JPWO2005027403A1 - Information processing equipment - Google Patents

Abstract

The internal data is made to have the expression form of the positive expression data and the negative expression data that are bit-inverted to each other, and the arithmetic devices that operate in these expression forms are operated in parallel. Then, the output of the result is selected at random so that one of the expression formats of the positive expression data and the negative expression data is stored in the IC card. As internal data, key data indicating the expression format and data are stored as a pair. Also, it is verified whether the output results of the arithmetic units of the respective expression formats have the bit-inverted relationship. By doing so, in the IC card, it is possible to reduce the relation between the data processing in the IC card chip and the current consumption, and improve the security. Further, when an attack is made to intentionally cause the chip to malfunction and acquire internal secret information as compared with the normal operation, it is possible to detect the malfunction and prevent data theft.

Description

  The present invention relates to an information processing device, and more particularly to a tamper resistant information processing device having high security, and particularly to an information processing device suitable for use in an IC card or the like.

In recent years, IC cards have been used instead of conventional magnetic cards for handling personal information in all fields. In the magnetic card, the information is stored by applying magnetism to the strip, but in the IC card, the IC can be embedded in the card and the calculation and the information can be stored therein. Therefore, the IC card can hold personal information that cannot be arbitrarily rewritten, encrypt data using an encryption key that is secret information, and decrypt ciphertext. The IC card itself does not have a power source, and when the contact type IC card is inserted into a reader/writer for an IC card, it is supplied with power and can operate. Further, the non-contact type IC card can be operated by receiving a radio wave emitted from the reader/writer and generating electric power by utilizing the principle of electromagnetic induction. When the IC card becomes operable, it receives a command transmitted from the reader/writer and performs processing such as data transfer according to the command.
The outline of the configuration of the IC card will be described below with reference to FIGS. 6 and 7.
Note that the contact type and non-contact type IC cards have essentially the same IC chips, so that only the contact type IC card will be described below.
FIG. 6 is a plan view showing the appearance of the IC card and the terminals of the IC chip.
FIG. 7 is a block diagram showing the basic configuration of an IC mounted on an IC card.
As shown in FIG. 6, the basic concept of the IC card is to mount an IC card chip 102 on a card 101. As shown in the figure, generally, an IC card has a supply voltage terminal Vcc, a ground terminal GND, a reset terminal RST, an input/output terminal I/O, and a clock terminal CLK at predetermined positions. The position of this terminal is defined in the ISO 7816 standard. Through these terminals, the reader/writer supplies power and communicates data with the reader/writer.
The structure of the semiconductor chip mounted on the IC card is basically the same as that of a normal microcomputer. As shown in FIG. 7, the semiconductor chip for a card member has a central processing unit (CPU) 201, a storage device 204, an input/output (I/O) port 207, and a coprocessor 202. Some systems may not have a coprocessor. The CPU 201 is a device that performs logical operations and arithmetic operations, and the storage device 204 is a device that stores programs and data. The input/output port is a device that communicates with the reader/writer. The coprocessor is a device that performs high-speed cryptographic processing itself or calculations required for cryptographic processing. For example, there is a special arithmetic device for performing a remainder calculation of RSA cryptography, a device for performing DES cryptography, and the like. Note that many IC card processors do not have a coprocessor. The data bus 203 is a bus that connects each device.
The storage device 204 is configured by a ROM (Read Only Memory), a RAM (Random Access Memory), an EEPROM (Electric Erasable Programmable Read Only Memory), and the like. The ROM is a memory whose stored information cannot be changed, and mainly stores programs. The RAM is a memory that can be freely rewritten, but when the power supply is interrupted, the stored contents are lost. The EEPROM is a memory that can retain its contents even when power supply is interrupted. This EEPROM requires rewriting stored information and is used to store data that can be held even if the IC card is removed from the reader/writer. For example, the amount of money used with the prepaid card is stored in the EEPROM.
In such an IC card, encryption is an essential technology. There are the following documents for increasing the security of the IC card regarding encryption.
