JP6246516B2 - Information processing system - Google Patents

Description

  The present invention relates to an information processing system including a communication device and a storage device.

  In an information processing system including a communication device and a semiconductor storage device connected thereto, in order to prevent content data stored in the semiconductor storage device from being read illegally, before permitting access to the content data, A technology (mutual authentication technology) in which a communication device and a semiconductor storage device mutually authenticate each other has been put into practical use.

  In general challenge-and-response mutual authentication, the communication device generates a first authentication code, encrypts the first authentication code, and transmits it to the semiconductor memory device. After decrypting the received first authentication code, the semiconductor storage device encrypts the first authentication code again and transmits it to the communication device. The communication device decrypts the received first authentication code and then determines whether the first authentication code transmitted to the semiconductor memory device matches the first authentication code received from the semiconductor memory device. Authenticate the validity of the storage device. Further, after the communication device authenticates the validity of the semiconductor storage device, the semiconductor storage device generates a second authentication code, encrypts the second authentication code, and transmits it to the communication device. After decrypting the received second authentication code, the communication device encrypts the second authentication code again and transmits it to the semiconductor memory device. The semiconductor memory device determines whether the second authentication code transmitted to the communication device after decrypting the received second authentication code matches the second authentication code received from the communication device. Authenticate the validity of

  In Patent Document 1 below, a plurality of mutual authentication procedures are prepared, and the CPU selects one mutual authentication procedure from among the plurality of mutual authentication procedures. An information processing apparatus to be executed is disclosed.

JP 2000-349751

  According to the general challenge-and-response mutual authentication described above, the code length of the authentication code exchanged between the communication device and the semiconductor memory device is a fixed value uniquely determined during actual operation of the product. . Therefore, when the attacker analyzes the authentication code, the attacker identifies which part of the various data transmitted and received between the communication device and the semiconductor storage device is the authentication code. Cheap. Even if it is desired to improve the security strength of the system against the improvement of hacking technology by an attacker, it is difficult to take measures from the viewpoint of complicating the authentication code.

  The present invention has been made in view of such circumstances, and an object of the present invention is to obtain an information processing system capable of improving the security strength as compared with an information processing system in which the code length of an authentication code is a fixed value. Is.

An information processing system according to a first aspect of the present invention is an information processing system including a communication device and a storage device connected to the communication device, and the communication device is configured to perform the information processing system by software processing. And a first control circuit that is mounted separately from the main control unit and controls the storage device by hardware processing, and the storage device stores content data A first number sequence generation unit that sequentially generates a first number sequence and a fourth number sequence; and a storage unit; and a second control circuit that controls the storage unit. And the first authentication control unit, wherein the second control circuit sequentially generates a second number sequence that is the same as the first number sequence and a third number sequence that is the same as the fourth number sequence. A second number sequence generation unit and a second authentication control unit Therefore, the first authentication control unit obtains the first number sequence having a bit length corresponding to the set value from the first number sequence generation unit based on the set value of the code length of the first authentication code. By doing so, the first authentication code including the first number sequence is generated, and the first authentication code and the authentication including the first code length information indicating the code length of the first authentication code The command is transmitted to the storage device, and the second authentication control unit acquires the second number sequence having a bit length corresponding to the first code length information from the second number sequence generation unit. , Generating a second authentication code including the second number sequence, whether the first authentication code received from the communication device and the second authentication code generated by itself match, The communication device is authenticated, and the second authentication control unit is Based on the set value of the code length of the third authentication code, the third number sequence having the bit length corresponding to the set value is acquired from the second number sequence generating unit, thereby including the third number sequence The third authentication code is generated, and the third authentication code and second code length information indicating the code length of the third authentication code are transmitted to the communication device, and the first authentication is performed. The control unit generates the fourth authentication code including the fourth number sequence by obtaining the fourth number sequence having the bit length corresponding to the second code length information from the first number sequence generating unit. The storage device is authenticated based on whether the third authentication code received from the storage device matches the fourth authentication code generated by the storage device, and the communication device The code length of the authentication code can be set variably, The storage device can variably set the code length of the third authentication code, and the storage device has a code length of the third authentication code different from a code length of the first authentication code. It is characterized by being set to a value .

According to the information processing system according to the first aspect, the communication device can variably set the code length of the first authentication code for causing the storage device to authenticate the communication device. Therefore, the code length of the first authentication code can be varied for each authentication process or at an arbitrary timing. Further, the code length of the first authentication code can be expanded against the improvement of the hacking technique by the attacker. Furthermore, the code length of the first authentication code can be varied according to the confidential level of the content data transmitted from the storage device to the communication device. As a result, the security strength can be improved as compared with the information processing system in which the code length of the authentication code is a fixed value.
Further, according to the information processing system according to the first aspect, the first authentication control unit, based on the set value of the code length of the first authentication code, the first bit length corresponding to the set value By acquiring the sequence from the first sequence generator, a first authentication code including the first sequence is generated. Therefore, various first authentications having different code lengths are made by varying the bit length of the first number sequence acquired from the first number sequence generation unit by the first authentication control unit according to the set value of the code length. Code can be generated easily.
Moreover, according to the information processing system which concerns on a 1st aspect, a 2nd number sequence production | generation part produces | generates the 2nd number sequence same as a 1st number sequence. In addition, the second authentication control unit obtains a second number sequence having a bit length corresponding to the first code length information from the second number sequence generation unit, so that the second authentication including the second number sequence is performed. Generate code. Then, the second authentication control unit authenticates the communication device based on whether or not the first authentication code received from the communication device matches the second authentication code generated by itself. When the communication device is valid, the first authentication code and the second authentication code match, and when the communication device is illegal, the first authentication code and the second authentication code do not match. Therefore, it is possible to easily and reliably authenticate whether the communication device is valid or invalid depending on whether or not the first authentication code and the second authentication code match.
Moreover, according to the information processing system which concerns on a 1st aspect, the memory | storage device can variably set the code length of the 3rd authentication code for making a communication apparatus authenticate a memory | storage device. Therefore, the code length of the third authentication code can be varied for each authentication process or at an arbitrary timing. Moreover, the code length of the third authentication code can be expanded against the improvement of the hacking technique by the attacker. Furthermore, the code length of the third authentication code can be varied according to the security level of the content data transmitted from the storage device to the communication device. As a result, the security strength can be improved as compared with the information processing system in which the code length of the authentication code is a fixed value.
Further, according to the information processing system according to the first aspect, the second authentication control unit, based on the set value of the code length of the third authentication code, the third bit length corresponding to the set value. A third authentication code including the third number sequence is generated by acquiring the number sequence from the second number sequence generation unit. Accordingly, various third authentications having different code lengths are made by varying the bit length of the third number sequence acquired by the second authentication control unit from the second number sequence generating unit according to the set value of the code length. Code can be generated easily.
Moreover, according to the information processing system which concerns on a 1st aspect, a 1st number sequence production | generation part produces | generates the 4th number sequence same as a 3rd number sequence. In addition, the first authentication control unit obtains a fourth number sequence having a bit length corresponding to the second code length information from the first number sequence generation unit, whereby a fourth authentication including the fourth number sequence is performed. Generate code. Then, the first authentication control unit authenticates the storage device depending on whether or not the third authentication code received from the storage device matches the fourth authentication code generated by itself. If the storage device is valid, the third authentication code and the fourth authentication code match. If the storage device is illegal, the third authentication code and the fourth authentication code do not match. Therefore, it is possible to simply and reliably authenticate whether the storage device is valid or illegal depending on whether or not the third authentication code and the fourth authentication code match.

