be prevented from being read out of the memory unit 5 by unauthorized access.

  Further, according to the semiconductor memory device 1A according to the first embodiment, as shown in FIG. 3, sample data S9A relating to the transition history of the logical address when the memory unit 5 is normally accessed is created in advance. Are stored in the data storage area 11 in advance. Therefore, by comparing the sample data S9A and the transition history (data S4) of the logical address analyzed by the analyzing unit 6A during the actual memory operation, the access to the memory unit 5 is normal or illegal. Can be determined easily and accurately.

  Furthermore, according to the semiconductor memory device 1A according to the first embodiment, dummy data is stored in the dummy area 23 (see FIG. 2) of the memory unit 5. When the access to the memory unit 5 is illegal, the logical address corresponding to the normal area 22 is converted into a physical address in the dummy area. Therefore, when the access is illegal, dummy data is read from the memory unit 5 and transmitted to the external device 10, so that it is possible to effectively hinder the decryption process and the like by the unauthorized accessor. In addition, when the dummy data is warning data for unauthorized access, the warning data is displayed on the screen or by voice output in the external device 10, thereby increasing the deterrence against unauthorized access.

Embodiment 2. FIG.
FIG. 7 is a block diagram showing a configuration of the semiconductor memory device 1B according to the second embodiment of the present invention. The semiconductor storage device 1B includes an analysis unit 6B instead of the analysis unit 6A in the semiconductor storage device 1A shown in FIG. Other configurations are the same.

  The command type S2 output from the command analysis unit 3 is input to the analysis unit 6B. The analysis unit 6B analyzes a past access pattern from the external device 10 to the memory unit 5. Specifically, in the semiconductor memory device 1B according to the second embodiment, the analysis unit 6B analyzes the transition history of the command type S2. Data S4 related to the result of analysis by the analysis unit 6B is input to the determination unit 7.

  The determination unit 7 determines whether access from the external device 10 to the memory unit 5 is normal or unauthorized based on the data S4. Specifically, it is as follows.

  FIG. 8 is a diagram illustrating the data storage area 11 included in the determination unit 7. In the data storage area 11, sample data S9B is stored. The sample data S9B is data related to the transition history of the command type S2 when the external device 10 normally accesses the memory unit 5. The target application is operated in advance to normally access the memory unit 5 from the external device 10, and the transition history of the command type S2 at that time is analyzed. At least a part of the obtained analysis result (particularly a part other than the sequential access) is stored in advance in the data storage area 11 as sample data S9B.

  The determination unit 7 compares the transition history (data S4) input from the analysis unit 6B with the transition history (sample data S9B) read from the data storage area 11, and the transition history given by the data S4 is the sample data. If it matches a part of the transition history given in S9B, it is determined that access from the external device 10 to the memory unit 5 is normal. On the other hand, when the transition history given by the data S4 does not match any of the transition histories given by the sample data S9B, the determination unit 7 determines that the access from the external device 10 to the memory unit 5 is illegal. To do.

  Referring to FIG. 7, data S <b> 5 related to the result of determination by determination unit 7 is input to memory map change unit 8. Since the subsequent operation is the same as that of the first embodiment, description thereof is omitted.

  As described above, according to the semiconductor memory device 1B according to the second embodiment, the determination unit 7 determines whether the access to the memory unit 5 is normal or illegal based on the transition history of the command type S2. To do. Similarly to the first embodiment, the memory map changing unit 8 converts the logical address corresponding to the normal area 22 into a physical address in the normal area 22 when the access to the memory unit 5 is illegal. The memory map 30B that is not to be provided is provided to the address generator 9. As a result, when the access is illegal, the normal area 22 of the memory unit 5 cannot be accessed from the external device 10 as shown in FIG. Can be prevented from being read out of the memory unit 5 by unauthorized access.

