JP6348273B2 - Information processing system - Google Patents

Description

  The present invention relates to an information processing system including a communication device and a storage device.

  In an information processing system including a communication device and a semiconductor storage device connected to the communication device, in order to prevent content data stored in the semiconductor storage device from being read illegally by an attacker, the communication device and the semiconductor storage device A technology for performing data communication between them by encrypted communication has been put into practical use.

  As an encryption communication method, a temporary key (session key) that is periodically updated, as represented by the WPA (Wi-Fi Protected Access) standard used in wireless LAN, is used as an encryption key for an encryption algorithm. There is a method.

  Generally, the session key is generated by a pseudo random number generator. In the information processing system according to the background art, a pseudo-random number generator is installed in each of the communication device and the semiconductor storage device, so that a common session key is generated in both devices, and encryption is performed between both devices using the session key. Communicate.

  Further, in Patent Document 1 below, an encryption key list in which a plurality of encryption keys are recorded is distributed in advance to all devices that perform encrypted communication, and all devices are configured to share a common encryption from the encryption key list. An encryption key update system is disclosed that updates a cryptographic key synchronously in all devices by selecting a key and periodically re-selecting the encryption key.

JP 2002-290396 A

  According to the information processing system according to the background art described above, it is necessary to mount a pseudo-random number generator in each of the communication device and the semiconductor memory device. Therefore, there is a problem that the mounting cost of the entire system becomes high.

  Further, according to the encryption key update system disclosed in Patent Document 1, the encryption keys that can be used by each device are limited to the encryption keys that are written in the encryption key list in advance. Therefore, there is a problem that attack resistance is low due to the limited number of encryption keys that can be used.

  The present invention has been made to solve such a problem, and in an information processing system including a communication device and a storage device, encryption using a session key while realizing reduction in mounting cost and improvement in attack resistance. The object is to obtain an information processing system capable of communication.

An information processing system according to a first aspect of the present invention includes a communication device having a microprocessor and a first security circuit, and a storage device having a data storage unit and a second security circuit. The first security circuit includes a session key generation unit, a first key stream generation unit, and a first encryption / decryption unit that performs encryption and decryption using a first encryption algorithm, and the second security circuit Includes a second key stream generation unit and a second encryption / decryption unit that performs encryption and decryption using a first encryption algorithm, and the session key generation unit is omitted from the second security circuit. are, the data in the storage unit, and the predetermined initial session key, encryption initial session key with a different second encryption algorithm is encrypted with the first encryption algorithm In an initialization process before starting data communication, the microprocessor uses the second encryption algorithm to decrypt the encrypted initial session key received from the storage device, thereby initial session is stored. A key is acquired, and the initial session key is set in the first key stream generation unit to generate a first stream key, and the storage device stores the initial session key read from the data storage unit in a first In the key establishment process after the initialization process is completed, the first key stream generation part is set by the microprocessor in the second key stream generation part for generating one stream key. A first stream key is generated based on the initial session key, and the session key generation unit A first session key to be used next to the session key, and the first encryption / decryption unit sends a key establishment command and the first session key generated by the session key generation unit to the first session key. Using the first stream key generated by the key stream generation unit based on the initial session key, an encryption key establishment command is generated by encrypting with the first encryption algorithm, and the second key stream generation unit The first stream key is generated based on the initial session key read from the data storage unit, and the second encryption / decryption unit receives the encryption key establishment command received from the communication device as the second stream key. Using the first stream key generated by the key stream generation unit of the first session key based on the initial session key, the key establishment command And the communication device uses the first session key generated by the session key generation unit to generate the second stream key next to the first stream key. The key stream generation unit sets the first session key acquired by the second encryption / decryption unit to generate the second stream key next to the first stream key. It is characterized by being set in the key stream generation unit.

  According to the information processing system according to the first aspect, the first security circuit included in the communication device includes the session key generation unit, the first key stream generation unit, and the first encryption / decryption unit. On the other hand, the second security circuit included in the storage device includes a second key stream generation unit and a second encryption / decryption unit. That is, the second security circuit does not include a session key generation unit. Thus, by omitting the mounting of the session key generation unit in the second security circuit included in the storage device, it is possible to reduce the mounting cost of the storage device.

  Further, in the initialization process before starting the data communication, the microprocessor acquires the initial session key by decrypting the encrypted initial session key received from the storage device with the second encryption algorithm, and the initial session key is obtained. Set in the first key stream generation unit. Further, the storage device sets the initial session key read from the data storage unit in the second key stream generation unit. Thereby, in the initialization process, a common initial session key can be set in the first key stream generation unit and the second key stream generation unit.

  Further, as an encryption algorithm for obtaining an encrypted initial session key from an initial session key, a second encryption different from the first encryption algorithm used by the first encryption / decryption unit and the second encryption / decryption unit An algorithm is used. As a result, since the initial session key cannot be decrypted from the encrypted initial session key depending on the first encryption algorithm, the attack resistance can be improved.

In the information processing system according to the first aspect, in the key establishment process after the initialization process is completed, the first encryption / decryption unit is generated by the key establishment command and the session key generation unit. An encryption key establishment command is generated by encrypting the first session key using the first stream key. Further, the second encryption / decryption unit obtains the key establishment command and the first session key by decrypting the encryption key establishment command received from the communication device using the first stream key. Thereby, the storage device can acquire the same first session key as the first session key generated by the session key generation unit of the communication device. As a result, it is possible to omit the session key generation unit from being installed in the second security circuit of the storage device.

The information processing system according to the second aspect of the present invention is the information processing system according to the first aspect, in the data communication after the key establishment process has been completed, the first key stream generator, the A second stream key is generated based on the first session key generated by the session key generation unit, the session key generation unit generates a second session key to be used next to the first session key, and the first key The encryption / decryption unit includes an access command for accessing the data storage unit and a second session key generated by the session key generation unit, and the first key stream generation unit uses the first session key as a first session key. An encryption access command is generated by encrypting with the first encryption algorithm using the second stream key generated based on the second key, and the second key The stream generation unit generates a second stream key based on the first session key acquired by the second encryption / decryption unit, and the second encryption / decryption unit receives from the communication device By decrypting the encrypted access command with the first encryption algorithm using the second stream key generated by the second key stream generation unit based on the first session key, the access command, the second session key, It is characterized by acquiring.

According to the information processing system according to the second aspect, in the data communication after the key establishment process is completed, the first encryption / decryption unit includes the access command and the second session key generated by the session key generation unit. Are encrypted using the second stream key to generate an encrypted access command. Further, the second encryption / decryption unit acquires the access command and the second session key by decrypting the encrypted access command received from the communication device using the second stream key. Thereby, the storage device can appropriately acquire the access command generated by the communication device, and can acquire the same second session key as the second session key generated by the session key generation unit of the communication device. As a result, it is possible to omit the session key generation unit from being installed in the second security circuit of the storage device. In addition, since the second session key is added to the access command and transmitted from the communication device to the storage device, communication efficiency can be improved as compared with the case where the second session key and the access command are individually transmitted. Is possible.

An information processing system according to a third aspect of the present invention is the information processing system according to the second aspect, in particular, after the content data is further stored in the data storage unit and the key establishment process is completed. In the data communication, the second key stream generation unit generates a third stream key based on the second session key acquired by the second encryption / decryption unit, and generates the second encryption / decryption unit. The decryption unit encrypts the content data read from the data storage unit with the first encryption algorithm using the third stream key generated by the second key stream generation unit based on the second session key. To generate encrypted content data based on the second session key generated by the session key generation unit. A third stream key is generated, and the first encryption / decryption unit generates encrypted content data received from the storage device based on the second session key. Content data is obtained by decrypting with a first encryption algorithm using a three-stream key.

According to the information processing system according to the third aspect, in the data communication after the key establishment process is completed, the second encryption / decryption unit uses the third stream key as the content data read from the data storage unit. Encrypted content data is generated by using and encrypting. The first encryption / decryption unit acquires the content data by decrypting the encrypted content data received from the storage device by using the third stream key. Thus, since the third stream key used for encrypting and decrypting content data is different from the second stream key used for encrypting and decrypting access commands, it is possible to improve attack resistance. Become.

