JP6248518B2 - Information storage medium, information writing method, and writing processing program - Google Patents

Description

  The present invention relates to a technique such as an apparatus for writing a program in a memory provided in an information storage medium such as an IC chip capable of executing a plurality of execution codes constituting a predetermined program.

  Conventionally, for example, many IC chips mounted on an IC card are compatible with Java (registered trademark) Card. A programming language such as Java (registered trademark) is different from a language that is converted from source code to native code (machine language) by compiling, such as C language, in order to absorb hardware dependency. It is converted into an intermediate code (byte code) which is an execution format called. The intermediate code is a data string including instructions such as arithmetic and branch. This intermediate code is interpreted and executed by a virtual machine. In an IC chip having such a virtual machine, the instruction interpreting unit of the virtual machine is realized by an array of the start address (that is, the start address in the memory) of the implementation (execution code) of each instruction (intermediate code). There are many. In addition, many existing IC chips record programs (executable codes including instruction interpreting units) in ROM (the arrangement of executable codes is determined during the semiconductor manufacturing process). Recently, however, the ROM capacity has been reduced, Many IC chips have a large capacity nonvolatile memory such as a flash memory, and an increasing number of IC chips record the above-described programs in the nonvolatile memory (the execution code and its arrangement are determined after shipping from a semiconductor vendor). ).

  By the way, SCA (Side Channel Analysis) is widely known as an attack technique for inferring secret information that is only inside the IC chip by analyzing changes in the power consumption and radiated electromagnetic field of the IC chip. . Of particular note is an attack method that analyzes side channel information of readily available sample cards, learns their characteristics in advance, and infers secret information from distribution cards (for example, credit cards) that use the same IC chip. Has been. This is because the side channel information obtained from each of the sample card and the distribution card used for learning (attack preparation) is very similar. As a technique related to such SCA countermeasures, there is known a cryptographic processing apparatus that introduces noise in power consumption measurement by calculating an unpredictable amount of power during cryptographic processing operations (for example, Patent Documents). 1).

  Furthermore, an attack technique (FA: Fault Analysis) that causes malfunction of the IC chip by applying disturbance to the IC chip in operation, causes the IC chip to respond with an incorrect calculation result, or outputs information unintended by the IC chip to the outside. ) Is also known. Here, the disturbance includes power supply, grounding, pulse injection to a clock, irradiation of strong light to the front or back surface of the IC chip, generation of a strong magnetic field in the vicinity of the IC chip, and the like.

US Pat. No. 7,599,488

  However, the cryptographic processing device described in Patent Document 1 has a problem that processing becomes complicated and the circuit scale increases, and is written in an information storage medium such as an IC chip as a countermeasure against SCA. There is no focus on protecting the program itself. Also, in general cryptographic processing devices, data such as keys used for cryptographic processing is recorded in a state where it is masked with random numbers, so that it is possible to prepare for an emergency leak. Not. Therefore, if the intermediate code is leaked due to an attack due to disturbance, there is a possibility that the weak points in the structure of the program will be analyzed.

  The present invention provides an information storage medium, an information writing method, and a writing processing program that can efficiently protect a program written in an information storage medium such as an IC chip with a configuration that does not complicate the processing. Let it be an issue.

In order to solve the above-mentioned problem, an invention according to claim 1 is an information storage comprising a memory for storing a plurality of execution codes and an execution means for interpreting the identification information of the execution codes and executing the execution codes. The medium is the first identification information of the execution code and the second identification information different from the first identification information, and the second identification information is changed. Storage means for acquiring or generating a change table indicating the correspondence relationship with the identification information for each of the first identification information, and storing the identification information constituting the predetermined program in the memory And when the identification information constituting the predetermined program is written into the memory, the first identification information of the execution code is changed to the first identification information based on the change table. Change means for changing to the second identification information corresponding to the identification information, the second identification information changed by the change means, and the execution code corresponding to the second identification information. A reference table showing a correspondence relationship with address information indicating an address in the stored memory for each execution code, the reference table referred to when the execution code stored in the memory is executed Second writing means for writing to a memory , wherein the changing means is configured to change the first identification information of at least any one of the plurality of execution codes to at least two different second One of the identification information is changed to the second identification information .

The invention according to claim 2, in the information storage medium of claim 1, wherein the changing means, if it contains at least two execution codes of the same function to the plurality of execution codes, executable code of the same function The first identification information of one of the execution codes is changed to any one of the second identification information of at least two different second identification information, and the execution code of the same function The first identification information of the other execution code is changed to the second identification information of the other of the at least two different second identification information.

According to a third aspect of the present invention, in the information storage medium according to the first or second aspect , the changing means includes the second identification of one of the at least two different identification information. The information is selected by a random number and is changed to the selected second identification information.