  Further, according to the semiconductor memory device 1B according to the second embodiment, as shown in FIG. 8, sample data S9B related to the transition history of the command type when the memory unit 5 is normally accessed is created in advance. Are stored in the data storage area 11 in advance. Therefore, by comparing the sample data S9B with the transition history (data S4) of the command type analyzed by the analysis unit 6B during actual memory operation, the access to the memory unit 5 is normal or illegal. Can be determined easily and accurately.

Embodiment 3 FIG.
FIG. 9 is a block diagram showing a configuration of a semiconductor memory device 1C according to the third embodiment of the present invention. The semiconductor storage device 1C includes an analysis unit 6C instead of the analysis unit 6A in the semiconductor storage device 1A shown in FIG. Other configurations are the same.

  The command type S2 and logical address S3 output from the command analysis unit 3 are input to the analysis unit 6C. The analysis unit 6C analyzes a past access pattern from the external device 10 to the memory unit 5. Specifically, in the semiconductor memory device 1C according to the third embodiment, the analysis unit 6C analyzes the transition history of both the command type S2 and the logical address S3. Data S4 related to the result of analysis by the analysis unit 6C is input to the determination unit 7.

  The determination unit 7 determines whether access from the external device 10 to the memory unit 5 is normal or unauthorized based on the data S4. Specifically, it is as follows.

  FIG. 10 is a diagram illustrating the data storage area 11 included in the determination unit 7. In the data storage area 11, sample data S9C is stored. The sample data S9C is data relating to the transition history of both the command type S2 and the logical address S3 when the external device 10 normally accesses the memory unit 5. The target application is operated in advance to normally access the memory unit 5 from the external device 10, and the transition history of both the command type S2 and the logical address S3 at that time is analyzed. Then, at least a part of the obtained analysis result (particularly a part other than the sequential access) is stored in advance in the data storage area 11 as sample data S9C.

  The determination unit 7 compares the transition history (data S4) input from the analysis unit 6C with the transition history (sample data S9C) read from the data storage area 11, and the transition history given by the data S4 is the sample data If it matches a part of the transition history given in S9C, it is determined that the access from the external device 10 to the memory unit 5 is normal. On the other hand, when the transition history given by the data S4 does not match any of the transition histories given by the sample data S9C, the determination unit 7 determines that the access from the external device 10 to the memory unit 5 is illegal. To do.

  Referring to FIG. 9, data S <b> 5 regarding the result of determination by determination unit 7 is input to memory map change unit 8. Since the subsequent operation is the same as that of the first embodiment, description thereof is omitted.

  As described above, according to the semiconductor memory device 1C according to the third embodiment, the determination unit 7 determines whether the access to the memory unit 5 is normal based on the transition history of both the command type S2 and the logical address S3. Determine if it is illegal. Similarly to the first embodiment, the memory map changing unit 8 converts the logical address corresponding to the normal area 22 into a physical address in the normal area 22 when the access to the memory unit 5 is illegal. The memory map 30B that is not to be provided is provided to the address generator 9. As a result, when the access is illegal, the normal area 22 of the memory unit 5 cannot be accessed from the external device 10 as shown in FIG. Can be prevented from being read out of the memory unit 5 by unauthorized access. Moreover, according to the semiconductor memory device 1C according to the third embodiment, since the determination in the determination unit 7 is performed based on the transition history of both the command type and the logical address, as in the first and second embodiments. Compared with the case where the determination is performed using only one of them, the reliability of the determination can be improved.

  Further, according to the semiconductor memory device 1C according to the third embodiment, as shown in FIG. 10, the sample data S9C regarding the transition history of both the command type and the logical address when the memory unit 5 is normally accessed is stored. Are created in advance and stored in the data storage area 11 in advance. Therefore, by comparing the sample data S9C with the transition history (data S4) of both the command type and the logical address analyzed by the analysis unit 6C during the actual memory operation, the access to the memory unit 5 is normal. It is possible to easily and accurately determine whether there is a fraud.