Japanese Patent Laid-Open No. 2001-5731, Japanese Patent Laid-Open No. 2003-152702, Japanese Patent Laid-Open No. 2002-311826, Eiji Okamoto "Introduction to Cryptographic Theory" Kyoritsu Shuppan, 1993 (pp.33-41)

As described above, in the IC card, the security of data can be enhanced by the encryption, which is one of the reasons why the IC card is useful. In order to improve security, it is necessary to defend against attacks (so-called "tampering") by malicious data thieves (hackers).
In such a case, the first problem is an attack in which a hacker observes the relationship between data and current, and infers the processing in the IC card chip and the encryption key from the waveform of the observed current consumption. Is to come up with.
A second problem is that a hacker intentionally causes the chip to malfunction, and tries to extract internal secret information (for example, a cryptographic secret key) as compared with normal operation.
Hereinafter, this problem will be described in detail.
First, the first technical problem will be described with reference to FIG.
FIG. 8 is a graph showing an example of a waveform of current consumption in an IC card.
The IC card is used for storing important information and performing encryption processing in the card because programs and important information are sealed in the IC card chip. Conventionally, the difficulty of deciphering the cipher with the IC card was considered to be the same as the difficulty of deciphering the encryption algorithm.
However, it is suggested that by observing and analyzing the current consumption when the IC card is performing the cryptographic process, the contents of the cryptographic process and the cryptographic key can be estimated more easily than the decryption of the cryptographic algorithm. The consumption current can be observed by measuring the current supplied from the reader/writer. The reason is as follows. The CMOS that constitutes the IC card chip consumes current when the output state changes from 1 to 0 or from 0 to 1. Particularly, in the data bus 203 shown in FIG. 7, the value of the bus is 1 to 0 or 0 to 1 due to the current of the bus driver, the wiring, and the capacitance of the transistor connected to the wiring. When it changes to, a large current flows. Therefore, by observing the current consumption, it may be possible to know what is operating in the IC card chip.
As shown in FIG. 7, the waveform of the current consumption of the IC card chip in one cycle differs depending on the data being processed, such as 301 and 302. Such a difference occurs depending on the data flowing through the bus 203 and the data processed by the central processing unit 201.
The coprocessor 202 can perform a 512-bit remainder operation, for example, in parallel with the CPU. Therefore, a consumption current waveform different from the consumption current of the CPU can be observed for a long time. By observing the characteristic waveform, the number of operations of the coprocessor can be easily measured. If the number of operations of the coprocessor has some relation to the encryption key, it is possible to estimate the encryption key from the number of operations. Further, if the contents of calculation in the coprocessor have a bias depending on the encryption key, the bias may be obtained from the consumed current, and the encryption key may be estimated.
The same situation exists in the CPU. The bit pattern of the encryption key is fixed. Therefore, the influence of the bit pattern of the encryption key may be observed by changing the data to be processed and observing the current consumption. There is a possibility that the encryption key can be estimated by statistically processing these consumption current waveforms.
Therefore, if the relationship between the data and the current is reduced, it becomes difficult to estimate the data from the current. For example, a method of encrypting a bus line or a memory, which is a data path, can be considered. Japanese Patent Application Laid-Open No. 2001-5731 and Japanese Patent Application Laid-Open No. 2003-152702 describe methods for realizing this idea.
However, such a method cannot hide the information about the current consumption of the arithmetic unit. In the methods of Japanese Patent Laid-Open No. 2001-5731 and Japanese Patent Laid-Open No. 2003-152702, the data to be input to the arithmetic unit must be correct, so the data must be decoded before inputting. For example, in the methods disclosed in Japanese Patent Laid-Open No. 2001-5731 and Japanese Patent Laid-Open No. 2003-152702, encryption is performed by exclusive OR (EXOR) data and a random number K (data encryption key). For example, for addition A+B for two data A and B,
(A EXOR K)+(B EXOR K)≠(A+B) EXOR K
Therefore, the data encrypted with the data encryption key K cannot be directly calculated and decrypted.