The invention according to claim 4 is an information storage medium comprising a memory for storing a plurality of execution codes, and execution means for interpreting identification information of the execution codes and executing the execution codes. Correspondence relationship between the first identification information and the second identification information that is second identification information different from the first identification information and in which the first identification information is changed Storage means for acquiring or generating and storing a change table for each of the first identification information, first writing means for writing the identification information constituting a predetermined program into the memory, and the predetermined program When the identification information to be configured is written to the memory, the first identification information of the execution code is associated with the first identification information based on the change table. Change means for changing to the identification information of 2; the second identification information changed by the change means; and an address in the memory in which the execution code corresponding to the second identification information is stored. A second writing means for writing, into the memory, a reference table that indicates a correspondence relationship with the address information indicated for each of the execution codes, the reference table being referred to when the execution code stored in the memory is executed; The plurality of execution codes in which at least one execution code of the plurality of execution codes is duplicated is stored in the memory, and the second writing means stores the at least duplex The executable execution code corresponds to the first identification information of any one execution code selected from these execution codes. Said second of said identification information that, and writes a reference table showing the correspondence between the address information indicating an address in the memory where the execution code is written into the memory.

The invention according to claim 5 is information executed by a computer in an information storage medium comprising a memory for storing a plurality of execution codes and execution means for interpreting identification information of the execution codes and executing the execution codes. A writing method, wherein the first identification information of the execution code is the second identification information different from the first identification information, and the first identification information is changed. A step of acquiring or generating a change table indicating a correspondence relationship with the identification information of 2 for each of the first identification information; a first writing step of writing the identification information constituting a predetermined program into the memory; When the identification information constituting the predetermined program is written to the memory, based on the change table, the first front of the execution code A change step of changing identification information to the second identification information corresponding to the first identification information, the second identification information changed by the change step, and the second identification information A reference table for each execution code showing a correspondence relationship with address information indicating an address in the memory in which the execution code corresponding to is stored, and when the execution code stored in the memory is executed a second write step of writing the reference table that is referred to the memory, only contains, in the changing step, the first of said identification information of at least one of the execution code of the plurality of execution codes, One of the at least two different pieces of the second identification information is changed to the second identification information . The invention according to claim 6 is information executed by a computer in an information storage medium comprising a memory for storing a plurality of execution codes, and execution means for interpreting the identification information of the execution codes and executing the execution codes. A writing method, wherein the first identification information of the execution code is the second identification information different from the first identification information, and the first identification information is changed. A step of acquiring or generating a change table indicating a correspondence relationship with the identification information of 2 for each of the first identification information; a first writing step of writing the identification information constituting a predetermined program into the memory; When the identification information constituting the predetermined program is written to the memory, based on the change table, the first front of the execution code A change step of changing identification information to the second identification information corresponding to the first identification information, the second identification information changed by the change step, and the second identification information A reference table for each execution code showing a correspondence relationship with address information indicating an address in the memory in which the execution code corresponding to is stored, and when the execution code stored in the memory is executed A second writing step of writing a reference table to be referenced to the memory, wherein the plurality of execution codes in which at least any one of the plurality of execution codes is duplicated in the memory. In the second writing step, the execution code for the at least duplexed execution code is stored in the execution code. Correspondence relationship between the second identification information corresponding to the first identification information of any one execution code selected from among the address and address information indicating an address in the memory in which the execution code is written Is written in the memory.

According to a seventh aspect of the present invention, there is provided a computer in an information storage medium comprising a memory for storing a plurality of execution codes and execution means for interpreting identification information of the execution codes and executing the execution codes. Correspondence relationship between the first identification information and the second identification information that is second identification information different from the first identification information and in which the first identification information is changed Storage means for acquiring or generating and storing a change table for each of the first identification information, first writing means for writing the identification information constituting a predetermined program into the memory, and the predetermined program When the identification information constituting is written into the memory, the first identification information of the execution code is changed to the first identification information based on the change table. The changing means for changing to the corresponding second identification information, the second identification information changed by the changing means, and the execution code corresponding to the second identification information are stored. A reference table showing a correspondence relationship with address information indicating an address in a memory for each of the execution codes, wherein a reference table referred to when the execution code stored in the memory is executed is written to the memory. A writing processing program that functions as two writing means , wherein the changing means converts the first identification information of at least one of the plurality of execution codes into at least two different second codes. One of the identification information is changed to the second identification information . According to an eighth aspect of the present invention, there is provided a computer in an information storage medium comprising a memory for storing a plurality of execution codes and execution means for interpreting identification information of the execution codes and executing the execution codes. Correspondence relationship between the first identification information and the second identification information that is second identification information different from the first identification information and in which the first identification information is changed Storage means for acquiring or generating and storing a change table for each of the first identification information, first writing means for writing the identification information constituting a predetermined program into the memory, and the predetermined program When the identification information constituting is written into the memory, the first identification information of the execution code is changed to the first identification information based on the change table. The changing means for changing to the corresponding second identification information, the second identification information changed by the changing means, and the execution code corresponding to the second identification information are stored. A reference table showing a correspondence relationship with address information indicating an address in a memory for each of the execution codes, wherein a reference table referred to when the execution code stored in the memory is executed is written to the memory. A plurality of execution codes in which at least any one execution code of the plurality of execution codes is duplicated; The two writing means is selected from these execution codes for the at least duplicated execution code. A reference table indicating a correspondence relationship between the second identification information corresponding to the first identification information of any one execution code and address information indicating an address in the memory in which the execution code is written; It is characterized by writing in.