Modified example.
Hereinafter, modified examples of the first to third embodiments will be described. Hereinafter, a modified example based on the first embodiment will be described, but the same modified example can be applied to the second and third embodiments.

First modification.
FIG. 11 is a diagram illustrating a configuration of the memory unit 5 in the first modification. In the first modification, the dummy area 23 shown in FIG. 2 is omitted.

  FIG. 12 is a diagram illustrating the memory maps 30A and 30C included in the memory map change unit 8 with respect to the first modification. As shown in FIG. 12, the memory map changing unit 8 has two memory maps 30A and 30C, and one of the memory maps 30A and 30C is set as data S6 based on the data S5 input from the determination unit 7. This is provided to the command execution unit 4 (specifically, the address generation unit 9).

  The memory map 30A shown in FIG. 12 is the same as the memory map 30A shown in FIG. The memory map 30 </ b> C is a memory map for converting a logical address corresponding to the normal area 22 shown in FIG. 11 into a physical address in the common area 21 instead of the normal area 22. For example, as shown in FIG. 12, the logical address A200 indicating the head address of the normal area 22 is converted into a physical address B100 that is the head address in the common area 21.

  When the access from the external device 10 to the memory unit 5 is normal based on the data S5 input from the determination unit 7, the memory map change unit 8 selects the memory map 30A and sends it to the command execution unit 4. On the other hand, if the access from the external device 10 to the memory unit 5 is illegal, the memory map 30C is selected and provided to the command execution unit 4.

  As described above, according to the first modification, when the access to the memory unit 5 is illegal, the logical address corresponding to the normal area 22 is converted into the physical address in the common area 21. Therefore, when access to the memory unit 5 is illegal, data with low confidentiality stored in the common area 21 is read from the memory unit 5 and transmitted to the external device 10, so that an unauthorized access person It is possible to effectively interfere with the decryption process and the like.

Second modification.
FIG. 13 is a diagram illustrating the data storage area 11 included in the determination unit 7 with respect to the second modification. In the data storage area 11, sample data S9D is stored instead of the sample data S9A shown in FIG. The sample data S9D is data related to the transition history of the logical address S3 when the external device 10 accesses the memory unit 5 with an artificial access pattern. An artificial access pattern is arbitrarily determined in advance, and the external device 10 accesses the memory unit 5 with the artificial access pattern within a predetermined period during the operation of the target application (for example, within the activation process period). The transition history of the logical address S3 at that time is analyzed. At least a part of the obtained analysis result (particularly a part other than the sequential access) is stored in advance in the data storage area 11 as sample data S9D.

  During the actual memory operation, the memory unit 5 is accessed by a predetermined artificial access pattern within the predetermined period (in this example, the activation process period). Then, the transition history of the logical address S3 is analyzed by the analysis unit 6A, and data S4 related to the analysis result is input to the determination unit 7.

  The determination unit 7 compares the transition history (data S4) input from the analysis unit 6A with the transition history (sample data S9D) read from the data storage area 11, and the transition history given by the data S4 is the sample data. If it matches the transition history given in S9D, it is determined that access from the external device 10 to the memory unit 5 is normal. On the other hand, when the transition history given by the data S4 does not match the transition history given by the sample data S9D, the determination unit 7 determines that access from the external device 10 to the memory unit 5 is illegal.

  As described above, according to the second modification, the sample data S9D relating to the transition history of the logical address when the memory unit 5 is accessed with the artificial access pattern is created in advance and stored in the data storage area 11 in advance. ing. Therefore, by comparing the sample data S9D with the transition history of the logical address analyzed by the analyzing unit 6A when the memory unit 5 is accessed by the artificial access pattern, the data to the memory unit 5 is compared. It is possible to easily and accurately determine whether the access is normal or unauthorized.