Therefore, it is necessary to decrypt the data into the original data again by the key K before inputting the data to the arithmetic unit, and the original A and B are processed inside the arithmetic unit. Therefore, with such a method, there is a problem in that the information regarding the current consumption of the arithmetic unit cannot be hidden.
There are also other approaches to reducing the association between data and current.
In Japanese Patent Laid-Open No. 2002-311826, the relevance between data and current is reduced in a specific cryptographic process, differently from the above-mentioned Japanese Patent Laid-Open Nos. 2001-5731 and 2003-152702.
The method disclosed in Japanese Patent Laid-Open No. 2002-311826 presents a method in which a "scramble circuit for positive and a scramble circuit for negative for performing transfer/substitution" are operated in parallel to disturb the current.
The positive scramble circuit and the negative scramble circuit that perform the transfer/substitution are abstracted from the F function used in the DES encryption or the like, especially the processing of the S-BOX. The S-BOX is described in Eiji Okamoto, "Introduction to Cryptographic Theory," Kyoritsu Shuppan, 1993 (pp.33-41). The S-BOX process is essentially bit pattern replacement (transposition/substitution), and is composed of a wiring circuit. Transliteration/substitution is not an operation. The operation is to associate one value U with two values S and T. For example, an arithmetic operation such as U=S+T, U=S*T or a logical sum U=S OR T There is a logical operation such as or a logical product U=S AND T, but transliteration/substitution cannot be an operation of this meaning.
Therefore, it is not possible to hide the current information of arithmetic operation or logical operation processing by the parallel operation of "the positive scramble circuit and the negative scramble circuit for transposing/changing characters". In addition, this method cannot hide information on the current consumed in the bus line.
As described above, in any of the conventional methods, there is a problem in that the power consumption information associated with the calculation cannot be hidden.
Next, the second technical problem will be described.
Generally, the chip may malfunction when exposed to the following abnormal environment.
・Abnormal high voltage/low voltage supply ・Abnormal high temperature/low temperature ・Abnormal high frequency clock signal/low frequency clock signal supply ・Strobe flash (strong light irradiation)
An attacker who illegally retrieves secret information from the IC card may use the abnormal environment as described above. For example, an action such as intentionally causing a malfunction during encryption processing and extracting the encryption key by comparing with a normal operation is performed. A method of attack using a strobe is written.
The inventor of the present application repeatedly carried out an experiment of operating the IC chip in the abnormal environment as described above by an attack method using stroboscopic irradiation, observed the malfunction, and confirmed that each bit of the internal processing data was It has been found that it is very often high potential or all low potential.
Conventionally, among the detections of malfunctions, methods such as parity check and comparison of the results of the same two or more arithmetic units have been adopted as effective ones. Malfunctions in a normal environment are mainly due to phenomena such as 1-bit inversion, and such measures are effective.
However, the same arithmetic unit cannot detect a malfunction when all the data bits have a high potential (or a low potential). This is a malfunction that occurs when an attacker deliberately induces a malfunction, and is not assumed when detecting a malfunction in normal processing.
The present invention has been made to solve the above problems, and an object of the present invention is to reduce the relation between data processing and current consumption in a card member, particularly an IC card chip, in an IC card. , To increase security.
Another purpose is to prevent the data from being stolen by detecting the malfunction when the chip intentionally malfunctions and the internal secret information is acquired compared to the normal operation. To improve security.
According to the present invention, in an IC card that handles and stores information with binary data of 0 and 1, internal expression data is provided in the form of positive expression data and negative expression data, which are in a bit-inverted relationship with each other. The expression format is discriminated by the key data paired with the data. Then, by providing a first arithmetic unit for calculating positive expression data and a second arithmetic unit for calculating negative expression data, input data having an expression form of positive expression data and negative expression data is provided to each arithmetic unit. The input data in the form of positive expression data is converted into a suitable form, and the input data in the form of negative expression data is operated in parallel by the second operation device. The resulting output is randomly selected and stored in an internal storage device. The first arithmetic unit for calculating the positive expression data and the second arithmetic unit for calculating the negative expression data operate in parallel. Therefore, it becomes difficult to measure the current consumption from the outside.