An information processing system according to a fourth aspect of the present invention includes a communication device having a microprocessor and a first security circuit, and a storage device having a data storage unit and a second security circuit. The first security circuit includes a first key stream generation unit and a first encryption / decryption unit that performs encryption and decryption using a first encryption algorithm, and the second security circuit includes a session key generation unit And a second key stream generation unit, and a second encryption / decryption unit that performs encryption and decryption using the first encryption algorithm, and the session key generation unit is omitted from the first security circuit. are, the data in the storage unit, and the predetermined initial session key, encryption initial session key with a different second encryption algorithm is encrypted with the first encryption algorithm In an initialization process before starting data communication, the microprocessor uses the second encryption algorithm to decrypt the encrypted initial session key received from the storage device, thereby initial session is stored. A key is acquired, and the initial session key is set in the first key stream generation unit to generate a first stream key, and the storage device stores the initial session key read from the data storage unit in a first In the key establishment process after the initialization process is completed, the first key stream generation part is set by the microprocessor in the second key stream generation part for generating one stream key. A first stream key is generated based on the initial session key, and the first encryption / decryption unit The encryption key establishment command is generated by encrypting the standing command with the first encryption algorithm using the first stream key generated by the first key stream generation unit based on the initial session key, The second key stream generation unit generates a first stream key based on the initial session key read from the data storage unit, and the second encryption / decryption unit receives the encryption received from the communication device The key establishment command is obtained by decrypting the key establishment command with the first encryption algorithm using the first stream key generated by the second key stream generation unit based on the initial session key, and the session key The generation unit generates a first session key to be used next to the initial session key, and the second encryption / decryption unit The first session key generated by the key generation unit is encrypted by encrypting with the first encryption algorithm using the first stream key generated by the second key stream generation unit based on the initial session key. A first session key is generated, and the first encryption / decryption unit generates an encrypted first session key received from the storage device based on an initial session key. Using the first stream key, the first session key is obtained by decrypting with the first encryption algorithm, and the storage device uses the first session key generated by the session key generation unit as the first stream key. Set in the second key stream generation unit for generation of the next second stream key, and the communication device is acquired by the first encryption / decryption unit 1 session key, is characterized in that set in the first key stream generation unit for generating the next second stream key of the first stream key.

According to the information processing system in the fourth aspect, the second security circuit included in the storage device includes the session key generation unit, the second key stream generation unit, and the second encryption / decryption unit. On the other hand, the first security circuit included in the communication device includes a first key stream generation unit and a first encryption / decryption unit. That is, the first security circuit does not include a session key generation unit. Thus, by omitting the mounting of the session key generation unit in the first security circuit included in the communication device, it is possible to reduce the mounting cost of the communication device.

  Further, in the initialization process before starting the data communication, the microprocessor acquires the initial session key by decrypting the encrypted initial session key received from the storage device with the second encryption algorithm, and the initial session key is obtained. Set in the first key stream generation unit. Further, the storage device sets the initial session key read from the data storage unit in the second key stream generation unit. Thereby, in the initialization process, a common initial session key can be set in the first key stream generation unit and the second key stream generation unit.

  Further, by making the session key generation algorithm different for each storage device, it is necessary for the attacker to perform cryptographic analysis for each storage device, so that the attack resistance can be improved.

  Further, as an encryption algorithm for obtaining an encrypted initial session key from the initial session key, a second encryption different from the first encryption algorithm used by the first encryption / decryption unit and the second encryption / decryption unit An algorithm is used. As a result, since the initial session key cannot be decrypted from the encrypted initial session key depending on the first encryption algorithm, the attack resistance can be improved.

In the information processing system according to the fourth aspect, in the key establishment process after the initialization process is completed, the second encryption / decryption unit uses the first session key generated by the session key generation unit. The encrypted first session key is generated by encrypting using the first stream key. The first encryption / decryption unit acquires the first session key by decrypting the encrypted first session key received from the communication device using the first stream key. Thereby, the communication apparatus can acquire the same 1st session key as the 1st session key which the session key generation part of the storage device generated. As a result, it is possible to omit the implementation of the session key generation unit in the first security circuit included in the communication device.

The information processing system according to a fifth aspect of the present invention is the information processing system according to the fourth aspect, in the data communication after the key establishment process has been completed, the first key stream generator, the A second stream key is generated based on the first session key acquired by the first encryption / decryption unit, and the first encryption / decryption unit receives an access command for accessing the data storage unit. , Using the second stream key generated by the first key stream generation unit based on the first session key to generate an encrypted access command by encrypting with a first encryption algorithm, The key stream generation unit generates a second stream key based on the first session key generated by the session key generation unit, and the second encryption / decryption unit By decrypting the encrypted access command received from the communication device with the first encryption algorithm using the second stream key generated by the second key stream generation unit based on the first session key, the access command It is characterized by acquiring.

According to the information processing system according to the fifth aspect, in the data communication after the key establishment process is completed, the first encryption / decryption unit encrypts the access command using the second stream key. To generate an encrypted access command. The second encryption / decryption unit obtains an access command by decrypting the encrypted access command received from the communication device using the second stream key. Thereby, the storage device can appropriately acquire the access command generated by the communication device.

An information processing system according to a sixth aspect of the present invention is the information processing system according to the fifth aspect, in particular, after the content establishment data is further stored in the data storage unit and the key establishment process is completed. In the data communication, the session key generation unit generates a second session key to be used next to the first session key, and the second encryption / decryption unit includes the content data read from the data storage unit and The second session key generated by the session key generation unit is encrypted with the first encryption algorithm using the second stream key generated by the second key stream generation unit based on the first session key. Thus, the encrypted content data is generated, and the first encryption / decryption unit receives the encrypted content data received from the storage device. Using the second stream key generated by the first key stream generation unit based on the first session key, the content data and the second session key are obtained by decrypting with the first encryption algorithm, and the storage device Sets the second session key generated by the session key generation unit in the second key stream generation unit, and the communication device uses the second session key acquired by the first encryption / decryption unit as the second session key. It is set in the first key stream generation unit.

According to the information processing system according to the sixth aspect, in the data communication after the key establishment process is completed, the second encryption / decryption unit includes the content data read from the data storage unit and the session key generation unit. Encrypted content data is generated by encrypting the generated second session key using the second stream key. In addition, the first encryption / decryption unit obtains the content data and the second session key by decrypting the encrypted content data received from the storage device using the second stream key. Thereby, the communication device can acquire the same second session key as the second session key generated by the session key generation unit of the storage device. As a result, it is possible to omit the implementation of the session key generation unit in the first security circuit included in the communication device. In addition, since the second session key is added to the content data and transmitted from the storage device to the communication device, communication efficiency is improved as compared with the case where the second session key and the content data are individually transmitted. Is possible.

The information processing system according to the seventh aspect of the present invention is characterized in that, in the information processing system according to any one of the fourth to sixth aspects, the session key generation algorithm is different for each storage device. It is.

According to the information processing system according to the seventh aspect, the session key generation algorithm differs for each storage device. As a result, the attacker needs to perform cryptographic analysis for each storage device, so that the attack resistance can be improved.

An information processing system according to an eighth aspect of the present invention includes a communication device having a microprocessor and a first security circuit, and a storage device having a data storage unit and a second security circuit, The first security circuit includes a first key stream generation unit and a first encryption / decryption unit that performs encryption and decryption using a first encryption algorithm, and the second security circuit includes a second key A stream generation unit, and a second encryption / decryption unit that performs encryption and decryption using a first encryption algorithm. A session key generation unit is implemented in the first security circuit and the second security circuit. are omitted, wherein the data storage unit, the encrypted initial session key is a different second encryption algorithm is a predetermined initial session key and the first encryption algorithm In the initialization process before starting data communication, the microprocessor decrypts the encrypted initial session key received from the storage device with the second encryption algorithm. To obtain an initial session key, set the initial session key in the first key stream generation unit to generate a first stream key, and the storage device reads the initial session key read from the data storage unit Is set in the second key stream generation unit for generating the first stream key, and in the key establishment process after the initialization process is completed, the first key stream generation unit Generating a first stream key based on the initial session key set by the microprocessor, Generating a first session key to be used next to the initial session key, and the first encryption / decryption unit generates a key establishment command and a first session key generated by the microprocessor using the first session key. Using the first stream key generated by the key stream generation unit based on the initial session key, an encryption key establishment command is generated by encrypting with the first encryption algorithm, and the second key stream generation unit The first stream key is generated based on the initial session key read from the data storage unit, and the second encryption / decryption unit receives the encryption key establishment command received from the communication device as the second stream key. The key stream generation unit of the first key uses the first stream key generated based on the initial session key, and decrypts it with the first encryption algorithm. The communication device obtains the first command key and the first session key, and the communication device uses the first session key generated by the microprocessor to generate the second stream key next to the first stream key. The stream generation unit sets the first session key acquired by the second encryption / decryption unit to generate the second stream key next to the first stream key. It is set in the key stream generation unit.

According to the information processing system concerning the 8th mode, neither the 2nd security circuit nor the 1st security circuit contains a session key generation part. Thus, by omitting the implementation of the session key generation unit in the second security circuit included in the storage device and the implementation of the session key generation unit in the first security circuit included in the communication device, the storage device and It is possible to reduce the mounting cost of the communication device.

  Further, in the initialization process before starting the data communication, the microprocessor acquires the initial session key by decrypting the encrypted initial session key received from the storage device with the second encryption algorithm, and the initial session key is obtained. Set in the first key stream generation unit. Further, the storage device sets the initial session key read from the data storage unit in the second key stream generation unit. Thereby, in the initialization process, a common initial session key can be set in the first key stream generation unit and the second key stream generation unit.

  Further, as an encryption algorithm for obtaining an encrypted initial session key from an initial session key, a second encryption different from the first encryption algorithm used by the first encryption / decryption unit and the second encryption / decryption unit An algorithm is used. As a result, since the initial session key cannot be decrypted from the encrypted initial session key depending on the first encryption algorithm, the attack resistance can be improved.