  The information processing system according to a second aspect of the present invention is characterized in that, in the information processing system according to the first aspect, the communication device randomly sets a code length of the first authentication code. Is.

  According to the information processing system according to the second aspect, the communication device randomly sets the code length of the first authentication code. Accordingly, since the code length of the first authentication code is randomly changed, any part of various data transmitted and received between the communication device and the storage device when the attacker analyzes the authentication code. It is difficult for an attacker to specify whether or not the data is an authentication code. As a result, it becomes more difficult for an attacker to analyze the authentication code, so that the security strength can be further improved.

  The information processing system according to a third aspect of the present invention is the information processing system according to the first aspect, and in particular, the communication device is required to have the code length of the first authentication code from the information processing system. It is set according to the security strength.

  According to the information processing system according to the third aspect, the communication device sets the code length of the first authentication code according to the security strength required for the information processing system. Therefore, when higher security strength is required than before in order to counter the improvement of the hacking technique by the attacker, the code length of the first authentication code can be set larger than before. As a result, since it is difficult for an attacker to analyze the authentication code, the security strength can be improved.

  The information processing system according to a fourth aspect of the present invention is the information processing system according to the first aspect, in particular, the communication device transmits the code length of the first authentication code from the storage device to the communication device. It is characterized in that it is set according to the security level of the content data to be transmitted.

  According to the information processing system according to the fourth aspect, the communication device sets the code length of the first authentication code according to the security level of the content data transmitted from the storage device to the communication device. Accordingly, it is possible to improve the security strength by enlarging and setting the code length of the first authentication code for content data having a higher confidential level.

The information processing system according to a fifth aspect of the present invention is the first to fourth information processing system according to any one of the embodiments of the previous SL code length setting of the first authentication code, said first The control circuit is executed.

  According to the information processing system according to the fifth aspect, the first control circuit sets the code length of the first authentication code by hardware processing. Therefore, even if an attack that alters the control of the main control unit by program analysis or the like is performed, the first authentication code is not deleted by the attacker unless the contents of the hardware processing by the first control circuit are analyzed. No code length is specified. As a result, it becomes more difficult for an attacker to analyze the authentication code, so that the security strength can be further improved.

The information processing system according to a sixth aspect of the present invention is the first to fourth information processing system according to any one of the embodiments of the previous SL code length setting of the first authentication code, the main control Is executed by the unit.

  According to the information processing system according to the sixth aspect, the main control unit sets the code length of the first authentication code by software processing. Therefore, since it is not necessary to mount a circuit for setting the code length of the first authentication code in the first control circuit, the circuit configuration can be simplified and the cost can be reduced.

The information processing system according to a seventh aspect of the present invention is the information processing system according to any one of the first to sixth aspects, in particular, the storage device randomly sets a code length of the third authentication code. It is characterized by being set to.

According to the information processing system according to the seventh aspect, the storage device randomly sets the code length of the third authentication code. Accordingly, since the code length of the third authentication code is randomly changed, any part of various data transmitted and received between the communication device and the storage device when the attacker analyzes the authentication code. It is difficult for an attacker to specify whether or not the data is an authentication code. As a result, it becomes more difficult for an attacker to analyze the authentication code, so that the security strength can be further improved.

In the information processing system according to the eighth aspect of the present invention, in particular in the information processing system according to any one of the first to sixth aspects, the storage device stores the code length of the third authentication code, It is set according to the security strength required for the information processing system.

According to the information processing system in the eighth aspect, the storage device sets the code length of the third authentication code according to the security strength required for the information processing system. Therefore, when a higher security strength is required than before to improve the hacking technique by the attacker, the code length of the third authentication code can be set larger than before. As a result, since it is difficult for an attacker to analyze the authentication code, the security strength can be improved.

In the information processing system according to the ninth aspect of the present invention, in particular in the information processing system according to any one of the first to sixth aspects, the storage device stores the code length of the third authentication code, It is set according to the security level of the content data transmitted to the communication device.

According to the information processing system according to the ninth aspect, the storage device sets the code length of the third authentication code in accordance with the confidential level of the content data transmitted to the communication device. Accordingly, it is possible to improve the security strength by enlarging and setting the code length of the third authentication code for content data having a higher security level.

The information processing system according to a tenth aspect of the present invention is the information processing system according to the first to ninth any one aspect of the code length setting before Symbol third authentication code, said second The control circuit is executed.

According to the information processing system according to the tenth aspect, the setting of the code length of the third authentication code is executed by the second control circuit. Therefore, even if an attack that alters the control of the main control unit of the communication device is received by program analysis or the like, the third person cannot perform the third processing unless the contents of the hardware processing by the second control circuit are analyzed. The code length of the authentication code is not specified. As a result, it becomes more difficult for an attacker to analyze the authentication code, so that the security strength can be further improved.

The information processing system according to an eleventh aspect of the present invention is the information processing system according to the first to ninth any one aspect of the code length setting before Symbol third authentication code, the main control Is executed by the unit.

According to the information processing system according to the eleventh aspect, the setting of the code length of the third authentication code is executed by the main control unit of the communication device. Therefore, since it is not necessary to mount a circuit for setting the code length of the third authentication code in the second control circuit, the circuit configuration can be simplified and the cost can be reduced.

The information processing system according to a twelfth aspect of the present invention is the information processing system according to any one of the first to eleventh aspects, particularly when the storage device determines that the communication device is valid. In response to the first authentication code, the third authentication code is transmitted to the communication device.

According to the information processing system of the twelfth aspect, the storage device authenticates the communication device based on the first authentication code, and responds to the first authentication code when determining that the communication device is valid. The third authentication code is transmitted to the communication device, and the communication device authenticates the storage device based on the third authentication code. Therefore, the communication device and the storage device can be communicated in a single round-trip communication between the transmission of the first authentication code from the communication device to the storage device and the transmission of the third authentication code from the storage device to the communication device in response. Mutual authentication can be performed. As a result, compared to general challenge and response mutual authentication that requires two-way communication (two-way communication in total) from each of the communication device and the storage device, the processing speed and efficiency can be improved. It becomes possible.

  According to the present invention, it is possible to improve the security strength as compared with the information processing system in which the code length of the authentication code is a fixed value.