As described above, with the configuration of the information processing apparatus according to the present invention, the relation between data and current consumption can be reduced and the security of the IC card can be improved.
Further, since there is a bit-inverted relationship between the first arithmetic unit and the second arithmetic unit, if this is not observed, an output is stopped as an error. As a result, when there is an abnormal input, there is no output to the outside, so the chip is intentionally caused to malfunction, and it is protected from attacks that acquire internal confidential information.
According to the present invention, in an IC card, security can be improved by reducing the relation between data processing and current consumption in a card member, particularly an IC card chip.
Further, according to the present invention, when an attack is made to intentionally cause the chip to malfunction and acquire internal secret information as compared with normal operation, the malfunction is detected to prevent data theft. This can enhance security.
Therefore, it is possible to provide a tamper resistant information processing apparatus such as a card member having high security.

FIG. 1 is a block diagram showing the configuration of an IC card according to an embodiment of the present invention.
FIG. 2 is a block diagram showing the configuration of the distributor 417 according to the first embodiment of the present invention.
FIG. 3 is a schematic diagram of a connection circuit for inverting the input data and expanding it to 8 bits in the distributor 417.
FIG. 4 is a schematic diagram of a connection circuit for expanding the input data to 8 bits in the distributor 417.
FIG. 5 is a block diagram showing the configuration of the distributor 417 according to the second embodiment of the present invention.
FIG. 6 is a plan view showing the appearance of the IC card and the terminals of the IC chip.
FIG. 7 is a block diagram showing the basic configuration of an IC mounted on an IC card.
FIG. 8 is a graph showing an example of a waveform of current consumption in an IC card.

Explanation of symbols

Hereinafter, the main symbols of the above-mentioned embodiment are described.
Vcc: power supply terminal, RST: reset terminal, CLK: clock terminal, GND: ground terminal, I/O: input/output terminal,
201... CPU: central processing unit, 202... COPRO: coprocessor, 207... I/O: input/output port, 204... MEM: storage device, 205... PA: program area, 206... DA: data area,
401... RAM: continuously readable/writable memory, 406... RNG: random number generator, 408... COMP: comparator, 411... Posi: positive logic arithmetic unit, 412... Nega: negative logic arithmetic unit, 417... DISP : Distributor, 420... REG: register, 421, 422... R1: first register, 423, 424... R2: second register,
501... PDBUF: buffer for data expressed in positive logic, 502... NDBUF: buffer for data expressed in negative logic, 505... INV: inversion expansion device, 506... EXT: expansion device, 507... DBUF: Data buffer, 508... K: 1-bit encryption key data buffer,
801... PDBUF: buffer for data expressed in positive logic, 802... NDBUF: buffer for data expressed in negative logic, 805... EXT: expansion device, 807... DBUF: data buffer, 812... K:1 Bit encryption key data buffer (first), 808... J: 1-bit encryption key data buffer (second).
BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, each embodiment according to the present invention will be described with reference to FIGS. 1 to 5.
[Principle of the present invention]
First, the principle of the present invention for solving the above technical problems will be described.
In order to solve the first technical problem, the present invention focuses on arithmetic units having different polarities. In a general computer, there are two configurations for 1 and 0 of data: a configuration in which 1 is a high potential and 0 is a low potential, and a configuration in which 0 is a high potential and 1 is a low potential. The former is sometimes called a positive logic circuit and the latter is sometimes called a negative logic circuit. For example, when the high potential is represented by H and the low potential is represented by L, the binary data “11010010” is represented by “HHLHLLHL” in positive logic and “LLHLHHLH” in negative logic. Due to such electrical difference, the power consumption pattern also differs. Hereinafter, the data format in which 1 represents H and 0 in L will be referred to as positive expression, and the data format in which 1 represents L and 0 as H will be referred to as negative expression.