  According to the present invention, it is possible to efficiently protect a program written in an information storage medium such as an IC chip with a configuration that does not complicate the processing.

It is a figure showing an example of outline composition of IC card issue system S. (A) is a figure which shows the correspondence of an intermediate code, an execution code, and a change intermediate code. (B) is a flowchart showing an example of processing in the IC chip 1a. (C) is a flowchart showing details of the processing in step S1 of (B). (D) is a flowchart showing details of the process in step S2 of (B). (A) shows an example of assignment of original intermediate code and implementation, and (B) is a diagram showing an example of assignment of changed intermediate code and implementation. (C) shows another example of allocation between the original intermediate code and the implementation, and (D) is a diagram showing another example of allocation between the changed intermediate code and the implementation. (A) is a figure which shows the example which changes the intermediate code which comprises an application program into a change intermediate code, (B) is the appearance frequency of the intermediate code in the case of (A), and the appearance frequency of a change intermediate code It is a figure which shows a relationship. (A) is a figure which shows the reference table and mounting arrangement | sequence of a sample card and IC card 1, (B) is a figure which shows the reference table and mounting arrangement | sequence of a sample card and IC card 1, (C ) Is a diagram showing an example of the contents of the duplicated execution code “ADD” (01 and 02).

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. The embodiment described below is an embodiment when the present invention is applied to an IC card issuing system. In this specification, “issue” means writing predetermined information (program, data, etc.) in an information storage medium such as an IC chip.

  First, with reference to FIG. 1, the configuration and functional overview of an IC card issuing system according to the present embodiment will be described. FIG. 1 is a diagram showing a schematic configuration example of the IC card issuing system S. As shown in FIG. 1, the IC card issuing system S includes an IC card 1 to be issued and an IC card issuing machine 2.

  An IC chip 1a is mounted on the IC card 1 as shown in FIG. The IC card 1 is used as a cash card, credit card, employee card or the like. Alternatively, the IC card 1 is incorporated into a communication device such as a smartphone or a mobile phone. The IC chip 1a constitutes the information storage medium in the present invention. However, the IC chip 1a may be directly incorporated on the circuit board of the communication device.

  The IC chip 1a includes a CPU (Central Processing Unit) 10, a RAM (Random Access Memory) 11, a ROM (Read Only Memory) 12, a nonvolatile memory 13, and an I / O circuit 14. For example, a flash memory is applied to the nonvolatile memory 13. The nonvolatile memory 13 may be “Electrically Erasable Programmable Read-Only Memory”. The I / O circuit 14 serves as an interface with the IC card issuer 2. The I / O circuit 14 is provided with eight terminals C1 to C8 defined by, for example, ISO / IEC7816. For example, the C1 terminal is a power supply terminal, the C2 terminal is a reset terminal, the C3 terminal is a clock terminal, the C5 terminal is a ground terminal, and the C7 terminal is a terminal that performs data communication with an external terminal such as the IC card issuer 2.

  The CPU 10 is an arithmetic device that executes a program stored in the RAM 11, the ROM 12, or the nonvolatile memory 13. The program includes an OS (Operating System), a write processing program of the present invention, a virtual machine, and an application program described in a program language such as Java (registered trademark). The OS, the write processing program of the present invention, and the virtual machine are described by a plurality of execution codes (execution code groups). The OS is software that directly controls the operation of the IC chip 1a. The CPU 10 functions as a storage unit, a first writing unit, a changing unit, and a second writing unit of the present invention by executing the writing processing program of the present invention. The application program of the present embodiment is described in an intermediate code that is an intermediate language between the source code and the execution code. The intermediate code is first identification information (index) of the execution code corresponding to the intermediate code. The implementation (execution code) of the intermediate code is burned in the ROM 12 in advance when the IC chip 1a is manufactured, or is written to a predetermined address in the nonvolatile memory 13 during the issuance processing of the IC card 1. Then, a plurality of intermediate codes (intermediate code groups) constituting the application program are written to a predetermined address in the nonvolatile memory 13 by being installed in the IC chip 1a after the issuing process of the IC card 1, for example. The virtual machine operating on the OS interprets the intermediate code and executes the execution code. The intermediate code is obtained, for example, by compiling the application program when the application program is installed. For example, the intermediate code “03” indicates an execution code “MOV” (data write). The intermediate code “04” indicates “ADD” (addition). The intermediate code “05” indicates the execution code “SUB” (subtraction). “MOV”, “ADD”, and “SUB” indicate the meaning of the execution code. The virtual machine interprets the intermediate code and executes the execution code, and the address information indicating the intermediate code constituting the program and the address (for example, the start address of the execution code) in the ROM 12 or the nonvolatile memory 13 in which the execution code is stored. Refer to the reference table that shows the corresponding relationship for each execution code. That is, this reference table is referred to when the execution code stored in the ROM 12 or the nonvolatile memory 13 is executed. As a result, the CPU 10 executes the execution code stored at the specified address. This reference table may be generated by the IC card issuer 2 or may be generated by the IC chip 1a.