1 is a diagram schematically showing an overall configuration of an information processing system. It is a figure which shows the structure of a microprocessor. It is a figure which shows the structure of a memory controller. It is a figure which shows the structure of a code length setting part. It is a figure which shows the structure of a memory controller. It is a figure which shows the structure of a code length setting part. It is a figure which shows an authentication command. It is a figure which shows an authentication command. It is a figure which shows an authentication code. It is a figure which shows the structure of a memory controller. It is a figure which shows the structure of a memory controller. It is a figure which shows the memory space of a memory array. It is a figure which shows the memory space of a memory array.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In addition, the element which attached | subjected the same code | symbol in different drawing shall show the same or corresponding element.

<Embodiment 1>
FIG. 1 is a diagram schematically showing an overall configuration of an information processing system 1 according to Embodiment 1 of the present invention. The information processing system 1 includes a communication device 2 and a semiconductor storage device 3. The communication device 2 is a personal computer, for example. The semiconductor memory device 3 is, for example, a memory card that can be detachably connected to the communication device 2. Alternatively, an arbitrary storage device such as an optical disk or a magnetic disk can be used in place of the semiconductor storage device 3.

  The communication device 2 includes a microprocessor 11 (main control unit) as a main system that controls the information processing system 1 by software processing, and a memory controller 12 (first control circuit) mounted separately from the microprocessor 11. It is prepared for. The memory controller 12 controls the semiconductor memory device 3 by hardware processing.

  The semiconductor storage device 3 includes a memory array 22 (storage unit) that stores arbitrary content data such as images, sounds, texts, codes, management information, and the like, and a memory controller 21 (second control circuit) that controls the memory array 22 ). The memory array 22 is configured using, for example, a NAND flash memory. However, the present invention is not limited to this example, and the memory array 22 may be configured using a NOR flash memory or the like.

  FIG. 2 is a diagram showing the configuration of the microprocessor 11. The microprocessor 11 includes a CPU 41, a computing unit 42, a RAM 43, a ROM 44, a bridge 45, and a register 46 that are connected to each other via a bus 47.

  FIG. 3 is a diagram illustrating a configuration of the memory controller 12. As shown in the connection relationship of FIG. 3, the memory controller 12 includes a key generation unit 51 (first number sequence generation unit), an encryption / decryption unit 52, an authentication control unit 53 (first authentication control unit), and a mask circuit. 54 and 55, and a code length setting unit 56. The key generation unit 51 generates a random number sequence (session key K in the following example) by using a predetermined random number generation algorithm using a fixed secret key P with high confidentiality. The key generation unit 51 generates a different session key K (nonce) every time the memory controller 12 receives the authentication command C0 from the microprocessor 11.

  FIG. 4 is a diagram showing the configuration of the code length setting unit 56. The code length setting unit 56 includes a random number generator 71 and a nonvolatile memory 72. The non-volatile memory 72 stores a data table 73 in which correspondence relationships between a plurality of index values and a plurality of code lengths are described. In the example shown in FIG. 4, the index values “00”, “01”, “10”, and “11” correspond to the code lengths “64 bits”, “128 bits”, “192 bits”, and “256 bits”, respectively. Note that the numbers of items and code lengths in the data table 73 shown in FIG. 4 are examples, and are not limited to these examples.

  FIG. 5 is a diagram showing the configuration of the memory controller 21. As shown in the connection relationship of FIG. 5, the memory controller 21 includes a key generation unit 61 (second number sequence generation unit), an encryption / decryption unit 62, an authentication control unit 63 (second authentication control unit), and a code. A length setting unit 64 is provided. The key generation unit 61 uses the same shared key P as the shared key P held by the key generation unit 51, and uses the same random number generation algorithm as the key generation unit 51 to generate the session key K generated by the key generation unit 51. The same session key K is generated. The key generation unit 61 generates a different session key K each time the memory controller 21 receives the encrypted authentication command X from the memory controller 12.

  FIG. 6 is a diagram illustrating a configuration of the code length setting unit 64. The code length setting unit 64 includes a random number generator 81 and a nonvolatile memory 82. The non-volatile memory 82 stores a data table 83 in which correspondence relationships between a plurality of index values and a plurality of code lengths are described. In the example illustrated in FIG. 6, the index values “00”, “01”, “10”, and “11” correspond to the code lengths “64 bits”, “128 bits”, “192 bits”, and “256 bits”, respectively. Note that the numbers of items and code lengths in the data table 83 shown in FIG. 6 are examples, and are not limited to these examples. Further, the nonvolatile memory 82 may be omitted and the data table 83 may be stored in the memory array 22. Furthermore, different code lengths may be described in the data table 73 and the data table 83 corresponding to the common index value.

  Hereinafter, a mutual authentication process between the communication device 2 and the semiconductor memory device 3 will be described with reference to FIGS. As a premise, it is assumed that the encryption / decryption units 52 and 62 are initialized with the session key K (N−1) generated last time by the key generation units 51 and 61. Further, access from the microprocessor 11 to the memory array 22 is not permitted until the mutual authentication process is completed and the authenticity of the communication device 2 and the semiconductor storage device 3 is mutually authenticated.

  First, the microprocessor 11 issues an authentication command C0 having a predetermined byte length for instructing execution of mutual authentication. FIG. 7 is a diagram showing the authentication command C0. The authentication command C0 includes a specific command ID for identifying that it is an authentication command, and an undefined area filled with meaningless data. The memory controller 12 receives the authentication command C0 from the microprocessor 11 and inputs the received authentication command C0 to the authentication control unit 53.

  Next, the code length setting unit 56 sets the code length of the authentication code S (N) for the semiconductor storage device 3 to authenticate the communication device 2 in accordance with a request from the authentication control unit 53. Specifically, the code length setting unit 56 generates a digital random number using the random number generator 71 and adopts, for example, the lower 2 bits of the digital random number as an index value. Then, by referring to the data table 73, the code length corresponding to the index value is specified, and the code length is set as the code length of the authentication code S (N). The code length setting unit 56 inputs the set value of the code length to the authentication control unit 53 as data M1.

  Next, in accordance with a request from the authentication control unit 53, the key generation unit 51 generates the current session key K (N) having a bit length corresponding to the code length setting value indicated by the data M1. The key generation unit 51 inputs the generated session key K (N) to the encryption / decryption unit 52 and the authentication control unit 53.

  Next, the authentication control unit 53 generates an authentication command C1 (N) based on the authentication command C0 and the session key K (N). Specifically, the authentication control unit 53 directly adopts the session key K (N) input from the key generation unit 51 as the authentication code S (N). Then, the command ID is replaced by replacing the data in the undefined area of the authentication command C0 with code length information L (N) indicating the code length of the authentication code S (N) and the authentication code S (N) in order from the top. And an authentication command C1 (N) including the code length information L (N) and the authentication code S (N). FIG. 8 is a diagram showing the authentication command C1. The authentication control unit 53 inputs the generated authentication command C <b> 1 (N) to the encryption / decryption unit 52.