In the information processing system according to the eighth aspect, in the key establishment process after the initialization process is completed, the first encryption / decryption unit includes the key establishment command and the first generated by the microprocessor. An encryption key establishment command is generated by encrypting the session key using the first stream key. As described above, when the microprocessor generates the first session key, it is possible to omit mounting the session key generation unit in the first security circuit of the communication device. Further, the second encryption / decryption unit obtains the key establishment command and the first session key by decrypting the encryption key establishment command received from the communication device using the first stream key. As a result, the storage device can acquire the same first session key as the first session key generated by the microprocessor of the communication device. As a result, it is possible to omit the session key generation unit from being installed in the second security circuit of the storage device.

The information processing system according to a ninth aspect of the present invention is the information processing system according to the eighth aspect, in the data communication after the key establishment process has been completed, the first key stream generator, the A second stream key is generated based on the first session key generated by the microprocessor, and the microprocessor generates a second session key to be used next to the first session key, and the first encryption key The decryption unit is configured to generate an access command for accessing the data storage unit and a second session key generated by the microprocessor based on a first session key generated by the first key stream generation unit. An encryption access command is generated by encrypting with the first encryption algorithm using the stream key, and the second key The stream generation unit generates a second stream key based on the first session key acquired by the second encryption / decryption unit, and the second encryption / decryption unit receives from the communication device By decrypting the encrypted access command with the first encryption algorithm using the second stream key generated by the second key stream generation unit based on the first session key, the access command, the second session key, It is characterized by acquiring.

According to the information processing system of the ninth aspect, in the data communication after the key establishment process is completed, the first encryption / decryption unit receives the access command and the second session key generated by the microprocessor. The encrypted access command is generated by encrypting using the second stream key. As described above, when the microprocessor generates the second session key, it is possible to omit the mounting of the session key generation unit in the first security circuit included in the communication device. Further, the second encryption / decryption unit acquires the access command and the second session key by decrypting the encrypted access command received from the communication device using the second stream key. Accordingly, the storage device can appropriately acquire the access command generated by the communication device and can acquire the second session key that is the same as the second session key generated by the microprocessor of the communication device. As a result, it is possible to omit the session key generation unit from being installed in the second security circuit of the storage device. In addition, since the second session key is added to the access command and transmitted from the communication device to the storage device, communication efficiency can be improved as compared with the case where the second session key and the access command are individually transmitted. Is possible.

The information processing system according to the tenth aspect of the present invention is the information processing system according to the ninth aspect, in particular, after the content data is further stored in the data storage unit and the key establishment process is completed. In the data communication, the second key stream generation unit generates a third stream key based on the second session key acquired by the second encryption / decryption unit, and generates the second encryption / decryption unit. The decryption unit encrypts the content data read from the data storage unit with the first encryption algorithm using the third stream key generated by the second key stream generation unit based on the second session key. To generate encrypted content data, wherein the first key stream generation unit is based on the second session key generated by the microprocessor. The third stream key is generated, and the first encryption / decryption unit generates the encrypted content data received from the storage device based on the second session key by the first key stream generation unit. Content data is obtained by decrypting with the first encryption algorithm using the third stream key.

According to the information processing system according to the tenth aspect, in the data communication after the key establishment process is completed, the second encryption / decryption unit uses the content data read from the data storage unit as the third stream key. Encrypted content data is generated by using and encrypting. The first encryption / decryption unit acquires the content data by decrypting the encrypted content data received from the storage device by using the third stream key. Thus, since the third stream key used for encrypting and decrypting content data is different from the second stream key used for encrypting and decrypting access commands, it is possible to improve attack resistance. Become.

An information processing system according to an eleventh aspect of the present invention is the information processing system according to any one of the eighth to tenth aspects, and in particular, the microprocessor can change a session key generation algorithm according to an external instruction. It is characterized by this.

According to the information processing system in the eleventh aspect, the microprocessor can change the session key generation algorithm in accordance with the external instruction. It is possible to improve attack resistance by changing the session key generation algorithm periodically or at an arbitrary timing.

An information processing system according to a twelfth aspect of the present invention is the information processing system according to any one of the first to eleventh aspects, wherein the microprocessor can change the second cryptographic algorithm according to an external instruction. It is characterized by.

According to the information processing system in the twelfth aspect, the microprocessor can change the second encryption algorithm in accordance with the external instruction. Attack resistance can be improved by changing the second algorithm periodically or at an arbitrary timing.

An information processing system according to a thirteenth aspect of the present invention is the information processing system according to any one of the first to eleventh aspects, particularly the initial session key and the encrypted initial session key stored in the data storage unit. Is different for each storage device.

According to the information processing system according to the thirteenth aspect, the initial session key and the encrypted initial session key stored in the data storage unit are different for each storage device. As a result, the attacker needs to perform cryptographic analysis for each storage device, so that the attack resistance can be improved.

  ADVANTAGE OF THE INVENTION According to this invention, the information processing system which can perform the encryption communication using a session key, implement | achieving reduction of mounting cost and improvement of attack tolerance can be obtained.

It is a figure showing the whole information processing system composition concerning the present invention. It is a figure which shows the memory area of a memory array. It is a figure which simplifies and shows the structure of a communication apparatus. It is a figure which shows the structure of the security circuit which concerns on Embodiment 1 of this invention. It is a figure which shows the structure of the security circuit which concerns on Embodiment 1 of this invention. It is a figure which shows the communication data between the security circuits in an initialization process. It is a figure which shows the communication data between the security circuits in a key establishment process. It is a figure which shows the communication data between the security circuits in a data communication process. It is a figure which shows the structure of the security circuit which concerns on Embodiment 2 of this invention. It is a figure which shows the structure of the security circuit which concerns on Embodiment 2 of this invention. It is a figure which shows the communication data between the security circuits in a key establishment process. It is a figure which shows the communication data between the security circuits in a data communication process. It is a figure which shows the structure of the security circuit which concerns on Embodiment 3 of this invention. It is a figure which shows the structure of the security circuit which concerns on Embodiment 3 of this invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In addition, the element which attached | subjected the same code | symbol in different drawing shall show the same or corresponding element.

  FIG. 1 is a diagram showing an overall configuration of an information processing system 1 according to the present invention. The information processing system 1 includes a communication device 2 and a semiconductor storage device 3. The communication device 2 is a personal computer, for example. The semiconductor memory device 3 is, for example, a memory card that can be detachably connected to the communication device 2. Alternatively, an arbitrary storage device such as an optical disk or a magnetic disk can be used in place of the semiconductor storage device 3.

  The communication device 2 includes a microprocessor 11 that performs software processing and a security circuit 12 that performs hardware processing. The semiconductor memory device 3 includes a security circuit 21, a sequencer 22, and a memory array 23. The security circuits 12 and 21 perform cryptographic communication with each other. The memory array 23 is configured using, for example, a NAND flash memory. However, the present invention is not limited to this example, and the memory array 23 may be configured using a NOR flash memory or the like.

  FIG. 2 is a diagram showing a storage area of the memory array 23. A predetermined initial session key K0 is stored in the area R1. The area R2 stores an encrypted initial session key K0 'obtained by encrypting the initial session key using an encryption algorithm such as AES or RSA. In the region R3, arbitrary content data D such as an image, sound, text, code, and management information is stored. The area R1 is an access prohibited area where access by a user is prohibited. The region R3 is an access permission region where access by the user is permitted. The region R2 may be an access prohibited region or an access permitted region.

  FIG. 3 is a diagram showing a simplified configuration of the communication device 2. The microprocessor 11 includes a CPU 31, an arithmetic unit 32, and a storage unit 33 such as a RAM or a ROM that are connected to each other via a bus 30. A predetermined program for operating the CPU 31 is stored in the access prohibited area of the storage unit 33.

<Embodiment 1>
FIG. 4 is a diagram showing a configuration of the security circuit 12 (12A) according to the first embodiment of the present invention. As shown in the connection relationship of FIG. 4, the security circuit 12A includes an encryption / decryption circuit 41, a key stream generation circuit 42, a selector 43, and a session key generation circuit 44. For the session key generation circuit 44, for example, a pseudo random number generator is used.

  FIG. 5 is a diagram showing a configuration of the security circuit 21 (21A) according to the first embodiment of the present invention. As shown in the connection relationship of FIG. 5, the security circuit 21 </ b> A includes an encryption / decryption circuit 51 and a key stream generation circuit 52. In the present embodiment, a session key generation circuit is not mounted on the security circuit 21A.

  The encryption / decryption circuits 41 and 51 encrypt and decrypt communication data using a stream encryption encryption algorithm different from the above encryption algorithm for obtaining the encrypted initial session key K0 ′ from the initial session key K0. . In this specification, the encryption algorithm used by the encryption / decryption circuits 41 and 51 is referred to as “first encryption algorithm”, and the encryption algorithm for obtaining the encrypted initial session key K0 ′ from the initial session key K0 is referred to as “second encryption algorithm”. This is called “cryptographic algorithm”.

  Hereinafter, the operation of the information processing system 1 according to the present embodiment will be described.

(Initialization process)
When the information processing system 1 is powered on, first, initialization processing of the key stream generation circuits 42 and 52 is executed. In the initialization process, the operation mode of the encryption / decryption circuits 41 and 51 is set to a security off mode in which communication data is not encrypted or decrypted.

  FIG. 6 is a diagram showing communication data between the security circuits 12A and 21A in the initialization process.

  First, the microprocessor 11 issues a predetermined initialization command X. The initialization command X is input from the microprocessor 11 to the security circuit 12A. The security circuit 12A transmits an initialization command X to the semiconductor memory device 3.