  The IC card issuer 2 communicates with the control unit 21 including a CPU, RAM, and nonvolatile memory, the storage unit 22 including a hard disk drive, and the IC card 1 via a reader / writer. The communication unit 23 is configured to be performed. The storage unit 22 stores an OS and an issue processing program. The control unit 21 transmits the plurality of execution codes to the IC chip 1a in the default arrangement (mounting arrangement) in the ROM 12 or the non-volatile memory 13 of the plurality of execution codes described above, and the non-volatile memory. 13 is written. The control unit 21 also has a reference table that shows the correspondence between the intermediate code constituting the program and the address information indicating the address (address) in the ROM 12 or the nonvolatile memory 13 in which the execution code is stored for each execution code. Is transmitted to the IC chip 1a. Note that the reference table may be generated by the IC chip 1a. Furthermore, the control unit 21 determines the correspondence between the intermediate code constituting the program and the changed intermediate code that is different from the intermediate code (second identification information) and has the intermediate code changed. The change table shown for each is generated and transmitted to the IC chip 1a. The change table may be generated by the IC chip 1a.

  FIG. 2A is a diagram illustrating a correspondence relationship between the intermediate code, the execution code, and the changed intermediate code. In the example of FIG. 2A, the intermediate code “03” corresponds to the changed intermediate codes “04” and “06”, and the intermediate code “04” corresponds to the changed intermediate code “05”. The intermediate code “05” corresponds to the changed intermediate code “03”. In this example, the changed intermediate code is an intermediate code selected from among the actually used intermediate codes, for example, according to a predetermined standard (for example, randomly by a random number). The changed intermediate code may be a code obtained by converting an actually used intermediate code according to a predetermined function. Since such a modified intermediate code can be interpreted in a different meaning from the actual execution code, it can also be referred to as an encrypted intermediate code. Further, the correspondence between the intermediate code and the changed intermediate code may be 1: 1, but as in the execution code “MOV” shown in FIG. In this example, it is desirable that the number is 1 to 2). In addition, the changed intermediate code may be individualized for each IC chip 1a used for the same application (data including the same program is written), for example, at the time of issuing processing during the manufacturing process of the IC chip 1a. desirable. In this case, for example, the change intermediate code corresponding to the execution code written to one IC chip 1a is “04”, while the change intermediate code corresponding to the execution code written to another IC chip 1a is “06”. Is done. That is, in this case, the correspondence relationship between the intermediate code and the changed intermediate code in the change table described above is different for each IC chip 1a and is individually associated.

  Next, processing in the IC chip 1a according to the present embodiment will be described with reference to FIG. FIG. 2B is a flowchart showing an example of processing in the IC chip 1a.

  In FIG. 2B, the IC chip 1a performs processing in the order of initialization (step S1), loading of an application program (step S2), and writing of personal information related to the IC card user (step S3). . The initialization (step S1) is performed by a card vendor. On the other hand, loading an application program (step S2) and writing personal information (step S3) may be performed by a card vendor or performed after being shipped to the market.

  FIG. 2C is a flowchart showing details of the process in step S1 of FIG. 2C, the IC chip 1a acquires the change table transmitted from the IC card issuer 2 (step S11). Next, the IC chip 1a writes the acquired change table in the nonvolatile memory 13 (step S12). Next, the IC chip 1a acquires the reference table transmitted from the IC card issuer 2 (step S13). Next, the IC chip 1a writes the acquired reference table in the nonvolatile memory 13 (step S14).

  The IC chip 1 a itself may generate the reference table and the change table, and write the generated reference table and change table in the nonvolatile memory 13.

  FIG. 2D is a flowchart showing details of the process in step S2 of FIG. In FIG. 2 (D), the IC chip 1a acquires the intermediate code group constituting the application program transmitted from the IC card issuing machine 2 (step S21). Next, when the obtained intermediate code group is written into the nonvolatile memory 13, the IC chip 1a converts the original intermediate code in the reference table into a changed intermediate code corresponding to the intermediate code based on the change table. Change (step S22). In other words, the IC chip 1a executes the correspondence between the changed intermediate code changed in step S22 and the address information indicating the address in the ROM 12 or the nonvolatile memory 13 in which the execution code corresponding to the changed intermediate code is stored. A reference table for each code is written in the nonvolatile memory 13. Then, the IC chip 1a writes the changed intermediate code group after the change in the nonvolatile memory 13 (step S23). That is, the changed intermediate code group is written instead of the intermediate code group acquired in step S21.

  As described above, the change table and the reference table written in the nonvolatile memory 13 are referred to when the execution code stored in the ROM 12 or the nonvolatile memory 13 is executed. That is, the virtual machine specifies the changed intermediate code associated with the intermediate code to be executed from the change table, and specifies the address information associated with the specified changed intermediate code from the reference table.