  Next, the encryption / decryption unit 52 generates the encrypted authentication command X (N) by encrypting the authentication command C1 (N) using the currently set session key K (N-1). . Then, the generated encrypted authentication command X (N) is transmitted to the memory controller 21.

  Next, the authentication control unit 53 initializes the encryption / decryption unit 52 with the session key K (N) generated by the key generation unit 51 this time.

  The memory controller 21 inputs the encryption authentication command X (N) received from the memory controller 12 to the encryption / decryption unit 62.

  Next, the encryption / decryption unit 62 reproduces the authentication command C1 (N) by decrypting the encrypted authentication command X (N) using the currently set session key K (N-1). Then, the reproduced authentication command C 1 (N) is input to the authentication control unit 63.

  Next, the authentication control unit 63 extracts the code length information L (N) and the authentication code S (N) from the authentication command C1 (N).

  Next, the key generation unit 61 generates a session key K (N) having a bit length corresponding to the code length indicated by the code length information L (N) in accordance with a request from the authentication control unit 63. The key generation unit 61 inputs the generated session key K (N) to the encryption / decryption unit 62 and the authentication control unit 63.

  Next, the authentication control unit 63 generates an authentication code S (N) based on the session key K (N) input from the key generation unit 61. Specifically, the authentication control unit 63 employs the session key K (N) input from the key generation unit 61 as it is as the authentication code S (N).

  Next, the authentication control unit 63 uses the authentication code S (N) extracted from the authentication command C1 (N) reproduced by decrypting the encrypted authentication command X (N) and the session key K ( The authenticity of the communication device 2 is authenticated by comparing the authentication code S (N) generated by itself based on N). Specifically, the authentication control unit 63 determines that the communication device 2 is valid if both authentication codes S (N) match, and if the both authentication codes S (N) do not match, the authentication device 2 is illegal. Is determined.

  When the authentication control unit 63 determines that the communication device 2 is illegal, the authentication control unit 63 prohibits the encryption / decryption unit 62 from receiving transmission data from the communication device 2. Thereby, the memory controller 21 does not receive data transmitted from the communication device 2 to the semiconductor memory device 3 thereafter.

  On the other hand, when it is determined that the communication device 2 is valid, the authentication control unit 63 initializes the encryption / decryption unit 62 with the session key K (N) generated by the key generation unit 61 this time.

  Next, the code length setting unit 64 sets the code length of the authentication code S (N + 1) for the communication device 2 to authenticate the semiconductor memory device 3 in accordance with a request from the authentication control unit 63. Specifically, the code length setting unit 64 generates a digital random number using the random number generator 81, and adopts, for example, the lower 2 bits of the digital random number as an index value. Then, by referring to the data table 83, the code length corresponding to the index value is specified, and the code length is set as the code length of the authentication code S (N + 1). The code length setting unit 64 inputs the code length setting value to the authentication control unit 63 as data M2. The code length of the authentication code S (N + 1) may be the same as or different from the code length of the authentication code S (N).

  Next, the key generation unit 61 generates the next session key K (N + 1) having a bit length corresponding to the code length setting value indicated by the data M2 in accordance with a request from the authentication control unit 63. The key generation unit 61 inputs the generated session key K (N + 1) to the authentication control unit 63.

  Next, the authentication control unit 63 generates an authentication code S (N + 1) based on the session key K (N + 1). Specifically, the authentication control unit 63 adopts the session key K (N + 1) input from the key generation unit 61 as the authentication code S (N + 1) as it is. Then, the code length information L (N + 1) indicating the code length of the authentication code S (N + 1) is added to the head of the authentication code S (N + 1), thereby generating the authentication code C2 (N + 1). FIG. 9 is a diagram showing the authentication code C2. The authentication control unit 63 inputs the generated authentication code C2 (N + 1) to the encryption / decryption unit 62.

  Next, the encryption / decryption unit 62 generates the encrypted authentication code Y (N + 1) by encrypting the authentication code C2 (N + 1) using the currently set session key K (N). Then, the generated encrypted authentication code Y (N + 1) is transmitted to the memory controller 12.

  The memory controller 12 inputs the encrypted authentication code Y (N + 1) received from the memory controller 21 to the encryption / decryption unit 52.

  Next, the encryption / decryption unit 52 reproduces the authentication code C2 (N + 1) by decrypting the encrypted authentication code Y (N + 1) using the currently set session key K (N). Then, the reproduced authentication code C2 (N + 1) is input to the authentication control unit 53.

  Next, the authentication control unit 53 extracts the code length information L (N + 1) and the authentication code S (N + 1) from the authentication code C2 (N + 1).

  Next, the key generation unit 51 generates a session key K (N + 1) having a bit length corresponding to the code length indicated by the code length information L (N + 1) according to the request from the authentication control unit 53. The key generation unit 51 inputs the generated session key K (N + 1) to the authentication control unit 53.

  Next, the authentication control unit 53 generates an authentication code S (N + 1) based on the session key K (N + 1) input from the key generation unit 51. Specifically, the authentication control unit 53 employs the session key K (N + 1) input from the key generation unit 51 as it is as the authentication code S (N + 1).

  Next, the authentication control unit 53 uses the authentication code S (N + 1) extracted from the authentication code C2 (N + 1) reproduced by decrypting the encrypted authentication code Y (N + 1) and the session key K ( The authenticity of the semiconductor memory device 3 is authenticated by comparing with the authentication code S (N + 1) generated by itself based on (N + 1). Specifically, the authentication control unit 53 determines that the semiconductor storage device 3 is valid when both authentication codes S (N + 1) match, and when both authentication codes S (N + 1) do not match, the semiconductor storage device 3. Is determined to be illegal.

  If the authentication control unit 53 determines that the semiconductor memory device 3 is illegal, the authentication control unit 53 sends a control signal D for enabling a mask process such as replacing data to all “0” or all “1” to the mask circuit 54, 55. Thereby, subsequent communication between the communication device 2 and the semiconductor memory device 3 is blocked.

  On the other hand, when it is determined that the semiconductor memory device 3 is valid, the authentication control unit 53 inputs a control signal D for invalidating the mask processing to the mask circuits 54 and 55. As a result, the communication device 2 can transmit a read command of content data to the semiconductor storage device 3 and can receive content data from the semiconductor storage device 3.

  In the next mutual authentication process, the authentication control unit 63 determines whether or not the authentication code S (N + 1) extracted from the reproduced authentication command C1 (N + 1) matches the authentication code S (N + 1) generated by itself. Thus, the validity of the communication device 2 is authenticated. Further, the authentication control unit 53 determines whether or not the authentication code S (N + 2) extracted from the reproduced authentication code C2 (N + 2) matches the authentication code S (N + 2) generated by itself. Authenticate the validity of

  In the above description, the communication device 2 randomly sets the code length of the authentication code S (N) by the hardware process of the memory controller 12, but the authentication code S (N) is set by the software process of the microprocessor 11. The code length may be set at random. Similarly, the semiconductor memory device 3 randomly sets the code length of the authentication code S (N + 1) by the hardware process of the memory controller 21, but the code length of the authentication code S (N + 1) is set by the software process of the microprocessor 11. It may be set at random.