  Next, the semiconductor memory device 3 receives the initialization command X from the communication device 2. The initialization command X is input to the sequencer 22 via the security circuit 21A.

  Next, the sequencer 22 reads the initial session key K0 and the encrypted initial session key K0 'from the areas R1 and R2 of the memory array 23, respectively. Then, the read encrypted initial session key K0 'is input to the security circuit 21A.

  Next, the security circuit 21 </ b> A transmits the encrypted initial session key K <b> 0 ′ to the communication device 2.

  Next, the communication device 2 receives the encrypted initial session key K 0 ′ from the semiconductor storage device 3. The encrypted initial session key K0 'is input to the microprocessor 11 via the security circuit 12A.

  Next, the microprocessor 11 acquires the initial session key K0 by decrypting the encrypted initial session key K0 'with the second encryption algorithm.

  Next, the microprocessor 11 switches the input of the selector 43 to the path on the microprocessor 11 side.

  Next, the microprocessor 11 sets (initializes) the initial session key K0 in the key stream generation circuit 42 by inputting the initial session key K0 obtained by the decryption to the key stream generation circuit 42 via the selector 43. . The key stream generation circuit 42 inputs the stream key S0 generated based on the initial session key K0 to the encryption / decryption circuit 41.

  When the initialization of the key stream generation circuit 42 is completed, the microprocessor 11 sets the operation mode of the encryption / decryption circuit 41 to the security on mode for executing encryption and decryption of communication data. Further, the microprocessor 11 switches the input of the selector 43 to the path on the session key generation circuit 44 side.

  The sequencer 22 inputs (initializes) the initial session key K0 read from the memory array 23 to the keystream generation circuit 52 by inputting the initial session key K0 to the keystream generation circuit 52. As a result, the key stream generation circuits 42 and 52 are initialized with the same initial session key K0. The key stream generation circuit 52 inputs the stream key S0 generated based on the initial session key K0 to the encryption / decryption circuit 51. When the initialization of the key stream generation circuit 52 is completed, the sequencer 22 sets the operation mode of the encryption / decryption circuit 51 to the security on mode.

(Key establishment process)
When the initialization process is completed, a key establishment process for updating the initial session key K0 to the next session key K1 generated by the session key generation circuit 44 is executed.

  FIG. 7 is a diagram showing communication data between the security circuits 12A and 21A in the key establishment process.

  First, the microprocessor 11 issues a predetermined key establishment command Y. The key establishment command Y is input from the microprocessor 11 to the encryption / decryption circuit 41.

  Next, the session key generation circuit 44 generates a session key K1. The session key K1 is input from the session key generation circuit 44 to the encryption / decryption circuit 41.

  Next, the encryption / decryption circuit 41 appends the session key K1 to the end of the key establishment command Y and encrypts them with the first encryption algorithm using the stream key S0, whereby the encryption key establishment command Y ′. Is generated. The security circuit 12A transmits an encryption key establishment command Y ′ to the semiconductor memory device 3.

  Next, the semiconductor memory device 3 receives the encryption key establishment command Y ′ from the communication device 2. The encryption key establishment command Y ′ is input to the encryption / decryption circuit 51.

  Next, the encryption / decryption circuit 51 obtains the key establishment command Y and the session key K1 by decrypting the encryption key establishment command Y ′ with the first encryption algorithm using the stream key S0. Then, the acquired key establishment command Y and session key K 1 are input to the sequencer 22.

  Next, the security circuit 12A sets the session key K1 in the key stream generation circuit 42 by inputting the session key K1 generated by the session key generation circuit 44 to the key stream generation circuit 42 via the selector 43. Thereby, the session key of the key stream generation circuit 42 is updated from the initial session key K0 to the next session key K1. The key stream generation circuit 42 inputs the stream key S1 generated based on the session key K1 to the encryption / decryption circuit 41.

  Next, the sequencer 22 inputs the session key K1 input from the encryption / decryption circuit 51 to the security circuit 21A.

  Next, the security circuit 21 </ b> A sets the session key K <b> 1 in the key stream generation circuit 52 by inputting the session key K <b> 1 input from the sequencer 22 to the key stream generation circuit 52. Thereby, the session key of the key stream generation circuit 52 is updated from the initial session key K0 to the next session key K1. The key stream generation circuit 52 inputs the stream key S1 generated based on the session key K1 to the encryption / decryption circuit 51.

(Data communication processing)
When the key establishment process is completed, a data communication process involving access to the content data D stored in the area R3 of the memory array 23 is executed.

  FIG. 8 is a diagram showing communication data between the security circuits 12A and 21A in the data communication process.

  First, the microprocessor 11 issues a predetermined read command Z. The read command Z is input from the microprocessor 11 to the encryption / decryption circuit 41.

  Next, the session key generation circuit 44 generates a session key K2 next to the session key K1. The session key K2 is input from the session key generation circuit 44 to the encryption / decryption circuit 41.

  Next, the encryption / decryption circuit 41 adds the session key K2 to the end of the read command Z and encrypts them with the first encryption algorithm using the stream key S1, thereby generating an encrypted read command Z ′. To do. The security circuit 12A transmits the encrypted read command Z ′ to the semiconductor memory device 3.

  Next, the semiconductor memory device 3 receives the encrypted read command Z ′ from the communication device 2. The encrypted read command Z ′ is input to the encryption / decryption circuit 51.

  Next, the encryption / decryption circuit 51 obtains the read command Z and the session key K2 by decrypting the encrypted read command Z ′ using the first encryption algorithm using the stream key S1. Then, the acquired read command Z and session key K 2 are input to the sequencer 22.

  Next, the security circuit 12A sets the session key K2 in the key stream generation circuit 42 by inputting the session key K2 generated by the session key generation circuit 44 to the key stream generation circuit 42 via the selector 43. As a result, the session key of the key stream generation circuit 42 is updated from the session key K1 to the next session key K2. The key stream generation circuit 42 inputs the stream key S2 generated based on the session key K2 to the encryption / decryption circuit 41.

  Next, the sequencer 22 inputs the session key K2 input from the encryption / decryption circuit 51 to the security circuit 21A.

  Next, the security circuit 21 </ b> A sets the session key K <b> 2 in the key stream generation circuit 52 by inputting the session key K <b> 2 input from the sequencer 22 to the key stream generation circuit 52. Thereby, the session key of the key stream generation circuit 52 is updated from the session key K1 to the next session key K2. The key stream generation circuit 52 inputs the stream key S2 generated based on the session key K2 to the encryption / decryption circuit 51.

  Next, the sequencer 22 reads the desired content data D from the memory array 23 based on the read command Z input from the encryption / decryption circuit 51. Then, the read content data D is input to the encryption / decryption circuit 51.

  Next, the encryption / decryption circuit 51 generates encrypted content data D ′ by encrypting the content data D using the first encryption algorithm using the stream key S2. The security circuit 21A transmits the encrypted content data D ′ to the communication device 2.

  Next, the communication device 2 receives the encrypted content data D ′ from the semiconductor storage device 3. The encrypted content data D ′ is input to the encryption / decryption circuit 41.

  Next, the encryption / decryption circuit 41 acquires the content data D by decrypting the encrypted content data D ′ using the stream key S <b> 2 with the first encryption algorithm. Then, the acquired content data D is input to the microprocessor 11.

  Thereafter, the same data communication process as described above is repeated while updating the session key every time an access command is issued from the microprocessor 11.

  As described above, according to the information processing system 1 according to the present embodiment, the security circuit 12A (first security circuit) included in the communication device 2 includes the session key generation circuit 44 (session key generation unit), the key stream generation circuit. 42 (first key stream generation unit) and the encryption / decryption circuit 41 (first encryption / decryption unit), whereas the semiconductor memory device 3 has a security circuit 21A (second security circuit). Includes a key stream generation circuit 52 (second key stream generation unit) and an encryption / decryption circuit 51 (second encryption / decryption unit). That is, the security circuit 21A does not include a session key generation circuit. Thus, by omitting the mounting of the session key generation circuit in the security circuit 21A included in the semiconductor memory device 3, the mounting cost of the semiconductor memory device 3 can be reduced.

  In the initialization process before starting data communication, the microprocessor 11 acquires the initial session key K0 by decrypting the encrypted initial session key K0 ′ received from the semiconductor memory device 3 with the second encryption algorithm. The initial session key K 0 is set in the key stream generation circuit 42. In addition, the semiconductor storage device 3 sets the initial session key K0 read from the memory array 23 (data storage unit) in the key stream generation circuit 52. Thereby, the common initial session key K0 can be set in the key stream generation circuit 42 and the key stream generation circuit 52 in the initialization process.

  The encryption algorithm for obtaining the encrypted initial session key K0 ′ from the initial session key K0 is a second encryption algorithm different from the first encryption algorithm used by the encryption / decryption circuit 41 and the encryption / decryption circuit 51. Is used. As a result, since the initial session key K0 cannot be decrypted from the encrypted initial session key K0 'depending on the first encryption algorithm, it is possible to improve attack resistance.