  FIG. 3A shows an example of allocation between the original intermediate code and the implementation, and FIG. 3B shows an example of allocation between the changed intermediate code and the implementation. In the reference table shown in FIG. 3B, the intermediate code “03” shown in FIG. 3A is changed to the changed intermediate code “04”, and the intermediate code “04” shown in FIG. 3A is changed. The intermediate code “05” is changed, and the intermediate code “05” shown in FIG. 3A is changed to the changed intermediate code “03”. Thus, for example, even when a changed intermediate code group is output in response to an attack by disturbance, the changed intermediate code does not indicate the original code (value), so it can be easily decoded by an attacker. You can make it impossible. As described above, when the correspondence between the intermediate code and the changed intermediate code in the change table is individualized for each IC chip 1a (that is, the change table is individualized), the sample card and the distribution card used for learning Thus, the correlation of the respective side channel information can be reduced, and it can be further prevented from being easily deciphered by an attacker. For example, an IC chip 1 interprets and executes the changed intermediate code “04” as an execution code “MOV”, and the other IC chip 1a interprets and executes the changed intermediate code “06” as “MOV”. Have different hamming weights (the number of bits representing 1 in binary). Therefore, a difference occurs in power consumption caused by the data bus. That is, although the same MOV instruction is executed, the power consumption value differs for each IC chip 1a. In this way, by changing the manner in which power is consumed when the intermediate code is read from the nonvolatile memory 13, it is possible to prevent the attacker from easily deciphering.

  In the example of FIG. 3A, the IC chip 1a uses at least two different modified intermediate codes as intermediate codes (in this example, “03”) of at least one of the multiple executable codes. One of the codes (“04” and “06” in this example) is changed to a change intermediate code (“04” in this example). For example, the IC chip 1a selects one of the at least two different changed intermediate codes by a random number and changes the selected changed intermediate code to the selected changed intermediate code. Thereby, even if the change table is common among the IC chips 1a used for the same purpose (data including the same program is written), it can be individualized for each IC chip 1a. For this reason, it is possible to change the way in which power is consumed when the execution code is read from the nonvolatile memory 13 for each IC chip 1a, and it is possible to further prevent the attacker from easily deciphering. In the example of FIG. 3A, the intermediate code “03” is changed to the changed intermediate code “04”, but the intermediate code “03” is changed by, for example, random selection using a random number. In some cases, the intermediate code is selected (changed) to “06”. Further, when the same plurality of intermediate codes “03” are included in the plurality of intermediate codes constituting the application program installed in the same IC chip 1a, one intermediate code “03” is changed intermediate In some cases, the code “04” is randomly selected, and the other intermediate code “03” is randomly selected as the changed intermediate code “06”. As a result, when the changed intermediate code group is leaked, it is possible to make it more difficult to guess the intermediate code from the changed intermediate code from the tendency of the appearance frequency, and the difficulty of analyzing the intermediate code can be further increased.

  FIG. 3C illustrates another example of allocation between the original intermediate code and the implementation, and FIG. 3D illustrates another example of allocation between the changed intermediate code and the implementation. In the reference table shown in FIG. 3D, the intermediate code “03” shown in FIG. 3C is changed to changed intermediate codes “04” and “06”. Note that the same intermediate address information is associated with the changed intermediate codes “04” and “06” shown in FIG.

  In some cases, the plurality of execution codes include at least two execution codes having the same function. In this case, the IC chip 1a changes the intermediate code of one execution code among the execution codes of the same function to one of the change intermediate codes of at least two different change intermediate codes, and executes the execution code of the same function. If the intermediate code of the other executable code is changed to the other changed intermediate code among at least two different changed intermediate codes, a plurality of different changed intermediate codes can be obtained even in the same IC chip 1a. Are associated with execution codes of the same function, and the same instruction is executed. Therefore, the difference in power consumption value becomes more prominent, and it can be further prevented from being easily deciphered by an attacker.

  FIG. 4A is a diagram illustrating an example in which the intermediate code constituting the application program is changed to a changed intermediate code. In FIG. 4A, the first intermediate code “03” is changed to the changed intermediate code “06”, and the next intermediate code “03” is changed to the changed intermediate code “04”. FIG. 4B is a diagram showing the relationship between the appearance frequency of the intermediate code and the appearance frequency of the changed intermediate code in the case of FIG. As shown in FIG. 4B, the appearance frequency of the intermediate code “03” corresponding to the execution code “MOV” is four times, which is much higher than the appearance frequency of other execution codes. In this case, it is distributed (that is, the appearance frequency is distributed) twice, “04” twice and “06” twice. In other words, by assigning multiple modified intermediate codes to execution codes (instructions) that frequently appear, it is difficult to guess the intermediate code from the modified intermediate code based on the tendency of appearance frequency when the modified intermediate code group is leaked This makes it possible to further increase the difficulty of analyzing the intermediate code.