In the present invention, in order to utilize this phenomenon, the key data K for determining whether the data A is expressed positively or negatively is attached to the data A and processed in the form of a data pair (A, K). . For example, if K=1, it is determined that A is expressed positively, and if K=0, A is expressed negatively.
In this case, the binary representation of the data A is (A[N-1], A[N-2],..., A[0]) (A[J]=0 or 1) for 1 Using the bit key K,
POSI(A,K)=(A[N-1] EXOR NOT(K), A[N-2] EXOR NOT(K),..., A[0] EXOR NOT(K))... (Equation 1)
Then, this is the regular expression of A. vice versa,
NEGA(A,K)=(A[N-1] EXOR K, A[N-2] EXOR K,..., A[0] EXOR K) (Equation 2)
Then, the negative expression of A is obtained.
Hereinafter, a positive logic computing unit will be referred to as a P-ALU and a negative logic computing unit will be referred to as an N-ALU. Generally, the calculation is performed on the two data A1 and A2. When a logical operation, an arithmetic operation, etc. are generically expressed as OP, the operation of performing the operation OP on A1 and A2 and setting it as A3 is A3 = A1 OP A2
Can be written as
Hereinafter, a positive logic computing unit will be referred to as a P-ALU and a negative logic computing unit will be referred to as an N-ALU. In P-ALU,
A3 (regular expression) = A1 (regular expression) OP A2 (regular expression)
In N-ALU,
A3 (negative expression) = A1 (negative expression) OP A2 (negative expression)
Becomes
Therefore, a distribution circuit for calculating POSI (A, K) and NEGA (A, K) from a pair of data and key data (A, K) is provided, and in the P-ALU,
POSI (A1, K1) OP POSI (A1, K2)
Is calculated, and in N-ALU,
NEGA (A1, K1) OP NEGA (A1, K2)
To calculate. The operation result of P-ALU is a positive expression of A3, and the operation result of N-ALU is a negative expression of A3. Therefore, if a selection circuit that randomly selects one of these is provided and K3=1 when selecting the result of the P-ALU and K3=0 when selecting the result of the N-ALU, the result will be You can write (A3, K3).
Note that the operating currents of the P-ALU and N-ALU are different, and the POSI in the P-ALU and NEGA in the N-ALU operate in parallel. Therefore, with this method, it is possible to make it difficult to estimate the processing and the encryption key from the waveform of the current consumption.
Next, in order to solve the second technical problem, the following is done.
A comparator for checking whether or not the output value A of the P-ALU used in the above method and the inverted value NOT(B) of the output B of the N-ALU match is provided, and when the comparison results match, Continue processing, and if they do not match, reset as an error and not output the result. An error is detected because the output of the P-ALU and the output of the N-ALU must have a bit inversion relationship. As mentioned above, deliberately caused errors are often such that the entire data is like a high potential (or low potential). Therefore, both the output of the P-ALU and the output of the N-ALU are likely to have a high potential (or a low potential). In this case, since both outputs are not in a bit inversion relationship, an error is detected.
As described above, according to the present invention, a highly secure IC card can be provided.
Further, the present invention can further enhance security by using it in combination with existing technology. For example, Japanese Unexamined Patent Application Publication No. 2001-5731 discloses a method of encrypting a bus line or a memory, but it is considered effective to combine these techniques. That is, the technology disclosed in Japanese Patent Laid-Open No. 2001-5731 is used to encrypt the bus line and the memory, and with respect to the CPU, by using the present invention, a wider range of internal data can be encrypted and processed. , Can improve security.
[Embodiment 1]
Hereinafter, a first embodiment according to the present invention will be described with reference to FIGS. 1 to 4.
FIG. 1 is a block diagram showing the configuration of an IC card according to an embodiment of the present invention.
FIG. 2 is a block diagram showing the configuration of the distributor 417 according to the first embodiment of the present invention.
FIG. 3 is a schematic diagram of a connection circuit for inverting the input data and expanding it to 8 bits in the distributor 417.
FIG. 4 is a schematic diagram of a connection circuit for expanding the input data to 8 bits in the distributor 417.