  In the above description, the communication device 2 changes the code length of the authentication code S (N) for each authentication process, but changes the code length at an arbitrary timing such as every predetermined multiple authentication processes. May be performed. Similarly, the semiconductor memory device 3 changes the code length of the authentication code S (N + 1) for each authentication process. However, the semiconductor memory device 3 changes the code length at an arbitrary timing such as every predetermined multiple authentication processes. Also good.

<Embodiment 2>
FIG. 10 is a diagram illustrating a configuration of the memory controller 12 according to the second embodiment. As shown in the connection relationship of FIG. 10, the memory controller 12 includes a key generation unit 51, an encryption / decryption unit 52, an authentication control unit 53, and mask circuits 54 and 55.

  FIG. 11 is a diagram illustrating a configuration of the memory controller 21 according to the second embodiment. As shown in the connection relationship of FIG. 11, the memory controller 21 includes a key generation unit 61, an encryption / decryption unit 62, and an authentication control unit 63.

  FIG. 12 is a diagram showing a memory space of the memory array 22. A code length flag F0 indicating the code length of the authentication code S exchanged between the communication device 2 and the semiconductor memory device 3 is stored at a specific address A0 in the memory space. The set value of the code length flag F0 can be arbitrarily set according to the security strength required for the information processing system 1. The microprocessor 11 can read the set value of the code length flag F0 by accessing the address A0 in the memory space. Further, the microprocessor 11 can update the set value of the code length flag F0 by accessing the address A0 of the memory space. For example, the set value of the code length flag F0 can be sequentially updated from the initial value of 64 bits to 128 bits, 192 bits, and 256 bits. The code length flag F0 may be stored in a non-volatile memory different from the memory array 22 in the microprocessor 11, the memory controller 12, or the memory controller 21.

  Hereinafter, a mutual authentication process between the communication device 2 and the semiconductor memory device 3 will be described with reference to FIGS. As a premise, it is assumed that the encryption / decryption units 52 and 62 are initialized with the session key K (N−1) generated last time by the key generation units 51 and 61. Further, the microprocessor 11 cannot access a memory space other than the address A0 until the mutual authentication process is completed and the validity of the communication device 2 and the semiconductor storage device 3 are mutually authenticated.

  First, the microprocessor 11 reads the set value of the code length flag F0 by accessing the address A0 of the memory array 22.

  Next, the microprocessor 11 issues an authentication command C0 having a predetermined byte length for instructing execution of mutual authentication. Further, the microprocessor 11 issues code length setting information Q1 indicating the set value of the code length flag F0. The memory controller 12 receives the authentication command C0 and the code length setting information Q1 from the microprocessor 11, and inputs the received authentication command C0 and code length setting information Q1 to the authentication control unit 53.

  Next, in accordance with a request from the authentication control unit 53, the key generation unit 51 generates the current session key K (N) having a bit length corresponding to the code length setting value indicated by the code length setting information Q1. The key generation unit 51 inputs the generated session key K (N) to the encryption / decryption unit 52 and the authentication control unit 53.

  Next, the authentication control unit 53 generates an authentication command C1 (N) based on the authentication command C0 and the session key K (N). Specifically, the authentication control unit 53 directly adopts the session key K (N) input from the key generation unit 51 as the authentication code S (N). Then, the command ID is replaced by replacing the data in the undefined area of the authentication command C0 with code length information L (N) indicating the code length of the authentication code S (N) and the authentication code S (N) in order from the top. And an authentication command C1 (N) including the code length information L (N) and the authentication code S (N). The authentication control unit 53 inputs the generated authentication command C <b> 1 (N) to the encryption / decryption unit 52.

  Next, the encryption / decryption unit 52 generates the encrypted authentication command X (N) by encrypting the authentication command C1 (N) using the currently set session key K (N-1). . Then, the generated encrypted authentication command X (N) is transmitted to the memory controller 21.

  Next, the authentication control unit 53 initializes the encryption / decryption unit 52 with the session key K (N) generated by the key generation unit 51 this time.

  The memory controller 21 inputs the encryption authentication command X (N) received from the memory controller 12 to the encryption / decryption unit 62.

  Next, the encryption / decryption unit 62 reproduces the authentication command C1 (N) by decrypting the encrypted authentication command X (N) using the currently set session key K (N-1). Then, the reproduced authentication command C 1 (N) is input to the authentication control unit 63.

  Next, the authentication control unit 63 extracts the code length information L (N) and the authentication code S (N) from the authentication command C1 (N).

  Next, the key generation unit 61 generates a session key K (N) having a bit length corresponding to the code length indicated by the code length information L (N) in accordance with a request from the authentication control unit 63. The key generation unit 61 inputs the generated session key K (N) to the encryption / decryption unit 62 and the authentication control unit 63.

  Next, the authentication control unit 63 generates an authentication code S (N) based on the session key K (N) input from the key generation unit 61. Specifically, the authentication control unit 63 employs the session key K (N) input from the key generation unit 61 as it is as the authentication code S (N).

  Next, the authentication control unit 63 uses the authentication code S (N) extracted from the authentication command C1 (N) reproduced by decrypting the encrypted authentication command X (N) and the session key K ( The authenticity of the communication device 2 is authenticated by comparing the authentication code S (N) generated by itself based on N). Specifically, the authentication control unit 63 determines that the communication device 2 is valid if both authentication codes S (N) match, and if the both authentication codes S (N) do not match, the authentication device 2 is illegal. Is determined.

  When the authentication control unit 63 determines that the communication device 2 is illegal, the authentication control unit 63 prohibits the encryption / decryption unit 62 from receiving transmission data from the communication device 2. Thereby, the memory controller 21 does not receive data transmitted from the communication device 2 to the semiconductor memory device 3 thereafter.

  On the other hand, when it is determined that the communication device 2 is valid, the authentication control unit 63 initializes the encryption / decryption unit 62 with the session key K (N) generated by the key generation unit 61 this time.

  Next, the authentication control unit 63 reads the set value of the code length flag F0 by accessing the address A0 of the memory array 22.

  Next, the key generation unit 61 generates a next session key K (N + 1) having a bit length corresponding to the set value of the code length flag F0 according to a request from the authentication control unit 63. The key generation unit 61 inputs the generated session key K (N + 1) to the authentication control unit 63.