  As described above, according to the above-described embodiment, the IC chip 1a is configured so that when the intermediate code group constituting the application program is written in the nonvolatile memory 13, the original code in the reference table is based on the change table. Correspondence between the changed intermediate code changed to the changed intermediate code corresponding to the intermediate code and the address information indicating the address in the nonvolatile memory 13 in which the execution code corresponding to the changed intermediate code is written Since the reference table indicating the relationship for each execution code is written in the nonvolatile memory 13, it is possible to prevent an attacker by SCA or FA from easily deciphering, and the program written in the IC chip 1a Protection can be performed efficiently with a configuration that does not complicate processing. .

(Modification 1)
In the above-described embodiment, the plurality of execution codes are arranged in the ROM 12 or the nonvolatile memory 13 in the ROM 12 or the nonvolatile memory 13, and the plurality of execution codes are stored in the ROM 12 or the nonvolatile memory 13 in the default arrangement. The first modification is configured to rearrange the arrangement of a plurality of execution codes stored in the IC chip 1a (other configurations are the same as those in the above embodiment). Thereby, in the modification 1, the synergistic effect with embodiment mentioned above can be acquired. Modification 1 is an embodiment effective when applied to the IC card 1 having a small storage capacity of the ROM 12 and a large storage capacity of the nonvolatile memory 13. In this case, the control unit 21 rearranges the array of the plurality of execution codes in the ROM 12 or the non-volatile memory 13 and defaulted based on, for example, random numbers or information unique to the IC chip 1a. For example, a code that is interpreted and executed by the IC chip 1a (for example, a state in which the boundary of implementation of the intermediate code can be identified by a lump of characters or numerical values generated by a compiler or a linker) is input, and random numbers, manufacturing history, IC chip 1a The execution code array corresponding to the intermediate code is rearranged based on the identification information. Thus, during the issuance process during the manufacturing process, the arrangement of the intermediate code implementation (execution code) can be changed for each IC chip 1a used for the same application. It is desirable to individualize based on the identification information and manufacturing history of the IC chip 1a so that it can be individualized for all the IC chips 1a used for the same application. However, sample cards and distribution cards (used in the market) May be distinguished only in two ways. Next, the control part 21 produces | generates the reference table which shows the said correspondence after arrangement | sequence is rearranged. That is, a reference table is generated along the rearrangement. Then, the control unit 21 transmits to the IC chip 1a the plurality of execution codes in which the arrangement is rearranged, the reference table generated along the rearrangement, and the change table described above.

  FIG. 5A is a diagram showing a sample card, a reference table of the IC card 1, and a mounting arrangement. 5A shows a state before the intermediate code in the reference table is changed to a changed intermediate code corresponding to the intermediate code based on the change table for convenience of explanation. As shown in FIG. 5A, the arrangement order of the intermediate codes in both reference tables is the same, but the address information associated with the intermediate code (in this example, the start address of the execution code) is different. Yes. That is, the arrangement of the execution codes stored in the ROM 12 or the nonvolatile memory 13 differs between the sample card and the IC card 1. Thereby, according to the modification 1, the way of the power consumption when the execution code is read from the ROM 12 or the nonvolatile memory 13 with reference to the reference table can be changed. For example, even if the same execution code “MOV” is assigned to address 8000 and address 8026, the hamming weight of the address is different (8000 is 1 and 8026 is 4), so there is a difference in power consumption caused by the address bus. Occurs. That is, although the same execution code “MOV” is being executed, the power consumption value can be varied for each IC chip. Therefore, the correlation between the side card information of the sample card used for learning in the SCA and the IC card 1 can be reduced.

  In the case of the first modification, the reference code may be generated on the IC chip 1a side. In this case, the IC chip 1a includes a plurality of execution codes in which the arrangement of the plurality of execution codes in the nonvolatile memory 13 and the default arrangement is rearranged based on, for example, random numbers or information unique to the IC chip 1a. Is obtained from the IC card issuer 2 and written to the nonvolatile memory 13. Then, the IC chip 1a generates a reference table indicating the correspondence relationship after the arrangement of the execution codes is rearranged by the IC card issuer 2. Further, the rearrangement of the arrangement of the execution codes may be performed on the IC chip 1a side. In this case, the IC chip 1 a writes the execution codes in, for example, the backup area of the nonvolatile memory 13 in the order determined at the time of compilation. Next, the IC chip 1a rearranges the arrangement of the plurality of execution codes stored in the nonvolatile memory 13 in the nonvolatile memory 13 based on, for example, random numbers or information unique to the IC chip 1a. Next, the IC chip 1a writes (that is, transfers) a plurality of execution codes in which the arrangement is rearranged in an arrangement in which the non-volatile memory 13 is rearranged from, for example, a backup area to a normal area. Then, the IC chip 1a generates a reference table indicating the correspondence relationship after the arrangement of the execution code is rearranged by the IC chip 1a.