Third modification.
FIG. 14 is a diagram illustrating the data storage area 11 included in the determination unit 7 with respect to the third modification. In the data storage area 11, sample data S9E is stored instead of the sample data S9A shown in FIG. The sample data S9E is data related to the transition history of the logical address S3 when the external device 10 accesses the memory unit 5 during the startup process of the external device 10. Since the access pattern to the memory unit 5 executed during the startup process of the external device 10 is fixed, the transition history of the corresponding logical address S3 can be predicted by analyzing the access pattern. Therefore, at least a part of the transition history of the predicted logical address S3 (particularly a part other than the sequential access) is stored in advance in the data storage area 11 as sample data S9E.

  During actual memory operation, the external device 10 is accessed from the external device 10 according to the fixed access pattern during the startup process of the external device 10. Then, the transition history of the logical address S3 is analyzed by the analysis unit 6A, and data S4 related to the analysis result is input to the determination unit 7.

  The determination unit 7 compares the transition history (data S4) input from the analysis unit 6A with the transition history (sample data S9E) read from the data storage area 11, and the transition history given by the data S4 is the sample data. If the transition history given in S9E matches, it is determined that access from the external device 10 to the memory unit 5 is normal. On the other hand, when the transition history given by the data S4 does not match the transition history given by the sample data S9E, the determination unit 7 determines that access from the external device 10 to the memory unit 5 is illegal.

  As described above, according to the third modified example, the sample data S9E related to the transition history of the logical address S3 when the external device 10 accesses the memory unit 5 when the external device 10 is started is created in advance, and the data is stored in advance. Stored in area 11. Therefore, the sample data S9E is compared with the transition history of the logical address S3 analyzed by the analysis unit 6A when the external device 10 accesses the memory unit 5 when the external device 10 is started up, thereby transferring the data to the memory unit 5. It is possible to easily and accurately determine whether the access is normal or illegal.

Fourth modification.
FIG. 15 is a diagram illustrating the data storage area 11 included in the determination unit 7 with respect to the fourth modification. In the data storage area 11, a plurality of (two in the example shown in FIG. 15) sample data S9A1 and S9A2 similar to the sample data S9A shown in FIG. 3 are stored. Both the sample data S9A1 and S9A2 are data related to the transition history of the logical address S3 when the external device 10 normally accesses the memory unit 5 as in the sample data S9A. The target application is operated in advance to normally access the memory unit 5 from the external device 10, and the transition history of the logical address S3 at that time is analyzed. Then, different portions (particularly portions other than the sequential access) of the obtained analysis results are extracted as sample data S9A1 and S9A2 and stored in the data storage area 11 in advance.

  The determination unit 7 compares the transition history (data S4) input from the analysis unit 6A and the transition history (sample data S9A1, S9A2) read from the data storage area 11, and the transition history given by the data S4 is If the transition history given by the sample data S9A1 or the sample data S9A2 matches, it is determined that the access from the external device 10 to the memory unit 5 is normal. On the other hand, when the transition history given by the data S4 does not match any of the transition histories given by the sample data S9A1 and S9A2, the determination unit 7 has an illegal access from the external device 10 to the memory unit 5. Is determined.

  The fourth modification can be applied not only to the sample data S9A but also to the other sample data S9B to S9E.

  Thus, according to the fourth modification, by preparing a plurality of sample data S9A1 and S9A2, the determination unit 7 uses appropriate sample data S9A1 and S9A2 according to the progress of the program and the like. Comparison with data S4 can be performed. As a result, it is possible to more accurately determine whether the access to the memory unit 5 is normal or illegal.

Fifth modification.
FIG. 16 is a diagram illustrating the data storage area 11 included in the determination unit 7 with respect to the fifth modification. Data S9F is stored in the data storage area 11 instead of the sample data S9A shown in FIG. Data S9F is data related to the maximum value of sequential access when the memory unit 5 is normally accessed. The target application is operated in advance to normally access the memory unit 5 from the external device 10, and the maximum value of sequential access at that time (that is, the maximum value of the number of consecutive logical addresses S3) is analyzed. Then, the maximum value obtained by the analysis is stored in advance in the data storage area 11 as data S9F.