  Further, according to the information processing system 1 according to the present embodiment, the encryption / decryption circuit 41 generates the key establishment command Y and the session key generation circuit 44 in the key establishment process after the initialization process is completed. The encrypted session key K1 (first session key) is encrypted using the stream key S0 (first stream key), thereby generating an encryption key establishment command Y ′. Also, the encryption / decryption circuit 51 acquires the key establishment command Y and the first session key K1 by decrypting the encryption key establishment command Y ′ received from the communication device 2 using the stream key S0. . Thereby, the semiconductor memory device 3 can acquire the same session key K1 as the session key K1 (first session key) generated by the session key generation circuit 44 of the communication device 2. As a result, the session key generation circuit can be omitted from the security circuit 21A included in the semiconductor memory device 3.

  Further, according to the information processing system 1 according to the present embodiment, in the data communication after the key establishment process is completed, the encryption / decryption circuit 41 includes the read command Z (access command) and the session key generation circuit 44. The encrypted read command Z ′ (encrypted access command) is generated by encrypting the generated session key K2 (second session key) using the stream key S1 (second stream key). Also, the encryption / decryption circuit 51 acquires the access command Z and the session key K2 by decrypting the encrypted read command Z ′ received from the communication device 2 using the stream key S1. Thereby, the semiconductor memory device 3 can appropriately acquire the access command Z generated by the communication device 2 and acquire the same session key K2 as the session key K2 generated by the session key generation circuit 44 of the communication device 2. Can do. As a result, the session key generation circuit can be omitted from the security circuit 21A included in the semiconductor memory device 3. In addition, since the session key K2 is added to the read command Z and transmitted from the communication device 2 to the semiconductor memory device 3, communication efficiency can be improved compared to the case where the session key K2 and the read command are transmitted separately. It becomes possible to plan.

  Further, according to the information processing system 1 according to the present embodiment, in the data communication after the key establishment process is completed, the encryption / decryption circuit 51 converts the content data D read from the memory array 23 into the stream key S2. The encrypted content data D ′ is generated by encrypting using the (third stream key). Further, the encryption / decryption circuit 41 acquires the content data D by decrypting the encrypted content data D ′ received from the semiconductor storage device 3 by using the stream key S2. Thus, since the stream key S2 used for encryption and decryption of the content data D is different from the stream key S1 used for encryption and decryption of the read command Z, attack resistance can be improved. Become.

<Embodiment 2>
FIG. 9 is a diagram showing a configuration of the security circuit 12 (12B) according to the second embodiment of the present invention. As shown in the connection relationship of FIG. 9, the security circuit 12B includes an encryption / decryption circuit 41, a key stream generation circuit 42, a selector 43, and a register 45. In the present embodiment, a session key generation circuit is not mounted on the security circuit 12B.

  FIG. 10 is a diagram showing a configuration of the security circuit 21 (21B) according to the second embodiment of the present invention. As shown in the connection relationship of FIG. 10, the security circuit 21B includes an encryption / decryption circuit 51, a key stream generation circuit 52, and a session key generation circuit 53. For the session key generation circuit 53, for example, a pseudo random number generator is used.

  Hereinafter, the operation of the information processing system 1 according to the present embodiment will be described.

(Initialization process)
When the information processing system 1 is powered on, first, initialization processing of the key stream generation circuits 42 and 52 is executed. Since the procedure of the initialization process is the same as that of the first embodiment, description thereof is omitted here.

(Key establishment process)
When the initialization process is completed, a key establishment process for updating the initial session key K0 to the next session key K1 generated by the session key generation circuit 53 is executed.

  FIG. 11 is a diagram showing communication data between the security circuits 12B and 21B in the key establishment process.

  First, the microprocessor 11 issues a predetermined key establishment command Y. The key establishment command Y is input from the microprocessor 11 to the encryption / decryption circuit 41.

  Next, the encryption / decryption circuit 41 generates the encryption key establishment command Y ′ by encrypting the key establishment command Y with the first encryption algorithm using the stream key S0. The security circuit 12B transmits an encryption key establishment command Y ′ to the semiconductor memory device 3.

  Next, the semiconductor memory device 3 receives the encryption key establishment command Y ′ from the communication device 2. The encryption key establishment command Y ′ is input to the encryption / decryption circuit 51.

  Next, the encryption / decryption circuit 51 acquires the key establishment command Y by decrypting the encryption key establishment command Y ′ with the first encryption algorithm using the stream key S0. Then, the acquired key establishment command Y is input to the sequencer 22.

  Next, the session key generation circuit 53 generates a session key K1 next to the initial session key K0. The session key K1 is input from the session key generation circuit 53 to the sequencer 22.

  Next, the sequencer 22 inputs the session key K <b> 1 input from the session key generation circuit 53 to the encryption / decryption circuit 51.

  Next, the encryption / decryption circuit 51 generates an encrypted session key K1 'by encrypting the session key K1 with the first encryption algorithm using the stream key S0. The security circuit 21B transmits the encrypted session key K1 'to the communication device 2.

  Next, the communication device 2 receives the encrypted session key K <b> 1 ′ from the semiconductor storage device 3. The encrypted session key K <b> 1 ′ is input to the encryption / decryption circuit 41.

  Next, the encryption / decryption circuit 41 obtains the session key K1 by decrypting the encrypted session key K1 'with the first encryption algorithm using the stream key S0.

  Next, the security circuit 12B stores the session key K1 obtained by the decryption in the register 45, and inputs the session key K1 from the register 45 to the key stream generation circuit 42 via the selector 43, so that the key stream generation circuit 42 receives the session key K1. Set to. Thereby, the session key of the key stream generation circuit 42 is updated from the initial session key K0 to the next session key K1. The key stream generation circuit 42 inputs the stream key S1 generated based on the session key K1 to the encryption / decryption circuit 41.

  Next, the sequencer 22 inputs the session key K1 input from the session key generation circuit 53 to the security circuit 21B.

  Next, the security circuit 21 </ b> B sets the session key K <b> 1 in the key stream generation circuit 52 by inputting the session key K <b> 1 input from the sequencer 22 to the key stream generation circuit 52. Thereby, the session key of the key stream generation circuit 52 is updated from the initial session key K0 to the next session key K1. The key stream generation circuit 52 inputs the stream key S1 generated based on the session key K1 to the encryption / decryption circuit 51.

(Data communication processing)
When the key establishment process is completed, a data communication process involving access to the content data D stored in the area R3 of the memory array 23 is executed.

  FIG. 12 is a diagram showing communication data between the security circuits 12B and 21B in the data communication process.

  First, the microprocessor 11 issues a predetermined read command Z. The read command Z is input from the microprocessor 11 to the encryption / decryption circuit 41.

  Next, the encryption / decryption circuit 41 generates the encrypted read command Z ′ by encrypting the read command Z with the first encryption algorithm using the stream key S1. The security circuit 12B transmits the encrypted read command Z ′ to the semiconductor memory device 3.

  Next, the semiconductor memory device 3 receives the encrypted read command Z ′ from the communication device 2. The encrypted read command Z ′ is input to the encryption / decryption circuit 51.

  Next, the encryption / decryption circuit 51 acquires the read command Z by decrypting the encrypted read command Z ′ using the stream key S <b> 1 using the first encryption algorithm. Then, the acquired read command Z is input to the sequencer 22.

  Next, the sequencer 22 reads the desired content data D from the memory array 23 based on the read command Z input from the encryption / decryption circuit 51. Then, the read content data D is input to the encryption / decryption circuit 51.

  Next, the session key generation circuit 53 generates a session key K2 next to the session key K1. The session key K2 is input from the session key generation circuit 53 to the sequencer 22.

  Next, the sequencer 22 inputs the session key K 2 input from the session key generation circuit 53 to the encryption / decryption circuit 51.

  Next, the encryption / decryption circuit 51 generates the encrypted content data D ′ by adding the session key K2 to the end of the content data D and encrypting them with the first encryption algorithm using the stream key S1. To do. The security circuit 21B transmits the encrypted content data D ′ to the communication device 2.

  Next, the communication device 2 receives the encrypted content data D ′ from the semiconductor storage device 3. The encrypted content data D ′ is input to the encryption / decryption circuit 41.

  Next, the encryption / decryption circuit 41 acquires the content data D and the session key K2 by decrypting the encrypted content data D 'using the stream key S1 with the first encryption algorithm. Then, the acquired content data D is input to the microprocessor 11, and the acquired session key K 2 is stored in the register 45.

  Next, the security circuit 12B sets the session key K2 in the key stream generation circuit 42 by inputting the session key K2 obtained by the decryption from the register 45 to the key stream generation circuit 42 via the selector 43. As a result, the session key of the key stream generation circuit 42 is updated from the session key K1 to the next session key K2. The key stream generation circuit 42 inputs the stream key S2 generated based on the session key K2 to the encryption / decryption circuit 41.

  Next, the security circuit 21B sets the session key K2 in the key stream generation circuit 52 by inputting the session key K2 generated by the session key generation circuit 53 to the key stream generation circuit 52. Thereby, the session key of the key stream generation circuit 52 is updated from the session key K1 to the next session key K2. The key stream generation circuit 52 inputs the stream key S2 generated based on the session key K2 to the encryption / decryption circuit 51.

  Thereafter, the same data communication process as described above is repeated while updating the session key every time an access command is issued from the microprocessor 11.