(Modification 2)
Next, the second modification is effective when applied to the IC card 1 in which the nonvolatile memory 13 has a small storage capacity and is stored in the ROM 12 in which the execution code is stored in the ROM 12 that cannot be changed in the IC card issuer 2. This is an example. In the second modification, a synergistic effect with the above-described embodiment can be obtained. In this case, the ROM 12 of the IC chip 1a stores a plurality of execution codes in which at least one of the plurality of execution codes is duplicated (may be triple or more). It shall be. In the second modification, the control unit 21 includes, in the reference table described above, an intermediate code for identifying any one execution code selected from these execution codes for at least a duplicate execution code, A reference table indicating a correspondence relationship with address information indicating an address in the nonvolatile memory 13 in which the execution code is stored is generated. Here, which execution code is selected from at least the duplicated execution code is determined by a random number, for example. Then, the control unit 21 transmits the generated reference table and the change table described above to the IC chip 1a. Then, the IC chip 1a changes the original intermediate code in the acquired reference table to the changed intermediate code corresponding to the intermediate code based on the acquired change table.

  FIG. 5B is a diagram showing a sample card, a reference table of the IC card 1, and a mounting arrangement. 5B shows a state before the intermediate code in the reference table is changed to a changed intermediate code corresponding to the intermediate code based on the change table for convenience of explanation. As shown in FIG. 5B, the arrangement order of the intermediate codes in both reference tables is the same, but the address information associated with the intermediate code (in this example, the start address of the execution code) is different. Yes. That is, the execution code selected from the duplicated execution code is different between the sample card and the IC card 1. As a result, according to the second modification, it is possible to change the manner in which power is consumed when the execution code is read from the nonvolatile memory 3 by referring to the reference table. Further, even when the execution code is stored in the ROM whose arrangement of mounting cannot be changed, the power consumption when the execution code is read from the ROM can be changed for each IC card 1.

  In the second modification, the reference code may be generated on the IC chip 1a side. In this case, the IC chip 1a includes an intermediate code for identifying any one execution code selected from these execution codes in the reference table described above, and the execution code. Is generated, and a reference table indicating a correspondence relationship with the address information indicating the address in the nonvolatile memory 13 is generated. Further, in the case where execution codes that are processed in the same way are at least duplicated, the order of execution codes and the registers used may be changed. FIG. 5C is a diagram showing an example of the contents of the duplicated execution code “ADD” (01 and 02). In ADD01 shown in FIG. 5C, the data at address 0003 is first transferred to register R0, then the data at address 0058 is transferred to register R1, and then the data in registers R0 and R1 are added. . On the other hand, in ADD02 shown in FIG. 5C, first, the data at address 0058 is moved to register R1, the data at address 0003 is moved to register R0, and then the data of registers R0 and R1 are added. ing. As described above, the processing results of ADD01 and ADD01 are the same, but by changing the reading order from the address, the tendency of the power consumption when the execution code is read from the nonvolatile memory 13 can be further changed. it can.

1 IC card 2 IC card issuing machine 1a IC chip 10 CPU
11 RAM
12 ROM
13 Non-volatile memory 14 I / O circuit

Claims (8)