As shown in FIG. 4, the IC card according to the embodiment of the present invention includes a RAM 401, a P-ALU 411, an N-ALU 412, a random number generator 406, a comparator 408, a distributor 417, input data buffers 413, 414, and 414. 415, 416, output data buffers 409, 410, register 420, read data bus 419, read data key bus 418, and selector 407.
More specifically, both are stored as a set inside the RAM, such as data 403 and key data 402. Data is always accompanied by key data. Here, it is drawn that they are physically close to each other, but they may be physically separated as long as they are transferred in combination with data.
Similarly to the RAM, the register 420 also stores data 422 and key data 421 as a set.
Although not shown here, the program is usually stored in a ROM or an EEPROM, and the ALU operates according to the program. Further, in order to avoid complication, the description of the address bus and the description of the clock signal will be omitted.
Here, in order to clarify the function of each constituent element, a case where addition processing is performed on two data A and B on the RAM will be considered. Normally, this processing is "transfer two data A and B on RAM to registers R1 and R2" (processing 1),
"Transfer the data in the registers R1 and R2 to the arithmetic unit and perform addition processing" (Processing 2), "Transfer the addition result to the register R2 again" (Processing 3)
It consists of a series of operations.
In this embodiment, the data stored in the RAM 401 is as described above.
(Data, key data)
Retained in the form of. Here, the data A (403) key data K1 (402) has 1 bit, and is 1 for positive expression and 0 for negative expression. Although the bit length of the data is arbitrary, it is set to 8 bits here. In (Process 1), the data 403(A) is transferred to the data register R1 (422) and the key data register 421 through the data bus 405 and the key data bus 404. Similarly, the data B (426) and the key data K2 (425) are also transferred to the data register R2 (423) and the key data register 424, respectively.
Next, these data are sequentially transferred to the distributor 417 through the data bus 419 and the key data bus 418. The distributor 417 is a circuit having the configuration shown in FIG.
The configuration of the distributor 417 will be described. The distributor 417 has a buffer 501 for positive expression data and a buffer 502 for negative expression data as buffers. Here, the buffer is physically the same as a register and is used for temporary storage of data. The exclusive OR circuit 503 and the exclusive OR circuit 504 are circuits that calculate an 8-bit exclusive OR. As shown in FIG. 3, the extender 505 is a extender that bit-inverts a 1-bit input by using an inverter 601 and extends this to 8 bits. The expansion period 506 is a circuit for expanding a 1-bit input to 8 bits as shown in FIG.
The input data buffer 507 is a data input buffer, and the key data buffer 508 is a 1-bit key data buffer. The data bus 509 is an 8-bit data bus, and the key data bus 510 is a 1-bit key data bus.
The operation of the distributor is as follows. The 8-bit data D is transferred to the input data buffer 507 via the data bus 509. Similarly, key data K indicating whether the data D is a positive expression or a negative expression is also transferred to the key data buffer 508 through the key data bus 510. The key data K is expanded to 8 bits by the expander 506 and input to the exclusive OR circuit 504. The data in the data buffer 507 is directly input to the exclusive OR circuit 504, the exclusive OR with the key data is calculated, and the data is input to the negative expression data buffer 502. At the same time, the data in the data buffer 507 is input to the exclusive OR circuit 503. The data in the key data buffer 508 is input to the NOT expansion circuit shown in FIG. 3, inverts the value of the key data, and expands it to 8 bits. The 8-bit data is input to the exclusive OR circuit 503, the exclusive OR with the data in the data buffer 507 is calculated, and the data is input to the regular expression data buffer 501.
The distributors transfer the data A and B to the data buffers 413, 414, 415 and 416 in accordance with the associated key data K1 and K2, respectively. The P-ALU411 and the negative expression are used to calculate the positive expression data. The data is sent to the N-ALU 412 which performs data calculation. The arithmetic operations performed by these arithmetic units are shown in (Equation 1) and (Equation 2). In this example, in each arithmetic unit, addition processing is performed in parallel (processing 2) and stored in the data buffer 409 for positive expression and the data buffer 410 for negative expression. Then, these data are input to the comparator 408. As described in [Principle of the Present Invention], it is difficult to estimate the power consumption from the outside by being operated in parallel by the P-ALU 411 and the N-ALU 412.