  Next, the authentication control unit 63 generates an authentication code S (N + 1) based on the session key K (N + 1). Specifically, the authentication control unit 63 adopts the session key K (N + 1) input from the key generation unit 61 as the authentication code S (N + 1) as it is. Then, the code length information L (N + 1) indicating the code length of the authentication code S (N + 1) is added to the head of the authentication code S (N + 1), thereby generating the authentication code C2 (N + 1). The authentication control unit 63 inputs the generated authentication code C2 (N + 1) to the encryption / decryption unit 62.

  Next, the encryption / decryption unit 62 generates the encrypted authentication code Y (N + 1) by encrypting the authentication code C2 (N + 1) using the currently set session key K (N). Then, the generated encrypted authentication code Y (N + 1) is transmitted to the memory controller 12.

  The memory controller 12 inputs the encrypted authentication code Y (N + 1) received from the memory controller 21 to the encryption / decryption unit 52.

  Next, the encryption / decryption unit 52 reproduces the authentication code C2 (N + 1) by decrypting the encrypted authentication code Y (N + 1) using the currently set session key K (N). Then, the reproduced authentication code C2 (N + 1) is input to the authentication control unit 53.

  Next, the authentication control unit 53 extracts the code length information L (N + 1) and the authentication code S (N + 1) from the authentication code C2 (N + 1).

  Next, the key generation unit 51 generates a session key K (N + 1) having a bit length corresponding to the code length indicated by the code length information L (N + 1) according to the request from the authentication control unit 53. The key generation unit 51 inputs the generated session key K (N + 1) to the authentication control unit 53.

  Next, the authentication control unit 53 generates an authentication code S (N + 1) based on the session key K (N + 1) input from the key generation unit 51. Specifically, the authentication control unit 53 employs the session key K (N + 1) input from the key generation unit 51 as it is as the authentication code S (N + 1).

  Next, the authentication control unit 53 uses the authentication code S (N + 1) extracted from the authentication code C2 (N + 1) reproduced by decrypting the encrypted authentication code Y (N + 1) and the session key K ( The authenticity of the semiconductor memory device 3 is authenticated by comparing with the authentication code S (N + 1) generated by itself based on (N + 1). Specifically, the authentication control unit 53 determines that the semiconductor storage device 3 is valid when both authentication codes S (N + 1) match, and when both authentication codes S (N + 1) do not match, the semiconductor storage device 3. Is determined to be illegal.

  If the authentication control unit 53 determines that the semiconductor memory device 3 is illegal, the authentication control unit 53 sends a control signal D for enabling a mask process such as replacing data to all “0” or all “1” to the mask circuit 54, 55. Thereby, subsequent communication between the communication device 2 and the semiconductor memory device 3 is blocked.

  On the other hand, when it is determined that the semiconductor memory device 3 is valid, the authentication control unit 53 inputs a control signal D for invalidating the mask processing to the mask circuits 54 and 55. As a result, the communication device 2 can transmit a read command of content data to the semiconductor storage device 3 and can receive content data from the semiconductor storage device 3.

  In the next mutual authentication process, the authentication control unit 63 determines whether or not the authentication code S (N + 1) extracted from the reproduced authentication command C1 (N + 1) matches the authentication code S (N + 1) generated by itself. Thus, the validity of the communication device 2 is authenticated. Further, the authentication control unit 53 determines whether or not the authentication code S (N + 2) extracted from the reproduced authentication code C2 (N + 2) matches the authentication code S (N + 2) generated by itself. Authenticate the validity of

  When updating the set value of the code length flag F0 (for example, when enlarging the code length to improve the security strength), the microprocessor 11 issues an update instruction Q2 for the code length flag F0. The update instruction Q2 includes a code length update value. The memory controller 12 receives the update command Q2 from the microprocessor 11 and inputs the received update command Q2 to the encryption / decryption unit 52.

  Next, the encryption / decryption unit 52 generates the encrypted update instruction Q2 by encrypting the update instruction Q2 using the currently set session key K. Then, the generated encryption update instruction Q2 is transmitted to the memory controller 21.

  The memory controller 21 inputs the encryption update command Q2 received from the memory controller 12 to the encryption / decryption unit 62.

  Next, the encryption / decryption unit 62 reproduces the update command Q2 by decrypting the encryption update command Q2 using the currently set session key K. Then, the renewed update command Q2 is input to the authentication control unit 63.

  Next, the authentication control unit 63 accesses the address A0 of the memory array 22 to update the current set value of the code length flag F0 with the update value included in the update instruction Q2. Thereafter, the communication device 2 and the semiconductor storage device 3 generate an authentication code having a code length corresponding to the set value after the update of the code length flag F0.

  In the above description, the code length of the authentication code S (N) transmitted from the communication device 2 to the semiconductor memory device 3 and the code of the authentication code S (N + 1) transmitted from the semiconductor memory device 3 to the communication device 2 are described. Although an example in which the length is the same has been described, the code lengths of both authentication codes may be different from each other. The code length flag for the authentication code transmitted from the communication device 2 to the semiconductor memory device 3 and the code length flag for the authentication code transmitted from the semiconductor memory device 3 to the communication device 2 are set in different addresses of the memory array 22. By storing and making it possible to individually set the code length, the code lengths of both authentication codes can be made different from each other.

  In the above description, an example in which the code length of the authentication code S exchanged between the communication device 2 and the semiconductor storage device 3 is set according to the security strength required for the information processing system 1 has been described. The code length can also be set according to the confidentiality (security level) of the content data transmitted from the semiconductor storage device 3 to the communication device 2.

  FIG. 13 is a diagram showing a memory space of the memory array 22. Content data with a high level of confidentiality is stored in the area R1 of the memory space, content data with a medium level of confidentiality is stored in the area R2, and content with a low level of confidentiality is stored in the area R3. Data is stored.

  In addition, when the communication device 2 accesses the region R1, the address A1 in the memory space has the code of the authentication code S exchanged between the communication device 2 and the semiconductor memory device 3 in the mutual authentication preceding the access. A code length flag F1 for setting the length is stored. The set value of the code length flag F1 is, for example, 192 bits.

  Similarly, at the address A2 in the memory space, when the communication device 2 accesses the region R2, the authentication code S exchanged between the communication device 2 and the semiconductor memory device 3 in the mutual authentication preceding the access is performed. A code length flag F2 for setting the code length is stored. The set value of the code length flag F2 is, for example, 128 bits.

  Similarly, at the address A3 in the memory space, when the communication device 2 accesses the area R3, the authentication code S exchanged between the communication device 2 and the semiconductor memory device 3 in the mutual authentication preceding the access is performed. A code length flag F3 for setting the code length is stored. The set value of the code length flag F3 is, for example, 64 bits.

  When an access request from the communication device 2 to the semiconductor memory device 3 is generated, the microprocessor 11 first determines to which of the regions R1 to R3 the access request is an access request.

  When the access request is an access request to the region R1, the microprocessor 11 reads the set value of the code length flag F1 by accessing the address A1 of the memory array 22. Thereafter, the same processing as described above is performed, whereby mutual authentication using, for example, 192-bit authentication codes S (N) and S (N + 1) is executed.