  As described above, according to the information processing system 1 according to the present embodiment, the security circuit 21B (second security circuit) included in the semiconductor storage device 3 includes the session key generation circuit 53 (session key generation unit) and the key stream generation. A security circuit 12B (first security circuit) included in the communication apparatus 2 is included in the circuit 52 (second key stream generation unit) and an encryption / decryption circuit 51 (second encryption / decryption unit). Includes a key stream generation circuit 42 (first key stream generation unit) and an encryption / decryption circuit 41 (first encryption / decryption unit). That is, the security circuit 12B does not include a session key generation circuit. As described above, by omitting the mounting of the session key generation circuit in the security circuit 12B included in the communication device 2, the mounting cost of the communication device 2 can be reduced.

  In the initialization process before starting data communication, the microprocessor 11 acquires the initial session key K0 by decrypting the encrypted initial session key K0 ′ received from the semiconductor memory device 3 with the second encryption algorithm. The initial session key K 0 is set in the key stream generation circuit 42. In addition, the semiconductor storage device 3 sets the initial session key K0 read from the memory array 23 (data storage unit) in the key stream generation circuit 52. Thereby, the common initial session key K0 can be set in the key stream generation circuit 42 and the key stream generation circuit 52 in the initialization process.

  Also, by making the session key generation algorithm different for each semiconductor memory device 3, it is necessary for the attacker to perform cryptographic analysis for each semiconductor memory device 3, so that it is possible to improve attack resistance.

  Further, as an encryption algorithm for obtaining the encrypted initial session key K0 ′ from the initial session key K0, a second encryption algorithm different from the first encryption algorithm used by the encryption / decryption circuit 41 and the encryption / decryption circuit 51 is used. Is used. As a result, since the initial session key K0 cannot be decrypted from the encrypted initial session key K0 'depending on the first encryption algorithm, it is possible to improve attack resistance.

  Further, according to the information processing system 1 according to the present embodiment, in the key establishment process after the initialization process is completed, the encryption / decryption circuit 51 uses the session key K1 (the first key generated by the session key generation circuit 53). The encrypted session key K1 ′ (encrypted first session key) is generated by encrypting the one session key) using the stream key S0 (first stream key). Further, the encryption / decryption circuit 41 acquires the session key K1 by decrypting the encrypted session key K1 'received from the communication device 2 using the stream key S0. Thereby, the communication device 2 can acquire the first session key K1 that is the same as the session key K1 generated by the session key generation circuit 53 of the semiconductor memory device 3. As a result, the session key generation circuit can be omitted from the security circuit 12B included in the communication device 2.

  Further, according to the information processing system 1 according to the present embodiment, in the data communication after the key establishment process is completed, the encryption / decryption circuit 41 sends the read command Z (access command) to the stream key S2 (the first key). The encrypted read command Z ′ (encrypted access command) is generated by encrypting using the (2 stream key). Further, the encryption / decryption circuit 51 acquires the read command Z by decrypting the encrypted read command Z ′ received from the communication device 2 using the stream key S2. Thereby, the semiconductor memory device 3 can appropriately acquire the read command Z generated by the communication device 2.

  Further, according to the information processing system 1 according to the present embodiment, in the data communication after the key establishment process is completed, the encryption / decryption circuit 51 generates the content data D read from the memory array 23 and the session key generation. The encrypted content data D ′ is generated by encrypting the session key K2 (second session key) generated by the circuit 53 using the stream key S2. Also, the encryption / decryption circuit 41 acquires the content data D and the session key K2 by decrypting the encrypted content data D ′ received from the semiconductor storage device 3 using the stream key S2. As a result, the communication device 2 can acquire the same session key K2 as the session key K2 generated by the session key generation circuit 53 of the semiconductor storage device 3. As a result, the session key generation circuit can be omitted from the security circuit 12B included in the communication device 2. In addition, since the session key K2 is added to the content data D and transmitted from the semiconductor storage device 3 to the communication device 2, the communication efficiency is improved as compared with the case where the session key K2 and the content data D are individually transmitted. Can be achieved.

<Embodiment 3>
FIG. 13 is a diagram showing a configuration of the security circuit 12 (12C) according to the third embodiment of the present invention. As shown in the connection relationship of FIG. 13, the security circuit 12 </ b> C includes an encryption / decryption circuit 41 and a key stream generation circuit 42. In the present embodiment, a session key generation circuit is not mounted on the security circuit 12C.

  FIG. 14 is a diagram showing a configuration of the security circuit 21 (21C) according to the third embodiment of the present invention. As shown in the connection relationship of FIG. 14, the security circuit 21 </ b> C includes an encryption / decryption circuit 51 and a key stream generation circuit 52. In the present embodiment, a session key generation circuit is not mounted on the security circuit 21C.

  Hereinafter, the operation of the information processing system 1 according to the present embodiment will be described.

(Initialization process)
When the information processing system 1 is powered on, first, initialization processing of the key stream generation circuits 42 and 52 is executed. Since the procedure of the initialization process is the same as that of the first embodiment, description thereof is omitted here.

(Key establishment process)
When the initialization process is completed, a key establishment process for updating the initial session key K0 to the next session key K1 is executed.

  First, the microprocessor 11 issues a predetermined key establishment command Y. The key establishment command Y is input from the microprocessor 11 to the encryption / decryption circuit 41.

  Next, the microprocessor 11 generates a session key K1 by a predetermined key generation algorithm. The session key K1 is input from the microprocessor 11 to the encryption / decryption circuit 41.

  Next, the encryption / decryption circuit 41 appends the session key K1 to the end of the key establishment command Y and encrypts them with the first encryption algorithm using the stream key S0, whereby the encryption key establishment command Y ′. (See FIG. 7). The security circuit 12C transmits the encryption key establishment command Y ′ to the semiconductor memory device 3.

  Next, the semiconductor memory device 3 receives the encryption key establishment command Y ′ from the communication device 2. The encryption key establishment command Y ′ is input to the encryption / decryption circuit 51.

  Next, the encryption / decryption circuit 51 obtains the key establishment command Y and the session key K1 by decrypting the encryption key establishment command Y ′ with the first encryption algorithm using the stream key S0. Then, the acquired key establishment command Y and session key K 1 are input to the sequencer 22.

  Next, the security circuit 12 </ b> C sets the session key K <b> 1 in the key stream generation circuit 42 by inputting the session key K <b> 1 generated by the microprocessor 11 to the key stream generation circuit 42. Thereby, the session key of the key stream generation circuit 42 is updated from the initial session key K0 to the next session key K1. The key stream generation circuit 42 inputs the stream key S1 generated based on the session key K1 to the encryption / decryption circuit 41.

  Next, the sequencer 22 inputs the session key K1 input from the encryption / decryption circuit 51 to the security circuit 21C.

  Next, the security circuit 21 </ b> C sets the session key K <b> 1 in the key stream generation circuit 52 by inputting the session key K <b> 1 input from the sequencer 22 to the key stream generation circuit 52. Thereby, the session key of the key stream generation circuit 52 is updated from the initial session key K0 to the next session key K1. The key stream generation circuit 52 inputs the stream key S1 generated based on the session key K1 to the encryption / decryption circuit 51.

(Data communication processing)
When the key establishment process is completed, a data communication process involving access to the content data D stored in the area R3 of the memory array 23 is executed.

  First, the microprocessor 11 issues a predetermined read command Z. The read command Z is input from the microprocessor 11 to the encryption / decryption circuit 41.

  Next, the microprocessor 11 generates a session key K2 next to the session key K1. The session key K2 is input from the microprocessor 11 to the encryption / decryption circuit 41.

  Next, the encryption / decryption circuit 41 appends the session key K2 to the end of the read command Z and encrypts them with the first encryption algorithm using the stream key S1, thereby encrypting the read command Z ′ (FIG. 8). The security circuit 12C transmits the encrypted read command Z ′ to the semiconductor memory device 3.

  Next, the semiconductor memory device 3 receives the encrypted read command Z ′ from the communication device 2. The encrypted read command Z ′ is input to the encryption / decryption circuit 51.

  Next, the encryption / decryption circuit 51 obtains the read command Z and the session key K2 by decrypting the encrypted read command Z ′ using the first encryption algorithm using the stream key S1. Then, the acquired read command Z and session key K 2 are input to the sequencer 22.

  Next, the security circuit 12 </ b> C sets the session key K <b> 2 in the key stream generation circuit 42 by inputting the session key K <b> 2 generated by the microprocessor 11 to the key stream generation circuit 42. As a result, the session key of the key stream generation circuit 42 is updated from the session key K1 to the next session key K2. The key stream generation circuit 42 inputs the stream key S2 generated based on the session key K2 to the encryption / decryption circuit 41.

  Next, the sequencer 22 inputs the session key K2 input from the encryption / decryption circuit 51 to the security circuit 21C.

  Next, the security circuit 21 </ b> C sets the session key K <b> 2 in the key stream generation circuit 52 by inputting the session key K <b> 2 input from the sequencer 22 to the key stream generation circuit 52. Thereby, the session key of the key stream generation circuit 52 is updated from the session key K1 to the next session key K2. The key stream generation circuit 52 inputs the stream key S2 generated based on the session key K2 to the encryption / decryption circuit 51.