This comparator takes the exclusive OR for each bit with respect to the values of the buffers 409 and 410, takes the logical product of all 8 bits of the result, and uses this as the control signal. If the control signal is 1, the information processing device is reset, and if the control signal is 0, the process is continued. That is, it is checked whether or not the obtained output data of both are bit-inverted.
If this control signal is 0 and the processing is to be continued, the values of the data buffers 409 and 410 are input to the selection device 407 that selects in accordance with 1 bit output from the random number generation device 406.
If the output bit of the random number generator 406 is 1, the selection circuit 407 transfers the regular expression data to the key data register unit 424 of the register R2 through the key data bus 404. The output bit of the random number generator 406 is also transferred to the comparator 407. If the bit is 1, the comparator 407 transfers the regular expression data 409 to the data section 423 of the register R2 through the data bus 405. To do.
As a result, regular expression data paired with the key data can be obtained in R2 (process 3). Similarly, when the output bit of the random number generator 406 is 0, negative expression data paired with the key data can be obtained.
The operations of obtaining the positive expression data paired with the key data and the negative expression data paired with the key data operate in parallel, making it difficult to estimate the power consumption from the outside.
In the present embodiment, the operation timings of both the P-ALU 411 and the N-ALU are not mentioned, but for example, the input timing to the ALU is given to the data of the input data buffers 413, 414, 415, 416. The bus drivers of the buffer group may be simultaneously operated in accordance with a signal (usually a clock signal externally supplied to the IC chip). Note that in the present embodiment, being operated in parallel means operating in accordance with the same clock signal, and means allowing deviations in the degree of signal delay.
[Embodiment 2]
Hereinafter, a second embodiment according to the present invention will be described with reference to FIG.
FIG. 5 is a block diagram showing the configuration of the distributor 417 according to the second embodiment of the present invention.
In the first embodiment, the key data has 1 bit, but in the present embodiment, the key data has 2 bits.
The basic configuration of the IC card in the case of 2 bits is the same as the configuration of the block diagram shown in FIG.
In this embodiment, the key data buses 404 and 418 are 2-bit buses (physically, there are two signal lines). The configuration of distributor 417 must also be changed.
Here, for a 2-bit signal, for example, 01 corresponds to a positive expression and 10 corresponds to a negative expression. The signals 00 and 11 are not used. Which bit pattern of the key data is associated with the positive expression and the negative expression is arbitrary.
The configuration of the distributor 417 is as shown in FIG. The distributor 417 has a buffer 801 for positive expression data and a buffer 802 for negative expression data as buffers. The exclusive OR circuit 803 and the exclusive OR circuit 804 are circuits that calculate an 8-bit exclusive OR. The extender 805 is a circuit that extends a 1-bit input to 8 bits (see FIG. 4). The input buffer 807 is a data input buffer, and the key data buffers 808 and 812 are 1-bit key data buffers. The data bus 809 is an 8-bit data bus, and the key data buses 810 and 811 are 1-bit key data buses, respectively. Therefore, 2 bits are used as the representation of the key data.
The operation of the distributor 417 is as follows. The 8-bit data D is transferred to the input data buffer 807 through the data bus 809. Similarly, key data K and J indicating whether the data D is a positive expression or a negative expression are also transferred to the key data buffers 812 and 808 through the key data buses 810 and 811 respectively. The key data K is expanded to 8 bits by the expander 805 and input to the exclusive OR circuit 803. Similarly, the data in the data buffer 807 is directly input to the exclusive OR circuit 504, the exclusive OR with the key data is calculated, and the data is input to the negative expression data buffer 502. At the same time, the data in the data buffer 507 is input to the exclusive OR circuit 503. The data in the key data buffer 508 is input to the NOT expansion circuit shown in FIG. 3, inverts the value of the key data, and expands it to 8 bits. The 8 bits are input to the exclusive OR circuit 503, the exclusive OR with the data in the data buffer 507 is calculated, and the 8 bits are input to the regular expression data buffer 501.