  When the access request is an access request to the region R2, the microprocessor 11 reads the set value of the code length flag F2 by accessing the address A2 of the memory array 22. Thereby, for example, mutual authentication using 128-bit authentication codes S (N) and S (N + 1) is executed.

  If the access request is an access request to the region R3, the microprocessor 11 reads the set value of the code length flag F3 by accessing the address A3 of the memory array 22. Thus, mutual authentication using, for example, 64-bit authentication codes S (N) and S (N + 1) is executed.

<Summary>
According to the information processing system 1 according to the first and second embodiments, the communication device 2 can change the code length of the first authentication code S (N) for causing the semiconductor storage device 3 to authenticate the communication device 2. It can be set. Therefore, the code length of the authentication code S (N) can be varied for each authentication process or at an arbitrary timing. Further, the code length of the authentication code S (N) can be increased against the improvement of the hacking technique by the attacker. Furthermore, the code length of the authentication code S (N) can be varied according to the confidential level of the content data transmitted from the semiconductor storage device 3 to the communication device 2. As a result, the security strength can be improved as compared with the information processing system in which the code length of the authentication code S (N) is a fixed value.

  In addition, according to the information processing system 1 according to the first embodiment, the communication device 2 randomly sets the code length of the authentication code S (N). Accordingly, since the code length of the authentication code S (N) is randomly changed, when the attacker analyzes the authentication code S (N), it is transmitted / received between the communication device 2 and the semiconductor memory device 3. It is difficult for an attacker to specify which part of various data is the authentication code S (N). As a result, it becomes more difficult for the attacker to analyze the authentication code S (N), so that the security strength can be further improved.

  Further, according to the information processing system 1 according to the second embodiment, the communication device 2 sets the code length of the authentication code S (N) according to the security strength required for the information processing system 1. Therefore, when higher security strength is required than before in order to counter the improvement of the hacking technique by the attacker, the code length of the authentication code S (N) can be set larger than before. As a result, since it is difficult for an attacker to analyze the authentication code S (N), the security strength can be improved.

  Further, according to the information processing system 1 according to the second embodiment, the communication device 2 sets the code length of the authentication code S (N) to the confidential level of the content data transmitted from the semiconductor storage device 3 to the communication device 2. Set accordingly. Therefore, it is possible to improve the security strength by enlarging and setting the code length of the authentication code S (N) for content data with a higher security level.

  Further, according to the information processing system 1 according to the first embodiment, the memory controller 12 (first control circuit) sets the code length of the authentication code S (N) by hardware processing. Therefore, even if an attack that alters the control of the microprocessor 11 by program analysis or the like is performed, unless the contents of the hardware processing by the memory controller 12 are analyzed, the attacker can obtain the authentication code S (N). The code length is not specified. As a result, it becomes more difficult for the attacker to analyze the authentication code S (N), so that the security strength can be further improved.

  Further, according to the information processing system 1 according to the second embodiment, the microprocessor 11 sets the code length of the authentication code S (N) by software processing. Accordingly, since it is not necessary to mount a circuit for setting the code length of the authentication code S (N) in the memory controller 12, the circuit configuration can be simplified and the cost can be reduced.

  Further, according to the information processing system 1 according to the first and second embodiments, the authentication control unit 53 (first authentication control unit) sets the code length setting value of the authentication code S (N) indicated by the data M1. Is obtained from the key generation unit 51 (first number sequence generation unit) by acquiring a session key K (N) having a bit length corresponding to the set value based on the authentication code S ( N). Accordingly, various authentication codes S (N) having different code lengths are obtained by varying the bit length of the session key K (N) acquired from the key generation unit 51 by the authentication control unit 53 according to the set value of the code length. Can be easily generated.

  Further, according to the information processing system 1 according to the first and second embodiments, the key generation unit 61 (second number sequence generation unit) has the same session as the session key K (N) generated by the key generation unit 51. A key K (N) is generated. Further, the authentication control unit 63 (second authentication control unit) obtains a session key K (N) having a bit length corresponding to the first code length information L (N) from the key generation unit 61, thereby obtaining a session. A second authentication code S (N) including the key K (N) is generated. Then, the authentication control unit 63 determines whether or not the first authentication code S (N) included in the authentication command C1 and the second authentication code S (N) generated by itself match the communication device 2. Authenticate. If the communication device 2 is valid, the first authentication code S (N) and the second authentication code S (N) match. If the communication device 2 is illegal, the first authentication code S (N) and the second authentication code S (N) do not match. Therefore, whether the communication device 2 is legitimate or illegal is simply and reliably authenticated depending on whether or not the first authentication code S (N) and the second authentication code S (N) match. Is possible.

  Further, according to the information processing system 1 according to the first and second embodiments, the semiconductor memory device 3 has the code length of the second authentication code S (N + 1) for causing the communication device 2 to authenticate the semiconductor memory device 3. Can be set variably. Therefore, the code length of the authentication code S (N + 1) can be varied for each authentication process or at an arbitrary timing. Further, the code length of the authentication code S (N + 1) can be increased against the improvement of the hacking technique by the attacker. Furthermore, the code length of the authentication code S (N + 1) can be varied according to the confidential level of the content data transmitted from the semiconductor storage device 3 to the communication device 2. As a result, the security strength can be improved as compared with the information processing system in which the code length of the authentication code is a fixed value.

  Further, according to the information processing system 1 according to the first embodiment, the semiconductor storage device 3 randomly sets the code length of the authentication code S (N + 1). Accordingly, since the code length of the authentication code S (N + 1) is randomly changed, when the attacker analyzes the authentication code S (N + 1), the code is transmitted / received between the communication device 2 and the semiconductor memory device 3. It is difficult for an attacker to identify which part of various data is the authentication code S (N + 1). As a result, the analysis of the authentication code S (N + 1) by an attacker becomes more difficult, so that the security strength can be further improved.

  Further, according to the information processing system 1 according to the second embodiment, the semiconductor storage device 3 sets the code length of the authentication code S (N + 1) according to the security strength required for the information processing system 1. Therefore, when a higher security strength is required than before, against the improvement of the hacking technique by the attacker, the code length of the authentication code S (N + 1) can be set larger than before. As a result, since it is difficult for an attacker to analyze the authentication code S (N + 1), the security strength can be improved.

  Further, according to the information processing system 1 according to the second embodiment, the semiconductor storage device 3 sets the code length of the authentication code S (N + 1) according to the security level of the content data transmitted to the communication device 2. . Therefore, the security strength can be improved by enlarging and setting the code length of the authentication code S (N + 1) for content data having a higher security level.