An information storage medium comprising a memory for storing a plurality of execution codes, and execution means for interpreting the identification information of the execution codes and executing the execution codes,
The first identification information of the execution code and the second identification information that is second identification information different from the first identification information and in which the first identification information is changed Storage means for acquiring or generating a change table indicating the correspondence relationship for each of the first identification information, and storing the change table;
First writing means for writing the identification information constituting a predetermined program into the memory;
When the identification information constituting the predetermined program is written to the memory, the first identification information of the execution code is changed to the first corresponding to the first identification information based on the change table. Changing means for changing to the identification information of 2;
A correspondence relationship between the second identification information changed by the changing unit and address information indicating an address in the memory in which the execution code corresponding to the second identification information is stored is set for each execution code. A second writing means for writing a reference table to the memory, which is referred to when the execution code stored in the memory is executed,
Equipped with a,
The changing unit may change the first identification information of at least one of the plurality of execution codes, and the second identification information of at least two different second identification information. An information storage medium characterized by changing to the identification information . When the plurality of execution codes include at least two execution codes having the same function, the changing unit sets the first identification information of one execution code of the execution codes having the same function to at least two different ones. The second identification information is changed to one of the second identification information, and the first identification information of the other execution code among the execution codes of the same function is changed to at least two different The information storage medium according to claim 1 , wherein the second identification information is changed to the other second identification information of the second identification information. The changing means selects any one of the second different pieces of the second identification information from among at least two different pieces of the second identification information by a random number, and changes the selected second identification information to the selected second identification information. The information storage medium according to claim 1 or 2 . An information storage medium comprising a memory for storing a plurality of execution codes, and execution means for interpreting the identification information of the execution codes and executing the execution codes,
The first identification information of the execution code and the second identification information that is second identification information different from the first identification information and in which the first identification information is changed Storage means for acquiring or generating a change table indicating the correspondence relationship for each of the first identification information, and storing the change table;
First writing means for writing the identification information constituting a predetermined program into the memory;
When the identification information constituting the predetermined program is written to the memory, the first identification information of the execution code is changed to the first corresponding to the first identification information based on the change table. Changing means for changing to the identification information of 2;
A correspondence relationship between the second identification information changed by the changing unit and address information indicating an address in the memory in which the execution code corresponding to the second identification information is stored is set for each execution code. A second writing means for writing a reference table to the memory, which is referred to when the execution code stored in the memory is executed,
With
The memory stores the plurality of execution codes in which at least any one of the plurality of execution codes is duplicated.
The second writing means, for the at least duplicated execution code, the second identification corresponding to the first identification information of any one execution code selected from these execution codes information and, information storage medium you and writes a reference table showing the correspondence between the address information indicating an address in the memory where the execution code is written into the memory. An information writing method executed by a computer in an information storage medium comprising a memory for storing a plurality of execution codes, and an execution means for interpreting identification information of the execution codes and executing the execution codes,
The first identification information of the execution code and the second identification information that is second identification information different from the first identification information and in which the first identification information is changed Obtaining or generating a change table indicating the correspondence relationship for each of the first identification information;
A first writing step of writing the identification information constituting a predetermined program into the memory;
When the identification information constituting the predetermined program is written to the memory, the first identification information of the execution code is changed to the first corresponding to the first identification information based on the change table. Changing to the identification information of 2;
A correspondence relationship between the second identification information changed by the changing step and address information indicating an address in the memory in which the execution code corresponding to the second identification information is stored is set for each execution code. A second writing step of writing to the memory a reference table that is referred to when the execution code stored in the memory is executed;
Only including,
In the changing step, the first identification information of at least any one of the plurality of execution codes is changed to the second one of at least two different second identification information. An information writing method comprising: changing to the identification information . An information writing method executed by a computer in an information storage medium comprising a memory for storing a plurality of execution codes, and an execution means for interpreting identification information of the execution codes and executing the execution codes,
The first identification information of the execution code and the second identification information that is second identification information different from the first identification information and in which the first identification information is changed Obtaining or generating a change table indicating the correspondence relationship for each of the first identification information;
A first writing step of writing the identification information constituting a predetermined program into the memory;
When the identification information constituting the predetermined program is written to the memory, the first identification information of the execution code is changed to the first corresponding to the first identification information based on the change table. Changing to the identification information of 2;
A correspondence relationship between the second identification information changed by the changing step and address information indicating an address in the memory in which the execution code corresponding to the second identification information is stored is set for each execution code. A second writing step of writing to the memory a reference table that is referred to when the execution code stored in the memory is executed;
Including
The memory stores the plurality of execution codes in which at least any one of the plurality of execution codes is duplicated.
In the second writing step, for the at least duplicated execution code, the second execution code corresponding to the first identification information of any one execution code selected from these execution codes An information writing method, wherein a reference table indicating a correspondence relationship between identification information and address information indicating an address in the memory in which the execution code is written is written in the memory. A computer in an information storage medium comprising a memory for storing a plurality of execution codes and an execution means for interpreting identification information of the execution codes and executing the execution codes;
The first identification information of the execution code and the second identification information that is second identification information different from the first identification information and in which the first identification information is changed Storage means for acquiring or generating a change table indicating the correspondence relationship for each of the first identification information, and storing the change table;
First writing means for writing the identification information constituting a predetermined program into the memory;
When the identification information constituting the predetermined program is written to the memory, the first identification information of the execution code is changed to the first corresponding to the first identification information based on the change table. Changing means for changing to the identification information of 2;
A correspondence relationship between the second identification information changed by the changing unit and address information indicating an address in the memory in which the execution code corresponding to the second identification information is stored is set for each execution code. A write processing program for functioning as a second writing means for writing a reference table to the memory, which is referred to when the execution code stored in the memory is executed ,
The changing unit may change the first identification information of at least one of the plurality of execution codes, and the second identification information of at least two different second identification information. A write processing program that changes to the identification information . A computer in an information storage medium comprising a memory for storing a plurality of execution codes and an execution means for interpreting identification information of the execution codes and executing the execution codes;
The first identification information of the execution code and the second identification information that is second identification information different from the first identification information and in which the first identification information is changed Storage means for acquiring or generating a change table indicating the correspondence relationship for each of the first identification information, and storing the change table;
First writing means for writing the identification information constituting a predetermined program into the memory;
When the identification information constituting the predetermined program is written to the memory, the first identification information of the execution code is changed to the first corresponding to the first identification information based on the change table. Changing means for changing to the identification information of 2;
A correspondence relationship between the second identification information changed by the changing unit and address information indicating an address in the memory in which the execution code corresponding to the second identification information is stored is set for each execution code. A write processing program for functioning as a second writing means for writing a reference table to the memory, which is referred to when the execution code stored in the memory is executed,
The memory stores the plurality of execution codes in which at least any one of the plurality of execution codes is duplicated.
The second writing means, for the at least duplicated execution code, the second identification corresponding to the first identification information of any one execution code selected from these execution codes A write processing program, wherein a reference table indicating a correspondence relationship between information and address information indicating an address in the memory in which the execution code is written is written in the memory.

Images