Similar to the first embodiment, the positive expression and the negative expression are respectively operated, and then either the positive expression or the negative expression is selected by the random number and transferred to the register. Is.
In this embodiment, the key data bus is represented by 2 bits, and the key data is represented by "01" and "10", respectively. From the viewpoint of data concealment, since 0 and 1 of the key data are used in the same number, there is an advantage that it is difficult to analyze the key data focusing on the current in the precharge bus or the like.

Claims (12)

In an information processing device in which one of binary data of 0 and 1 is represented by a high potential of voltage and the other is represented by a low potential,
A first arithmetic unit for performing an operation with 1 being a high potential and 0 being a low potential;
A second arithmetic unit for performing an arithmetic operation with 0 being a high potential and 1 being a low potential,
Convert the input data having the expression format of positive expression data and negative expression data that are bit-reversed to each other into a format suitable for each arithmetic unit,
The input data in the form of the positive expression data is operated in parallel by the first operation device, and the input data in the form of the negative expression data is operated in parallel by the second operation device,
An information processing apparatus, wherein the first arithmetic unit obtains output data in the form of positive expression data and the second arithmetic unit obtains output data in the form of negative expression data. The format of the positive expression data and the negative expression data is identified by the key data,
Moreover, the key data representing the positive expression data and the key data representing the negative expression data have a bit-inverted relationship with each other,
The information processing apparatus according to claim 1, wherein the key data is handled as a pair together with the data in the information processing apparatus. The information processing device,
Furthermore, it has a register or a storage device for storing data,
3. The selection unit according to claim 1, further comprising a selection unit that determines which of the output data of the first arithmetic unit and the output data of the second arithmetic unit is transferred to the register or the storage unit. Any information processing device. 3. A determination unit that compares the output data of the first arithmetic unit with the output data of the second arithmetic unit and determines whether or not there is a bit-inverted relationship with each other. Any one of the information processing devices described. The information processing apparatus according to claim 4, wherein when the determination unit determines that the information does not match, the information processing apparatus is reset as an error. The information processing apparatus according to claim 1, further comprising a bus line as the data transfer means. The information processing apparatus according to claim 2, wherein the key data is represented by 1 bit or 2 bits. In selecting which of the output data of the first arithmetic unit and the output data of the second arithmetic unit to be transferred,
The information processing apparatus according to claim 3, wherein the information is randomly selected by a random number pattern. In an IC card that handles and stores information with binary data of 0 and 1,
As the internal data, it has the data of the expression form of the positive expression data and the negative expression data which are bit-inverted to each other,
An IC card characterized in that both an operation result in the expression form of positive expression data and an operation result in the expression form of negative expression data are obtained, and one of them is randomly selected and stored as output data of the operation. In an IC card that handles and stores information with binary data of 0 and 1,
As the internal data, it has the data of the expression form of the positive expression data and the negative expression data which are bit-inverted to each other,
When both the operation result of the expression format of the positive expression data and the operation result of the negative expression data expression value are obtained, it is determined whether or not the outputs have a bit-inverted relationship with each other. When the result of the determination is that they do not match, An IC card characterized by resetting the information processing device as an error. Has a CPU and a storage device,
11. When an abnormal input is made, the results of the arithmetic units operating in parallel in the CPU are compared to detect the abnormal input, and the output of the CPU is stopped as an error. The listed IC card. In an information processing device in which one of binary data of 0 and 1 is represented by a high potential of voltage and the other is represented by a low potential,
A first arithmetic unit for calculating positive expression data, wherein 1 is a high potential and 0 is a low potential;
A second arithmetic unit for calculating negative expression data, where 0 is a high potential and 1 is a low potential,
The information processing apparatus, wherein the positive expression data and the negative expression data are data having an expression format having a bit-inverted relationship with each other.

Images