  During the actual memory operation, the external device 10 accesses the memory unit 5 and the analysis unit 6A analyzes the maximum sequential access value for the logical address S3 input from the command analysis unit 3. Then, data S4 regarding the result of the analysis is input to the determination unit 7.

  The determination unit 7 compares the data S4 input from the analysis unit 6A with the data S9F read from the data storage area 11. When the maximum value given by the data S4 is equal to or less than the maximum value given by the data S9F, it is determined that the access to the memory unit 5 is normal. On the other hand, when the maximum value given by the data S4 exceeds the maximum value given by the data S9F, it is determined that access to the memory unit 5 is illegal.

  As described above, according to the fifth modification, the maximum value of sequential access when the memory unit 5 is normally accessed is obtained in advance, and the data S9F related to the maximum value is stored in the data storage area 11 in advance. ing. Accordingly, when the number of sequential accesses to the memory unit 5 exceeds the maximum value (data S9F) during actual memory operation, the memory unit 5 is determined by determining that the access to the memory unit 5 is illegal. It is possible to easily and accurately determine whether access to is normal or illegal. In particular, since an unauthorized access person often accesses the memory unit 5 by sequential access, the effect is large in such a case.

Sixth modification.
FIG. 17 is a diagram illustrating a normal area 22 of the memory unit 5 with respect to the sixth modification. The normal area 22 shown in FIG. 2 is divided into a plurality of areas (three in the example shown in FIG. 17) to define normal areas 22A to 22C. For convenience of explanation, it is assumed that access from the external device 10 proceeds in the order of normal areas 22A → 22B → 22C.

  In the first embodiment, when the access from the external device 10 to the common area 21 is normal, the entire area of the normal area 22 can be accessed from the external device 10, but in the sixth modification example, Instead, the following processing is performed.

  First, while the external device 10 is accessing the common area 21, it is determined whether the access is normal or illegal by the above-described arbitrary method. As a result of the determination, if the access is normal, only the normal area 22A in all the normal areas 22 can be accessed from the external device 10. That is, the address generation unit 9 is allowed to generate a physical address in the normal area 22A based on the logical address corresponding to the normal area 22A. On the other hand, if the access is illegal as a result of the determination, access from the external device 10 to the normal area 22A is not permitted. That is, the generation of the physical address in the normal area 22A based on the logical address corresponding to the normal area 22A is not permitted to the address generation unit 9. In this case, as described above, not the normal area 22 but the dummy area 23 or the common area 21 is accessed.

  Next, while the external device 10 is accessing the normal area 22A, it is determined by the above-described arbitrary method whether the access is normal or illegal. If the access to the normal area 22A is normal as a result of the determination, the normal area 22B following the normal area 22A can be accessed from the external device 10. On the other hand, if the result of determination is that access to the normal area 22A is illegal, access from the external device 10 to the normal area 22B is not permitted. In this case, as described above, the dummy area 23 or the common area 21 is accessed instead of the normal area 22B.

  Similarly, while the external device 10 is accessing the normal area 22B, it is determined by the above-described arbitrary method whether the access is normal or illegal. If the access to the normal area 22B is normal as a result of the determination, the normal area 22C following the normal area 22B can be accessed from the external device 10. On the other hand, if the result of determination is that access to the normal area 22B is illegal, access from the external device 10 to the normal area 22C is not permitted. In this case, as described above, the dummy area 23 or the common area 21 is accessed instead of the normal area 22C.