  Next, the sequencer 22 reads the desired content data D from the memory array 23 based on the read command Z input from the encryption / decryption circuit 51. Then, the read content data D is input to the encryption / decryption circuit 51.

  Next, the encryption / decryption circuit 51 generates encrypted content data D ′ by encrypting the content data D using the first encryption algorithm using the stream key S2. The security circuit 21A transmits the encrypted content data D ′ to the communication device 2.

  Next, the communication device 2 receives the encrypted content data D ′ from the semiconductor storage device 3. The encrypted content data D ′ is input to the encryption / decryption circuit 41.

  Next, the encryption / decryption circuit 41 acquires the content data D by decrypting the encrypted content data D ′ using the stream key S <b> 2 with the first encryption algorithm. Then, the acquired content data D is input to the microprocessor 11.

  Thereafter, the same data communication process as described above is repeated while updating the session key every time an access command is issued from the microprocessor 11.

  As described above, according to the information processing system 1 according to the present embodiment, neither the security circuit 21C (second security circuit) nor the security circuit 12C (first security circuit) includes the session key generation circuit. Thus, by omitting the mounting of the session key generation circuit in the security circuit 21C included in the semiconductor storage device 3 and the mounting of the session key generation circuit in the security circuit 12C included in the communication device 2, the semiconductor storage device 3 And the mounting cost of the communication apparatus 2 can be reduced.

  In the initialization process before starting data communication, the microprocessor 11 acquires the initial session key K0 by decrypting the encrypted initial session key K0 ′ received from the semiconductor memory device 3 with the second encryption algorithm. The initial session key K0 is set in the key stream generation circuit 42 (first key stream generation unit). Further, the semiconductor memory device 3 sets the initial session key K0 read from the memory array 23 (data storage unit) in the key stream generation circuit 52 (second key stream generation unit). Thereby, the common initial session key K0 can be set in the key stream generation circuit 42 and the key stream generation circuit 52 in the initialization process.

  As an encryption algorithm for obtaining the encrypted initial session key K0 ′ from the initial session key K0, an encryption / decryption circuit 41 (first encryption / decryption unit) and an encryption / decryption circuit 51 (second A second encryption algorithm different from the first encryption algorithm used by the encryption / decryption unit) is used. As a result, since the initial session key K0 cannot be decrypted from the encrypted initial session key K0 'depending on the first encryption algorithm, it is possible to improve attack resistance.

  Further, according to the information processing system 1 according to the present embodiment, in the key establishment process after the initialization process is completed, the encryption / decryption circuit 41 uses the key establishment command Y and the session generated by the microprocessor 11. The encryption key establishment command Y ′ is generated by encrypting the key K1 (first session key) using the stream key S0 (first stream key). As described above, the microprocessor 11 generates the session key K1, so that the session key generation circuit can be omitted from the security circuit 12C included in the communication device 2. Further, the encryption / decryption circuit 51 acquires the key establishment command Y and the session key K1 by decrypting the encryption key establishment command Y ′ received from the communication device 2 using the stream key S0. Thereby, the semiconductor memory device 3 can acquire the same session key K1 as the session key K1 generated by the microprocessor 11 of the communication device 2. As a result, the session key generation circuit can be omitted from the security circuit 21C included in the semiconductor memory device 3.

  Further, according to the information processing system 1 according to the present embodiment, in the data communication after the key establishment process is completed, the encryption / decryption circuit 41 generates the read command Z (access command) and the microprocessor 11 generates The encrypted read command Z ′ (encrypted access command) is generated by encrypting the session key K2 (second session key) using the stream key S1 (second stream key). As described above, the microprocessor 11 generates the session key K2, so that the session key generation circuit can be omitted from the security circuit 12C included in the communication device 2. Also, the encryption / decryption circuit 51 acquires the access command Z and the session key K2 by decrypting the encrypted read command Z ′ received from the communication device 2 using the stream key S1. Thereby, the semiconductor memory device 3 can appropriately acquire the access command Z generated by the communication device 2 and can acquire the same session key K2 as the session key K2 generated by the microprocessor 11 of the communication device 2. . As a result, the session key generation circuit can be omitted from the security circuit 21C included in the semiconductor memory device 3. In addition, since the session key K2 is added to the read command Z and transmitted from the communication device 2 to the semiconductor memory device 3, communication efficiency can be improved compared to the case where the session key K2 and the read command are transmitted separately. It becomes possible to plan.

  Further, according to the information processing system 1 according to the present embodiment, in the data communication after the key establishment process is completed, the encryption / decryption circuit 51 converts the content data D read from the memory array 23 into the stream key S2. The encrypted content data D ′ is generated by encrypting using the (third stream key). Further, the encryption / decryption circuit 41 acquires the content data D by decrypting the encrypted content data D ′ received from the semiconductor storage device 3 by using the stream key S2. Thus, since the stream key S2 used for encryption and decryption of the content data D is different from the stream key S1 used for encryption and decryption of the read command Z, attack resistance can be improved. Become.

<Modification 1>
In the second embodiment, the session key generation circuit 53 is mounted on the semiconductor memory device 3, and the session key generation circuit 53 generates a session key using a predetermined key generation algorithm. As a modification of the second embodiment, when there are a plurality of semiconductor storage devices 3 that can be used by the communication device 2, the key generation algorithm of the session key generation circuit 53 may be different for each semiconductor storage device 3. Good.

  According to the information processing system 1 according to the present modification, the session key generation algorithm differs for each semiconductor storage device 3. As a result, the attacker needs to perform cryptographic analysis for each semiconductor storage device 3, so that the attack resistance can be improved.

<Modification 2>
In the third embodiment, the implementation of the session key generation circuit is omitted in both the communication device 2 and the semiconductor memory device 3, and the session key is generated by software processing of the microprocessor 11. As a modification of the third embodiment, the communication device 2 is connected to an external server via a communication network such as the Internet, and the update program is transmitted from the external server to the communication device 2 so that the microprocessor 11 follows the external command. The session key generation algorithm may be updated.

  According to the information processing system 1 according to this modification, the microprocessor 11 can change the session key generation algorithm in accordance with an external command. It is possible to improve attack resistance by changing the session key generation algorithm periodically or at an arbitrary timing.

<Modification 3>
In the first to third embodiments, the encrypted initial session key K0 ′ is obtained by encrypting the initial session key K0 by the second encryption algorithm. As a modification of the first to third embodiments, the microprocessor 11 is externally connected by connecting the communication device 2 to an external server via a communication network such as the Internet and transmitting an update program from the external server to the communication device 2. According to the instruction, the second encryption algorithm for obtaining the encrypted initial session key K0 ′ from the initial session key K0 may be updated.

  According to the information processing system 1 according to this modification, the microprocessor 11 can change the second encryption algorithm in accordance with an external command. Attack resistance can be improved by changing the second algorithm periodically or at an arbitrary timing.

<Modification 4>
In the first to third embodiments, the memory array 23 stores the initial session key K0 and the encrypted initial session key K0 ′. As a modification of the first to third embodiments, when there are a plurality of semiconductor memory devices 3 that can be used by the communication device 2, the initial session key K0 and the encrypted initial session key K0 ′ stored in the memory array 23 are stored. Alternatively, it may be different for each semiconductor memory device 3.

  According to the information processing system 1 according to this modification, the initial session key K 0 and the encrypted initial session key K 0 ′ stored in the memory array 23 are different for each semiconductor storage device 3. As a result, the attacker needs to perform cryptographic analysis for each semiconductor storage device 3, so that the attack resistance can be improved.

DESCRIPTION OF SYMBOLS 1 Information processing system 2 Communication apparatus 3 Semiconductor memory device 11 Microprocessor 12,12A-12C, 21,21A-21C Security circuit 23 Memory array 41,51 Encryption / decryption circuit 42,52 Key stream generation circuit 44,53 Session key Generator circuit

Claims (13)