  Further, according to the information processing system 1 according to the first embodiment, the memory controller 21 executes the setting of the code length of the authentication code S (N + 1). Therefore, even if an attack that alters the control of the microprocessor 11 of the communication device 2 is performed by program analysis or the like, the authentication code S can be obtained by the attacker unless the contents of the hardware processing by the memory controller 21 are analyzed. The code length of (N + 1) is not specified. As a result, the analysis of the authentication code S (N + 1) by an attacker becomes more difficult, so that the security strength can be further improved.

  Further, according to the information processing system 1 according to the second embodiment, the setting of the code length of the authentication code S (N + 1) is executed by the microprocessor 11 of the communication device 2. Therefore, since it is not necessary to mount a circuit for setting the code length of the authentication code S (N + 1) in the memory controller 21, the circuit configuration can be simplified and the cost can be reduced.

  Further, according to the information processing system 1 according to the first and second embodiments, the authentication control unit 63 sets the set value based on the set value of the code length of the authentication code S (N + 1) indicated by the data M2. An authentication code S (N + 1) including the session key K (N + 1) is generated by acquiring the session key K (N + 1) having a corresponding bit length from the key generation unit 61. Accordingly, various authentication codes S (N + 1) having different code lengths are obtained by changing the bit length of the session key K (N + 1) acquired from the key generation unit 61 by the authentication control unit 63 according to the set value of the code length. Can be easily generated.

  Further, according to the information processing system 1 according to the first and second embodiments, the key generation unit 51 generates the same session key K (N + 1) as the session key K (N + 1) generated by the key generation unit 61. . Further, the authentication control unit 53 acquires a session key K (N + 1) having a bit length corresponding to the second code length information L (N + 1) from the key generation unit 51, thereby including the session key K (N + 1). 1 authentication code S (N + 1) is generated. Then, the authentication control unit 53 determines whether the second authentication code S (N + 1) received from the semiconductor memory device 3 matches the first authentication code S (N + 1) generated by itself. The device 3 is authenticated. If the semiconductor memory device 3 is valid, the first authentication code S (N + 1) and the second authentication code S (N + 1) match. If the semiconductor memory device 3 is illegal, the first authentication code S (N + 1) matches the first authentication code S (N + 1). The code S (N + 1) and the second authentication code S (N + 1) do not match. Therefore, whether the semiconductor memory device 3 is legitimate or illegal is simply and reliably authenticated depending on whether or not the first authentication code S (N + 1) and the second authentication code S (N + 1) match. It becomes possible.

  Further, according to the information processing system 1 according to the first and second embodiments, the semiconductor storage device 3 authenticates the communication device 2 based on the authentication code S (N) and determines that the communication device 2 is valid. The authentication code S (N + 1) is transmitted to the communication device 2 in response to the authentication code S (N), and the communication device 2 authenticates the semiconductor memory device 3 based on the authentication code S (N + 1). Therefore, one-way communication between the transmission of the authentication code S (N) from the communication device 2 to the semiconductor storage device 3 and the transmission of the authentication code S (N + 1) from the semiconductor storage device 3 to the communication device 2 in response thereto. Thus, mutual authentication between the communication device 2 and the semiconductor memory device 3 can be performed. As a result, compared to general challenge and response mutual authentication that requires round-trip communication (two-round communication in total) from each of the communication device and the semiconductor storage device, the processing speed and efficiency are improved. Is possible.

DESCRIPTION OF SYMBOLS 1 Information processing system 2 Communication apparatus 3 Semiconductor memory device 11 Microprocessor 12 Memory controller 21 Memory controller 22 Memory array 51 Key generation part 52 Encryption / decryption part 53 Authentication control part 56 Code length setting part 61 Key generation part 62 Encryption / decryption Decryption unit 63 Authentication control unit 64 Code length setting unit

Claims (12)

A communication device;
A storage device connected to the communication device;
An information processing system comprising:
The communication device
A main control unit for controlling the information processing system by software processing;
A first control circuit that is mounted separately from the main control unit and controls the storage device by hardware processing;
Have
The storage device
A storage unit storing content data;
A second control circuit for controlling the storage unit;
Have
The first control circuit includes:
A first number sequence generation unit that sequentially generates a first number sequence and a fourth number sequence;
A first authentication control unit;
Including
The second control circuit includes:
A second number sequence generation unit that sequentially generates a second number sequence that is the same as the first number sequence, and a third number sequence that is the same as the fourth number sequence;
A second authentication control unit;
Including
The first authentication control unit includes:
Based on the set value of the code length of the first authentication code, the first number sequence having the bit length corresponding to the set value is acquired from the first number sequence generation unit, thereby including the first number sequence Generating the first authentication code;
Transmitting an authentication command including the first authentication code and first code length information indicating a code length of the first authentication code to the storage device;
The second authentication control unit
By obtaining the second number sequence having a bit length corresponding to the first code length information from the second number sequence generation unit, a second authentication code including the second number sequence is generated,
Depending on whether the first authentication code received from the communication device matches the second authentication code generated by itself, the communication device is authenticated,
The second authentication control unit
Based on the set value of the code length of the third authentication code, the third number sequence having the bit length corresponding to the set value is acquired from the second number sequence generating unit, thereby including the third number sequence Generating the third authentication code;
Transmitting the third authentication code and second code length information indicating a code length of the third authentication code to the communication device;
The first authentication control unit includes:
By acquiring the fourth number sequence having a bit length corresponding to the second code length information from the first number sequence generation unit, a fourth authentication code including the fourth number sequence is generated,
Depending on whether or not the third authentication code received from the storage device matches the fourth authentication code generated by itself, the storage device is authenticated,
The communication device can variably set the code length of the first authentication code,
The storage device can variably set the code length of the third authentication code,
The information processing system, wherein the storage device sets the code length of the third authentication code to a value different from the code length of the first authentication code .   The information processing system according to claim 1, wherein the communication device sets a code length of the first authentication code at random.   The information processing system according to claim 1, wherein the communication device sets a code length of the first authentication code according to a security strength required for the information processing system.   The information processing system according to claim 1, wherein the communication device sets a code length of the first authentication code according to a security level of content data transmitted from the storage device to the communication device. Before SL first setting code length of the authentication code, said first control circuit is performed, the information processing system according to any one of claims 1 to 4. Before SL first authentication code code length setting of the main control unit executes information processing system according to any one of claims 1 to 4.   The information processing system according to any one of claims 1 to 6, wherein the storage device randomly sets a code length of the third authentication code.   The information processing system according to claim 1, wherein the storage device sets a code length of the third authentication code in accordance with a security strength required for the information processing system.   The information processing system according to claim 1, wherein the storage device sets a code length of the third authentication code according to a confidential level of content data transmitted to the communication device.   The information processing system according to any one of claims 1 to 9, wherein the setting of the code length of the third authentication code is executed by the second control circuit.   The information processing system according to claim 1, wherein the main control unit executes the setting of the code length of the third authentication code.   The storage device transmits the third authentication code to the communication device in response to the first authentication code when the communication device determines that the communication device is valid. Information processing system described in 1.

Images