  Thus, according to the sixth modification, the memory unit 5 has at least a normal area 22A (first partial area) and a normal area 22B (second partial area). Then, when the access to the normal area 22A is illegal, the address generation unit 9 does not generate a physical address in the normal area 22B based on the logical address corresponding to the normal area 22B. As a result, the normal area 22B of the memory unit 5 cannot be accessed from the external device 10, so that highly confidential data stored in the normal area 22B is prevented from being read out by unauthorized access. it can. As a result, it is possible to improve the security as compared with the case where access to the normal area 22A and access to the normal area 22B are permitted at the same time.

Seventh modification.
FIG. 18 is a diagram illustrating the normal area 22 of the memory unit 5 with respect to the seventh modification. In the sixth modification, when the access is normal, the access from the external device 10 is permitted in the order of the normal areas 22A → 22B → 22C. Here, for example, after the access to the normal area 22A is completed and the access to the subsequent normal area 22B is made, the access from the external device 10 to the normal area 22A is prohibited as shown in FIG. Good. That is, after the access to the normal area 22A is completed and the access to the normal area 22B is completed, the address generation unit 9 does not receive the logical address corresponding to the normal area 22A from the command analysis unit 3. A physical address in the normal area 22A is not generated. In this case, access to the dummy area 23 or the common area 21 is performed. Similarly, access to the normal area 22B from the external device 10 may be prohibited after the access to the normal area 22B is completed and the subsequent access to the normal area 22C is entered.

  FIG. 19 is a diagram illustrating the memory unit 5 with respect to the seventh modification. In FIG. 18, an example in which retroactive access is prohibited in the normal area 22 has been described. Similarly, referring to FIG. 19, access to the common area 21 is completed and subsequent access to the normal area 22 is performed. After shifting to, access from the external device 10 to the common area 21 may be prohibited.

  As described above, according to the seventh modification, after the access to the normal area 22A is completed and the address generation unit 9 shifts to the access to the normal area 22B, the logical address corresponding to the normal area 22A is not changed. Even if it is input from the command analysis unit 3, a physical address in the normal area 22A is not generated. Accordingly, after the access to the normal area 22A is completed and the access to the normal area 22B is completed, the external device 10 cannot access the normal area 22A of the memory unit 5, and is stored in the normal area 22A. It is possible to prevent the highly confidential data being read out from being read out by unauthorized access.

Eighth modification.
As another modification, the common area 21 shown in FIG. 2 may be omitted. Further, during normal times, only the common area 21 may be accessible, and when the logical addresses are input in a predetermined order, the normal area 22 may be additionally accessible. Also, during normal times, the common area 21 and an area where the contents of the common area 21 are copied (referred to as a “mirror area”) are made accessible, and when a logical address is input in a predetermined order, The normal area 22 may be accessible by replacing the normal area 22. Further, when it is found that access is illegal in a state where access to the normal area 22 is possible, the accessible area may be switched from the normal area 22 to the dummy area 23.

1A to 1C Semiconductor memory device 5 Memory unit 6A to 6C Analysis unit 7 Determination unit 8 Memory map change unit 9 Address generation unit 10 External device 11 Data storage area 21 Common area 22, 22A to 22C Normal area 23 Dummy area S9A to S9E, S9A1, S9A2 Sample data S9F data 30A-30C Memory map

Claims (1)

A memory unit having at least a first partial region and a second partial region;
An address generation unit that generates a second address in the memory unit based on a first address in a command input from an external device;
An analysis unit for analyzing a transition history of at least one of the command type and the first address in the command;
A determination unit that determines whether the access to the memory unit is normal or illegal based on a result of the analysis by the analysis unit;
When the access to the first partial area is normal based on a result of the determination by the determination section, the address generation unit is configured to perform the second based on the first address corresponding to the second partial area. If the second address in the partial area is generated, and if the access to the first partial area is illegal, the second partial area is based on the first address corresponding to the second partial area. Does not generate the second address in
The address generator, after completing the access to the first partial area and shifting to the access to the second partial area, based on the first address corresponding to the first partial area, A semiconductor memory device that does not generate the second address in a partial area .

Images