A communication device having a microprocessor and a first security circuit;
A storage device having a data storage unit and a second security circuit;
With
The first security circuit includes a session key generation unit, a first key stream generation unit, and a first encryption / decryption unit that performs encryption and decryption using a first encryption algorithm,
The second security circuit includes a second key stream generation unit, and a second encryption / decryption unit that performs encryption and decryption using a first encryption algorithm,
In the second security circuit, the implementation of the session key generation unit is omitted,
The data storage unit stores a predetermined initial session key and an encrypted initial session key obtained by encrypting the initial session key with a second encryption algorithm different from the first encryption algorithm,
In the initialization process before starting data communication,
The microprocessor obtains an initial session key by decrypting the encrypted initial session key received from the storage device with a second encryption algorithm, and the initial session key is used to generate the first stream key. Set to 1 keystream generator,
The storage device sets the initial session key read from the data storage unit to the second key stream generation unit for generating a first stream key,
In the key establishment process after the initialization process is completed,
The first key stream generation unit generates a first stream key based on an initial session key set by the microprocessor;
The session key generation unit generates a first session key to be used next to the initial session key,
The first encryption / decryption unit generates a key establishment command and a first session key generated by the session key generation unit, and a first key stream generation unit generates a first session key based on an initial session key. An encryption key establishment command is generated by encrypting with the first encryption algorithm using the stream key,
The second key stream generation unit generates a first stream key based on the initial session key read from the data storage unit,
The second encryption / decryption unit uses the first stream key generated by the second key stream generation unit based on the initial session key for the encryption key establishment command received from the communication device. A key establishment command and a first session key are obtained by decrypting with one encryption algorithm;
The communication apparatus sets the first session key generated by the session key generation unit in the first key stream generation unit for generation of a second stream key next to the first stream key,
The storage device sets the first session key acquired by the second encryption / decryption unit in the second key stream generation unit for generation of a second stream key next to the first stream key. Information processing system.
  In data communication after the key establishment process is completed,
  The first key stream generation unit generates a second stream key based on the first session key generated by the session key generation unit,
  The session key generation unit generates a second session key to be used next to the first session key;
  The first encryption / decryption unit includes an access command for accessing the data storage unit and a second session key generated by the session key generation unit, and the first key stream generation unit includes a first An encrypted access command is generated by encrypting with the first encryption algorithm using the second stream key generated based on the session key,
  The second key stream generation unit generates a second stream key based on the first session key acquired by the second encryption / decryption unit,
  The second encryption / decryption unit uses the second stream key generated by the second key stream generation unit based on the first session key for the encrypted access command received from the communication device. The information processing system according to claim 1, wherein the access command and the second session key are obtained by decrypting with one encryption algorithm.   The data storage unit further stores content data,
  In data communication after the key establishment process is completed,
  The second key stream generation unit generates a third stream key based on the second session key acquired by the second encryption / decryption unit,
  The second encryption / decryption unit uses the third stream key generated by the second key stream generation unit based on the second session key to read the content data read from the data storage unit. Generate encrypted content data by encrypting with an encryption algorithm,
  The first key stream generation unit generates a third stream key based on the second session key generated by the session key generation unit,
  The first encryption / decryption unit uses the third stream key generated by the first key stream generation unit based on the second session key to generate the encrypted content data received from the storage device. The information processing system according to claim 2, wherein content data is acquired by decrypting with one encryption algorithm. A communication device having a microprocessor and a first security circuit;
A storage device having a data storage unit and a second security circuit;
With
The first security circuit includes a first key stream generation unit, and a first encryption / decryption unit that performs encryption and decryption using a first encryption algorithm,
The second security circuit includes a session key generation unit, a second key stream generation unit, and a second encryption / decryption unit that performs encryption and decryption using a first encryption algorithm,
In the first security circuit, the implementation of the session key generation unit is omitted,
The data storage unit stores a predetermined initial session key and an encrypted initial session key obtained by encrypting the initial session key with a second encryption algorithm different from the first encryption algorithm,
In the initialization process before starting data communication,
The microprocessor obtains an initial session key by decrypting the encrypted initial session key received from the storage device with a second encryption algorithm, and the initial session key is used to generate the first stream key. Set to 1 keystream generator,
The storage device sets the initial session key read from the data storage unit to the second key stream generation unit for generating a first stream key,
In the key establishment process after the initialization process is completed,
The first key stream generation unit generates a first stream key based on an initial session key set by the microprocessor;
The first encryption / decryption unit encrypts a key establishment command with a first encryption algorithm using the first stream key generated based on the initial session key by the first key stream generation unit. Generates an encryption key establishment command,
The second key stream generation unit generates a first stream key based on the initial session key read from the data storage unit,
The second encryption / decryption unit uses the first stream key generated by the second key stream generation unit based on the initial session key for the encryption key establishment command received from the communication device. Obtain a key establishment command by decrypting with one encryption algorithm,
The session key generation unit generates a first session key to be used next to the initial session key,
The second encryption / decryption unit uses the first session key generated by the session key generation unit, and the first stream key generated by the second key stream generation unit based on the initial session key, Generating an encrypted first session key by encrypting with a first encryption algorithm;
The first encryption / decryption unit uses the encrypted first session key received from the storage device and the first stream key generated by the first key stream generation unit based on the initial session key, By obtaining the first session key by decrypting with the first encryption algorithm,
The storage device sets the first session key generated by the session key generation unit to the second key stream generation unit for generation of a second stream key next to the first stream key,
The communication apparatus sets the first session key acquired by the first encryption / decryption unit in the first key stream generation unit for generation of a second stream key next to the first stream key. Information processing system.
  In data communication after the key establishment process is completed,
  The first key stream generation unit generates a second stream key based on the first session key acquired by the first encryption / decryption unit,
  The first encryption / decryption unit uses the second stream key generated by the first key stream generation unit based on the first session key for an access command for accessing the data storage unit, By encrypting with the first cryptographic algorithm, an encrypted access command is generated,
  The second key stream generation unit generates a second stream key based on the first session key generated by the session key generation unit,
  The second encryption / decryption unit uses the second stream key generated by the second key stream generation unit based on the first session key for the encrypted access command received from the communication device. The information processing system according to claim 4, wherein the access command is acquired by decrypting with one encryption algorithm.   The data storage unit further stores content data,
  In data communication after the key establishment process is completed,
  The session key generation unit generates a second session key to be used next to the first session key;
  The second encryption / decryption unit includes the content data read from the data storage unit and the second session key generated by the session key generation unit, and the second key stream generation unit includes the first session key. The encrypted content data is generated by encrypting with the first encryption algorithm using the second stream key generated based on
  The first encryption / decryption unit uses the second stream key generated by the first key stream generation unit based on the first session key to generate the encrypted content data received from the storage device. The content data and the second session key are obtained by decrypting with one encryption algorithm,
  The storage device sets the second session key generated by the session key generation unit in the second key stream generation unit,
  The information processing system according to claim 5, wherein the communication device sets the second session key acquired by the first encryption / decryption unit in the first key stream generation unit.   The information processing system according to claim 4, wherein a session key generation algorithm is different for each storage device. A communication device having a microprocessor and a first security circuit;
A storage device having a data storage unit and a second security circuit;
With
The first security circuit includes a first key stream generation unit, and a first encryption / decryption unit that performs encryption and decryption using a first encryption algorithm,
The second security circuit includes a second key stream generation unit, and a second encryption / decryption unit that performs encryption and decryption using a first encryption algorithm,
In the first security circuit and the second security circuit, the implementation of a session key generation unit is omitted,
The data storage unit stores a predetermined initial session key and an encrypted initial session key obtained by encrypting the initial session key with a second encryption algorithm different from the first encryption algorithm,
In the initialization process before starting data communication,
The microprocessor obtains an initial session key by decrypting the encrypted initial session key received from the storage device with a second encryption algorithm, and the initial session key is used to generate the first stream key. Set to 1 keystream generator,
The storage device sets the initial session key read from the data storage unit to the second key stream generation unit for generating a first stream key,
In the key establishment process after the initialization process is completed,
The first key stream generation unit generates a first stream key based on an initial session key set by the microprocessor;
The microprocessor generates a first session key to be used next to the initial session key;
The first encryption / decryption unit generates a key establishment command and a first session key generated by the microprocessor, and a first stream key generated by the first key stream generation unit based on an initial session key. Using the first encryption algorithm to generate an encryption key establishment command,
The second key stream generation unit generates a first stream key based on the initial session key read from the data storage unit,
The second encryption / decryption unit uses the first stream key generated by the second key stream generation unit based on the initial session key for the encryption key establishment command received from the communication device. A key establishment command and a first session key are obtained by decrypting with one encryption algorithm;
The communication apparatus sets the first session key generated by the microprocessor in the first key stream generation unit for generation of a second stream key next to the first stream key,
The storage device sets the first session key acquired by the second encryption / decryption unit in the second key stream generation unit for generation of a second stream key next to the first stream key. Information processing system.
  In data communication after the key establishment process is completed,
  The first key stream generation unit generates a second stream key based on the first session key generated by the microprocessor,
  The microprocessor generates a second session key to be used next to the first session key;
  The first encryption / decryption unit includes an access command for accessing the data storage unit and a second session key generated by the microprocessor, and the first key stream generation unit includes a first session key. An encrypted access command is generated by encrypting with the first encryption algorithm using the second stream key generated based on
  The second key stream generation unit generates a second stream key based on the first session key acquired by the second encryption / decryption unit,
  The second encryption / decryption unit uses the second stream key generated by the second key stream generation unit based on the first session key for the encrypted access command received from the communication device. The information processing system according to claim 8, wherein the access command and the second session key are obtained by decrypting with one encryption algorithm.   The data storage unit further stores content data,
  In data communication after the key establishment process is completed,
  The second key stream generation unit generates a third stream key based on the second session key acquired by the second encryption / decryption unit,
  The second encryption / decryption unit uses the third stream key generated by the second key stream generation unit based on the second session key to read the content data read from the data storage unit. Generate encrypted content data by encrypting with an encryption algorithm,
  The first key stream generation unit generates a third stream key based on the second session key generated by the microprocessor,
  The first encryption / decryption unit uses the third stream key generated by the first key stream generation unit based on the second session key to generate the encrypted content data received from the storage device. The information processing system according to claim 9, wherein content data is acquired by decrypting with one encryption algorithm.   The information processing system according to claim 8, wherein the microprocessor is capable of changing a session key generation algorithm according to an external instruction.   The information processing system according to claim 1, wherein the microprocessor is capable of changing the second encryption algorithm according to an external instruction.   The information processing system according to claim 1, wherein the initial session key and the encrypted initial session key stored in the data storage unit are different for each storage device.

Images